From 5218c0b187dfeb2c722c41e3e0b3180d671c85ca Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 29 Mar 2023 22:53:15 +0200 Subject: [PATCH 001/357] all mutation strategies --- src/afl-fuzz-one.c | 571 +++++++++++++++++++++++++++++---------------- 1 file changed, 368 insertions(+), 203 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 070669c517..3eed2b70a9 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2118,39 +2118,17 @@ u8 fuzz_one_original(afl_state_t *afl) { /* We essentially just do several thousand runs (depending on perf_score) where we take the input file and make random stacked tweaks. */ -#define MAX_HAVOC_ENTRY 64 -#define MUTATE_ASCII_DICT 64 +#define MAX_HAVOC_ENTRY 31 +#define MUTATE_ASCII_DICT 0 u32 r_max, r; - r_max = (MAX_HAVOC_ENTRY + 1) + (afl->extras_cnt ? 4 : 0) + - (afl->a_extras_cnt - ? (unlikely(afl->cmplog_binary && afl->queue_cur->is_ascii) - ? MUTATE_ASCII_DICT - : 4) - : 0); - - if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { - - /* add expensive havoc cases here, they are activated after a full - cycle without finds happened */ - - r_max += 4; - - } - - if (unlikely(get_cur_time() - afl->last_find_time > 5000 /* 5 seconds */ && - afl->ready_for_splicing_count > 1)) { - - /* add expensive havoc cases here if there is no findings in the last 5s */ - - r_max += 4; - - } + r_max = (MAX_HAVOC_ENTRY + 1) + (afl->extras_cnt ? 2 : 0) + + (afl->a_extras_cnt ? 2 : 0); for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - u32 use_stacking = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2)); + u32 use_stacking = 2 + rand_below(afl, 15), item; afl->stage_cur_val = use_stacking; @@ -2198,146 +2176,157 @@ u8 fuzz_one_original(afl_state_t *afl) { switch ((r = rand_below(afl, r_max))) { - case 0 ... 3: { + case 0: { /* Flip a single bit somewhere. Spooky! */ + u8 bit = rand_below(afl, 8); + u32 off = rand_below(afl, temp_len); + out_buf[off] ^= 1 << bit; #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " FLIP_BIT1"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " FLIP-BIT_%u", bit); strcat(afl->mutation, afl->m_tmp); #endif - FLIP_BIT(out_buf, rand_below(afl, temp_len << 3)); break; } - case 4 ... 7: { + case 1: { /* Set byte to interesting value. */ + item = rand_below(afl, sizeof(interesting_8)); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING8"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING8_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - out_buf[rand_below(afl, temp_len)] = - interesting_8[rand_below(afl, sizeof(interesting_8))]; + out_buf[rand_below(afl, temp_len)] = interesting_8[item]; break; } - case 8 ... 9: { + case 2: { /* Set word to interesting value, little endian. */ if (temp_len < 2) { break; } + item = rand_below(afl, sizeof(interesting_16) >> 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16_%u", item); strcat(afl->mutation, afl->m_tmp); #endif + *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = - interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]; + interesting_16[item]; break; } - case 10 ... 11: { + case 3: { /* Set word to interesting value, big endian. */ if (temp_len < 2) { break; } + item = rand_below(afl, sizeof(interesting_16) >> 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16BE"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16BE_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = SWAP16( - interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]); + *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = + SWAP16(interesting_16[item]); break; } - case 12 ... 13: { + case 4: { /* Set dword to interesting value, little endian. */ if (temp_len < 4) { break; } + item = rand_below(afl, sizeof(interesting_32) >> 2); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32_%u", item); strcat(afl->mutation, afl->m_tmp); #endif + *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = - interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]; + interesting_32[item]; break; } - case 14 ... 15: { + case 5: { /* Set dword to interesting value, big endian. */ if (temp_len < 4) { break; } + item = rand_below(afl, sizeof(interesting_32) >> 2); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32BE"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32BE_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = SWAP32( - interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]); + *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = + SWAP32(interesting_32[item]); break; } - case 16 ... 19: { + case 6: { /* Randomly subtract from byte. */ + item = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH8_"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH8-_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - out_buf[rand_below(afl, temp_len)] -= 1 + rand_below(afl, ARITH_MAX); + out_buf[rand_below(afl, temp_len)] -= item; break; } - case 20 ... 23: { + case 7: { /* Randomly add to byte. */ + item = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH8+"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH8+_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - out_buf[rand_below(afl, temp_len)] += 1 + rand_below(afl, ARITH_MAX); + out_buf[rand_below(afl, temp_len)] += item; break; } - case 24 ... 25: { + case 8: { /* Randomly subtract from word, little endian. */ if (temp_len < 2) { break; } u32 pos = rand_below(afl, temp_len - 1); + item = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16_-%u", pos); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16-_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - *(u16 *)(out_buf + pos) -= 1 + rand_below(afl, ARITH_MAX); + *(u16 *)(out_buf + pos) -= item; break; } - case 26 ... 27: { + case 9: { /* Randomly subtract from word, big endian. */ @@ -2347,8 +2336,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u16 num = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16_BE-%u_%u", pos, - num); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16BE-_%u", num); strcat(afl->mutation, afl->m_tmp); #endif *(u16 *)(out_buf + pos) = @@ -2358,25 +2346,26 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 28 ... 29: { + case 10: { /* Randomly add to word, little endian. */ if (temp_len < 2) { break; } u32 pos = rand_below(afl, temp_len - 1); + item = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16+-%u", pos); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16+_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - *(u16 *)(out_buf + pos) += 1 + rand_below(afl, ARITH_MAX); + *(u16 *)(out_buf + pos) += item; break; } - case 30 ... 31: { + case 11: { /* Randomly add to word, big endian. */ @@ -2386,8 +2375,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u16 num = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16+BE-%u_%u", pos, - num); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16BE+__%u", num); strcat(afl->mutation, afl->m_tmp); #endif *(u16 *)(out_buf + pos) = @@ -2397,25 +2385,26 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 32 ... 33: { + case 12: { /* Randomly subtract from dword, little endian. */ if (temp_len < 4) { break; } u32 pos = rand_below(afl, temp_len - 3); + item = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32_-%u", pos); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32-_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - *(u32 *)(out_buf + pos) -= 1 + rand_below(afl, ARITH_MAX); + *(u32 *)(out_buf + pos) -= item; break; } - case 34 ... 35: { + case 13: { /* Randomly subtract from dword, big endian. */ @@ -2425,8 +2414,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 num = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32_BE-%u-%u", pos, - num); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32BE-_%u", num); strcat(afl->mutation, afl->m_tmp); #endif *(u32 *)(out_buf + pos) = @@ -2436,25 +2424,26 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 36 ... 37: { + case 14: { /* Randomly add to dword, little endian. */ if (temp_len < 4) { break; } u32 pos = rand_below(afl, temp_len - 3); + item = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32+-%u", pos); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32+_%u", item); strcat(afl->mutation, afl->m_tmp); #endif - *(u32 *)(out_buf + pos) += 1 + rand_below(afl, ARITH_MAX); + *(u32 *)(out_buf + pos) += item; break; } - case 38 ... 39: { + case 15: { /* Randomly add to dword, big endian. */ @@ -2464,8 +2453,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 num = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32+BE-%u-%u", pos, - num); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32BE+_%u", num); strcat(afl->mutation, afl->m_tmp); #endif *(u32 *)(out_buf + pos) = @@ -2475,22 +2463,25 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 40 ... 43: { + case 16: { /* Just set a random byte to a random value. Because, why not. We use XOR with 1-255 to eliminate the possibility of a no-op. */ + u32 pos = rand_below(afl, temp_len); + item = 1 + rand_below(afl, 255); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " RAND8"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " RAND8_%u", + out_buf[pos] ^ item); strcat(afl->mutation, afl->m_tmp); #endif - out_buf[rand_below(afl, temp_len)] ^= 1 + rand_below(afl, 255); + out_buf[pos] ^= item; break; } - case 44 ... 46: { + case 17: { if (temp_len + HAVOC_BLK_XL < MAX_FILE) { @@ -2501,8 +2492,8 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 clone_to = rand_below(afl, temp_len); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u-%u", - "clone", clone_from, clone_to, clone_len); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s_%u_%u_%u", + "overwrite", clone_from, clone_to, clone_len); strcat(afl->mutation, afl->m_tmp); #endif u8 *new_buf = @@ -2531,7 +2522,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 47: { + case 18: { if (temp_len + HAVOC_BLK_XL < MAX_FILE) { @@ -2539,10 +2530,13 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 clone_len = choose_block_len(afl, HAVOC_BLK_XL); u32 clone_to = rand_below(afl, temp_len); + u32 strat = rand_below(afl, 2); + u32 clone_from = clone_to ? clone_to - 1 : 0; + item = strat ? rand_below(afl, 256) : out_buf[clone_from]; #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u", - "insert", clone_to, clone_len); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s_%u_%u_%u", + "insert", strat, clone_to, clone_len); strcat(afl->mutation, afl->m_tmp); #endif u8 *new_buf = @@ -2555,10 +2549,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Inserted part */ - memset(new_buf + clone_to, - rand_below(afl, 2) ? rand_below(afl, 256) - : out_buf[rand_below(afl, temp_len)], - clone_len); + memset(new_buf + clone_to, item, clone_len); /* Tail */ memcpy(new_buf + clone_to + clone_len, out_buf + clone_to, @@ -2574,7 +2565,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 48 ... 50: { + case 19: { /* Overwrite bytes with a randomly selected chunk bytes. */ @@ -2587,7 +2578,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (likely(copy_from != copy_to)) { #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE_COPY-%u-%u-%u", + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE-COPY_%u_%u_%u", copy_from, copy_to, copy_len); strcat(afl->mutation, afl->m_tmp); #endif @@ -2599,7 +2590,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 51: { + case 20: { /* Overwrite bytes with fixed bytes. */ @@ -2607,27 +2598,28 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 copy_len = choose_block_len(afl, temp_len - 1); u32 copy_to = rand_below(afl, temp_len - copy_len + 1); + u32 strat = rand_below(afl, 2); + u32 copy_from = copy_to ? copy_to - 1 : 0; + item = strat ? rand_below(afl, 256) : out_buf[copy_from]; #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE_FIXED-%u-%u", - copy_to, copy_len); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), + " OVERWRITE-FIXED_%u_%u_%u-%u", strat, item, copy_to, + copy_len); strcat(afl->mutation, afl->m_tmp); #endif - memset(out_buf + copy_to, - rand_below(afl, 2) ? rand_below(afl, 256) - : out_buf[rand_below(afl, temp_len)], - copy_len); + memset(out_buf + copy_to, item, copy_len); break; } - case 52: { + case 21: { /* Increase byte by 1. */ #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ADDBYTE_"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " BYTEADD_"); strcat(afl->mutation, afl->m_tmp); #endif out_buf[rand_below(afl, temp_len)]++; @@ -2635,12 +2627,12 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 53: { + case 22: { /* Decrease byte by 1. */ #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " SUBBYTE_"); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " BYTESUB_"); strcat(afl->mutation, afl->m_tmp); #endif out_buf[rand_below(afl, temp_len)]--; @@ -2648,7 +2640,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 54: { + case 23: { /* Flip byte. */ @@ -2661,7 +2653,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 55 ... 56: { + case 24: { if (temp_len < 4) { break; } @@ -2690,7 +2682,7 @@ u8 fuzz_one_original(afl_state_t *afl) { switch_len = choose_block_len(afl, MIN(switch_len, to_end)); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " SWITCH-%s-%u-%u-%u", + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " SWITCH-%s_%u_%u_%u", "switch", switch_from, switch_to, switch_len); strcat(afl->mutation, afl->m_tmp); #endif @@ -2714,7 +2706,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } // MAX_HAVOC_ENTRY = 64 - case 57 ... MAX_HAVOC_ENTRY: { + case 25: { /* Delete bytes. */ @@ -2726,7 +2718,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 del_from = rand_below(afl, temp_len - del_len + 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " DEL-%u-%u", del_from, + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " DEL_%u_%u", del_from, del_len); strcat(afl->mutation, afl->m_tmp); #endif @@ -2739,13 +2731,274 @@ u8 fuzz_one_original(afl_state_t *afl) { } + case 26: { + + /* Shuffle bytes. */ + + if (temp_len < 4) { break; } + + u32 len = choose_block_len(afl, temp_len - 1); + u32 off = rand_below(afl, temp_len - len + 1); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " SHUFFLE_%u", len); + strcat(afl->mutation, afl->m_tmp); +#endif + + for (u32 i = len - 1; i > 0; i--) { + + u32 j; + do { + + j = rand_below(afl, i + 1); + + } while (i == j); + + unsigned char temp = out_buf[off + i]; + out_buf[off + i] = out_buf[off + j]; + out_buf[off + j] = temp; + + } + + break; + + } + + case 27: { + + /* Delete bytes. */ + + if (temp_len < 2) { break; } + + /* Don't delete too much. */ + + u32 del_len = 1; + u32 del_from = rand_below(afl, temp_len - del_len + 1); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " DELONE_%u", del_from); + strcat(afl->mutation, afl->m_tmp); +#endif + memmove(out_buf + del_from, out_buf + del_from + del_len, + temp_len - del_from - del_len); + + temp_len -= del_len; + + break; + + } + + case 28: { + + u32 clone_len = 1; + u32 clone_to = rand_below(afl, temp_len); + u32 strat = rand_below(afl, 2); + u32 clone_from = clone_to ? clone_to - 1 : 0; + item = strat ? rand_below(afl, 256) : out_buf[clone_from]; + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INSERTONE_%u_%u", strat, + clone_to); + strcat(afl->mutation, afl->m_tmp); +#endif + u8 *new_buf = + afl_realloc(AFL_BUF_PARAM(out_scratch), temp_len + clone_len); + if (unlikely(!new_buf)) { PFATAL("alloc"); } + + /* Head */ + + memcpy(new_buf, out_buf, clone_to); + + /* Inserted part */ + + memset(new_buf + clone_to, item, clone_len); + + /* Tail */ + memcpy(new_buf + clone_to + clone_len, out_buf + clone_to, + temp_len - clone_to); + + out_buf = new_buf; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + temp_len += clone_len; + + break; + + } + + case 29: { + + if (temp_len < 4) { break; } + + u32 off = rand_below(afl, temp_len), off2 = off, cnt = 0; + + while (off2 + cnt < temp_len && !isdigit(out_buf[off2 + cnt])) { + + ++cnt; + + } + + // none found, wrap + if (off2 + cnt == temp_len) { + + off2 = 0; + cnt = 0; + + while (cnt < off && !isdigit(out_buf[off2 + cnt])) { + + ++cnt; + + } + + if (cnt == off) { break; } + + } + + off = off2 + cnt; + off2 = off + 1; + + while (off2 < temp_len && isdigit(out_buf[off2])) { + + ++off2; + + } + + s64 val = out_buf[off] - '0'; + for (u32 i = off + 1; i < off2; ++i) { + + val = (val * 10) + out_buf[i] - '0'; + + } + + if (off && out_buf[off - 1] == '-') { val = -val; } + + u32 strat = rand_below(afl, 8); + switch (strat) { + + case 0: + val++; + break; + case 1: + val--; + break; + case 2: + val *= 2; + break; + case 3: + val /= 2; + break; + case 4: + if (val) { + + val = rand_next(afl) % (val * 10); + + } else { + + val = rand_below(afl, 256); + + } + + break; + case 5: + val += rand_below(afl, 256); + break; + case 6: + val -= rand_below(afl, 256); + break; + case 7: + val = ~(val); + break; + + } + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ASCIINUM_%u_%u_%u", + afl->queue_cur->is_ascii, strat, off); + strcat(afl->mutation, afl->m_tmp); +#endif + // fprintf(stderr, "val: %u-%u = %ld\n", off, off2, val); + + char buf[20]; + snprintf(buf, sizeof(buf), "%ld", val); + + // fprintf(stderr, "BEFORE: %s\n", out_buf); + + u32 old_len = off2 - off; + u32 new_len = strlen(buf); + + if (old_len == new_len) { + + memcpy(out_buf + off, buf, new_len); + + } else { + + u8 *new_buf = afl_realloc(AFL_BUF_PARAM(out_scratch), + temp_len + new_len - old_len); + if (unlikely(!new_buf)) { PFATAL("alloc"); } + + /* Head */ + + memcpy(new_buf, out_buf, off); + + /* Inserted part */ + + memcpy(new_buf + off, buf, new_len); + + /* Tail */ + memcpy(new_buf + off + new_len, out_buf + off2, temp_len - off2); + + out_buf = new_buf; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + temp_len += (new_len - old_len); + + } + + // fprintf(stderr, "AFTER : %s\n", out_buf); + break; + + } + + case 30: { + + /* Neg byte. */ + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " NEG_"); + strcat(afl->mutation, afl->m_tmp); +#endif + item = rand_below(afl, temp_len); + + out_buf[item] = ~out_buf[item]; + break; + + } + + case 31: { + + u32 len = 1 + rand_below(afl, 8); + u32 pos = rand_below(afl, temp_len); + /* Insert ascii number. */ + if (temp_len < pos + len) { break; } + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INSERTASCIINUM_"); + strcat(afl->mutation, afl->m_tmp); +#endif + u64 val = rand_next(afl); + char buf[20]; + snprintf(buf, sizeof(buf), "%llu", val); + memcpy(out_buf + pos, buf, len); + + break; + + } + default: r -= (MAX_HAVOC_ENTRY + 1); if (afl->extras_cnt) { - if (r < 2) { + if (r < 1) { /* Use the dictionary. */ @@ -2765,7 +3018,7 @@ u8 fuzz_one_original(afl_state_t *afl) { break; - } else if (r < 4) { + } else if (r < 2) { u32 use_extra = rand_below(afl, afl->extras_cnt); u32 extra_len = afl->extras[use_extra].len; @@ -2794,7 +3047,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } else { - r -= 4; + r -= 2; } @@ -2802,15 +3055,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (afl->a_extras_cnt) { - u32 r_cmp = 2; - - if (unlikely(afl->cmplog_binary && afl->queue_cur->is_ascii)) { - - r_cmp = MUTATE_ASCII_DICT >> 1; - - } - - if (r < r_cmp) { + if (r < 1) { /* Use the dictionary. */ @@ -2830,7 +3075,7 @@ u8 fuzz_one_original(afl_state_t *afl) { break; - } else if (r < (r_cmp << 1)) { + } else if (r < 2) { u32 use_extra = rand_below(afl, afl->a_extras_cnt); u32 extra_len = afl->a_extras[use_extra].len; @@ -2859,92 +3104,12 @@ u8 fuzz_one_original(afl_state_t *afl) { } else { - r -= (r_cmp << 1); + r -= 2; } } - /* Splicing otherwise if we are still here. - Overwrite bytes with a randomly selected chunk from another - testcase or insert that chunk. */ - - /* Pick a random queue entry and seek to it. */ - - u32 tid; - do { - - tid = rand_below(afl, afl->queued_items); - - } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); - - /* Get the testcase for splicing. */ - struct queue_entry *target = afl->queue_buf[tid]; - u32 new_len = target->len; - u8 *new_buf = queue_testcase_get(afl, target); - - if ((temp_len >= 2 && r % 2) || temp_len + HAVOC_BLK_XL >= MAX_FILE) { - - /* overwrite mode */ - - u32 copy_from, copy_to, copy_len; - - copy_len = choose_block_len(afl, new_len - 1); - if (copy_len > temp_len) copy_len = temp_len; - - copy_from = rand_below(afl, new_len - copy_len + 1); - copy_to = rand_below(afl, temp_len - copy_len + 1); - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " SPLICE_OVERWRITE-%u-%u-%u-%s", copy_from, copy_to, - copy_len, target->fname); - strcat(afl->mutation, afl->m_tmp); -#endif - memmove(out_buf + copy_to, new_buf + copy_from, copy_len); - - } else { - - /* insert mode */ - - u32 clone_from, clone_to, clone_len; - - clone_len = choose_block_len(afl, new_len); - clone_from = rand_below(afl, new_len - clone_len + 1); - clone_to = rand_below(afl, temp_len + 1); - - u8 *temp_buf = afl_realloc(AFL_BUF_PARAM(out_scratch), - temp_len + clone_len + 1); - if (unlikely(!temp_buf)) { PFATAL("alloc"); } - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " SPLICE_INSERT-%u-%u-%u-%s", clone_from, clone_to, - clone_len, target->fname); - strcat(afl->mutation, afl->m_tmp); -#endif - /* Head */ - - memcpy(temp_buf, out_buf, clone_to); - - /* Inserted part */ - - memcpy(temp_buf + clone_to, new_buf + clone_from, clone_len); - - /* Tail */ - memcpy(temp_buf + clone_to + clone_len, out_buf + clone_to, - temp_len - clone_to); - - out_buf = temp_buf; - afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); - temp_len += clone_len; - - } - - break; - - // end of default - } } From 7893347e13d99b7e39ec4ebb95fbb5356bdd7f2b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 29 Mar 2023 22:56:12 +0200 Subject: [PATCH 002/357] final touches --- src/afl-fuzz-one.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 3eed2b70a9..e3ec8267b1 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2133,8 +2133,8 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_val = use_stacking; #ifdef INTROSPECTION - snprintf(afl->mutation, sizeof(afl->mutation), "%s HAVOC-%u", - afl->queue_cur->fname, use_stacking); + snprintf(afl->mutation, sizeof(afl->mutation), "%s HAVOC-%u-%u", + afl->queue_cur->fname, afl->queue_cur->is_ascii, use_stacking); #endif for (i = 0; i < use_stacking; ++i) { From 145748a7e0b85c34660d0fe72ef1d4499ace2933 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 30 Mar 2023 14:00:45 +0200 Subject: [PATCH 003/357] prepare new mutation strategies --- src/afl-fuzz-one.c | 178 ++++++++++++++++++++++++--------------------- 1 file changed, 94 insertions(+), 84 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e3ec8267b1..b1c3857295 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -28,6 +28,21 @@ #include #include "cmplog.h" +static u32 mutation_array_explore[] = { + + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31}; +// static u32 mutation_array_exploit[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, +// 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, +// 31 }; static u32 mutation_array_txt_explore[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, +// 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, +// 28, 29, 30, 31 }; static u32 mutation_array_txt_exploit[] = { 0, 1, 2, 3, 4, +// 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, +// 25, 26, 27, 28, 29, 30, 31 }; + +// what about more splicing? +// what about -x and cmplog learn? + /* MOpt */ static int select_algorithm(afl_state_t *afl, u32 max_algorithm) { @@ -2121,10 +2136,15 @@ u8 fuzz_one_original(afl_state_t *afl) { #define MAX_HAVOC_ENTRY 31 #define MUTATE_ASCII_DICT 0 - u32 r_max, r; + u32 r_max, mutation_array_len; + u32 **mutation_array; - r_max = (MAX_HAVOC_ENTRY + 1) + (afl->extras_cnt ? 2 : 0) + - (afl->a_extras_cnt ? 2 : 0); + // if ( ... ) + mutation_array = (u32 **)&mutation_array_explore; + mutation_array_len = sizeof(mutation_array_explore) + 1; + + r_max = mutation_array_len; + // + (afl->extras_cnt ? 2 : 0) + (afl->a_extras_cnt ? 2 : 0); for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { @@ -2174,7 +2194,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - switch ((r = rand_below(afl, r_max))) { + switch (*mutation_array[rand_below(afl, r_max)]) { case 0: { @@ -2992,123 +3012,113 @@ u8 fuzz_one_original(afl_state_t *afl) { } - default: - - r -= (MAX_HAVOC_ENTRY + 1); - - if (afl->extras_cnt) { + case 32: { - if (r < 1) { + if (!afl->extras_cnt) { break; } - /* Use the dictionary. */ + /* Use the dictionary. */ - u32 use_extra = rand_below(afl, afl->extras_cnt); - u32 extra_len = afl->extras[use_extra].len; + u32 use_extra = rand_below(afl, afl->extras_cnt); + u32 extra_len = afl->extras[use_extra].len; - if (extra_len > temp_len) { break; } + if (extra_len > temp_len) { break; } - u32 insert_at = rand_below(afl, temp_len - extra_len + 1); + u32 insert_at = rand_below(afl, temp_len - extra_len + 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " EXTRA_OVERWRITE-%u-%u", - insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " EXTRA-OVERWRITE_%u_%u", + insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); #endif - memcpy(out_buf + insert_at, afl->extras[use_extra].data, - extra_len); + memcpy(out_buf + insert_at, afl->extras[use_extra].data, extra_len); - break; + break; - } else if (r < 2) { + } - u32 use_extra = rand_below(afl, afl->extras_cnt); - u32 extra_len = afl->extras[use_extra].len; - if (temp_len + extra_len >= MAX_FILE) { break; } + case 33: { - u8 *ptr = afl->extras[use_extra].data; - u32 insert_at = rand_below(afl, temp_len + 1); -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " EXTRA_INSERT-%u-%u", - insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); -#endif + if (!afl->extras_cnt) { break; } - out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len + extra_len); - if (unlikely(!out_buf)) { PFATAL("alloc"); } + u32 use_extra = rand_below(afl, afl->extras_cnt); + u32 extra_len = afl->extras[use_extra].len; + if (temp_len + extra_len >= MAX_FILE) { break; } - /* Tail */ - memmove(out_buf + insert_at + extra_len, out_buf + insert_at, - temp_len - insert_at); + u8 *ptr = afl->extras[use_extra].data; + u32 insert_at = rand_below(afl, temp_len + 1); +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " EXTRA-INSERT_%u_%u", + insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); +#endif - /* Inserted part */ - memcpy(out_buf + insert_at, ptr, extra_len); - temp_len += extra_len; + out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len + extra_len); + if (unlikely(!out_buf)) { PFATAL("alloc"); } - break; - - } else { + /* Tail */ + memmove(out_buf + insert_at + extra_len, out_buf + insert_at, + temp_len - insert_at); - r -= 2; + /* Inserted part */ + memcpy(out_buf + insert_at, ptr, extra_len); + temp_len += extra_len; - } + break; - } + } - if (afl->a_extras_cnt) { + case 34: { - if (r < 1) { + if (!afl->a_extras_cnt) { break; } - /* Use the dictionary. */ + /* Use the dictionary. */ - u32 use_extra = rand_below(afl, afl->a_extras_cnt); - u32 extra_len = afl->a_extras[use_extra].len; + u32 use_extra = rand_below(afl, afl->a_extras_cnt); + u32 extra_len = afl->a_extras[use_extra].len; - if (extra_len > temp_len) { break; } + if (extra_len > temp_len) { break; } - u32 insert_at = rand_below(afl, temp_len - extra_len + 1); + u32 insert_at = rand_below(afl, temp_len - extra_len + 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " AUTO_EXTRA_OVERWRITE-%u-%u", insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), + " AUTO-EXTRA-OVERWRITE_%u_%u", insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); #endif - memcpy(out_buf + insert_at, afl->a_extras[use_extra].data, - extra_len); + memcpy(out_buf + insert_at, afl->a_extras[use_extra].data, extra_len); - break; - - } else if (r < 2) { + break; - u32 use_extra = rand_below(afl, afl->a_extras_cnt); - u32 extra_len = afl->a_extras[use_extra].len; - if (temp_len + extra_len >= MAX_FILE) { break; } + } - u8 *ptr = afl->a_extras[use_extra].data; - u32 insert_at = rand_below(afl, temp_len + 1); -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " AUTO_EXTRA_INSERT-%u-%u", insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); -#endif + case 35: { - out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len + extra_len); - if (unlikely(!out_buf)) { PFATAL("alloc"); } + if (!afl->a_extras_cnt) { break; } - /* Tail */ - memmove(out_buf + insert_at + extra_len, out_buf + insert_at, - temp_len - insert_at); + u32 use_extra = rand_below(afl, afl->a_extras_cnt); + u32 extra_len = afl->a_extras[use_extra].len; + if (temp_len + extra_len >= MAX_FILE) { break; } - /* Inserted part */ - memcpy(out_buf + insert_at, ptr, extra_len); - temp_len += extra_len; + u8 *ptr = afl->a_extras[use_extra].data; + u32 insert_at = rand_below(afl, temp_len + 1); +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " AUTO-EXTRA-INSERT_%u_%u", + insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); +#endif - break; + out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len + extra_len); + if (unlikely(!out_buf)) { PFATAL("alloc"); } - } else { + /* Tail */ + memmove(out_buf + insert_at + extra_len, out_buf + insert_at, + temp_len - insert_at); - r -= 2; + /* Inserted part */ + memcpy(out_buf + insert_at, ptr, extra_len); + temp_len += extra_len; - } + break; - } + } } From 506f6b134987d47da6c1a2e172f50b47559e7b4f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 30 Mar 2023 19:28:59 +0200 Subject: [PATCH 004/357] nits --- src/afl-fuzz-one.c | 104 ++++++++++++++++++++++++++++++++++++++++--- src/afl-fuzz-queue.c | 2 +- 2 files changed, 99 insertions(+), 7 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index b1c3857295..36259d9b3e 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -30,8 +30,8 @@ static u32 mutation_array_explore[] = { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31}; + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37}; // static u32 mutation_array_exploit[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, // 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, // 31 }; static u32 mutation_array_txt_explore[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, @@ -2133,9 +2133,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* We essentially just do several thousand runs (depending on perf_score) where we take the input file and make random stacked tweaks. */ -#define MAX_HAVOC_ENTRY 31 -#define MUTATE_ASCII_DICT 0 - u32 r_max, mutation_array_len; u32 **mutation_array; @@ -2725,7 +2722,6 @@ u8 fuzz_one_original(afl_state_t *afl) { } - // MAX_HAVOC_ENTRY = 64 case 25: { /* Delete bytes. */ @@ -3120,6 +3116,102 @@ u8 fuzz_one_original(afl_state_t *afl) { } + case 36: { + + if (afl->ready_for_splicing_count <= 1) { break; } + + /* Pick a random queue entry and seek to it. */ + + u32 tid; + do { + + tid = rand_below(afl, afl->queued_items); + + } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); + + /* Get the testcase for splicing. */ + struct queue_entry *target = afl->queue_buf[tid]; + u32 new_len = target->len; + u8 *new_buf = queue_testcase_get(afl, target); + + /* overwrite mode */ + + u32 copy_from, copy_to, copy_len; + + copy_len = choose_block_len(afl, new_len - 1); + if (copy_len > temp_len) copy_len = temp_len; + + copy_from = rand_below(afl, new_len - copy_len + 1); + copy_to = rand_below(afl, temp_len - copy_len + 1); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), + " SPLICE-OVERWRITE_%u_%u_%u_%s", copy_from, copy_to, + copy_len, target->fname); + strcat(afl->mutation, afl->m_tmp); +#endif + memmove(out_buf + copy_to, new_buf + copy_from, copy_len); + + break; + + } + + case 37: { + + if (afl->ready_for_splicing_count <= 1) { break; } + if (temp_len + HAVOC_BLK_XL >= MAX_FILE) { break; } + + /* Pick a random queue entry and seek to it. */ + + u32 tid; + do { + + tid = rand_below(afl, afl->queued_items); + + } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); + + /* Get the testcase for splicing. */ + struct queue_entry *target = afl->queue_buf[tid]; + u32 new_len = target->len; + u8 *new_buf = queue_testcase_get(afl, target); + + /* insert mode */ + + u32 clone_from, clone_to, clone_len; + + clone_len = choose_block_len(afl, new_len); + clone_from = rand_below(afl, new_len - clone_len + 1); + clone_to = rand_below(afl, temp_len + 1); + + u8 *temp_buf = + afl_realloc(AFL_BUF_PARAM(out_scratch), temp_len + clone_len + 1); + if (unlikely(!temp_buf)) { PFATAL("alloc"); } + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " SPLICE-INSERT_%u_%u_%u_%s", + clone_from, clone_to, clone_len, target->fname); + strcat(afl->mutation, afl->m_tmp); +#endif + /* Head */ + + memcpy(temp_buf, out_buf, clone_to); + + /* Inserted part */ + + memcpy(temp_buf + clone_to, new_buf + clone_from, clone_len); + + /* Tail */ + memcpy(temp_buf + clone_to + clone_len, out_buf + clone_to, + temp_len - clone_to); + + out_buf = temp_buf; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + temp_len += clone_len; + + break; + + } + } } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 40184645b3..fff8db0374 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -563,7 +563,7 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { } - if (likely(q->len > 4)) afl->ready_for_splicing_count++; + if (likely(q->len > 4)) { ++afl->ready_for_splicing_count; } ++afl->queued_items; ++afl->active_items; From 74baebd93e6ad65de297e812d53f06592166ef9a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 30 Mar 2023 20:02:59 +0200 Subject: [PATCH 005/357] fix --- src/afl-fuzz-one.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 36259d9b3e..fc37d493da 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2134,11 +2134,11 @@ u8 fuzz_one_original(afl_state_t *afl) { where we take the input file and make random stacked tweaks. */ u32 r_max, mutation_array_len; - u32 **mutation_array; + u32 *mutation_array; // if ( ... ) mutation_array = (u32 **)&mutation_array_explore; - mutation_array_len = sizeof(mutation_array_explore) + 1; + mutation_array_len = sizeof(mutation_array_explore) / 4; r_max = mutation_array_len; // + (afl->extras_cnt ? 2 : 0) + (afl->a_extras_cnt ? 2 : 0); @@ -2191,7 +2191,8 @@ u8 fuzz_one_original(afl_state_t *afl) { } - switch (*mutation_array[rand_below(afl, r_max)]) { + u32 r = rand_below(afl, r_max); + switch (mutation_array[r]) { case 0: { From 8f17c816919301b870b9c7dad84e475370c87381 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 30 Mar 2023 22:41:02 +0200 Subject: [PATCH 006/357] less mutation --- src/afl-fuzz-one.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index fc37d493da..b01814a3b7 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2145,7 +2145,7 @@ u8 fuzz_one_original(afl_state_t *afl) { for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - u32 use_stacking = 2 + rand_below(afl, 15), item; + u32 use_stacking = 1 + rand_below(afl, 8), item; afl->stage_cur_val = use_stacking; From 9eed60d1055ada484798d6de51101043ecaf462d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 31 Mar 2023 08:12:32 +0200 Subject: [PATCH 007/357] nit --- src/afl-fuzz-one.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index b01814a3b7..1a1207330e 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2137,7 +2137,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 *mutation_array; // if ( ... ) - mutation_array = (u32 **)&mutation_array_explore; + mutation_array = (u32 *)&mutation_array_explore; mutation_array_len = sizeof(mutation_array_explore) / 4; r_max = mutation_array_len; @@ -2192,6 +2192,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } u32 r = rand_below(afl, r_max); + switch (mutation_array[r]) { case 0: { From 21203c2ea6b0586d3c63f9d33190dfd364677b1a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 2 Apr 2023 12:39:02 +0200 Subject: [PATCH 008/357] fix --- src/afl-fuzz-one.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 1a1207330e..c550fbc2ac 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2905,7 +2905,7 @@ u8 fuzz_one_original(afl_state_t *afl) { val /= 2; break; case 4: - if (val) { + if (val && val < 0xfffffff) { val = rand_next(afl) % (val * 10); From 71e2aa5d2bb99bd7edc2efcebd52eee5736c35fd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 2 Apr 2023 13:42:08 +0200 Subject: [PATCH 009/357] more fix --- src/afl-fuzz-one.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index c550fbc2ac..a52fb4c6d4 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2133,7 +2133,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* We essentially just do several thousand runs (depending on perf_score) where we take the input file and make random stacked tweaks. */ - u32 r_max, mutation_array_len; + u32 r_max, mutation_array_len; u32 *mutation_array; // if ( ... ) @@ -2905,9 +2905,9 @@ u8 fuzz_one_original(afl_state_t *afl) { val /= 2; break; case 4: - if (val && val < 0xfffffff) { + if (val && (u64)val < 0x19999999) { - val = rand_next(afl) % (val * 10); + val = (u64)rand_next(afl) % (u64)((u64)val * 10); } else { From 635da39bd135b7db3529a4b3b059b85260ce14a5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 3 Apr 2023 14:41:52 +0200 Subject: [PATCH 010/357] preparation for mutation arrays --- src/afl-fuzz-one.c | 176 +++++++++++++++++++++++++++++++++------------ 1 file changed, 131 insertions(+), 45 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index a52fb4c6d4..1636c32316 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2133,19 +2133,35 @@ u8 fuzz_one_original(afl_state_t *afl) { /* We essentially just do several thousand runs (depending on perf_score) where we take the input file and make random stacked tweaks. */ - u32 r_max, mutation_array_len; u32 *mutation_array; + u32 stack_max; // if ( ... ) mutation_array = (u32 *)&mutation_array_explore; - mutation_array_len = sizeof(mutation_array_explore) / 4; - r_max = mutation_array_len; + if (temp_len < 64) { + + stack_max = 4; + + } else if (temp_len < 512) { + + stack_max = 8; + + } else if (temp_len < 8096) { + + stack_max = 16; + + } else { + + stack_max = 32; + + } + // + (afl->extras_cnt ? 2 : 0) + (afl->a_extras_cnt ? 2 : 0); for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - u32 use_stacking = 1 + rand_below(afl, 8), item; + u32 use_stacking = 1 + rand_below(afl, stack_max); afl->stage_cur_val = use_stacking; @@ -2191,7 +2207,8 @@ u8 fuzz_one_original(afl_state_t *afl) { } - u32 r = rand_below(afl, r_max); + retry_havoc_step: + u32 r = rand_below(afl, 256), item; switch (mutation_array[r]) { @@ -2228,7 +2245,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Set word to interesting value, little endian. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry item = rand_below(afl, sizeof(interesting_16) >> 1); #ifdef INTROSPECTION @@ -2247,7 +2264,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Set word to interesting value, big endian. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry item = rand_below(afl, sizeof(interesting_16) >> 1); #ifdef INTROSPECTION @@ -2265,7 +2282,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Set dword to interesting value, little endian. */ - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry item = rand_below(afl, sizeof(interesting_32) >> 2); #ifdef INTROSPECTION @@ -2284,7 +2301,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Set dword to interesting value, big endian. */ - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry item = rand_below(afl, sizeof(interesting_32) >> 2); #ifdef INTROSPECTION @@ -2330,7 +2347,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly subtract from word, little endian. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 1); item = 1 + rand_below(afl, ARITH_MAX); @@ -2349,7 +2366,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly subtract from word, big endian. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 1); u16 num = 1 + rand_below(afl, ARITH_MAX); @@ -2369,7 +2386,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly add to word, little endian. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 1); item = 1 + rand_below(afl, ARITH_MAX); @@ -2388,7 +2405,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly add to word, big endian. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 1); u16 num = 1 + rand_below(afl, ARITH_MAX); @@ -2408,7 +2425,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly subtract from dword, little endian. */ - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 3); item = 1 + rand_below(afl, ARITH_MAX); @@ -2427,7 +2444,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly subtract from dword, big endian. */ - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 3); u32 num = 1 + rand_below(afl, ARITH_MAX); @@ -2447,7 +2464,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly add to dword, little endian. */ - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 3); item = 1 + rand_below(afl, ARITH_MAX); @@ -2466,7 +2483,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Randomly add to dword, big endian. */ - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry u32 pos = rand_below(afl, temp_len - 3); u32 num = 1 + rand_below(afl, ARITH_MAX); @@ -2502,7 +2519,7 @@ u8 fuzz_one_original(afl_state_t *afl) { case 17: { - if (temp_len + HAVOC_BLK_XL < MAX_FILE) { + if (likely(temp_len + HAVOC_BLK_XL < MAX_FILE)) { /* Clone bytes. */ @@ -2535,6 +2552,14 @@ u8 fuzz_one_original(afl_state_t *afl) { afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); temp_len += clone_len; + } else if (unlikely(temp_len < 8)) { + + break; + + } else { + + goto retry_havoc_step; + } break; @@ -2543,7 +2568,7 @@ u8 fuzz_one_original(afl_state_t *afl) { case 18: { - if (temp_len + HAVOC_BLK_XL < MAX_FILE) { + if (likely(temp_len + HAVOC_BLK_XL < MAX_FILE)) { /* Insert a block of constant bytes (25%). */ @@ -2578,6 +2603,14 @@ u8 fuzz_one_original(afl_state_t *afl) { afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); temp_len += clone_len; + } else if (unlikely(temp_len < 8)) { + + break; + + } else { + + goto retry_havoc_step; + } break; @@ -2588,7 +2621,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Overwrite bytes with a randomly selected chunk bytes. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry u32 copy_len = choose_block_len(afl, temp_len - 1); u32 copy_from = rand_below(afl, temp_len - copy_len + 1); @@ -2613,7 +2646,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Overwrite bytes with fixed bytes. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry u32 copy_len = choose_block_len(afl, temp_len - 1); u32 copy_to = rand_below(afl, temp_len - copy_len + 1); @@ -2674,7 +2707,7 @@ u8 fuzz_one_original(afl_state_t *afl) { case 24: { - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry /* Switch bytes. */ @@ -2684,7 +2717,7 @@ u8 fuzz_one_original(afl_state_t *afl) { switch_to = rand_below(afl, temp_len); - } while (switch_from == switch_to); + } while (unlikely(switch_from == switch_to)); if (switch_from < switch_to) { @@ -2728,7 +2761,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Delete bytes. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry /* Don't delete too much. */ @@ -2753,7 +2786,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Shuffle bytes. */ - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry u32 len = choose_block_len(afl, temp_len - 1); u32 off = rand_below(afl, temp_len - len + 1); @@ -2770,7 +2803,7 @@ u8 fuzz_one_original(afl_state_t *afl) { j = rand_below(afl, i + 1); - } while (i == j); + } while (unlikely(i == j)); unsigned char temp = out_buf[off + i]; out_buf[off + i] = out_buf[off + j]; @@ -2786,7 +2819,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Delete bytes. */ - if (temp_len < 2) { break; } + if (unlikely(temp_len < 2)) { break; } // no retry /* Don't delete too much. */ @@ -2808,6 +2841,8 @@ u8 fuzz_one_original(afl_state_t *afl) { case 28: { + if (unlikely(temp_len < 2)) { break; } // no retry + u32 clone_len = 1; u32 clone_to = rand_below(afl, temp_len); u32 strat = rand_below(afl, 2); @@ -2845,7 +2880,7 @@ u8 fuzz_one_original(afl_state_t *afl) { case 29: { - if (temp_len < 4) { break; } + if (unlikely(temp_len < 4)) { break; } // no retry u32 off = rand_below(afl, temp_len), off2 = off, cnt = 0; @@ -2867,7 +2902,19 @@ u8 fuzz_one_original(afl_state_t *afl) { } - if (cnt == off) { break; } + if (cnt == off) { + + if (temp_len < 8) { + + break; + + } else { + + goto retry_havoc_step; + + } + + } } @@ -2905,7 +2952,7 @@ u8 fuzz_one_original(afl_state_t *afl) { val /= 2; break; case 4: - if (val && (u64)val < 0x19999999) { + if (likely(val && (u64)val < 0x19999999)) { val = (u64)rand_next(afl) % (u64)((u64)val * 10); @@ -2995,7 +3042,19 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 len = 1 + rand_below(afl, 8); u32 pos = rand_below(afl, temp_len); /* Insert ascii number. */ - if (temp_len < pos + len) { break; } + if (unlikely(temp_len < pos + len)) { + + if (unlikely(temp_len < 8)) { + + break; + + } else { + + goto retry_havoc_step; + + } + + } #ifdef INTROSPECTION snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INSERTASCIINUM_"); @@ -3012,14 +3071,14 @@ u8 fuzz_one_original(afl_state_t *afl) { case 32: { - if (!afl->extras_cnt) { break; } + if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; } /* Use the dictionary. */ u32 use_extra = rand_below(afl, afl->extras_cnt); u32 extra_len = afl->extras[use_extra].len; - if (extra_len > temp_len) { break; } + if (unlikely(extra_len > temp_len)) { goto retry_havoc_step; } u32 insert_at = rand_below(afl, temp_len - extra_len + 1); #ifdef INTROSPECTION @@ -3035,11 +3094,15 @@ u8 fuzz_one_original(afl_state_t *afl) { case 33: { - if (!afl->extras_cnt) { break; } + if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; } u32 use_extra = rand_below(afl, afl->extras_cnt); u32 extra_len = afl->extras[use_extra].len; - if (temp_len + extra_len >= MAX_FILE) { break; } + if (unlikely(temp_len + extra_len >= MAX_FILE)) { + + goto retry_havoc_step; + + } u8 *ptr = afl->extras[use_extra].data; u32 insert_at = rand_below(afl, temp_len + 1); @@ -3066,14 +3129,14 @@ u8 fuzz_one_original(afl_state_t *afl) { case 34: { - if (!afl->a_extras_cnt) { break; } + if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; } /* Use the dictionary. */ u32 use_extra = rand_below(afl, afl->a_extras_cnt); u32 extra_len = afl->a_extras[use_extra].len; - if (extra_len > temp_len) { break; } + if (unlikely(extra_len > temp_len)) { goto retry_havoc_step; } u32 insert_at = rand_below(afl, temp_len - extra_len + 1); #ifdef INTROSPECTION @@ -3089,11 +3152,15 @@ u8 fuzz_one_original(afl_state_t *afl) { case 35: { - if (!afl->a_extras_cnt) { break; } + if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; } u32 use_extra = rand_below(afl, afl->a_extras_cnt); u32 extra_len = afl->a_extras[use_extra].len; - if (temp_len + extra_len >= MAX_FILE) { break; } + if (unlikely(temp_len + extra_len >= MAX_FILE)) { + + goto retry_havoc_step; + + } u8 *ptr = afl->a_extras[use_extra].data; u32 insert_at = rand_below(afl, temp_len + 1); @@ -3120,7 +3187,11 @@ u8 fuzz_one_original(afl_state_t *afl) { case 36: { - if (afl->ready_for_splicing_count <= 1) { break; } + if (unlikely(afl->ready_for_splicing_count <= 1)) { + + goto retry_havoc_step; + + } /* Pick a random queue entry and seek to it. */ @@ -3129,7 +3200,9 @@ u8 fuzz_one_original(afl_state_t *afl) { tid = rand_below(afl, afl->queued_items); - } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); + } while (unlikely(tid == afl->current_entry || + + afl->queue_buf[tid]->len < 4)); /* Get the testcase for splicing. */ struct queue_entry *target = afl->queue_buf[tid]; @@ -3160,8 +3233,17 @@ u8 fuzz_one_original(afl_state_t *afl) { case 37: { - if (afl->ready_for_splicing_count <= 1) { break; } - if (temp_len + HAVOC_BLK_XL >= MAX_FILE) { break; } + if (unlikely(afl->ready_for_splicing_count <= 1)) { + + goto retry_havoc_step; + + } + + if (unlikely(temp_len + HAVOC_BLK_XL >= MAX_FILE)) { + + goto retry_havoc_step; + + } /* Pick a random queue entry and seek to it. */ @@ -3170,7 +3252,9 @@ u8 fuzz_one_original(afl_state_t *afl) { tid = rand_below(afl, afl->queued_items); - } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); + } while (unlikely(tid == afl->current_entry || + + afl->queue_buf[tid]->len < 4)); /* Get the testcase for splicing. */ struct queue_entry *target = afl->queue_buf[tid]; @@ -3303,7 +3387,9 @@ u8 fuzz_one_original(afl_state_t *afl) { tid = rand_below(afl, afl->queued_items); - } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); + } while ( + + unlikely(tid == afl->current_entry || afl->queue_buf[tid]->len < 4)); /* Get the testcase */ afl->splicing_with = tid; From fcd21256780fd21c55e72e9338b3992c60db22dc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 4 Apr 2023 15:47:53 +0200 Subject: [PATCH 011/357] prepare for strategies --- custom_mutators/aflpp/Makefile | 10 + custom_mutators/aflpp/README.md | 8 + custom_mutators/aflpp/aflpp.c | 68 +++ include/afl-mutations.h | 992 ++++++++++++++++++++++++++++++++ src/afl-fuzz-one.c | 165 +++--- 5 files changed, 1143 insertions(+), 100 deletions(-) create mode 100644 custom_mutators/aflpp/Makefile create mode 100644 custom_mutators/aflpp/README.md create mode 100644 custom_mutators/aflpp/aflpp.c create mode 100644 include/afl-mutations.h diff --git a/custom_mutators/aflpp/Makefile b/custom_mutators/aflpp/Makefile new file mode 100644 index 0000000000..8efdf3e450 --- /dev/null +++ b/custom_mutators/aflpp/Makefile @@ -0,0 +1,10 @@ + +CFLAGS = -O3 -funroll-loops -fPIC -Wl,-Bsymbolic + +all: aflpp-mutator.so + +aflpp-mutator.so: aflpp.c + $(CC) $(CFLAGS) -I../../include -I. -shared -o aflpp-mutator.so aflpp.c ../../src/afl-performance.c + +clean: + rm -f *.o *~ *.so core diff --git a/custom_mutators/aflpp/README.md b/custom_mutators/aflpp/README.md new file mode 100644 index 0000000000..04d605c17f --- /dev/null +++ b/custom_mutators/aflpp/README.md @@ -0,0 +1,8 @@ +# custum mutator: AFL++ + +this is the AFL++ havoc mutator as a custom mutator module for AFL++. + +just type `make` to build + +```AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/aflpp/aflpp-mutator.so afl-fuzz ...``` + diff --git a/custom_mutators/aflpp/aflpp.c b/custom_mutators/aflpp/aflpp.c new file mode 100644 index 0000000000..2b69ad9cef --- /dev/null +++ b/custom_mutators/aflpp/aflpp.c @@ -0,0 +1,68 @@ +#include "afl-mutations.h" + +typedef struct my_mutator { + + afl_state_t *afl; + u8 *buf; + +} my_mutator_t; + +my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { + + (void)seed; + + my_mutator_t *data = calloc(1, sizeof(my_mutator_t)); + if (!data) { + + perror("afl_custom_init alloc"); + return NULL; + + } + + data->buf = malloc(MAX_FILE); + if (!data->buf) { + + perror("afl_custom_init alloc"); + return NULL; + + } + + data->afl = afl; + + return data; + +} + +/* here we run the AFL++ mutator, which is the best! */ + +size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, + u8 **out_buf, uint8_t *add_buf, size_t add_buf_size, + size_t max_size) { + + u32 havoc_steps = 1 + rand_below(data->afl, 16); + + /* set everything up, costly ... :( */ + memcpy(data->buf, buf, buf_size); + + /* the mutation */ + u32 out_buf_len = afl_mutate(data->afl, data->buf, buf_size, havoc_steps, + false, true, add_buf, add_buf_size); + + /* return size of mutated data */ + *out_buf = data->buf; + return out_buf_len; + +} + +/** + * Deinitialize everything + * + * @param data The data ptr from afl_custom_init + */ +void afl_custom_deinit(my_mutator_t *data) { + + free(data->buf); + free(data); + +} + diff --git a/include/afl-mutations.h b/include/afl-mutations.h new file mode 100644 index 0000000000..43b7927d13 --- /dev/null +++ b/include/afl-mutations.h @@ -0,0 +1,992 @@ +/* Implementation of afl havoc mutation to be used in AFL++ custom mutators and + partially in afl-fuzz itself. + + How to use: + + #include "afl-mutations.h" // needs afl-fuzz.h + + u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32t steps, bool is_text, + bool is_exploration, u8 *splice_buf, u32 splice_len); + + Returns: + u32 - the length of the mutated data return in *buf. 0 = error + Parameters: + afl_state_t *afl - the *afl state pointer + u8 *buf - the input buffer to mutate which will be mutated into. + NOTE: must be of MAX_FILE size! + u32 len - the length of the input + u32 steps - how many mutations to perform on the input + bool is_text - is the target expecting text inputs + bool is_exploration - mutate for exploration mode (instead of exploitation) + splice_buf - a buffer from another corpus item to splice with. + If NULL then no splicing + splice_len - the length of the splice buffer. If 0 then no splicing +*/ + +#ifndef _ANDROID_ASHMEM_H + #define AFL_MUTATIONS_H + + #include + #include "afl-fuzz.h" + + #define MUT_STRATEGY_ARRAY_SIZE 256 + +enum { + + /* 00 */ MUT_FLIPBIT, + /* 01 */ MUT_INTERESTING8, + /* 02 */ MUT_INTERESTING16, + /* 03 */ MUT_INTERESTING16BE, + /* 04 */ MUT_INTERESTING32, + /* 05 */ MUT_INTERESTING32BE, + /* 06 */ MUT_ARITH8_, + /* 07 */ MUT_ARITH8, + /* 08 */ MUT_ARITH16_, + /* 09 */ MUT_ARITH16BE_, + /* 10 */ MUT_ARITH16, + /* 11 */ MUT_ARITH16BE, + /* 12 */ MUT_ARITH32_, + /* 13 */ MUT_ARITH32BE_, + /* 14 */ MUT_ARITH32, + /* 15 */ MUT_ARITH32BE, + /* 16 */ MUT_RAND8, + /* 17 */ MUT_CLONE_OVERWRITE, + /* 18 */ MUT_CLONE_INSERT, + /* 19 */ MUT_OVERWRITE_COPY, + /* 20 */ MUT_OVERWRITE_FIXED, + /* 21 */ MUT_BYTEADD, + /* 22 */ MUT_BYTESUB, + /* 23 */ MUT_FLIP8, + /* 24 */ MUT_SWITCH, + /* 25 */ MUT_DEL, + /* 26 */ MUT_SHUFFLE, + /* 27 */ MUT_DELONE, + /* 28 */ MUT_INSERTONE, + /* 29 */ MUT_ASCIINUM, + /* 30 */ MUT_NEG, + /* 31 */ MUT_INSERTASCIINUM, + /* 32 */ MUT_EXTRA_OVERWRITE, + /* 33 */ MUT_EXTRA_INSERT, + /* 34 */ MUT_AUTO_EXTRA_OVERWRITE, + /* 35 */ MUT_AUTO_EXTRA_INSERT, + /* 36 */ MUT_SPLICE_OVERWRITE, + /* 37 */ MUT_SPLICE_INSERT, + + MUT_MAX + +}; + +unsigned int mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {}; +unsigned int mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {}; +unsigned int mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {}; +unsigned int mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = + {}; + +unsigned int afl_mutate(afl_state_t *, unsigned char *, unsigned int, + unsigned int, bool, bool, unsigned char *, + unsigned int); +u32 choose_block_len(afl_state_t *, u32); + +/* Helper to choose random block len for block operations in fuzz_one(). + Doesn't return zero, provided that max_len is > 0. */ + +inline u32 choose_block_len(afl_state_t *afl, u32 limit) { + + u32 min_value, max_value; + u32 rlim = MIN(afl->queue_cycle, (u32)3); + + if (unlikely(!afl->run_over10m)) { rlim = 1; } + + switch (rand_below(afl, rlim)) { + + case 0: + min_value = 1; + max_value = HAVOC_BLK_SMALL; + break; + + case 1: + min_value = HAVOC_BLK_SMALL; + max_value = HAVOC_BLK_MEDIUM; + break; + + default: + + if (likely(rand_below(afl, 10))) { + + min_value = HAVOC_BLK_MEDIUM; + max_value = HAVOC_BLK_LARGE; + + } else { + + min_value = HAVOC_BLK_LARGE; + max_value = HAVOC_BLK_XL; + + } + + } + + if (min_value >= limit) { min_value = 1; } + + return min_value + rand_below(afl, MIN(max_value, limit) - min_value + 1); + +} + +unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, + unsigned int steps, bool is_text, bool is_exploration, + unsigned char *splice_buf, unsigned int splice_len) { + + if (!buf || !len) { return 0; } + + u32 *mutation_array; + static unsigned char *tmp_buf = NULL; + + if (!tmp_buf) { + + if ((tmp_buf = malloc(MAX_FILE)) == NULL) { return 0; } + + } + + if (is_text) { + + if (is_exploration) { + + mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + + } else { + + mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; + + } + + } else { + + if (is_exploration) { + + mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + + } else { + + mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + + } + + } + + for (unsigned int step = 0; step < steps; ++step) { + + retry_havoc_step: + + u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item; + + switch (mutation_array[r]) { + + case MUT_FLIPBIT: { + + /* Flip a single bit somewhere. Spooky! */ + u8 bit = rand_below(afl, 8); + u32 off = rand_below(afl, len); + buf[off] ^= 1 << bit; + + break; + + } + + case MUT_INTERESTING8: { + + /* Set byte to interesting value. */ + + item = rand_below(afl, sizeof(interesting_8)); + buf[rand_below(afl, len)] = interesting_8[item]; + break; + + } + + case MUT_INTERESTING16: { + + /* Set word to interesting value, little endian. */ + + if (unlikely(len < 2)) { break; } // no retry + + item = rand_below(afl, sizeof(interesting_16) >> 1); + *(u16 *)(buf + rand_below(afl, len - 1)) = interesting_16[item]; + + break; + + } + + case MUT_INTERESTING16BE: { + + /* Set word to interesting value, big endian. */ + + if (unlikely(len < 2)) { break; } // no retry + + item = rand_below(afl, sizeof(interesting_16) >> 1); + *(u16 *)(buf + rand_below(afl, len - 1)) = SWAP16(interesting_16[item]); + + break; + + } + + case MUT_INTERESTING32: { + + /* Set dword to interesting value, little endian. */ + + if (unlikely(len < 4)) { break; } // no retry + + item = rand_below(afl, sizeof(interesting_32) >> 2); + *(u32 *)(buf + rand_below(afl, len - 3)) = interesting_32[item]; + + break; + + } + + case MUT_INTERESTING32BE: { + + /* Set dword to interesting value, big endian. */ + + if (unlikely(len < 4)) { break; } // no retry + + item = rand_below(afl, sizeof(interesting_32) >> 2); + *(u32 *)(buf + rand_below(afl, len - 3)) = SWAP32(interesting_32[item]); + + break; + + } + + case MUT_ARITH8_: { + + /* Randomly subtract from byte. */ + + item = 1 + rand_below(afl, ARITH_MAX); + buf[rand_below(afl, len)] -= item; + break; + + } + + case MUT_ARITH8: { + + /* Randomly add to byte. */ + + item = 1 + rand_below(afl, ARITH_MAX); + buf[rand_below(afl, len)] += item; + break; + + } + + case MUT_ARITH16_: { + + /* Randomly subtract from word, little endian. */ + + if (unlikely(len < 2)) { break; } // no retry + + u32 pos = rand_below(afl, len - 1); + item = 1 + rand_below(afl, ARITH_MAX); + *(u16 *)(buf + pos) -= item; + + break; + + } + + case MUT_ARITH16BE_: { + + /* Randomly subtract from word, big endian. */ + + if (unlikely(len < 2)) { break; } // no retry + + u32 pos = rand_below(afl, len - 1); + u16 num = 1 + rand_below(afl, ARITH_MAX); + *(u16 *)(buf + pos) = SWAP16(SWAP16(*(u16 *)(buf + pos)) - num); + + break; + + } + + case MUT_ARITH16: { + + /* Randomly add to word, little endian. */ + + if (unlikely(len < 2)) { break; } // no retry + + u32 pos = rand_below(afl, len - 1); + item = 1 + rand_below(afl, ARITH_MAX); + *(u16 *)(buf + pos) += item; + + break; + + } + + case MUT_ARITH16BE: { + + /* Randomly add to word, big endian. */ + + if (unlikely(len < 2)) { break; } // no retry + + u32 pos = rand_below(afl, len - 1); + u16 num = 1 + rand_below(afl, ARITH_MAX); + *(u16 *)(buf + pos) = SWAP16(SWAP16(*(u16 *)(buf + pos)) + num); + + break; + + } + + case MUT_ARITH32_: { + + /* Randomly subtract from dword, little endian. */ + + if (unlikely(len < 4)) { break; } // no retry + + u32 pos = rand_below(afl, len - 3); + item = 1 + rand_below(afl, ARITH_MAX); + *(u32 *)(buf + pos) -= item; + + break; + + } + + case MUT_ARITH32BE_: { + + /* Randomly subtract from dword, big endian. */ + + if (unlikely(len < 4)) { break; } // no retry + + u32 pos = rand_below(afl, len - 3); + u32 num = 1 + rand_below(afl, ARITH_MAX); + *(u32 *)(buf + pos) = SWAP32(SWAP32(*(u32 *)(buf + pos)) - num); + + break; + + } + + case MUT_ARITH32: { + + /* Randomly add to dword, little endian. */ + + if (unlikely(len < 4)) { break; } // no retry + + u32 pos = rand_below(afl, len - 3); + item = 1 + rand_below(afl, ARITH_MAX); + *(u32 *)(buf + pos) += item; + + break; + + } + + case MUT_ARITH32BE: { + + /* Randomly add to dword, big endian. */ + + if (unlikely(len < 4)) { break; } // no retry + + u32 pos = rand_below(afl, len - 3); + u32 num = 1 + rand_below(afl, ARITH_MAX); + *(u32 *)(buf + pos) = SWAP32(SWAP32(*(u32 *)(buf + pos)) + num); + + break; + + } + + case MUT_RAND8: { + + /* Just set a random byte to a random value. Because, + why not. We use XOR with 1-255 to eliminate the + possibility of a no-op. */ + + u32 pos = rand_below(afl, len); + item = 1 + rand_below(afl, 255); + buf[pos] ^= item; + break; + + } + + case MUT_CLONE_OVERWRITE: { + + if (likely(len + HAVOC_BLK_XL < MAX_FILE)) { + + /* Clone bytes. */ + + u32 clone_len = choose_block_len(afl, len); + u32 clone_from = rand_below(afl, len - clone_len + 1); + u32 clone_to = rand_below(afl, len); + + /* Head */ + + memcpy(tmp_buf, buf, clone_to); + + /* Inserted part */ + + memcpy(tmp_buf + clone_to, buf + clone_from, clone_len); + + /* Tail */ + memcpy(tmp_buf + clone_to + clone_len, buf + clone_to, + len - clone_to); + + len += clone_len; + memcpy(buf, tmp_buf, len); + + } else if (unlikely(len < 8)) { + + break; + + } else { + + goto retry_havoc_step; + + } + + break; + + } + + case MUT_CLONE_INSERT: { + + if (likely(len + HAVOC_BLK_XL < MAX_FILE)) { + + /* Insert a block of constant bytes (25%). */ + + u32 clone_len = choose_block_len(afl, HAVOC_BLK_XL); + u32 clone_to = rand_below(afl, len); + u32 strat = rand_below(afl, 2); + u32 clone_from = clone_to ? clone_to - 1 : 0; + item = strat ? rand_below(afl, 256) : buf[clone_from]; + + /* Head */ + + memcpy(tmp_buf, buf, clone_to); + + /* Inserted part */ + + memset(tmp_buf + clone_to, item, clone_len); + + /* Tail */ + memcpy(tmp_buf + clone_to + clone_len, buf + clone_to, + len - clone_to); + + len += clone_len; + memcpy(buf, tmp_buf, len); + + } else if (unlikely(len < 8)) { + + break; + + } else { + + goto retry_havoc_step; + + } + + break; + + } + + case MUT_OVERWRITE_COPY: { + + /* Overwrite bytes with a randomly selected chunk bytes. */ + + if (unlikely(len < 2)) { break; } // no retry + + u32 copy_len = choose_block_len(afl, len - 1); + u32 copy_from = rand_below(afl, len - copy_len + 1); + u32 copy_to = rand_below(afl, len - copy_len + 1); + + if (likely(copy_from != copy_to)) { + + memmove(buf + copy_to, buf + copy_from, copy_len); + + } + + break; + + } + + case MUT_OVERWRITE_FIXED: { + + /* Overwrite bytes with fixed bytes. */ + + if (unlikely(len < 2)) { break; } // no retry + + u32 copy_len = choose_block_len(afl, len - 1); + u32 copy_to = rand_below(afl, len - copy_len + 1); + u32 strat = rand_below(afl, 2); + u32 copy_from = copy_to ? copy_to - 1 : 0; + item = strat ? rand_below(afl, 256) : buf[copy_from]; + memset(buf + copy_to, item, copy_len); + + break; + + } + + case MUT_BYTEADD: { + + /* Increase byte by 1. */ + + buf[rand_below(afl, len)]++; + break; + + } + + case MUT_BYTESUB: { + + /* Decrease byte by 1. */ + + buf[rand_below(afl, len)]--; + break; + + } + + case MUT_FLIP8: { + + /* Flip byte. */ + + buf[rand_below(afl, len)] ^= 0xff; + break; + + } + + case MUT_SWITCH: { + + if (unlikely(len < 4)) { break; } // no retry + + /* Switch bytes. */ + + u32 to_end, switch_to, switch_len, switch_from; + switch_from = rand_below(afl, len); + do { + + switch_to = rand_below(afl, len); + + } while (unlikely(switch_from == switch_to)); + + if (switch_from < switch_to) { + + switch_len = switch_to - switch_from; + to_end = len - switch_to; + + } else { + + switch_len = switch_from - switch_to; + to_end = len - switch_from; + + } + + switch_len = choose_block_len(afl, MIN(switch_len, to_end)); + + /* Backup */ + + memcpy(tmp_buf, buf + switch_from, switch_len); + + /* Switch 1 */ + + memcpy(buf + switch_from, buf + switch_to, switch_len); + + /* Switch 2 */ + + memcpy(buf + switch_to, tmp_buf, switch_len); + + break; + + } + + case MUT_DEL: { + + /* Delete bytes. */ + + if (unlikely(len < 2)) { break; } // no retry + + /* Don't delete too much. */ + + u32 del_len = choose_block_len(afl, len - 1); + u32 del_from = rand_below(afl, len - del_len + 1); + memmove(buf + del_from, buf + del_from + del_len, + len - del_from - del_len); + len -= del_len; + + break; + + } + + case MUT_SHUFFLE: { + + /* Shuffle bytes. */ + + if (unlikely(len < 4)) { break; } // no retry + + u32 len = choose_block_len(afl, len - 1); + u32 off = rand_below(afl, len - len + 1); + + for (u32 i = len - 1; i > 0; i--) { + + u32 j; + do { + + j = rand_below(afl, i + 1); + + } while (unlikely(i == j)); + + unsigned char temp = buf[off + i]; + buf[off + i] = buf[off + j]; + buf[off + j] = temp; + + } + + break; + + } + + case MUT_DELONE: { + + /* Delete bytes. */ + + if (unlikely(len < 2)) { break; } // no retry + + /* Don't delete too much. */ + + u32 del_len = 1; + u32 del_from = rand_below(afl, len - del_len + 1); + memmove(buf + del_from, buf + del_from + del_len, + len - del_from - del_len); + + len -= del_len; + + break; + + } + + case MUT_INSERTONE: { + + if (unlikely(len < 2)) { break; } // no retry + + u32 clone_len = 1; + u32 clone_to = rand_below(afl, len); + u32 strat = rand_below(afl, 2); + u32 clone_from = clone_to ? clone_to - 1 : 0; + item = strat ? rand_below(afl, 256) : buf[clone_from]; + + /* Head */ + + memcpy(tmp_buf, buf, clone_to); + + /* Inserted part */ + + memset(tmp_buf + clone_to, item, clone_len); + + /* Tail */ + memcpy(tmp_buf + clone_to + clone_len, buf + clone_to, len - clone_to); + + len += clone_len; + memcpy(buf, tmp_buf, len); + + break; + + } + + case MUT_ASCIINUM: { + + if (unlikely(len < 4)) { break; } // no retry + + u32 off = rand_below(afl, len), off2 = off, cnt = 0; + + while (off2 + cnt < len && !isdigit(buf[off2 + cnt])) { + + ++cnt; + + } + + // none found, wrap + if (off2 + cnt == len) { + + off2 = 0; + cnt = 0; + + while (cnt < off && !isdigit(buf[off2 + cnt])) { + + ++cnt; + + } + + if (cnt == off) { + + if (len < 8) { + + break; + + } else { + + goto retry_havoc_step; + + } + + } + + } + + off = off2 + cnt; + off2 = off + 1; + + while (off2 < len && isdigit(buf[off2])) { + + ++off2; + + } + + s64 val = buf[off] - '0'; + for (u32 i = off + 1; i < off2; ++i) { + + val = (val * 10) + buf[i] - '0'; + + } + + if (off && buf[off - 1] == '-') { val = -val; } + + u32 strat = rand_below(afl, 8); + switch (strat) { + + case 0: + val++; + break; + case 1: + val--; + break; + case 2: + val *= 2; + break; + case 3: + val /= 2; + break; + case 4: + if (likely(val && (u64)val < 0x19999999)) { + + val = (u64)rand_next(afl) % (u64)((u64)val * 10); + + } else { + + val = rand_below(afl, 256); + + } + + break; + case 5: + val += rand_below(afl, 256); + break; + case 6: + val -= rand_below(afl, 256); + break; + case 7: + val = ~(val); + break; + + } + + char buf[20]; + snprintf(buf, sizeof(buf), "%ld", val); + u32 old_len = off2 - off; + u32 new_len = strlen(buf); + + if (old_len == new_len) { + + memcpy(buf + off, buf, new_len); + + } else { + + /* Head */ + + memcpy(tmp_buf, buf, off); + + /* Inserted part */ + + memcpy(tmp_buf + off, buf, new_len); + + /* Tail */ + memcpy(tmp_buf + off + new_len, buf + off2, len - off2); + + len += (new_len - old_len); + memcpy(buf, tmp_buf, len); + + } + + // fprintf(stderr, "AFTER : %s\n", buf); + break; + + } + + case MUT_NEG: { + + /* Neg byte. */ + + item = rand_below(afl, len); + buf[item] = ~buf[item]; + + break; + + } + + case MUT_INSERTASCIINUM: { + + u32 len = 1 + rand_below(afl, 8); + u32 pos = rand_below(afl, len); + + /* Insert ascii number. */ + if (unlikely(len < pos + len)) { + + if (unlikely(len < 8)) { + + break; + + } else { + + goto retry_havoc_step; + + } + + } + + u64 val = rand_next(afl); + char buf[20]; + snprintf(buf, sizeof(buf), "%llu", val); + memcpy(buf + pos, buf, len); + + break; + + } + + case MUT_EXTRA_OVERWRITE: { + + if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; } + + /* Use the dictionary. */ + + u32 use_extra = rand_below(afl, afl->extras_cnt); + u32 extra_len = afl->extras[use_extra].len; + + if (unlikely(extra_len > len)) { goto retry_havoc_step; } + + u32 insert_at = rand_below(afl, len - extra_len + 1); + memcpy(buf + insert_at, afl->extras[use_extra].data, extra_len); + + break; + + } + + case MUT_EXTRA_INSERT: { + + if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; } + + u32 use_extra = rand_below(afl, afl->extras_cnt); + u32 extra_len = afl->extras[use_extra].len; + if (unlikely(len + extra_len >= MAX_FILE)) { goto retry_havoc_step; } + + u8 *ptr = afl->extras[use_extra].data; + u32 insert_at = rand_below(afl, len + 1); + + /* Tail */ + memmove(buf + insert_at + extra_len, buf + insert_at, len - insert_at); + + /* Inserted part */ + memcpy(buf + insert_at, ptr, extra_len); + len += extra_len; + + break; + + } + + case MUT_AUTO_EXTRA_OVERWRITE: { + + if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; } + + /* Use the dictionary. */ + + u32 use_extra = rand_below(afl, afl->a_extras_cnt); + u32 extra_len = afl->a_extras[use_extra].len; + + if (unlikely(extra_len > len)) { goto retry_havoc_step; } + + u32 insert_at = rand_below(afl, len - extra_len + 1); + memcpy(buf + insert_at, afl->a_extras[use_extra].data, extra_len); + + break; + + } + + case MUT_AUTO_EXTRA_INSERT: { + + if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; } + + u32 use_extra = rand_below(afl, afl->a_extras_cnt); + u32 extra_len = afl->a_extras[use_extra].len; + if (unlikely(len + extra_len >= MAX_FILE)) { goto retry_havoc_step; } + + u8 *ptr = afl->a_extras[use_extra].data; + u32 insert_at = rand_below(afl, len + 1); + + /* Tail */ + memmove(buf + insert_at + extra_len, buf + insert_at, len - insert_at); + + /* Inserted part */ + memcpy(buf + insert_at, ptr, extra_len); + len += extra_len; + + break; + + } + + case MUT_SPLICE_OVERWRITE: { + + if (unlikely(!splice_buf || !splice_len)) { goto retry_havoc_step; } + + /* overwrite mode */ + + u32 copy_from, copy_to, copy_len; + + copy_len = choose_block_len(afl, splice_len - 1); + + if (copy_len > len) copy_len = len; + + copy_from = rand_below(afl, splice_len - copy_len + 1); + copy_to = rand_below(afl, len - copy_len + 1); + memmove(buf + copy_to, splice_buf + copy_from, copy_len); + + break; + + } + + case MUT_SPLICE_INSERT: { + + if (unlikely(!splice_buf || !splice_len)) { goto retry_havoc_step; } + + if (unlikely(len + HAVOC_BLK_XL >= MAX_FILE)) { goto retry_havoc_step; } + + /* insert mode */ + + u32 clone_from, clone_to, clone_len; + + clone_len = choose_block_len(afl, splice_len); + clone_from = rand_below(afl, splice_len - clone_len + 1); + clone_to = rand_below(afl, len + 1); + + /* Head */ + + memcpy(tmp_buf, buf, clone_to); + + /* Inserted part */ + + memcpy(tmp_buf + clone_to, splice_buf + clone_from, clone_len); + + /* Tail */ + memcpy(tmp_buf + clone_to + clone_len, buf + clone_to, len - clone_to); + + len += clone_len; + memcpy(buf, tmp_buf, len); + + break; + + } + + } + + } + + return len; + +} + +#endif /* !AFL_MUTATIONS_H */ + diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 1636c32316..226fb40e87 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -27,21 +27,7 @@ #include #include #include "cmplog.h" - -static u32 mutation_array_explore[] = { - - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37}; -// static u32 mutation_array_exploit[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, -// 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, -// 31 }; static u32 mutation_array_txt_explore[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, -// 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, -// 28, 29, 30, 31 }; static u32 mutation_array_txt_exploit[] = { 0, 1, 2, 3, 4, -// 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, -// 25, 26, 27, 28, 29, 30, 31 }; - -// what about more splicing? -// what about -x and cmplog learn? +#include "afl-mutations.h" /* MOpt */ @@ -85,50 +71,6 @@ static int select_algorithm(afl_state_t *afl, u32 max_algorithm) { } -/* Helper to choose random block len for block operations in fuzz_one(). - Doesn't return zero, provided that max_len is > 0. */ - -static inline u32 choose_block_len(afl_state_t *afl, u32 limit) { - - u32 min_value, max_value; - u32 rlim = MIN(afl->queue_cycle, (u32)3); - - if (unlikely(!afl->run_over10m)) { rlim = 1; } - - switch (rand_below(afl, rlim)) { - - case 0: - min_value = 1; - max_value = HAVOC_BLK_SMALL; - break; - - case 1: - min_value = HAVOC_BLK_SMALL; - max_value = HAVOC_BLK_MEDIUM; - break; - - default: - - if (likely(rand_below(afl, 10))) { - - min_value = HAVOC_BLK_MEDIUM; - max_value = HAVOC_BLK_LARGE; - - } else { - - min_value = HAVOC_BLK_LARGE; - max_value = HAVOC_BLK_XL; - - } - - } - - if (min_value >= limit) { min_value = 1; } - - return min_value + rand_below(afl, MIN(max_value, limit) - min_value + 1); - -} - /* Helper function to see if a particular change (xor_val = old ^ new) could be a product of deterministic bit flips with the lengths and stepovers attempted by afl-fuzz. This is used to avoid dupes in some of the @@ -2136,8 +2078,31 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 *mutation_array; u32 stack_max; - // if ( ... ) - mutation_array = (u32 *)&mutation_array_explore; + if (afl->queue_cur->is_ascii) { // is text? + + if (1) { // is exploration? + + mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + + } else { // is exploitation! + + mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; + + } + + } else { // is binary! + + if (1) { // is exploration? + + mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + + } else { // is exploitation! + + mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + + } + + } if (temp_len < 64) { @@ -2208,11 +2173,11 @@ u8 fuzz_one_original(afl_state_t *afl) { } retry_havoc_step: - u32 r = rand_below(afl, 256), item; + u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item; switch (mutation_array[r]) { - case 0: { + case MUT_FLIPBIT: { /* Flip a single bit somewhere. Spooky! */ u8 bit = rand_below(afl, 8); @@ -2227,7 +2192,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 1: { + case MUT_INTERESTING8: { /* Set byte to interesting value. */ @@ -2241,7 +2206,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 2: { + case MUT_INTERESTING16: { /* Set word to interesting value, little endian. */ @@ -2260,7 +2225,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 3: { + case MUT_INTERESTING16BE: { /* Set word to interesting value, big endian. */ @@ -2278,7 +2243,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 4: { + case MUT_INTERESTING32: { /* Set dword to interesting value, little endian. */ @@ -2297,7 +2262,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 5: { + case MUT_INTERESTING32BE: { /* Set dword to interesting value, big endian. */ @@ -2315,7 +2280,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 6: { + case MUT_ARITH8_: { /* Randomly subtract from byte. */ @@ -2329,7 +2294,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 7: { + case MUT_ARITH8: { /* Randomly add to byte. */ @@ -2343,7 +2308,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 8: { + case MUT_ARITH16_: { /* Randomly subtract from word, little endian. */ @@ -2362,7 +2327,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 9: { + case MUT_ARITH16BE_: { /* Randomly subtract from word, big endian. */ @@ -2382,7 +2347,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 10: { + case MUT_ARITH16: { /* Randomly add to word, little endian. */ @@ -2401,7 +2366,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 11: { + case MUT_ARITH16BE: { /* Randomly add to word, big endian. */ @@ -2421,7 +2386,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 12: { + case MUT_ARITH32_: { /* Randomly subtract from dword, little endian. */ @@ -2440,7 +2405,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 13: { + case MUT_ARITH32BE_: { /* Randomly subtract from dword, big endian. */ @@ -2460,7 +2425,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 14: { + case MUT_ARITH32: { /* Randomly add to dword, little endian. */ @@ -2479,7 +2444,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 15: { + case MUT_ARITH32BE: { /* Randomly add to dword, big endian. */ @@ -2499,7 +2464,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 16: { + case MUT_RAND8: { /* Just set a random byte to a random value. Because, why not. We use XOR with 1-255 to eliminate the @@ -2517,7 +2482,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 17: { + case MUT_CLONE_OVERWRITE: { if (likely(temp_len + HAVOC_BLK_XL < MAX_FILE)) { @@ -2566,7 +2531,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 18: { + case MUT_CLONE_INSERT: { if (likely(temp_len + HAVOC_BLK_XL < MAX_FILE)) { @@ -2617,7 +2582,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 19: { + case MUT_OVERWRITE_COPY: { /* Overwrite bytes with a randomly selected chunk bytes. */ @@ -2642,7 +2607,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 20: { + case MUT_OVERWRITE_FIXED: { /* Overwrite bytes with fixed bytes. */ @@ -2666,7 +2631,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 21: { + case MUT_BYTEADD: { /* Increase byte by 1. */ @@ -2679,7 +2644,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 22: { + case MUT_BYTESUB: { /* Decrease byte by 1. */ @@ -2692,7 +2657,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 23: { + case MUT_FLIP8: { /* Flip byte. */ @@ -2705,7 +2670,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 24: { + case MUT_SWITCH: { if (unlikely(temp_len < 4)) { break; } // no retry @@ -2757,7 +2722,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 25: { + case MUT_DEL: { /* Delete bytes. */ @@ -2782,7 +2747,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 26: { + case MUT_SHUFFLE: { /* Shuffle bytes. */ @@ -2815,7 +2780,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 27: { + case MUT_DELONE: { /* Delete bytes. */ @@ -2839,7 +2804,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 28: { + case MUT_INSERTONE: { if (unlikely(temp_len < 2)) { break; } // no retry @@ -2878,7 +2843,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 29: { + case MUT_ASCIINUM: { if (unlikely(temp_len < 4)) { break; } // no retry @@ -3022,7 +2987,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 30: { + case MUT_NEG: { /* Neg byte. */ @@ -3037,7 +3002,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 31: { + case MUT_INSERTASCIINUM: { u32 len = 1 + rand_below(afl, 8); u32 pos = rand_below(afl, temp_len); @@ -3069,7 +3034,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 32: { + case MUT_EXTRA_OVERWRITE: { if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; } @@ -3092,7 +3057,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 33: { + case MUT_EXTRA_INSERT: { if (unlikely(!afl->extras_cnt)) { goto retry_havoc_step; } @@ -3127,7 +3092,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 34: { + case MUT_AUTO_EXTRA_OVERWRITE: { if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; } @@ -3150,7 +3115,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 35: { + case MUT_AUTO_EXTRA_INSERT: { if (unlikely(!afl->a_extras_cnt)) { goto retry_havoc_step; } @@ -3185,7 +3150,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 36: { + case MUT_SPLICE_OVERWRITE: { if (unlikely(afl->ready_for_splicing_count <= 1)) { @@ -3231,7 +3196,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case 37: { + case MUT_SPLICE_INSERT: { if (unlikely(afl->ready_for_splicing_count <= 1)) { From 32ffa2664cdfa2cc377df12cbf6efdcecbc2e78a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 4 Apr 2023 16:23:19 +0200 Subject: [PATCH 012/357] max_len support --- custom_mutators/aflpp/aflpp.c | 27 +++++++++++-- include/afl-mutations.h | 76 ++++++++++++++++++++++------------- 2 files changed, 72 insertions(+), 31 deletions(-) diff --git a/custom_mutators/aflpp/aflpp.c b/custom_mutators/aflpp/aflpp.c index 2b69ad9cef..e15d0391fb 100644 --- a/custom_mutators/aflpp/aflpp.c +++ b/custom_mutators/aflpp/aflpp.c @@ -4,6 +4,7 @@ typedef struct my_mutator { afl_state_t *afl; u8 *buf; + u32 buf_size; } my_mutator_t; @@ -19,12 +20,15 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { } - data->buf = malloc(MAX_FILE); - if (!data->buf) { + if ((data->buf = malloc(MAX_FILE)) == NULL) { perror("afl_custom_init alloc"); return NULL; + } else { + + data->buf_size = MAX_FILE; + } data->afl = afl; @@ -39,6 +43,23 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, u8 **out_buf, uint8_t *add_buf, size_t add_buf_size, size_t max_size) { + if (max_size > data->buf_size) { + + u8 *ptr = realloc(data->buf, max_size); + + if (ptr) { + + return 0; + + } else { + + data->buf = ptr; + data->buf_size = max_size; + + } + + } + u32 havoc_steps = 1 + rand_below(data->afl, 16); /* set everything up, costly ... :( */ @@ -46,7 +67,7 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, /* the mutation */ u32 out_buf_len = afl_mutate(data->afl, data->buf, buf_size, havoc_steps, - false, true, add_buf, add_buf_size); + false, true, add_buf, add_buf_size, max_size); /* return size of mutated data */ *out_buf = data->buf; diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 43b7927d13..e3f692147e 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -6,7 +6,8 @@ #include "afl-mutations.h" // needs afl-fuzz.h u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32t steps, bool is_text, - bool is_exploration, u8 *splice_buf, u32 splice_len); + bool is_exploration, u8 *splice_buf, u32 splice_len, + u32 max_len); Returns: u32 - the length of the mutated data return in *buf. 0 = error @@ -21,6 +22,7 @@ splice_buf - a buffer from another corpus item to splice with. If NULL then no splicing splice_len - the length of the splice buffer. If 0 then no splicing + u32 max_len - the maximum size the mutated buffer may grow to */ #ifndef _ANDROID_ASHMEM_H @@ -76,16 +78,13 @@ enum { }; -unsigned int mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {}; -unsigned int mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {}; -unsigned int mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {}; -unsigned int mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = - {}; +u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {}; +u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {}; +u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {}; +u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = {}; -unsigned int afl_mutate(afl_state_t *, unsigned char *, unsigned int, - unsigned int, bool, bool, unsigned char *, - unsigned int); -u32 choose_block_len(afl_state_t *, u32); +u32 afl_mutate(afl_state_t *, u8 *, u32, u32, bool, bool, u8 *, u32, u32); +u32 choose_block_len(afl_state_t *, u32); /* Helper to choose random block len for block operations in fuzz_one(). Doesn't return zero, provided that max_len is > 0. */ @@ -131,18 +130,39 @@ inline u32 choose_block_len(afl_state_t *afl, u32 limit) { } -unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, - unsigned int steps, bool is_text, bool is_exploration, - unsigned char *splice_buf, unsigned int splice_len) { +inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, + bool is_text, bool is_exploration, u8 *splice_buf, + u32 splice_len, u32 max_len) { if (!buf || !len) { return 0; } - u32 *mutation_array; - static unsigned char *tmp_buf = NULL; + u32 *mutation_array; + static u8 *tmp_buf = NULL; + static u32 tmp_buf_size = 0; - if (!tmp_buf) { + if (max_len > tmp_buf_size) { - if ((tmp_buf = malloc(MAX_FILE)) == NULL) { return 0; } + if (tmp_buf) { + + u8 *ptr = realloc(tmp_buf, max_len); + + if (!ptr) { + + return 0; + + } else { + + tmp_buf = ptr; + + } + + } else { + + if ((tmp_buf = malloc(max_len)) == NULL) { return 0; } + + } + + tmp_buf_size = max_len; } @@ -150,11 +170,11 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, if (is_exploration) { - mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + mutation_array = (u32 *)&mutation_strategy_exploration_text; } else { - mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; + mutation_array = (u32 *)&mutation_strategy_exploitation_text; } @@ -162,17 +182,17 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, if (is_exploration) { - mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + mutation_array = (u32 *)&mutation_strategy_exploration_binary; } else { - mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + mutation_array = (u32 *)&mutation_strategy_exploitation_binary; } } - for (unsigned int step = 0; step < steps; ++step) { + for (u32 step = 0; step < steps; ++step) { retry_havoc_step: @@ -400,7 +420,7 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, case MUT_CLONE_OVERWRITE: { - if (likely(len + HAVOC_BLK_XL < MAX_FILE)) { + if (likely(len + HAVOC_BLK_XL < max_len)) { /* Clone bytes. */ @@ -439,7 +459,7 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, case MUT_CLONE_INSERT: { - if (likely(len + HAVOC_BLK_XL < MAX_FILE)) { + if (likely(len + HAVOC_BLK_XL < max_len)) { /* Insert a block of constant bytes (25%). */ @@ -622,7 +642,7 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, } while (unlikely(i == j)); - unsigned char temp = buf[off + i]; + u8 temp = buf[off + i]; buf[off + i] = buf[off + j]; buf[off + j] = temp; @@ -872,7 +892,7 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, u32 use_extra = rand_below(afl, afl->extras_cnt); u32 extra_len = afl->extras[use_extra].len; - if (unlikely(len + extra_len >= MAX_FILE)) { goto retry_havoc_step; } + if (unlikely(len + extra_len >= max_len)) { goto retry_havoc_step; } u8 *ptr = afl->extras[use_extra].data; u32 insert_at = rand_below(afl, len + 1); @@ -912,7 +932,7 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, u32 use_extra = rand_below(afl, afl->a_extras_cnt); u32 extra_len = afl->a_extras[use_extra].len; - if (unlikely(len + extra_len >= MAX_FILE)) { goto retry_havoc_step; } + if (unlikely(len + extra_len >= max_len)) { goto retry_havoc_step; } u8 *ptr = afl->a_extras[use_extra].data; u32 insert_at = rand_below(afl, len + 1); @@ -952,7 +972,7 @@ unsigned int afl_mutate(afl_state_t *afl, unsigned char *buf, unsigned int len, if (unlikely(!splice_buf || !splice_len)) { goto retry_havoc_step; } - if (unlikely(len + HAVOC_BLK_XL >= MAX_FILE)) { goto retry_havoc_step; } + if (unlikely(len + HAVOC_BLK_XL >= max_len)) { goto retry_havoc_step; } /* insert mode */ From 2bff92c603463410fa0f97e7c4db7eb14c45e5ed Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 4 Apr 2023 16:25:05 +0200 Subject: [PATCH 013/357] nit --- include/afl-mutations.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index e3f692147e..707db7996c 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -14,7 +14,7 @@ Parameters: afl_state_t *afl - the *afl state pointer u8 *buf - the input buffer to mutate which will be mutated into. - NOTE: must be of MAX_FILE size! + NOTE: must be able to contain a size of at least max_len (see below)! u32 len - the length of the input u32 steps - how many mutations to perform on the input bool is_text - is the target expecting text inputs From 3ab18d286142e2e19e37850c051e0b07b9d7b296 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 4 Apr 2023 19:44:12 +0200 Subject: [PATCH 014/357] mode switch --- include/afl-fuzz.h | 69 ++++++----- include/afl-mutations.h | 259 +++++++++++++++++++++++++++++++++++++++- include/config.h | 6 + src/afl-fuzz-one.c | 6 +- src/afl-fuzz-state.c | 1 + src/afl-fuzz-stats.c | 5 +- src/afl-fuzz.c | 51 +++++++- 7 files changed, 351 insertions(+), 46 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 58d02af594..6573eabf0c 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -490,7 +490,9 @@ typedef struct afl_state { *orig_cmdline, /* Original command line */ *infoexec; /* Command to execute on a new crash */ - u32 hang_tmout; /* Timeout used for hang det (ms) */ + u32 hang_tmout, /* Timeout used for hang det (ms) */ + stats_update_freq, /* Stats update frequency (execs) */ + switch_fuzz_mode; /* auto or fixed fuzz mode */ u8 havoc_stack_pow2, /* HAVOC_STACK_POW2 */ no_unlink, /* do not unlink cur_input */ @@ -499,40 +501,37 @@ typedef struct afl_state { custom_splice_optout, /* Custom mutator no splice buffer */ is_main_node, /* if this is the main node */ is_secondary_node, /* if this is a secondary instance */ - pizza_is_served; /* pizza mode */ - - u32 stats_update_freq; /* Stats update frequency (execs) */ - - u8 schedule; /* Power schedule (default: EXPLORE)*/ - u8 havoc_max_mult; - - u8 skip_deterministic, /* Skip deterministic stages? */ - use_splicing, /* Recombine input files? */ - non_instrumented_mode, /* Run in non-instrumented mode? */ - score_changed, /* Scoring for favorites changed? */ - resuming_fuzz, /* Resuming an older fuzzing job? */ - timeout_given, /* Specific timeout given? */ - not_on_tty, /* stdout is not a tty */ - term_too_small, /* terminal dimensions too small */ - no_forkserver, /* Disable forkserver? */ - crash_mode, /* Crash mode! Yeah! */ - in_place_resume, /* Attempt in-place resume? */ - autoresume, /* Resume if afl->out_dir exists? */ - auto_changed, /* Auto-generated tokens changed? */ - no_cpu_meter_red, /* Feng shui on the status screen */ - no_arith, /* Skip most arithmetic ops */ - shuffle_queue, /* Shuffle input queue? */ - bitmap_changed, /* Time to update bitmap? */ - unicorn_mode, /* Running in Unicorn mode? */ - use_wine, /* Use WINE with QEMU mode */ - skip_requested, /* Skip request, via SIGUSR1 */ - run_over10m, /* Run time over 10 minutes? */ - persistent_mode, /* Running in persistent mode? */ - deferred_mode, /* Deferred forkserver mode? */ - fixed_seed, /* do not reseed */ - fast_cal, /* Try to calibrate faster? */ - disable_trim, /* Never trim in fuzz_one */ - shmem_testcase_mode, /* If sharedmem testcases are used */ + pizza_is_served, /* pizza mode */ + text_input, /* target wants text inputs */ + fuzz_mode, /* current mode: coverage/exploration or crash/exploitation */ + schedule, /* Power schedule (default: EXPLORE)*/ + havoc_max_mult, skip_deterministic, /* Skip deterministic stages? */ + use_splicing, /* Recombine input files? */ + non_instrumented_mode, /* Run in non-instrumented mode? */ + score_changed, /* Scoring for favorites changed? */ + resuming_fuzz, /* Resuming an older fuzzing job? */ + timeout_given, /* Specific timeout given? */ + not_on_tty, /* stdout is not a tty */ + term_too_small, /* terminal dimensions too small */ + no_forkserver, /* Disable forkserver? */ + crash_mode, /* Crash mode! Yeah! */ + in_place_resume, /* Attempt in-place resume? */ + autoresume, /* Resume if afl->out_dir exists? */ + auto_changed, /* Auto-generated tokens changed? */ + no_cpu_meter_red, /* Feng shui on the status screen */ + no_arith, /* Skip most arithmetic ops */ + shuffle_queue, /* Shuffle input queue? */ + bitmap_changed, /* Time to update bitmap? */ + unicorn_mode, /* Running in Unicorn mode? */ + use_wine, /* Use WINE with QEMU mode */ + skip_requested, /* Skip request, via SIGUSR1 */ + run_over10m, /* Run time over 10 minutes? */ + persistent_mode, /* Running in persistent mode? */ + deferred_mode, /* Deferred forkserver mode? */ + fixed_seed, /* do not reseed */ + fast_cal, /* Try to calibrate faster? */ + disable_trim, /* Never trim in fuzz_one */ + shmem_testcase_mode, /* If sharedmem testcases are used */ expand_havoc, /* perform expensive havoc after no find */ cycle_schedules, /* cycle power schedules? */ old_seed_selection, /* use vanilla afl seed selection */ diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 707db7996c..5a1b6356ae 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -81,7 +81,264 @@ enum { u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {}; u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {}; u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {}; -u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = {}; +u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = { + + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT}; u32 afl_mutate(afl_state_t *, u8 *, u32, u32, bool, bool, u8 *, u32, u32); u32 choose_block_len(afl_state_t *, u32); diff --git a/include/config.h b/include/config.h index e46f515ac3..c1297bdd6b 100644 --- a/include/config.h +++ b/include/config.h @@ -43,6 +43,12 @@ Default: 8MB (defined in bytes) */ #define DEFAULT_SHMEM_SIZE (8 * 1024 * 1024) +/* Default time until when no more coverage finds are happening afl-fuzz + switches to exploitation mode. It automatically switches back when new + coverage is found. + Default: 300 (seconds) */ +#define STRATEGY_SWITCH_TIME 300 + /* Default file permission umode when creating files (default: 0600) */ #define DEFAULT_PERMISSION 0600 diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 226fb40e87..e6b58713ab 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2078,9 +2078,9 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 *mutation_array; u32 stack_max; - if (afl->queue_cur->is_ascii) { // is text? + if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? - if (1) { // is exploration? + if (likely(afl->fuzz_mode == 0)) { // is exploration? mutation_array = (unsigned int *)&mutation_strategy_exploration_text; @@ -2092,7 +2092,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } else { // is binary! - if (1) { // is exploration? + if (likely(afl->fuzz_mode == 0)) { // is exploration? mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index f9aa5cfe3f..907861e9b3 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -108,6 +108,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->cmplog_lvl = 2; afl->min_length = 1; afl->max_length = MAX_FILE; + afl->switch_fuzz_mode = STRATEGY_SWITCH_TIME; #ifndef NO_SPLICING afl->use_splicing = 1; #endif diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 25ebe98784..de48e10a9b 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -1282,7 +1282,10 @@ void show_stats_normal(afl_state_t *afl) { } /* Last line */ - SAYF(SET_G1 "\n" bSTG bLB bH30 bH20 bH2 bRB bSTOP cRST RESET_G1); + + SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP + " strategy:%s %s " bSTG bH20 bH10 bH2 bRB bSTOP cRST RESET_G1, + cPIN, afl->fuzz_mode == 0 ? "explore" : "exploit"); #undef IB diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 3380fd90ef..315107d774 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -128,6 +128,13 @@ static void usage(u8 *argv0, int more_help) { " -o dir - output directory for fuzzer findings\n\n" "Execution control settings:\n" + " -P strategy - set fix mutation strategy: explore (focus on new " + "coverage),\n" + " exploit (focus on triggering crashes). You can also " + "set a\n" + " number of seconds after without any finds it switches " + "to\n" + " exploit mode, and back on new coverage (default: %u)\n" " -p schedule - power schedules compute a seed's performance score:\n" " fast(default), explore, exploit, seek, rare, mmopt, " "coe, lin\n" @@ -156,6 +163,7 @@ static void usage(u8 *argv0, int more_help) { "\n" "Mutator settings:\n" + " -a - target expects ascii text input\n" " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " "%lu)\n" @@ -212,7 +220,8 @@ static void usage(u8 *argv0, int more_help) { " -e ext - file extension for the fuzz test input file (if " "needed)\n" "\n", - argv0, EXEC_TIMEOUT, MEM_LIMIT, MAX_FILE, FOREIGN_SYNCS_MAX); + argv0, STRATEGY_SWITCH_TIME, EXEC_TIMEOUT, MEM_LIMIT, MAX_FILE, + FOREIGN_SYNCS_MAX); if (more_help > 1) { @@ -553,14 +562,44 @@ int main(int argc, char **argv_orig, char **envp) { afl->shmem_testcase_mode = 1; // we always try to perform shmem fuzzing - while ( - (opt = getopt( - argc, argv, - "+Ab:B:c:CdDe:E:hi:I:f:F:g:G:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:YZ")) > - 0) { + // still available: aHjJkKPqruvwz + while ((opt = getopt(argc, argv, + "+aAb:B:c:CdDe:E:f:F:g:G:hi:I:l:L:m:M:nNo:Op:P:QRs:S:t:" + "T:UV:WXx:YZ")) > 0) { switch (opt) { + case 'a': + afl->text_input = 1; + break; + + case 'P': + if (!stricmp(optarg, "explore") || !stricmp(optarg, "exploration")) { + + afl->fuzz_mode = 0; + afl->switch_fuzz_mode = 1; + + } else if (!stricmp(optarg, "exploit") || + + !stricmp(optarg, "exploitation")) { + + afl->fuzz_mode = 1; + afl->switch_fuzz_mode = 0; + + } else { + + if ((s32)(afl->switch_fuzz_mode = (u32)atoi(optarg)) < 1) { + + FATAL( + "Parameter for option -P must be \"explore\", \"exploit\" or a " + "number!"); + + } + + } + + break; + case 'g': afl->min_length = atoi(optarg); break; From 41a452d4e8038461f730736439346eb8a7a3968f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 4 Apr 2023 21:48:51 +0200 Subject: [PATCH 015/357] mutation lists --- include/afl-mutations.h | 786 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 783 insertions(+), 3 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 5a1b6356ae..31d0898a40 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -78,9 +78,789 @@ enum { }; -u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {}; -u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {}; -u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {}; +u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = { + + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + +}; + +u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { + + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + +}; + +u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = { + + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_OVERWRITE, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_CLONE_INSERT, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_SHUFFLE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_DELONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_INSERTONE, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_ASCIINUM, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_NEG, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_INSERTASCIINUM, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + +}; + u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_FLIPBIT, From 53b70ef104a334424fd5226c7504130b3bd45625 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Apr 2023 09:33:09 +0200 Subject: [PATCH 016/357] mut changes --- include/afl-mutations.h | 83 ++++++++++++++++++----------------------- src/afl-fuzz-one.c | 17 +-------- 2 files changed, 37 insertions(+), 63 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 31d0898a40..9188a37f0a 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -65,14 +65,13 @@ enum { /* 27 */ MUT_DELONE, /* 28 */ MUT_INSERTONE, /* 29 */ MUT_ASCIINUM, - /* 30 */ MUT_NEG, - /* 31 */ MUT_INSERTASCIINUM, - /* 32 */ MUT_EXTRA_OVERWRITE, - /* 33 */ MUT_EXTRA_INSERT, - /* 34 */ MUT_AUTO_EXTRA_OVERWRITE, - /* 35 */ MUT_AUTO_EXTRA_INSERT, - /* 36 */ MUT_SPLICE_OVERWRITE, - /* 37 */ MUT_SPLICE_INSERT, + /* 30 */ MUT_INSERTASCIINUM, + /* 31 */ MUT_EXTRA_OVERWRITE, + /* 32 */ MUT_EXTRA_INSERT, + /* 33 */ MUT_AUTO_EXTRA_OVERWRITE, + /* 34 */ MUT_AUTO_EXTRA_INSERT, + /* 35 */ MUT_SPLICE_OVERWRITE, + /* 36 */ MUT_SPLICE_INSERT, MUT_MAX @@ -199,6 +198,7 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_CLONE_INSERT, MUT_CLONE_INSERT, MUT_CLONE_INSERT, + MUT_CLONE_INSERT, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, @@ -233,6 +233,9 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_FLIP8, MUT_FLIP8, MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, MUT_SWITCH, MUT_SWITCH, MUT_SWITCH, @@ -276,12 +279,8 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_ASCIINUM, MUT_ASCIINUM, MUT_ASCIINUM, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, + MUT_ASCIINUM, + MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, @@ -335,7 +334,7 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, - MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT }; @@ -468,6 +467,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_CLONE_INSERT, MUT_CLONE_INSERT, MUT_CLONE_INSERT, + MUT_CLONE_INSERT, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, @@ -504,6 +504,10 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_FLIP8, MUT_FLIP8, MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, MUT_SWITCH, MUT_SWITCH, MUT_SWITCH, @@ -541,12 +545,6 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_ASCIINUM, MUT_ASCIINUM, MUT_ASCIINUM, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, @@ -596,7 +594,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, - MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT }; @@ -766,6 +764,9 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_FLIP8, MUT_FLIP8, MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, MUT_SWITCH, MUT_SWITCH, MUT_SWITCH, @@ -785,6 +786,7 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_SHUFFLE, MUT_SHUFFLE, MUT_SHUFFLE, + MUT_SHUFFLE, MUT_DELONE, MUT_DELONE, MUT_DELONE, @@ -801,12 +803,8 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_ASCIINUM, MUT_ASCIINUM, MUT_ASCIINUM, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, + MUT_ASCIINUM, + MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, @@ -857,7 +855,7 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, - MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT }; @@ -959,6 +957,8 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_ARITH32BE_, MUT_ARITH32BE_, MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, MUT_ARITH32, MUT_ARITH32, MUT_ARITH32, @@ -1027,6 +1027,10 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_FLIP8, MUT_FLIP8, MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, MUT_SWITCH, MUT_SWITCH, MUT_SWITCH, @@ -1062,12 +1066,6 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_ASCIINUM, MUT_ASCIINUM, MUT_ASCIINUM, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, - MUT_NEG, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, MUT_INSERTASCIINUM, @@ -1118,7 +1116,9 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, MUT_SPLICE_INSERT, - MUT_SPLICE_INSERT}; + MUT_SPLICE_INSERT + +}; u32 afl_mutate(afl_state_t *, u8 *, u32, u32, bool, bool, u8 *, u32, u32); u32 choose_block_len(afl_state_t *, u32); @@ -1865,17 +1865,6 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } - case MUT_NEG: { - - /* Neg byte. */ - - item = rand_below(afl, len); - buf[item] = ~buf[item]; - - break; - - } - case MUT_INSERTASCIINUM: { u32 len = 1 + rand_below(afl, 8); diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e6b58713ab..bc267b1508 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2659,7 +2659,7 @@ u8 fuzz_one_original(afl_state_t *afl) { case MUT_FLIP8: { - /* Flip byte. */ + /* Flip byte with a XOR 0xff. This is the same as NEG. */ #ifdef INTROSPECTION snprintf(afl->m_tmp, sizeof(afl->m_tmp), " FLIP8_"); @@ -2987,21 +2987,6 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case MUT_NEG: { - - /* Neg byte. */ - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " NEG_"); - strcat(afl->mutation, afl->m_tmp); -#endif - item = rand_below(afl, temp_len); - - out_buf[item] = ~out_buf[item]; - break; - - } - case MUT_INSERTASCIINUM: { u32 len = 1 + rand_below(afl, 8); From 1fc0731604c1ea1abb38ab345d9046a6f1e9b7de Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Apr 2023 09:42:27 +0200 Subject: [PATCH 017/357] stack pow --- src/afl-fuzz-one.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index bc267b1508..48aa6eb0b4 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2076,7 +2076,7 @@ u8 fuzz_one_original(afl_state_t *afl) { where we take the input file and make random stacked tweaks. */ u32 *mutation_array; - u32 stack_max; + u32 stack_max, stack_max_pow = afl->havoc_stack_pow2; if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? @@ -2106,22 +2106,20 @@ u8 fuzz_one_original(afl_state_t *afl) { if (temp_len < 64) { - stack_max = 4; + --stack_max_pow; - } else if (temp_len < 512) { + } else if (temp_len <= 8096) { - stack_max = 8; - - } else if (temp_len < 8096) { - - stack_max = 16; + ++stack_max_pow; } else { - stack_max = 32; + ++stack_max_pow; } + stack_max = 1 << stack_max_pow; + // + (afl->extras_cnt ? 2 : 0) + (afl->a_extras_cnt ? 2 : 0); for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { From e313180e4d3f7ba44b773e43af40d4af21088576 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Apr 2023 10:32:37 +0200 Subject: [PATCH 018/357] fix for clang --- include/afl-mutations.h | 10 ++++++---- src/afl-fuzz-one.c | 9 ++++++--- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 9188a37f0a..cc913fb0a8 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -1231,7 +1231,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, for (u32 step = 0; step < steps; ++step) { - retry_havoc_step: + retry_havoc_step : { u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item; @@ -1667,10 +1667,10 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, if (unlikely(len < 4)) { break; } // no retry - u32 len = choose_block_len(afl, len - 1); - u32 off = rand_below(afl, len - len + 1); + u32 blen = choose_block_len(afl, len - 1); + u32 off = rand_below(afl, len - blen + 1); - for (u32 i = len - 1; i > 0; i--) { + for (u32 i = blen - 1; i > 0; i--) { u32 j; do { @@ -2030,6 +2030,8 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } + } + return len; } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 48aa6eb0b4..e6ff1d1ab9 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2139,8 +2139,8 @@ u8 fuzz_one_original(afl_state_t *afl) { LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if (el->stacked_custom && - rand_below(afl, 100) < el->stacked_custom_prob) { + if (unlikely(el->stacked_custom && + rand_below(afl, 100) < el->stacked_custom_prob)) { u8 *custom_havoc_buf = NULL; size_t new_len = el->afl_custom_havoc_mutation( @@ -2170,7 +2170,8 @@ u8 fuzz_one_original(afl_state_t *afl) { } - retry_havoc_step: + retry_havoc_step : { + u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item; switch (mutation_array[r]) { @@ -3250,6 +3251,8 @@ u8 fuzz_one_original(afl_state_t *afl) { } + } + if (common_fuzz_stuff(afl, out_buf, temp_len)) { goto abandon_entry; } /* out_buf might have been mangled a bit, so let's restore it to its From a74561b0e7434282ad214ca634b5c19c2f345e8e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Apr 2023 12:12:05 +0200 Subject: [PATCH 019/357] implement switch mode --- include/afl-fuzz.h | 6 +++--- src/afl-fuzz-bitmap.c | 12 ++++++++++++ src/afl-fuzz-state.c | 2 +- src/afl-fuzz.c | 30 ++++++++++++++++++++++++++---- 4 files changed, 42 insertions(+), 8 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 6573eabf0c..23a04f4285 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -491,8 +491,7 @@ typedef struct afl_state { *infoexec; /* Command to execute on a new crash */ u32 hang_tmout, /* Timeout used for hang det (ms) */ - stats_update_freq, /* Stats update frequency (execs) */ - switch_fuzz_mode; /* auto or fixed fuzz mode */ + stats_update_freq; /* Stats update frequency (execs) */ u8 havoc_stack_pow2, /* HAVOC_STACK_POW2 */ no_unlink, /* do not unlink cur_input */ @@ -592,7 +591,8 @@ typedef struct afl_state { last_hang_time, /* Time for most recent hang (ms) */ longest_find_time, /* Longest time taken for a find */ exit_on_time, /* Delay to exit if no new paths */ - sync_time; /* Sync time (ms) */ + sync_time, /* Sync time (ms) */ + switch_fuzz_mode; /* auto or fixed fuzz mode */ u32 slowest_exec_ms, /* Slowest testcase non hang in ms */ subseq_tmouts; /* Number of timeouts in a row */ diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index d9c792d14c..a937c96db5 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -529,6 +529,18 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { close(fd); add_to_queue(afl, queue_fn, len, 0); + if (unlikely(afl->fuzz_mode) && likely(afl->switch_fuzz_mode)) { + + if (afl->afl_env.afl_no_ui) { + + ACTF("New coverage found, switching back to exploration mode."); + + } + + afl->fuzz_mode = 0; + + } + #ifdef INTROSPECTION if (afl->custom_mutators_count && afl->current_custom_fuzz) { diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 907861e9b3..9dc258b15e 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -108,7 +108,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->cmplog_lvl = 2; afl->min_length = 1; afl->max_length = MAX_FILE; - afl->switch_fuzz_mode = STRATEGY_SWITCH_TIME; + afl->switch_fuzz_mode = STRATEGY_SWITCH_TIME * 1000; #ifndef NO_SPLICING afl->use_splicing = 1; #endif diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 315107d774..c50b271b4d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -577,7 +577,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!stricmp(optarg, "explore") || !stricmp(optarg, "exploration")) { afl->fuzz_mode = 0; - afl->switch_fuzz_mode = 1; + afl->switch_fuzz_mode = 0; } else if (!stricmp(optarg, "exploit") || @@ -588,12 +588,16 @@ int main(int argc, char **argv_orig, char **envp) { } else { - if ((s32)(afl->switch_fuzz_mode = (u32)atoi(optarg)) < 1) { + if ((afl->switch_fuzz_mode = (u32)atoi(optarg)) > INT_MAX) { FATAL( "Parameter for option -P must be \"explore\", \"exploit\" or a " "number!"); + } else { + + afl->switch_fuzz_mode *= 1000; + } } @@ -2689,13 +2693,31 @@ int main(int argc, char **argv_orig, char **envp) { } while (skipped_fuzz && afl->queue_cur && !afl->stop_soon); + u64 cur_time = get_cur_time(); + + if (likely(afl->switch_fuzz_mode && afl->fuzz_mode == 0) && + unlikely(cur_time > afl->last_find_time + afl->switch_fuzz_mode)) { + + if (afl->afl_env.afl_no_ui) { + + ACTF( + "No new coverage found for %llu seconds, switching to exploitation " + "strategy.", + afl->switch_fuzz_mode / 1000); + + } + + afl->fuzz_mode = 1; + + } + if (likely(!afl->stop_soon && afl->sync_id)) { if (likely(afl->skip_deterministic)) { if (unlikely(afl->is_main_node)) { - if (unlikely(get_cur_time() > + if (unlikely(cur_time > (afl->sync_time >> 1) + afl->last_sync_time)) { if (!(sync_interval_cnt++ % (SYNC_INTERVAL / 3))) { @@ -2708,7 +2730,7 @@ int main(int argc, char **argv_orig, char **envp) { } else { - if (unlikely(get_cur_time() > afl->sync_time + afl->last_sync_time)) { + if (unlikely(cur_time > afl->sync_time + afl->last_sync_time)) { if (!(sync_interval_cnt++ % SYNC_INTERVAL)) { sync_fuzzers(afl); } From fcb5eda5d0eb38b1a9678ee75890f2fccf936bd9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Apr 2023 16:34:08 +0200 Subject: [PATCH 020/357] nit --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index c50b271b4d..bc44367ac1 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -562,7 +562,7 @@ int main(int argc, char **argv_orig, char **envp) { afl->shmem_testcase_mode = 1; // we always try to perform shmem fuzzing - // still available: aHjJkKPqruvwz + // still available: HjJkKqruvwz while ((opt = getopt(argc, argv, "+aAb:B:c:CdDe:E:f:F:g:G:hi:I:l:L:m:M:nNo:Op:P:QRs:S:t:" "T:UV:WXx:YZ")) > 0) { From 400c5e92cb5ed304a2c14a79597100850cf9f82c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 7 Apr 2023 09:41:22 +0200 Subject: [PATCH 021/357] renaming --- include/afl-mutations.h | 166 ++++++++++++++++++++-------------------- src/afl-fuzz-one.c | 30 ++++---- 2 files changed, 99 insertions(+), 97 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index cc913fb0a8..8d40855d98 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -52,8 +52,8 @@ enum { /* 14 */ MUT_ARITH32, /* 15 */ MUT_ARITH32BE, /* 16 */ MUT_RAND8, - /* 17 */ MUT_CLONE_OVERWRITE, - /* 18 */ MUT_CLONE_INSERT, + /* 17 */ MUT_CLONE_COPY, + /* 18 */ MUT_CLONE_FIXED, /* 19 */ MUT_OVERWRITE_COPY, /* 20 */ MUT_OVERWRITE_FIXED, /* 21 */ MUT_BYTEADD, @@ -176,29 +176,29 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_RAND8, MUT_RAND8, MUT_RAND8, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, @@ -446,28 +446,28 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_RAND8, MUT_RAND8, MUT_RAND8, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, @@ -716,23 +716,23 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_RAND8, MUT_RAND8, MUT_RAND8, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, @@ -979,23 +979,23 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_RAND8, MUT_RAND8, MUT_RAND8, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_OVERWRITE, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, - MUT_CLONE_INSERT, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY, @@ -1455,7 +1455,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } - case MUT_CLONE_OVERWRITE: { + case MUT_CLONE_COPY: { if (likely(len + HAVOC_BLK_XL < max_len)) { @@ -1494,7 +1494,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } - case MUT_CLONE_INSERT: { + case MUT_CLONE_FIXED: { if (likely(len + HAVOC_BLK_XL < max_len)) { diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e6ff1d1ab9..f5ddea0e72 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2481,7 +2481,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case MUT_CLONE_OVERWRITE: { + case MUT_CLONE_COPY: { if (likely(temp_len + HAVOC_BLK_XL < MAX_FILE)) { @@ -2493,7 +2493,7 @@ u8 fuzz_one_original(afl_state_t *afl) { #ifdef INTROSPECTION snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s_%u_%u_%u", - "overwrite", clone_from, clone_to, clone_len); + "COPY", clone_from, clone_to, clone_len); strcat(afl->mutation, afl->m_tmp); #endif u8 *new_buf = @@ -2530,7 +2530,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - case MUT_CLONE_INSERT: { + case MUT_CLONE_FIXED: { if (likely(temp_len + HAVOC_BLK_XL < MAX_FILE)) { @@ -2544,7 +2544,7 @@ u8 fuzz_one_original(afl_state_t *afl) { #ifdef INTROSPECTION snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s_%u_%u_%u", - "insert", strat, clone_to, clone_len); + "FIXED", strat, clone_to, clone_len); strcat(afl->mutation, afl->m_tmp); #endif u8 *new_buf = @@ -2587,20 +2587,22 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(temp_len < 2)) { break; } // no retry - u32 copy_len = choose_block_len(afl, temp_len - 1); - u32 copy_from = rand_below(afl, temp_len - copy_len + 1); - u32 copy_to = rand_below(afl, temp_len - copy_len + 1); + u32 copy_from, copy_to, + copy_len = choose_block_len(afl, temp_len - 1); + + do { - if (likely(copy_from != copy_to)) { + copy_from = rand_below(afl, temp_len - copy_len + 1); + copy_to = rand_below(afl, temp_len - copy_len + 1); + + } while (unlikely(copy_from == copy_to)); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE-COPY_%u_%u_%u", - copy_from, copy_to, copy_len); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE-COPY_%u_%u_%u", + copy_from, copy_to, copy_len); + strcat(afl->mutation, afl->m_tmp); #endif - memmove(out_buf + copy_to, out_buf + copy_from, copy_len); - - } + memmove(out_buf + copy_to, out_buf + copy_from, copy_len); break; From d1ec5dc089ff29e596083a90fa64dcd77060e6bc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 15 May 2023 15:11:16 +0200 Subject: [PATCH 022/357] standalone mutator --- custom_mutators/aflpp/standalone/Makefile | 10 ++ custom_mutators/aflpp/standalone/README.md | 10 ++ .../aflpp/standalone/aflpp-standalone.c | 167 ++++++++++++++++++ 3 files changed, 187 insertions(+) create mode 100644 custom_mutators/aflpp/standalone/Makefile create mode 100644 custom_mutators/aflpp/standalone/README.md create mode 100644 custom_mutators/aflpp/standalone/aflpp-standalone.c diff --git a/custom_mutators/aflpp/standalone/Makefile b/custom_mutators/aflpp/standalone/Makefile new file mode 100644 index 0000000000..f1e9944528 --- /dev/null +++ b/custom_mutators/aflpp/standalone/Makefile @@ -0,0 +1,10 @@ + +CFLAGS = -O3 -funroll-loops -fPIC + +all: aflpp-standalone + +aflpp-standalone: aflpp-standalone.c + $(CC) $(CFLAGS) -I../../../include -I. -o aflpp-standalone aflpp-standalone.c ../../../src/afl-performance.c + +clean: + rm -f *.o *~ aflpp-standalone core diff --git a/custom_mutators/aflpp/standalone/README.md b/custom_mutators/aflpp/standalone/README.md new file mode 100644 index 0000000000..f5f94c5f32 --- /dev/null +++ b/custom_mutators/aflpp/standalone/README.md @@ -0,0 +1,10 @@ +# AFL++ standalone mutator + +this is the AFL++ havoc mutator as a standalone mutator + +just type `make` to build. + +``` +aflpp-standalone inputfile outputfile +``` + diff --git a/custom_mutators/aflpp/standalone/aflpp-standalone.c b/custom_mutators/aflpp/standalone/aflpp-standalone.c new file mode 100644 index 0000000000..337b7937b0 --- /dev/null +++ b/custom_mutators/aflpp/standalone/aflpp-standalone.c @@ -0,0 +1,167 @@ +#include "afl-mutations.h" + +s8 interesting_8[] = {INTERESTING_8}; +s16 interesting_16[] = {INTERESTING_8, INTERESTING_16}; +s32 interesting_32[] = {INTERESTING_8, INTERESTING_16, INTERESTING_32}; + +typedef struct my_mutator { + + afl_state_t *afl; + u8 *buf; + u32 buf_size; + +} my_mutator_t; + +my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { + + (void)seed; + + my_mutator_t *data = calloc(1, sizeof(my_mutator_t)); + if (!data) { + + perror("afl_custom_init alloc"); + return NULL; + + } + + if ((data->buf = malloc(1024*1024)) == NULL) { + + perror("afl_custom_init alloc"); + return NULL; + + } else { + + data->buf_size = 1024*1024; + + } + + /* fake AFL++ state */ + data->afl = calloc(1, sizeof(afl_state_t)); + data->afl->queue_cycle = 1; + data->afl->fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); + rand_set_seed(data->afl, getpid()); + + return data; + +} + +/* here we run the AFL++ mutator, which is the best! */ + +size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, + u8 **out_buf, uint8_t *add_buf, size_t add_buf_size, + size_t max_size) { + + if (max_size > data->buf_size) { + + u8 *ptr = realloc(data->buf, max_size); + + if (ptr) { + + return 0; + + } else { + + data->buf = ptr; + data->buf_size = max_size; + + } + + } + + u32 havoc_steps = 1 + rand_below(data->afl, 16); + + /* set everything up, costly ... :( */ + memcpy(data->buf, buf, buf_size); + + /* the mutation */ + u32 out_buf_len = afl_mutate(data->afl, data->buf, buf_size, havoc_steps, + false, true, add_buf, add_buf_size, max_size); + + /* return size of mutated data */ + *out_buf = data->buf; + return out_buf_len; + +} + +int main(int argc, char *argv[]) { + + if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) { + + printf("Syntax: $0 [-v] [inputfile [outputfile [splicefile]]]\n\n", argv[0]); + printf("Reads a testcase from stdin when no input file (or '-') is specified,\n"); + printf("mutates according to AFL++'s mutation engine, and write to stdout when '-' or\n"); + printf("no output filename is given. As an optional third parameter you can give a file\n"); + printf("for splicing. Maximum input and output length is 1MB.\n"); + printf("The -v verbose option prints debug output to stderr\n"); + return 0; + + } + + FILE *in = stdin, *out = stdout, *splice = NULL; + unsigned char *inbuf = malloc(1024 * 1024), *outbuf, *splicebuf = NULL; + int verbose = 0, splicelen = 0; + + if (argc > 1 && strcmp(argv[1], "-v") == 0) { + verbose = 1; + argc--; + argv++; + fprintf(stderr, "Verbose active\n"); + } + + my_mutator_t *data = afl_custom_init(NULL, 0); + + if (argc > 1 && strcmp(argv[1], "-") != 0) { + if ((in = fopen(argv[1], "r")) == NULL) { + perror(argv[1]); + return -1; + } + if (verbose) fprintf(stderr, "Input: %s\n", argv[1]); + } + + size_t inlen = fread(inbuf, 1, 1024*1024, in); + + if (!inlen) { + fprintf(stderr, "Error: empty file %s\n", argv[1] ? argv[1] : "stdin"); + return -1; + } + + if (argc > 2 && strcmp(argv[2], "-") != 0) { + if ((out = fopen(argv[2], "w")) == NULL) { + perror(argv[2]); + return -1; + } + if (verbose) fprintf(stderr, "Output: %s\n", argv[2]); + } + + if (argc > 3) { + if ((splice = fopen(argv[3], "r")) == NULL) { + perror(argv[3]); + return -1; + } + if (verbose) fprintf(stderr, "Splice: %s\n", argv[3]); + splicebuf = malloc(1024*1024); + size_t splicelen = fread(splicebuf, 1, 1024*1024, splice); + if (!splicelen) { + fprintf(stderr, "Error: empty file %s\n", argv[3]); + return -1; + } + if (verbose) fprintf(stderr, "Mutation splice length: %zu\n", splicelen); + } + + if (verbose) fprintf(stderr, "Mutation input length: %zu\n", inlen); + unsigned int outlen = afl_custom_fuzz(data, inbuf, inlen, &outbuf, splicebuf, splicelen, 1024*1024); + + if (outlen == 0 || !outbuf) { + fprintf(stderr, "Error: no mutation data returned.\n"); + return -1; + } + + if (verbose) fprintf(stderr, "Mutation output length: %zu\n", outlen); + + if (fwrite(outbuf, 1, outlen, out) != outlen) { + fprintf(stderr, "Warning: incomplete write.\n"); + return -1; + } + + return 0; +} From ab148aeed81d755399e257c0c17fe4cbb9be3d48 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 15 May 2023 15:12:26 +0200 Subject: [PATCH 023/357] standalone mutator --- custom_mutators/aflpp/standalone/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/custom_mutators/aflpp/standalone/README.md b/custom_mutators/aflpp/standalone/README.md index f5f94c5f32..a1ffb5f942 100644 --- a/custom_mutators/aflpp/standalone/README.md +++ b/custom_mutators/aflpp/standalone/README.md @@ -5,6 +5,6 @@ this is the AFL++ havoc mutator as a standalone mutator just type `make` to build. ``` -aflpp-standalone inputfile outputfile +aflpp-standalone inputfile outputfile [splicefile] ``` From 9a55bbdb44c1508a0b08728db2dacaebc9c43277 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 15 May 2023 15:17:33 +0200 Subject: [PATCH 024/357] fix --- custom_mutators/aflpp/standalone/aflpp-standalone.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/custom_mutators/aflpp/standalone/aflpp-standalone.c b/custom_mutators/aflpp/standalone/aflpp-standalone.c index 337b7937b0..91bac4a838 100644 --- a/custom_mutators/aflpp/standalone/aflpp-standalone.c +++ b/custom_mutators/aflpp/standalone/aflpp-standalone.c @@ -86,15 +86,13 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, int main(int argc, char *argv[]) { if (argc > 1 && strncmp(argv[1], "-h", 2) == 0) { - - printf("Syntax: $0 [-v] [inputfile [outputfile [splicefile]]]\n\n", argv[0]); + printf("Syntax: %s [-v] [inputfile [outputfile [splicefile]]]\n\n", argv[0]); printf("Reads a testcase from stdin when no input file (or '-') is specified,\n"); printf("mutates according to AFL++'s mutation engine, and write to stdout when '-' or\n"); printf("no output filename is given. As an optional third parameter you can give a file\n"); printf("for splicing. Maximum input and output length is 1MB.\n"); - printf("The -v verbose option prints debug output to stderr\n"); + printf("The -v verbose option prints debug output to stderr.\n"); return 0; - } FILE *in = stdin, *out = stdout, *splice = NULL; From 8de7f6131d48e27d53e894b65bd11e0dc3817639 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 6 Jun 2023 13:12:31 +0200 Subject: [PATCH 025/357] add current mutation strategy to include --- include/afl-mutations.h | 161 ++++++++++++++++++++++++++++++++++++++++ src/afl-fuzz-one.c | 7 +- 2 files changed, 166 insertions(+), 2 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 8d40855d98..08037b0928 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -77,6 +77,167 @@ enum { }; + #define MUT_NORMAL_ARRAY_SIZE 77 +u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT}; + #define MUT_SPLICE_ARRAY_SIZE 81 +u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT}; + u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = { MUT_FLIPBIT, diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index f5ddea0e72..312e180d48 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2076,7 +2076,7 @@ u8 fuzz_one_original(afl_state_t *afl) { where we take the input file and make random stacked tweaks. */ u32 *mutation_array; - u32 stack_max, stack_max_pow = afl->havoc_stack_pow2; + u32 stack_max; // stack_max_pow = afl->havoc_stack_pow2; if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? @@ -2104,6 +2104,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } + /* if (temp_len < 64) { --stack_max_pow; @@ -2118,7 +2119,9 @@ u8 fuzz_one_original(afl_state_t *afl) { } - stack_max = 1 << stack_max_pow; + */ + + stack_max = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2)); // + (afl->extras_cnt ? 2 : 0) + (afl->a_extras_cnt ? 2 : 0); From 9b2c4a2a5a8e54a80bdb82fee39891fbe42544e8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 6 Jun 2023 16:54:12 +0200 Subject: [PATCH 026/357] nit --- include/afl-mutations.h | 155 ++++++++++++++++++++-------------------- 1 file changed, 78 insertions(+), 77 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 08037b0928..a3c9fd59c0 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -78,83 +78,84 @@ enum { }; #define MUT_NORMAL_ARRAY_SIZE 77 -u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, - MUT_FLIPBIT, - MUT_FLIPBIT, - MUT_FLIPBIT, - MUT_INTERESTING8, - MUT_INTERESTING8, - MUT_INTERESTING8, - MUT_INTERESTING8, - MUT_INTERESTING16, - MUT_INTERESTING16, - MUT_INTERESTING16BE, - MUT_INTERESTING16BE, - MUT_INTERESTING32, - MUT_INTERESTING32, - MUT_INTERESTING32BE, - MUT_INTERESTING32BE, - MUT_ARITH8_, - MUT_ARITH8_, - MUT_ARITH8_, - MUT_ARITH8_, - MUT_ARITH8, - MUT_ARITH8, - MUT_ARITH8, - MUT_ARITH8, - MUT_ARITH16_, - MUT_ARITH16_, - MUT_ARITH16BE_, - MUT_ARITH16BE_, - MUT_ARITH16, - MUT_ARITH16, - MUT_ARITH16BE, - MUT_ARITH16BE, - MUT_ARITH32_, - MUT_ARITH32_, - MUT_ARITH32BE_, - MUT_ARITH32BE_, - MUT_ARITH32, - MUT_ARITH32, - MUT_ARITH32BE, - MUT_ARITH32BE, - MUT_RAND8, - MUT_RAND8, - MUT_RAND8, - MUT_RAND8, - MUT_CLONE_COPY, - MUT_CLONE_COPY, - MUT_CLONE_COPY, - MUT_CLONE_FIXED, - MUT_OVERWRITE_COPY, - MUT_OVERWRITE_COPY, - MUT_OVERWRITE_COPY, - MUT_OVERWRITE_FIXED, - MUT_BYTEADD, - MUT_BYTESUB, - MUT_FLIP8, - MUT_SWITCH, - MUT_SWITCH, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_EXTRA_OVERWRITE, - MUT_EXTRA_OVERWRITE, - MUT_EXTRA_INSERT, - MUT_EXTRA_INSERT, - MUT_AUTO_EXTRA_OVERWRITE, - MUT_AUTO_EXTRA_OVERWRITE, - MUT_AUTO_EXTRA_INSERT, - MUT_AUTO_EXTRA_INSERT, - MUT_SPLICE_OVERWRITE, - MUT_SPLICE_OVERWRITE, - MUT_SPLICE_INSERT, - MUT_SPLICE_INSERT}; +u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT}; + #define MUT_SPLICE_ARRAY_SIZE 81 u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_FLIPBIT, From 14e25340fb7b9e13357a9059dd1c128a2d7d9d5b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 6 Jun 2023 16:55:32 +0200 Subject: [PATCH 027/357] comparison --- include/afl-mutations.h | 155 ++++++++++++++++++++-------------------- src/afl-fuzz-one.c | 43 +++++++---- 2 files changed, 107 insertions(+), 91 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 08037b0928..a3c9fd59c0 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -78,83 +78,84 @@ enum { }; #define MUT_NORMAL_ARRAY_SIZE 77 -u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, - MUT_FLIPBIT, - MUT_FLIPBIT, - MUT_FLIPBIT, - MUT_INTERESTING8, - MUT_INTERESTING8, - MUT_INTERESTING8, - MUT_INTERESTING8, - MUT_INTERESTING16, - MUT_INTERESTING16, - MUT_INTERESTING16BE, - MUT_INTERESTING16BE, - MUT_INTERESTING32, - MUT_INTERESTING32, - MUT_INTERESTING32BE, - MUT_INTERESTING32BE, - MUT_ARITH8_, - MUT_ARITH8_, - MUT_ARITH8_, - MUT_ARITH8_, - MUT_ARITH8, - MUT_ARITH8, - MUT_ARITH8, - MUT_ARITH8, - MUT_ARITH16_, - MUT_ARITH16_, - MUT_ARITH16BE_, - MUT_ARITH16BE_, - MUT_ARITH16, - MUT_ARITH16, - MUT_ARITH16BE, - MUT_ARITH16BE, - MUT_ARITH32_, - MUT_ARITH32_, - MUT_ARITH32BE_, - MUT_ARITH32BE_, - MUT_ARITH32, - MUT_ARITH32, - MUT_ARITH32BE, - MUT_ARITH32BE, - MUT_RAND8, - MUT_RAND8, - MUT_RAND8, - MUT_RAND8, - MUT_CLONE_COPY, - MUT_CLONE_COPY, - MUT_CLONE_COPY, - MUT_CLONE_FIXED, - MUT_OVERWRITE_COPY, - MUT_OVERWRITE_COPY, - MUT_OVERWRITE_COPY, - MUT_OVERWRITE_FIXED, - MUT_BYTEADD, - MUT_BYTESUB, - MUT_FLIP8, - MUT_SWITCH, - MUT_SWITCH, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_DEL, - MUT_EXTRA_OVERWRITE, - MUT_EXTRA_OVERWRITE, - MUT_EXTRA_INSERT, - MUT_EXTRA_INSERT, - MUT_AUTO_EXTRA_OVERWRITE, - MUT_AUTO_EXTRA_OVERWRITE, - MUT_AUTO_EXTRA_INSERT, - MUT_AUTO_EXTRA_INSERT, - MUT_SPLICE_OVERWRITE, - MUT_SPLICE_OVERWRITE, - MUT_SPLICE_INSERT, - MUT_SPLICE_INSERT}; +u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT}; + #define MUT_SPLICE_ARRAY_SIZE 81 u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_FLIPBIT, diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index ec348a95ab..9d4b366e3e 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2081,33 +2081,48 @@ u8 fuzz_one_original(afl_state_t *afl) { where we take the input file and make random stacked tweaks. */ u32 *mutation_array; - u32 stack_max; // stack_max_pow = afl->havoc_stack_pow2; + u32 stack_max, rand_max; // stack_max_pow = afl->havoc_stack_pow2; - if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? + if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { - if (likely(afl->fuzz_mode == 0)) { // is exploration? + mutation_array = full_splice_array; + rand_max = MUT_SPLICE_ARRAY_SIZE; - mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + } else { - } else { // is exploitation! + mutation_array = normal_splice_array; + rand_max = MUT_NORMAL_ARRAY_SIZE; - mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; + } - } + /* + if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? + + if (likely(afl->fuzz_mode == 0)) { // is exploration? + + mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + + } else { // is exploitation! - } else { // is binary! + mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; - if (likely(afl->fuzz_mode == 0)) { // is exploration? + } + + } else { // is binary! - mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + if (likely(afl->fuzz_mode == 0)) { // is exploration? - } else { // is exploitation! + mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; - mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + } else { // is exploitation! + + mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + + } } - } + */ /* if (temp_len < 64) { @@ -2180,7 +2195,7 @@ u8 fuzz_one_original(afl_state_t *afl) { retry_havoc_step : { - u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item; + u32 r = rand_below(afl, rand_max), item; switch (mutation_array[r]) { From c7c6ad1a94810fc4c24fbf05bcdd7f9cf806646e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 6 Jun 2023 17:04:31 +0200 Subject: [PATCH 028/357] no_ui mode --- src/afl-fuzz-one.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index ec348a95ab..9685885bca 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -402,10 +402,11 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->not_on_tty)) { ACTF( - "Fuzzing test case #%u (%u total, %llu crashes saved, " + "Fuzzing test case #%u (%u total, %llu crashes saved, mode=%s, " "perf_score=%0.0f, weight=%0.0f, favorite=%u, was_fuzzed=%u, " "exec_us=%llu, hits=%u, map=%u, ascii=%u)...", afl->current_entry, afl->queued_items, afl->saved_crashes, + afl->fuzz_mode ? "exploit" : "explore", afl->queue_cur->perf_score, afl->queue_cur->weight, afl->queue_cur->favored, afl->queue_cur->was_fuzzed, afl->queue_cur->exec_us, From c28779adc543ffd3c68696867eef0f719ecee9d4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Jun 2023 12:32:51 +0200 Subject: [PATCH 029/357] show fuzzing state --- include/afl-fuzz.h | 1 + src/afl-fuzz-one.c | 5 +++-- src/afl-fuzz-stats.c | 46 +++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 47 insertions(+), 5 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index e1359dc867..c6c45fbd63 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1202,6 +1202,7 @@ u8 check_if_text_buf(u8 *buf, u32 len); #ifndef AFL_SHOWMAP void setup_signal_handlers(void); #endif +char *get_fuzzing_state(afl_state_t *afl); /* CmpLog */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 9685885bca..af5e57a070 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -402,11 +402,12 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->not_on_tty)) { ACTF( - "Fuzzing test case #%u (%u total, %llu crashes saved, mode=%s, " + "Fuzzing test case #%u (%u total, %llu crashes saved, state: %s, " + "mode=%s, " "perf_score=%0.0f, weight=%0.0f, favorite=%u, was_fuzzed=%u, " "exec_us=%llu, hits=%u, map=%u, ascii=%u)...", afl->current_entry, afl->queued_items, afl->saved_crashes, - afl->fuzz_mode ? "exploit" : "explore", + get_fuzzing_state(afl), afl->fuzz_mode ? "exploit" : "explore", afl->queue_cur->perf_score, afl->queue_cur->weight, afl->queue_cur->favored, afl->queue_cur->was_fuzzed, afl->queue_cur->exec_us, diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 4ffb25363f..9a60fd47e0 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -27,6 +27,45 @@ #include "envs.h" #include +static char fuzzing_state[4][12] = {"started :-)", "in progress", "final phase", + "finished..."}; + +char *get_fuzzing_state(afl_state_t *afl) { + + u64 cur_ms = get_cur_time(); + u64 last_find = cur_ms - afl->last_find_time; + u64 cur_run_time = cur_ms - afl->start_time; + u64 cur_total_run_time = afl->prev_run_time + cur_run_time; + + if (unlikely(cur_run_time < 60 * 3 * 1000 || + cur_total_run_time < 60 * 5 * 1000)) { + + return fuzzing_state[0]; + + } else { + + u64 last_find_100 = 100 * last_find; + u64 percent_cur = last_find_100 / cur_run_time; + u64 percent_total = last_find_100 / cur_total_run_time; + + if (unlikely(percent_cur >= 90 && percent_total >= 90)) { + + return fuzzing_state[3]; + + } else if (unlikely(percent_cur >= 75 && percent_total >= 75)) { + + return fuzzing_state[2]; + + } else { + + return fuzzing_state[1]; + + } + + } + +} + /* Write fuzzer setup file */ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) { @@ -1283,9 +1322,10 @@ void show_stats_normal(afl_state_t *afl) { /* Last line */ - SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP - " strategy:%s %s " bSTG bH20 bH10 bH2 bRB bSTOP cRST RESET_G1, - cPIN, afl->fuzz_mode == 0 ? "explore" : "exploit"); + SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN + " %s " bSTG bH10 cCYA bSTOP " state:" cPIN + " %s " bSTG bH2 bRB bSTOP cRST RESET_G1, + afl->fuzz_mode == 0 ? "explore" : "exploit", get_fuzzing_state(afl)); #undef IB From 6ec70fc0847a0624692e868743080bf4e6935523 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 9 Jun 2023 09:33:33 +0200 Subject: [PATCH 030/357] binary mutations --- src/afl-fuzz-one.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e722f0c6be..816384fda6 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2085,6 +2085,8 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 *mutation_array; u32 stack_max, rand_max; // stack_max_pow = afl->havoc_stack_pow2; + /* + if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { mutation_array = full_splice_array; @@ -2097,6 +2099,8 @@ u8 fuzz_one_original(afl_state_t *afl) { } + */ + /* if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? @@ -2112,15 +2116,21 @@ u8 fuzz_one_original(afl_state_t *afl) { } else { // is binary! - if (likely(afl->fuzz_mode == 0)) { // is exploration? + */ - mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + rand_max = MUT_STRATEGY_ARRAY_SIZE; - } else { // is exploitation! + if (likely(afl->fuzz_mode == 0)) { // is exploration? - mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; - } + } else { // is exploitation! + + mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + + } + + /* } From 25eba95bbaf58539c65088fc8bc143ed30ad82b9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 08:43:30 +0200 Subject: [PATCH 031/357] update new feature config --- include/config.h | 2 +- src/afl-fuzz-stats.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/config.h b/include/config.h index b767d526d1..09d8620d81 100644 --- a/include/config.h +++ b/include/config.h @@ -47,7 +47,7 @@ switches to exploitation mode. It automatically switches back when new coverage is found. Default: 300 (seconds) */ -#define STRATEGY_SWITCH_TIME 300 +#define STRATEGY_SWITCH_TIME 600 /* Default file permission umode when creating files (default: 0600) */ #define DEFAULT_PERMISSION 0600 diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 9a60fd47e0..1499a7e4a3 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -48,11 +48,11 @@ char *get_fuzzing_state(afl_state_t *afl) { u64 percent_cur = last_find_100 / cur_run_time; u64 percent_total = last_find_100 / cur_total_run_time; - if (unlikely(percent_cur >= 90 && percent_total >= 90)) { + if (unlikely(percent_cur >= 80 && percent_total >= 80)) { return fuzzing_state[3]; - } else if (unlikely(percent_cur >= 75 && percent_total >= 75)) { + } else if (unlikely(percent_cur >= 55 && percent_total >= 55)) { return fuzzing_state[2]; From ed97dbacef98c379d7028514a43c799c86050584 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 09:13:24 +0200 Subject: [PATCH 032/357] enable text mode --- src/afl-fuzz-one.c | 33 +++++++++++++-------------------- 1 file changed, 13 insertions(+), 20 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 816384fda6..4efc661ef1 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2101,40 +2101,33 @@ u8 fuzz_one_original(afl_state_t *afl) { */ - /* - if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? - - if (likely(afl->fuzz_mode == 0)) { // is exploration? + rand_max = MUT_STRATEGY_ARRAY_SIZE; - mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + if (unlikely(afl->text_input /*|| afl->queue_cur->is_ascii*/)) { // is text? - } else { // is exploitation! + if (likely(afl->fuzz_mode == 0)) { // is exploration? - mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; + mutation_array = (unsigned int *)&mutation_strategy_exploration_text; - } + } else { // is exploitation! - } else { // is binary! + mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; - */ - - rand_max = MUT_STRATEGY_ARRAY_SIZE; - - if (likely(afl->fuzz_mode == 0)) { // is exploration? + } - mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + } else { // is binary! - } else { // is exploitation! + if (likely(afl->fuzz_mode == 0)) { // is exploration? - mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; - } + } else { // is exploitation! - /* + mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; } - */ + } /* if (temp_len < 64) { From 61b6f4ed9e4dce15c39e4350278a95a41ea2522c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 09:16:15 +0200 Subject: [PATCH 033/357] 4.08a init --- README.md | 2 +- docs/Changelog.md | 7 +++++++ include/config.h | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97fd3997d4..05c662c164 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Release version: [4.07c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.07c +GitHub version: 4.08a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index c52ddd5625..98d595277e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,6 +3,13 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. +### Version ++4.08a (dev) + - new mutation engine: mutations that favor discovery more paths are prefered + until no new finds for 10 minutes then switching to mutations that favor + triggering crashes. Modes and switch time can be configured wie `-P`. + - display the state of the fuzzing run in the UI :-) + + ### Version ++4.07c (release) - afl-fuzz: - reverse reading the seeds only on restarts (increases performance) diff --git a/include/config.h b/include/config.h index 53be8549e6..d8153a2c84 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.07c" +#define VERSION "++4.08a" /****************************************************** * * From 3ad8e9856cc48a6f69aa701dafd0623f91f31c5c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 09:23:57 +0200 Subject: [PATCH 034/357] update changelog --- docs/Changelog.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 98d595277e..70f38d0592 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -7,6 +7,9 @@ - new mutation engine: mutations that favor discovery more paths are prefered until no new finds for 10 minutes then switching to mutations that favor triggering crashes. Modes and switch time can be configured wie `-P`. + - new custom mutator that has the new afl++ engine (so it can easily + incorporated into new custom mutators), and also comes with a standalone + command line tool! See custom_mutators/aflpp/standalone/ - display the state of the fuzzing run in the UI :-) From 091d66fa92cd9e4caa5829d579b1b996c49db8c9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jun 2023 13:05:35 +0200 Subject: [PATCH 035/357] increase strategy switch --- include/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/config.h b/include/config.h index 5100d88f18..8585041e1a 100644 --- a/include/config.h +++ b/include/config.h @@ -47,7 +47,7 @@ switches to exploitation mode. It automatically switches back when new coverage is found. Default: 300 (seconds) */ -#define STRATEGY_SWITCH_TIME 600 +#define STRATEGY_SWITCH_TIME 1000 /* Default file permission umode when creating files (default: 0600) */ #define DEFAULT_PERMISSION 0600 From fc1e352965416fc9cc74db39c1fec25c95ef2a64 Mon Sep 17 00:00:00 2001 From: forky2 <63731115+forky2@users.noreply.github.com> Date: Wed, 14 Jun 2023 08:43:06 +0100 Subject: [PATCH 036/357] Fixes #1770: afl-cmin in -T mode doesn't correctly divide inputs among threads --- afl-cmin | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl-cmin b/afl-cmin index ae723c1baa..de76caf8e4 100755 --- a/afl-cmin +++ b/afl-cmin @@ -488,7 +488,7 @@ BEGIN { if (threads) { - inputsperfile = in_count / threads + inputsperfile = int(in_count / threads) if (in_count % threads) { inputsperfile++; } From a36034424779d8c9769819ee525b321bfd64a26c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jun 2023 13:11:44 +0200 Subject: [PATCH 037/357] minor cmplog bugfix --- TODO.md | 1 - src/afl-fuzz-redqueen.c | 12 +++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/TODO.md b/TODO.md index 26e12ceeef..7968452e9c 100644 --- a/TODO.md +++ b/TODO.md @@ -3,7 +3,6 @@ ## Should - afl-crash-analysis - - show in the UI when fuzzing is "done" - test cmplog for less than 16bit - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 41644cb9e5..73e188e7a7 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -1988,10 +1988,10 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, if (l0 >= 0x80 || ol0 >= 0x80) { - l0 -= 0x80; - l1 -= 0x80; - ol0 -= 0x80; - ol1 -= 0x80; + if (l0 >= 0x80) { l0 -= 0x80; } + if (l1 >= 0x80) { l1 -= 0x80; } + if (ol0 >= 0x80) { ol0 -= 0x80; } + if (ol1 >= 0x80) { ol1 -= 0x80; } } @@ -2059,7 +2059,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, for (i = 0; i < its_len; ++i) { - if ((pattern[i] != buf[idx + i] && o_pattern[i] != orig_buf[idx + i]) || + if ((pattern[i] != buf[idx + i] || o_pattern[i] != orig_buf[idx + i]) || *status == 1) { break; @@ -2592,6 +2592,8 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, // shape_len), check_if_text_buf((u8 *)&o->v1, shape_len), v0_len, // o->v0, v1_len, o->v1); + // Note that this check differs from the line 1901, for RTN we are more + // opportunistic for adding to the dictionary than cmps if (!memcmp(o->v0, orig_o->v0, v0_len) || (!found_one || check_if_text_buf((u8 *)&o->v0, v0_len) == v0_len)) maybe_add_auto(afl, o->v0, v0_len); From 4231d33bc086895a15d8f449991ee3b160446d0a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jun 2023 13:18:44 +0200 Subject: [PATCH 038/357] improve afl-plot plots --- afl-plot | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/afl-plot b/afl-plot index 230d3bfe49..f1f288a347 100755 --- a/afl-plot +++ b/afl-plot @@ -75,8 +75,17 @@ outputdir=`get_abs_path "$2"` if [ ! -f "$inputdir/plot_data" ]; then - echo "[-] Error: input directory is not valid (missing 'plot_data')." 1>&2 - exit 1 + if [ -f "$inputdir/default/plot_data" ]; then + + echo "[-] Error: input directory is not valid (missing 'plot_data'), likely you mean $inputdir/default?" 1>&2 + exit 1 + + else + + echo "[-] Error: input directory is not valid (missing 'plot_data')." 1>&2 + exit 1 + + fi fi @@ -141,7 +150,7 @@ set output '$outputdir/high_freq.png' $GNUPLOT_SETUP plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'corpus count' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ - '' using 1:3 with filledcurve x1 title 'current fuzz item' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ + '' using 1:3 with filledcurve x1 title 'current item' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ '' using 1:5 with lines title 'pending items' linecolor rgb '#0090ff' linewidth 3, \\ '' using 1:6 with lines title 'pending favs' linecolor rgb '#c00080' linewidth 3, \\ '' using 1:2 with lines title 'cycles done' linecolor rgb '#c000f0' linewidth 3 From 450e00446dfe23a74b08c4ad88b082d48e1f0b66 Mon Sep 17 00:00:00 2001 From: cuanduo Date: Fri, 16 Jun 2023 08:28:05 +0800 Subject: [PATCH 039/357] fix bug --- utils/afl_network_proxy/afl-network-server.c | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 04309adaaf..7eb3d18e0d 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -173,6 +173,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) { } out_file = alloc_printf("%s/.afl-input-temp-%u", use_dir, getpid()); + fsrv->out_file = out_file; } From 420e36dcd3764921765d6aeb07989e701134513a Mon Sep 17 00:00:00 2001 From: Seoyoung Date: Fri, 16 Jun 2023 05:49:49 -0400 Subject: [PATCH 040/357] SanitizerCoveragePCGUARD: select counter off by one error --- instrumentation/SanitizerCoveragePCGUARD.so.cc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 7171e7aac9..d87af775ee 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -892,7 +892,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), ConstantInt::get( IntptrTy, - (cnt_cov + ++local_selects + AllBlocks.size()) * 4)), + (cnt_cov + local_selects++ + AllBlocks.size()) * 4)), Int32PtrTy); auto GuardPtr2 = IRB.CreateIntToPtr( @@ -900,7 +900,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), ConstantInt::get( IntptrTy, - (cnt_cov + ++local_selects + AllBlocks.size()) * 4)), + (cnt_cov + local_selects++ + AllBlocks.size()) * 4)), Int32PtrTy); result = IRB.CreateSelect(condition, GuardPtr1, GuardPtr2); @@ -937,7 +937,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), ConstantInt::get( IntptrTy, - (cnt_cov + ++local_selects + AllBlocks.size()) * 4)), + (cnt_cov + local_selects++ + AllBlocks.size()) * 4)), Int32PtrTy); x = IRB.CreateInsertElement(GuardPtr1, val1, (uint64_t)0); @@ -946,7 +946,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), ConstantInt::get( IntptrTy, - (cnt_cov + ++local_selects + AllBlocks.size()) * 4)), + (cnt_cov + local_selects++ + AllBlocks.size()) * 4)), Int32PtrTy); y = IRB.CreateInsertElement(GuardPtr2, val2, (uint64_t)0); @@ -955,7 +955,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( val1 = IRB.CreateIntToPtr( IRB.CreateAdd( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), - ConstantInt::get(IntptrTy, (cnt_cov + ++local_selects + + ConstantInt::get(IntptrTy, (cnt_cov + local_selects++ + AllBlocks.size()) * 4)), Int32PtrTy); @@ -964,7 +964,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( val2 = IRB.CreateIntToPtr( IRB.CreateAdd( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), - ConstantInt::get(IntptrTy, (cnt_cov + ++local_selects + + ConstantInt::get(IntptrTy, (cnt_cov + local_selects++ + AllBlocks.size()) * 4)), Int32PtrTy); From 7b29f2cd244424c5385605d1302b68be44e432bc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 20 Jun 2023 19:58:08 +0200 Subject: [PATCH 041/357] fix timeout for sessions restart and + usage --- docs/Changelog.md | 17 ++++++++++------- src/afl-fuzz-stats.c | 14 ++++++-------- src/afl-fuzz.c | 1 + 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 70f38d0592..4454456ec1 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,13 +4,16 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.08a (dev) - - new mutation engine: mutations that favor discovery more paths are prefered - until no new finds for 10 minutes then switching to mutations that favor - triggering crashes. Modes and switch time can be configured wie `-P`. - - new custom mutator that has the new afl++ engine (so it can easily - incorporated into new custom mutators), and also comes with a standalone - command line tool! See custom_mutators/aflpp/standalone/ - - display the state of the fuzzing run in the UI :-) + - afl-fuzz: + - new mutation engine: mutations that favor discovery more paths are + prefered until no new finds for 10 minutes then switching to mutations + that favor triggering crashes. Modes and switch time can be configured + with `-P`. + - new custom mutator that has the new afl++ engine (so it can easily + incorporated into new custom mutators), and also comes with a standalone + command line tool! See custom_mutators/aflpp/standalone/ + - display the state of the fuzzing run in the UI :-) + - fix timeout setting if '+' is used or a session is restarted ### Version ++4.07c (release) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 1499a7e4a3..389b82fc4b 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -2303,7 +2303,12 @@ void show_init_stats(afl_state_t *afl) { stringify_int(IB(0), min_us), stringify_int(IB(1), max_us), stringify_int(IB(2), avg_us)); - if (afl->timeout_given != 1) { + if (afl->timeout_given == 3) { + + ACTF("Applying timeout settings from resumed session (%u ms).", + afl->fsrv.exec_tmout); + + } else if (afl->timeout_given != 1) { /* Figure out the appropriate timeout. The basic idea is: 5x average or 1x max, rounded up to EXEC_TM_ROUND ms and capped at 1 second. @@ -2345,13 +2350,6 @@ void show_init_stats(afl_state_t *afl) { afl->timeout_given = 1; - } else if (afl->timeout_given == 3) { - - ACTF("Applying timeout settings from resumed session (%u ms).", - afl->fsrv.exec_tmout); - - } else { - ACTF("-t option specified. We'll use an exec timeout of %u ms.", afl->fsrv.exec_tmout); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index d727fff5b9..9eabfae12d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2362,6 +2362,7 @@ int main(int argc, char **argv_orig, char **envp) { max_ms = afl->queue_buf[entry]->exec_us; afl->fsrv.exec_tmout = max_ms; + afl->timeout_given = 1; } From 51ab51ca278dafacfca1131fd339529e9d7dce08 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 21 Jun 2023 09:04:08 +0200 Subject: [PATCH 042/357] update tutorial list --- custom_mutators/README.md | 11 +++++++---- docs/tutorials.md | 5 +++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/custom_mutators/README.md b/custom_mutators/README.md index a5a572c0a1..2d1220b3bb 100644 --- a/custom_mutators/README.md +++ b/custom_mutators/README.md @@ -70,14 +70,17 @@ requires cmake (among other things): ### libprotobuf Mutators -There are two WIP protobuf projects, that require work to be working though: +There are three WIP protobuf projects, that require work to be working though: + +ASN.1 example: +[https://github.com/airbus-seclab/AFLplusplus-blogpost/tree/main/src/mutator](https://github.com/airbus-seclab/AFLplusplus-blogpost/tree/main/src/mutator) transforms protobuf raw: -https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator +[https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator](https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator) has a transform function you need to fill for your protobuf format, however needs to be ported to the updated AFL++ custom mutator API (not much work): -https://github.com/thebabush/afl-libprotobuf-mutator +[https://github.com/thebabush/afl-libprotobuf-mutator](https://github.com/thebabush/afl-libprotobuf-mutator) same as above but is for current AFL++: -https://github.com/P1umer/AFLplusplus-protobuf-mutator +[https://github.com/P1umer/AFLplusplus-protobuf-mutator](https://github.com/P1umer/AFLplusplus-protobuf-mutator) \ No newline at end of file diff --git a/docs/tutorials.md b/docs/tutorials.md index 342080fd17..a5ee33225b 100644 --- a/docs/tutorials.md +++ b/docs/tutorials.md @@ -8,6 +8,7 @@ Here are some good write-ups to show how to effectively use AFL++: * [https://aflplus.plus/docs/tutorials/libxml2_tutorial/](https://aflplus.plus/docs/tutorials/libxml2_tutorial/) * [https://bananamafia.dev/post/gb-fuzz/](https://bananamafia.dev/post/gb-fuzz/) +* [https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/](https://bushido-sec.com/index.php/2023/06/19/the-art-of-fuzzing/) * [https://securitylab.github.com/research/fuzzing-challenges-solutions-1](https://securitylab.github.com/research/fuzzing-challenges-solutions-1) * [https://securitylab.github.com/research/fuzzing-software-2](https://securitylab.github.com/research/fuzzing-software-2) * [https://securitylab.github.com/research/fuzzing-sockets-FTP](https://securitylab.github.com/research/fuzzing-sockets-FTP) @@ -20,6 +21,10 @@ training, then we can highly recommend the following: * [https://github.com/antonio-morales/Fuzzing101](https://github.com/antonio-morales/Fuzzing101) +Here is a good forkflow description (and tutorial) for qemu_mode: + +* [https://airbus-seclab.github.io/AFLplusplus-blogpost/](https://airbus-seclab.github.io/AFLplusplus-blogpost/) + Here is good workflow description for frida_mode: * [https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html](https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html) From 2366c00235692c9ae11921cf38e9f6fe3fb30142 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 21 Jun 2023 09:38:21 +0200 Subject: [PATCH 043/357] switch back to normal mutations --- src/afl-fuzz-one.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4efc661ef1..32c05182ce 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2103,11 +2103,21 @@ u8 fuzz_one_original(afl_state_t *afl) { rand_max = MUT_STRATEGY_ARRAY_SIZE; - if (unlikely(afl->text_input /*|| afl->queue_cur->is_ascii*/)) { // is text? + if (unlikely(afl->text_input)) { // is text? if (likely(afl->fuzz_mode == 0)) { // is exploration? - mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { + + mutation_array = full_splice_array; + rand_max = MUT_SPLICE_ARRAY_SIZE; + + } else { + + mutation_array = normal_splice_array; + rand_max = MUT_NORMAL_ARRAY_SIZE; + + } } else { // is exploitation! @@ -2119,7 +2129,17 @@ u8 fuzz_one_original(afl_state_t *afl) { if (likely(afl->fuzz_mode == 0)) { // is exploration? - mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { + + mutation_array = full_splice_array; + rand_max = MUT_SPLICE_ARRAY_SIZE; + + } else { + + mutation_array = normal_splice_array; + rand_max = MUT_NORMAL_ARRAY_SIZE; + + } } else { // is exploitation! From 936b6dcb5d7a93d2aa211d0812fd26ba0b2c7d3c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 21 Jun 2023 09:57:24 +0200 Subject: [PATCH 044/357] nits --- afl-cmin | 2 +- src/afl-fuzz-stats.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/afl-cmin b/afl-cmin index de76caf8e4..3e37dbdbfa 100755 --- a/afl-cmin +++ b/afl-cmin @@ -513,7 +513,7 @@ BEGIN { if (threads > 1) { - print "[*] Creating " threads " parallel tasks with about " inputsperfile " each." + print "[*] Creating " threads " parallel tasks with about " inputsperfile " items each." for (i = 1; i <= threads; i++) { if (!stdin_file) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 389b82fc4b..4013370ded 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -2350,6 +2350,8 @@ void show_init_stats(afl_state_t *afl) { afl->timeout_given = 1; + } else { + ACTF("-t option specified. We'll use an exec timeout of %u ms.", afl->fsrv.exec_tmout); From 64b15a00f270f0ac9c00cf13e569481672227635 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 21 Jun 2023 12:20:10 +0200 Subject: [PATCH 045/357] fix afl-cmin* for old afl vanilla issue --- afl-cmin | 35 +++++++++++++++++++++++++++++------ afl-cmin.bash | 4 +++- docs/Changelog.md | 4 ++++ src/afl-showmap.c | 5 +++-- 4 files changed, 39 insertions(+), 9 deletions(-) diff --git a/afl-cmin b/afl-cmin index 3e37dbdbfa..d0bbed2ba4 100755 --- a/afl-cmin +++ b/afl-cmin @@ -318,7 +318,9 @@ BEGIN { if (!nyx_mode && target_bin && !exists_and_is_executable(target_bin)) { - "command -v "target_bin" 2>/dev/null" | getline tnew + cmd = "command -v "target_bin" 2>/dev/null" + cmd | getline tnew + close(cmd) if (!tnew || !exists_and_is_executable(tnew)) { print "[-] Error: binary '"target_bin"' not found or not executable." > "/dev/stderr" exit 1 @@ -330,6 +332,7 @@ BEGIN { echo "[!] Trying to obtain the map size of the target ..." get_map_size = "AFL_DUMP_MAP_SIZE=1 " target_bin get_map_size | getline mapsize + close(get_map_size) if (mapsize && mapsize > 65535 && mapsize < 100000000) { AFL_MAP_SIZE = "AFL_MAP_SIZE="mapsize" " print "[+] Setting "AFL_MAP_SIZE @@ -359,14 +362,18 @@ BEGIN { system("rm -rf "trace_dir" 2>/dev/null"); system("rm "out_dir"/id[:_]* 2>/dev/null") - "ls "out_dir"/* 2>/dev/null | wc -l" | getline noofentries + cmd = "ls "out_dir"/* 2>/dev/null | wc -l" + cmd | getline noofentries + close(cmd) if (0 == system( "test -d "out_dir" -a "noofentries" -gt 0" )) { print "[-] Error: directory '"out_dir"' exists and is not empty - delete it first." > "/dev/stderr" exit 1 } if (threads) { - "nproc" | getline nproc + cmd = "nproc" + cmd | getline nproc + close(cmd) if (threads == "all") { threads = nproc } else { @@ -386,12 +393,14 @@ BEGIN { if (stdin_file) { # truncate input file printf "" > stdin_file - close( stdin_file ) + close(stdin_file) } # First we look in PATH if (0 == system("command -v afl-showmap >/dev/null 2>&1")) { - "command -v afl-showmap 2>/dev/null" | getline showmap + cmd = "command -v afl-showmap 2>/dev/null" + cmd | getline showmap + close(cmd) } else { # then we look in the current directory if (0 == system("test -x ./afl-showmap")) { @@ -413,7 +422,9 @@ BEGIN { # yuck, gnu stat is option incompatible to bsd stat # we use a heuristic to differentiate between # GNU stat and other stats - "stat --version 2>/dev/null" | getline statversion + cmd = "stat --version 2>/dev/null" + cmd | getline statversion + close(cmd) if (statversion ~ /GNU coreutils/) { stat_format = "-c '%s %n'" # GNU } else { @@ -432,6 +443,7 @@ BEGIN { infilesSmallToBigFullMap[infilesSmallToBigFull[i]] = infilesSmallToBig[i] i++ } + close(cmdline) in_count = i first_file = infilesSmallToBigFull[0] @@ -468,6 +480,7 @@ BEGIN { while ((getline < runtest) > 0) { ++first_count } + close(runtest) if (first_count) { print "[+] OK, "first_count" tuples recorded." @@ -582,6 +595,15 @@ BEGIN { else { print " Processing file "cur"/"in_count } # create path for the trace file from afl-showmap tracefile_path = trace_dir"/"fn + # ensure the file size is not zero + cmd = "du -b "tracefile_path + "ls -l "tracefile_path + cmd | getline output + close(cmd) + split(output, result, "\t") + if (result[1] == 0) { + print "[!] WARNING: file "fn" is crashing the target, ignoring..." + } # gather all keys, and count them while ((getline line < tracefile_path) > 0) { key = line @@ -643,6 +665,7 @@ BEGIN { } } close(sortedKeys) + print "" print "[+] Found "tuple_count" unique tuples across "in_count" files." if (out_count == 1) { diff --git a/afl-cmin.bash b/afl-cmin.bash index dc6d5342b1..1d08049100 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -479,7 +479,7 @@ else echo "[+] all $THREADS running tasks completed." rm -f ${TMPFILE}* - echo trace dir files: $(ls $TRACE_DIR/*|wc -l) + #echo trace dir files: $(ls $TRACE_DIR/*|wc -l) fi @@ -523,6 +523,8 @@ ls -rS "$IN_DIR" | while read -r fn; do sed "s#\$# $fn#" "$TRACE_DIR/$fn" >>"$TRACE_DIR/.candidate_list" + test -s "$TRACE_DIR/$fn" || echo Warning: $fn is ignored because of crashing the target + done echo diff --git a/docs/Changelog.md b/docs/Changelog.md index 4454456ec1..246c3caccb 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -14,6 +14,10 @@ command line tool! See custom_mutators/aflpp/standalone/ - display the state of the fuzzing run in the UI :-) - fix timeout setting if '+' is used or a session is restarted + - afl-cmin/afl-cmin.bash: + - fixed a bug inherited from vanilla AFL where a coverage of + map[123] = 11 would be the same as map[1123] = 1 + - warn on crashing inputs ### Version ++4.07c (release) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 9c02903583..13867fda76 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -243,7 +243,8 @@ static void analyze_results(afl_forkserver_t *fsrv) { total += fsrv->trace_bits[i]; if (fsrv->trace_bits[i] > highest) highest = fsrv->trace_bits[i]; - if (!coverage_map[i]) { coverage_map[i] = 1; } + // if (!coverage_map[i]) { coverage_map[i] = 1; } + coverage_map[i] |= fsrv->trace_bits[i]; } @@ -328,7 +329,7 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { if (cmin_mode) { - fprintf(f, "%u%u\n", fsrv->trace_bits[i], i); + fprintf(f, "%u%03u\n", i, fsrv->trace_bits[i]); } else { From ec4ed66b1efd0953d42e6c7055a2b1cf766ff720 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 21 Jun 2023 13:51:02 +0200 Subject: [PATCH 046/357] nits --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9eabfae12d..8cf786af4a 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -164,7 +164,7 @@ static void usage(u8 *argv0, int more_help) { "\n" "Mutator settings:\n" - " -a - target expects ascii text input\n" + " -a - target expects ascii text input (prefer text mutators)\n" " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " "%lu)\n" From 93362c6e672f1d2aba15636b6ba96a771aeb7ead Mon Sep 17 00:00:00 2001 From: mischa Date: Wed, 21 Jun 2023 16:39:05 +0200 Subject: [PATCH 047/357] updated llvm requirements --- GNUmakefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 55676d97b1..71011858a8 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -318,7 +318,7 @@ all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin test_bu @echo Build Summary: @test -e afl-fuzz && echo "[+] afl-fuzz and supporting tools successfully built" || echo "[-] afl-fuzz could not be built, please set CC to a working compiler" @test -e afl-llvm-pass.so && echo "[+] LLVM basic mode successfully built" || echo "[-] LLVM mode could not be built, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" - @test -e SanitizerCoveragePCGUARD.so && echo "[+] LLVM mode successfully built" || echo "[-] LLVM mode could not be built, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" + @test -e SanitizerCoveragePCGUARD.so && echo "[+] LLVM mode successfully built" || echo "[-] LLVM mode could not be built, please install at least llvm-13 and clang-13 or newer, see docs/INSTALL.md" @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode successfully built" || echo "[-] LLVM LTO mode could not be built, it is optional, if you want it, please install LLVM and LLD 11+. More information at instrumentation/README.lto.md on how to build it" ifneq "$(SYS)" "Darwin" @test -e afl-gcc-pass.so && echo "[+] gcc_mode successfully built" || echo "[-] gcc_mode could not be built, it is optional, install gcc-VERSION-plugin-dev to enable this" @@ -740,7 +740,7 @@ endif @echo Build Summary: @test -e afl-fuzz && echo "[+] afl-fuzz and supporting tools successfully built" || echo "[-] afl-fuzz could not be built, please set CC to a working compiler" @test -e afl-llvm-pass.so && echo "[+] LLVM basic mode successfully built" || echo "[-] LLVM mode could not be built, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" - @test -e SanitizerCoveragePCGUARD.so && echo "[+] LLVM mode successfully built" || echo "[-] LLVM mode could not be built, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" + @test -e SanitizerCoveragePCGUARD.so && echo "[+] LLVM mode successfully built" || echo "[-] LLVM mode could not be built, please install at least llvm-13 and clang-13 or newer, see docs/INSTALL.md" @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode successfully built" || echo "[-] LLVM LTO mode could not be built, it is optional, if you want it, please install LLVM 11-14. More information at instrumentation/README.lto.md on how to build it" ifneq "$(SYS)" "Darwin" test -e afl-gcc-pass.so && echo "[+] gcc_mode successfully built" || echo "[-] gcc_mode could not be built, it is optional, install gcc-VERSION-plugin-dev to enable this" From 90f83c13d08f44fbf50036076a1772909c4d2c86 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 22 Jun 2023 09:24:00 +0200 Subject: [PATCH 048/357] remove dead code, code format --- .custom-format.py | 2 +- docs/Changelog.md | 3 ++ include/alloc-inl.h | 8 ++-- .../SanitizerCoveragePCGUARD.so.cc | 39 ++----------------- qemu_mode/libqasan/dlmalloc.c | 2 +- src/afl-fuzz-init.c | 8 ++-- src/afl-fuzz.c | 3 +- utils/afl_network_proxy/afl-network-server.c | 2 +- 8 files changed, 19 insertions(+), 48 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index 1d5c88397e..3521c05d14 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -24,7 +24,7 @@ # string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # TODO: for future use -CURRENT_LLVM = os.getenv('LLVM_VERSION', 15) +CURRENT_LLVM = os.getenv('LLVM_VERSION', 16) CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") diff --git a/docs/Changelog.md b/docs/Changelog.md index 246c3caccb..c850c43e0c 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -18,6 +18,9 @@ - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 - warn on crashing inputs + - afl-cc + - fixed an off-by-one instrumentation of iselect, hurting coverage a bit. + Thanks to @amykweon for spotting and fixing! ### Version ++4.07c (release) diff --git a/include/alloc-inl.h b/include/alloc-inl.h index 1e9a192bb3..cff808b246 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -322,7 +322,7 @@ static inline void DFL_ck_free(void *mem) { static inline void *DFL_ck_realloc(void *orig, u32 size) { void *ret; - u32 old_size = 0; + u32 old_size = 0; if (!size) { @@ -392,7 +392,7 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) { static inline u8 *DFL_ck_strdup(u8 *str) { void *ret; - u32 size; + u32 size; if (!str) return NULL; @@ -438,14 +438,14 @@ struct TRK_obj { void *ptr; char *file, *func; - u32 line; + u32 line; }; #ifdef AFL_MAIN struct TRK_obj *TRK[ALLOC_BUCKETS]; -u32 TRK_cnt[ALLOC_BUCKETS]; +u32 TRK_cnt[ALLOC_BUCKETS]; #define alloc_report() TRK_report() diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index d87af775ee..57b5d1280e 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -225,49 +225,18 @@ llvmGetPassPluginInfo() { } -#if LLVM_VERSION_MAJOR == 1 +#if LLVM_VERSION_MAJOR >= 16 PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, ModuleAnalysisManager &MAM) { - ModuleSanitizerCoverageAFL ModuleSancov(Options); - auto &FAM = MAM.getResult(M).getManager(); - auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ - - return &FAM.getResult(F); - - }; - - auto PDTCallback = [&FAM](Function &F) -> const PostDominatorTree * { - - return &FAM.getResult(F); - - }; - - if (!ModuleSancov.instrumentModule(M, DTCallback, PDTCallback)) - return PreservedAnalyses::all(); - - PreservedAnalyses PA = PreservedAnalyses::none(); - // GlobalsAA is considered stateless and does not get invalidated unless - // explicitly invalidated; PreservedAnalyses::none() is not enough. Sanitizers - // make changes that require GlobalsAA to be invalidated. - PA.abandon(); - return PA; - -} - #else - #if LLVM_VERSION_MAJOR >= 16 -PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, - ModuleAnalysisManager &MAM) { - - #else PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, ModuleAnalysisManager &MAM) { - #endif +#endif ModuleSanitizerCoverageAFL ModuleSancov(Options); auto &FAM = MAM.getResult(M).getManager(); - auto DTCallback = [&FAM](Function &F) -> const DominatorTree * { + auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ return &FAM.getResult(F); @@ -285,8 +254,6 @@ PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, } -#endif - std::pair ModuleSanitizerCoverageAFL::CreateSecStartEnd( Module &M, const char *Section, Type *Ty) { diff --git a/qemu_mode/libqasan/dlmalloc.c b/qemu_mode/libqasan/dlmalloc.c index 5d0b65cedb..b459eb7b35 100644 --- a/qemu_mode/libqasan/dlmalloc.c +++ b/qemu_mode/libqasan/dlmalloc.c @@ -1762,7 +1762,7 @@ static FORCEINLINE void *win32direct_mmap(size_t size) { static FORCEINLINE int win32munmap(void *ptr, size_t size) { MEMORY_BASIC_INFORMATION minfo; - char *cptr = (char *)ptr; + char *cptr = (char *)ptr; while (size) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 13802f40c8..24fd707781 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1542,8 +1542,8 @@ double get_runnable_processes(void) { processes well. */ FILE *f = fopen("/proc/stat", "r"); - u8 tmp[1024]; - u32 val = 0; + u8 tmp[1024]; + u32 val = 0; if (!f) { return 0; } @@ -2226,7 +2226,7 @@ void check_crash_handling(void) { *BSD, so we can just let it slide for now. */ s32 fd = open("/proc/sys/kernel/core_pattern", O_RDONLY); - u8 fchar; + u8 fchar; if (fd < 0) { return; } @@ -2365,7 +2365,7 @@ void check_cpu_governor(afl_state_t *afl) { FATAL("Suboptimal CPU scaling governor"); #elif defined __APPLE__ - u64 min = 0, max = 0; + u64 min = 0, max = 0; size_t mlen = sizeof(min); if (afl->afl_env.afl_skip_cpufreq) return; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8cf786af4a..79b05da76e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -164,7 +164,8 @@ static void usage(u8 *argv0, int more_help) { "\n" "Mutator settings:\n" - " -a - target expects ascii text input (prefer text mutators)\n" + " -a - target expects ascii text input (prefer text " + "mutators)\n" " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " "%lu)\n" diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 7eb3d18e0d..95b0a551c8 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -173,7 +173,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) { } out_file = alloc_printf("%s/.afl-input-temp-%u", use_dir, getpid()); - fsrv->out_file = out_file; + fsrv->out_file = out_file; } From 9926f070822c35c312b5051ce0be0a40a471f253 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 22 Jun 2023 17:36:02 +0100 Subject: [PATCH 049/357] Support for long form instrumentation on x64 --- frida_mode/src/instrument/instrument_x64.c | 289 +++++++++++++++++---- 1 file changed, 242 insertions(+), 47 deletions(-) diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index 8338f8e7c0..3983c3ba27 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -58,6 +58,7 @@ typedef union { } jcc_insn; static GHashTable *coverage_blocks = NULL; +static GHashTable *coverage_blocks_long = NULL; gboolean instrument_is_coverage_optimize_supported(void) { @@ -127,6 +128,64 @@ typedef struct { } afl_log_code_asm_t; +typedef struct { + + // cur_location = (block_address >> 4) ^ (block_address << 8); + // shared_mem[cur_location ^ prev_location]++; + // prev_location = cur_location >> 1; + + // mov QWORD PTR [rsp-0x88],rax + // lahf + // mov QWORD PTR [rsp-0x90],rax + // mov QWORD PTR [rsp-0x98],rbx + + // mov rax, 0xXXXXXXXXXXXXXXXXX /* p_prev_loc */ + // mov eax, dword ptr [rax] /* prev_loc */ + // xor eax,0x3f77 /* cur_loc */ + + // mov rbx, 0xXXXXXXXXXXXXXXXXX /* map */ + // add rax,rbx + + // mov bl,BYTE PTR [rax] + // add bl,0x1 + // adc bl,0x0 + // mov BYTE PTR [rax],bl + + // mov rax, 0xXXXXXXXXXXXXXXXXX /* p_prev_loc */ + // mov dword ptr [rax], 0xXXXXXXXXX /* prev_loc */ + + // mov rbx,QWORD PTR [rsp-0x98] + // mov rax,QWORD PTR [rsp-0x90] + // sahf + // mov rax,QWORD PTR [rsp-0x88] + + uint8_t mov_rax_rsp_88[8]; + uint8_t lahf; + uint8_t mov_rax_rsp_90[8]; + uint8_t mov_rbx_rsp_98[8]; + + uint8_t mov_rax_prev_loc_ptr1[10]; + uint8_t mov_eax_prev_loc[2]; + uint8_t xor_eax_curr_loc[5]; + + uint8_t mov_rbx_map_ptr[10]; + uint8_t add_rax_rbx[3]; + + uint8_t mov_rbx_ptr_rax[2]; + uint8_t add_bl_1[3]; + uint8_t adc_bl_0[3]; + uint8_t mov_ptr_rax_rbx[2]; + + uint8_t mov_rax_prev_loc_ptr2[10]; + uint8_t mov_prev_loc_curr_loc_shr1[6]; + + uint8_t mov_rsp_98_rbx[8]; + uint8_t mov_rsp_90_rax[8]; + uint8_t sahf; + uint8_t mov_rsp_88_rax[8]; + +} afl_log_code_asm_long_t; + #pragma pack(pop) static const afl_log_code_asm_t template = @@ -158,6 +217,41 @@ static const afl_log_code_asm_t template = ; +static const afl_log_code_asm_long_t template_long = + { + + .mov_rax_rsp_88 = {0x48, 0x89, 0x84, 0x24, 0x78, 0xFF, 0xFF, 0xFF}, + .lahf = 0x9f, + .mov_rax_rsp_90 = {0x48, 0x89, 0x84, 0x24, 0x70, 0xFF, 0xFF, 0xFF}, + .mov_rbx_rsp_98 = {0x48, 0x89, 0x9C, 0x24, 0x68, 0xFF, 0xFF, 0xFF}, + + .mov_rax_prev_loc_ptr1 = {0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF}, + .mov_eax_prev_loc = {0x8b, 0x00}, + .xor_eax_curr_loc = {0x35}, + + .mov_rbx_map_ptr = {0x48, 0xBB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF}, + .add_rax_rbx = {0x48, 0x01, 0xd8}, + + .mov_rbx_ptr_rax = {0x8a, 0x18}, + .add_bl_1 = {0x80, 0xc3, 0x01}, + .adc_bl_0 = {0x80, 0xd3, 0x00}, + .mov_ptr_rax_rbx = {0x88, 0x18}, + + .mov_rax_prev_loc_ptr2 = {0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF}, + .mov_prev_loc_curr_loc_shr1 = {0xc7, 0x00, 0xFF, 0xFF, 0xFF, 0xFF}, + + .mov_rsp_98_rbx = {0x48, 0x8B, 0x9C, 0x24, 0x68, 0xFF, 0xFF, 0xFF}, + .mov_rsp_90_rax = {0x48, 0x8B, 0x84, 0x24, 0x70, 0xFF, 0xFF, 0xFF}, + .sahf = 0x9e, + .mov_rsp_88_rax = {0x48, 0x8B, 0x84, 0x24, 0x78, 0xFF, 0xFF, 0xFF}, + +} + +; + typedef union { afl_log_code_asm_t code; @@ -165,6 +259,13 @@ typedef union { } afl_log_code; +typedef union { + + afl_log_code_asm_long_t code; + uint8_t bytes[0]; + +} afl_log_code_long; + void instrument_coverage_optimize_init(void) { FVERBOSE("__afl_area_ptr: %p", __afl_area_ptr); @@ -182,16 +283,19 @@ static void instrument_coverage_switch_insn(GumStalkerObserver *self, cs_x86 *x86; cs_x86_op *op; + bool is_short = false; + bool is_long = false; + if (from_insn == NULL) { return; } x86 = &from_insn->detail->x86; op = x86->operands; - if (!g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target))) { - - return; + is_short = g_hash_table_contains(coverage_blocks, GSIZE_TO_POINTER(*target)); + is_long = + g_hash_table_contains(coverage_blocks_long, GSIZE_TO_POINTER(*target)); - } + if (!is_short && !is_long) { return; } switch (from_insn->id) { @@ -212,15 +316,41 @@ static void instrument_coverage_switch_insn(GumStalkerObserver *self, break; case X86_INS_RET: - instrument_cache_insert(start_address, - (guint8 *)*target + sizeof(afl_log_code)); + if (is_short) { + + instrument_cache_insert(start_address, + (guint8 *)*target + sizeof(afl_log_code)); + + } else if (is_long) { + + instrument_cache_insert(start_address, + (guint8 *)*target + sizeof(afl_log_code_long)); + + } else { + + FATAL("Something has gone wrong here!"); + + } + break; default: return; } - *target = (guint8 *)*target + sizeof(afl_log_code); + if (is_short) { + + *target = (guint8 *)*target + sizeof(afl_log_code); + + } else if (is_long) { + + *target = (guint8 *)*target + sizeof(afl_log_code_long); + + } else { + + FATAL("Something has gone wrong here!"); + + } } @@ -270,22 +400,22 @@ static void instrument_coverage_suppress_init(void) { } + coverage_blocks_long = g_hash_table_new(g_direct_hash, g_direct_equal); + if (coverage_blocks_long == NULL) { + + FATAL("Failed to g_hash_table_new, errno: %d", errno); + + } + } -static void instrument_coverage_write(GumAddress address, - GumStalkerOutput *output) { +bool instrument_write_inline(GumX86Writer *cw, GumAddress code_addr, + guint32 area_offset, guint32 area_offset_ror) { - afl_log_code code = {0}; - GumX86Writer *cw = output->writer.x86; - guint64 area_offset = instrument_get_offset_hash(address); - gsize map_size_pow2; - gsize area_offset_ror; - GumAddress code_addr = cw->pc; + afl_log_code code = {0}; code.code = template; - /* mov_prev_loc_curr_loc_shr1 */ - gssize prev_loc_value = GPOINTER_TO_SIZE(instrument_previous_pc_addr) - (code_addr + offsetof(afl_log_code, code.mov_prev_loc_curr_loc_shr1) + @@ -294,11 +424,7 @@ static void instrument_coverage_write(GumAddress address, offsetof(afl_log_code, code.mov_prev_loc_curr_loc_shr1) + sizeof(code.code.mov_prev_loc_curr_loc_shr1) - sizeof(gint) - sizeof(guint32); - if (!instrument_coverage_in_range(prev_loc_value)) { - - FATAL("Patch out of range (current_pc_value1): 0x%016lX", prev_loc_value); - - } + if (!instrument_coverage_in_range(prev_loc_value)) { return false; } *((gint *)&code.bytes[prev_loc_value_offset]) = (gint)prev_loc_value; @@ -311,11 +437,7 @@ static void instrument_coverage_write(GumAddress address, gssize prev_loc_value_offset2 = offsetof(afl_log_code, code.mov_eax_prev_loc) + sizeof(code.code.mov_eax_prev_loc) - sizeof(gint); - if (!instrument_coverage_in_range(prev_loc_value)) { - - FATAL("Patch out of range (current_pc_value1): 0x%016lX", prev_loc_value2); - - } + if (!instrument_coverage_in_range(prev_loc_value)) { return false; } *((gint *)&code.bytes[prev_loc_value_offset2]) = (gint)prev_loc_value2; @@ -338,12 +460,7 @@ static void instrument_coverage_write(GumAddress address, (code_addr + offsetof(afl_log_code, code.lea_rbx_area_ptr) + sizeof(code.code.lea_rbx_area_ptr))); - if (!instrument_coverage_in_range(lea_rbx_area_ptr_value)) { - - FATAL("Patch out of range (lea_rbx_area_ptr_value): 0x%016lX", - lea_rbx_area_ptr_value); - - } + if (!instrument_coverage_in_range(lea_rbx_area_ptr_value)) { return false; } *((guint32 *)&code.bytes[lea_rbx_area_ptr_offset]) = lea_rbx_area_ptr_value; @@ -353,12 +470,100 @@ static void instrument_coverage_write(GumAddress address, offsetof(afl_log_code, code.mov_prev_loc_curr_loc_shr1) + sizeof(code.code.mov_prev_loc_curr_loc_shr1) - sizeof(guint32); - map_size_pow2 = util_log2(__afl_map_size); - area_offset_ror = util_rotate(area_offset, 1, map_size_pow2); - *((guint32 *)&code.bytes[curr_loc_shr_1_offset]) = (guint32)(area_offset_ror); + if (instrument_suppress) { + + if (!g_hash_table_add(coverage_blocks, GSIZE_TO_POINTER(cw->code))) { + + FATAL("Failed - g_hash_table_add"); + + } + + } + gum_x86_writer_put_bytes(cw, code.bytes, sizeof(afl_log_code)); + return true; + +} + +bool instrument_write_inline_long(GumX86Writer *cw, guint32 area_offset, + guint32 area_offset_ror) { + + afl_log_code_long code = {0}; + code.code = template_long; + + /* mov_rax_prev_loc_ptr1 */ + gssize mov_rax_prev_loc_ptr1_offset = + offsetof(afl_log_code_long, code.mov_rax_prev_loc_ptr1) + + sizeof(code.code.mov_rax_prev_loc_ptr1) - sizeof(gsize); + *((gsize *)&code.bytes[mov_rax_prev_loc_ptr1_offset]) = + GPOINTER_TO_SIZE(instrument_previous_pc_addr); + + /* xor_eax_curr_loc */ + gssize xor_eax_curr_loc_offset = + offsetof(afl_log_code_long, code.xor_eax_curr_loc) + + sizeof(code.code.xor_eax_curr_loc) - sizeof(guint32); + *((guint32 *)&code.bytes[xor_eax_curr_loc_offset]) = area_offset; + + /* mov_rbx_map_ptr */ + gsize mov_rbx_map_ptr_offset = + offsetof(afl_log_code_long, code.mov_rbx_map_ptr) + + sizeof(code.code.mov_rbx_map_ptr) - sizeof(gsize); + *((gsize *)&code.bytes[mov_rbx_map_ptr_offset]) = + GPOINTER_TO_SIZE(__afl_area_ptr); + + /* mov_rax_prev_loc_ptr2 */ + gssize mov_rax_prev_loc_ptr2_offset = + offsetof(afl_log_code_long, code.mov_rax_prev_loc_ptr2) + + sizeof(code.code.mov_rax_prev_loc_ptr2) - sizeof(gsize); + *((gsize *)&code.bytes[mov_rax_prev_loc_ptr2_offset]) = + GPOINTER_TO_SIZE(instrument_previous_pc_addr); + + /* mov_prev_loc_curr_loc_shr1 */ + gssize mov_prev_loc_curr_loc_shr1_offset = + offsetof(afl_log_code_long, code.mov_prev_loc_curr_loc_shr1) + + sizeof(code.code.mov_prev_loc_curr_loc_shr1) - sizeof(guint32); + *((guint32 *)&code.bytes[mov_prev_loc_curr_loc_shr1_offset]) = + (guint32)(area_offset_ror); + + if (instrument_suppress) { + + if (!g_hash_table_add(coverage_blocks_long, GSIZE_TO_POINTER(cw->code))) { + + FATAL("Failed - g_hash_table_add"); + + } + + } + + gum_x86_writer_put_bytes(cw, code.bytes, sizeof(afl_log_code_long)); + return true; + +} + +static void instrument_coverage_write(GumAddress address, + GumStalkerOutput *output) { + + GumX86Writer *cw = output->writer.x86; + guint64 area_offset = (guint32)instrument_get_offset_hash(address); + gsize map_size_pow2; + guint32 area_offset_ror; + GumAddress code_addr = cw->pc; + + map_size_pow2 = util_log2(__afl_map_size); + area_offset_ror = (guint32)util_rotate(instrument_get_offset_hash(address), 1, + map_size_pow2); + + if (!instrument_write_inline(cw, code_addr, area_offset, area_offset_ror)) { + + if (!instrument_write_inline_long(cw, area_offset, area_offset_ror)) { + + FATAL("Failed to write inline instrumentation"); + + } + + } } @@ -380,17 +585,7 @@ void instrument_coverage_optimize(const cs_insn *instr, } - if (instrument_suppress) { - - instrument_coverage_suppress_init(); - - if (!g_hash_table_add(coverage_blocks, GSIZE_TO_POINTER(cw->code))) { - - FATAL("Failed - g_hash_table_add"); - - } - - } + if (instrument_suppress) { instrument_coverage_suppress_init(); } instrument_coverage_write(GUM_ADDRESS(instr->address), output); From c2c27349c3d74f79ceb6cd3795862b21d90429ea Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 23 Jun 2023 17:08:21 +0200 Subject: [PATCH 050/357] new mutation weighting --- include/afl-mutations.h | 460 ++++++++++++++++++++++++++++++++++++++++ src/afl-fuzz-one.c | 30 +-- 2 files changed, 466 insertions(+), 24 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index a3c9fd59c0..cc4840c8e7 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -77,6 +77,466 @@ enum { }; + #define MUT_TXT_ARRAY_SIZE 200 +u32 text_array[MUT_TXT_ARRAY_SIZE] = {MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT}; + + #define MUT_BIN_ARRAY_SIZE 256 +u32 binary_array[MUT_BIN_ARRAY_SIZE] = {MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_FLIPBIT, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING8, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING16BE, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_INTERESTING32BE, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8_, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH8, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16BE_, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH16BE, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32BE_, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_ARITH32BE, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_RAND8, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_COPY, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_CLONE_FIXED, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_COPY, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_OVERWRITE_FIXED, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTEADD, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_BYTESUB, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_FLIP8, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_SWITCH, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_DEL, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_OVERWRITE, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_EXTRA_INSERT, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_OVERWRITE, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_AUTO_EXTRA_INSERT, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_OVERWRITE, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT, + MUT_SPLICE_INSERT}; + #define MUT_NORMAL_ARRAY_SIZE 77 u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_FLIPBIT, diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 32c05182ce..c6e4965303 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2101,27 +2101,17 @@ u8 fuzz_one_original(afl_state_t *afl) { */ - rand_max = MUT_STRATEGY_ARRAY_SIZE; - if (unlikely(afl->text_input)) { // is text? if (likely(afl->fuzz_mode == 0)) { // is exploration? - if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { - - mutation_array = full_splice_array; - rand_max = MUT_SPLICE_ARRAY_SIZE; - - } else { - - mutation_array = normal_splice_array; - rand_max = MUT_NORMAL_ARRAY_SIZE; - - } + mutation_array = (unsigned int *)&text_array; + rand_max = MUT_TXT_ARRAY_SIZE; } else { // is exploitation! mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; + rand_max = MUT_STRATEGY_ARRAY_SIZE; } @@ -2129,21 +2119,13 @@ u8 fuzz_one_original(afl_state_t *afl) { if (likely(afl->fuzz_mode == 0)) { // is exploration? - if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { - - mutation_array = full_splice_array; - rand_max = MUT_SPLICE_ARRAY_SIZE; - - } else { - - mutation_array = normal_splice_array; - rand_max = MUT_NORMAL_ARRAY_SIZE; - - } + mutation_array = (unsigned int *)&binary_array; + rand_max = MUT_BIN_ARRAY_SIZE; } else { // is exploitation! mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + rand_max = MUT_STRATEGY_ARRAY_SIZE; } From 0616f368c83189ef5559f64d2053129d329aaefe Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Sat, 24 Jun 2023 00:21:45 +0200 Subject: [PATCH 051/357] fixing laf --- instrumentation/split-compares-pass.so.cc | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index aec6758e7a..3cfd196476 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -463,8 +463,9 @@ bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst *IcmpInst, #else ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); #endif - - worklist.push_back(icmp_np); + if (new_pred == CmpInst::ICMP_SGT || new_pred == CmpInst::ICMP_SLT) { + simplifySignedCompare(icmp_np, M, worklist); + } worklist.push_back(icmp_eq); return true; @@ -740,18 +741,22 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, CmpInst *icmp_inv_cmp = nullptr; BasicBlock *inv_cmp_bb = BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_UGT || pred == CmpInst::ICMP_SGT || - pred == CmpInst::ICMP_UGE || pred == CmpInst::ICMP_SGE) { + if (pred == CmpInst::ICMP_UGT) { icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, op0_high, op1_high); - } else { + } else if (pred == CmpInst::ICMP_ULT) { icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, op0_high, op1_high); } + else { + // Never gonna appen + if (!be_quiet) + fprintf(stderr, "Error: split-compare: Equals or signed not removed: %d\n", pred); + } #if LLVM_MAJOR >= 16 icmp_inv_cmp->insertInto(inv_cmp_bb, inv_cmp_bb->end()); From edd352612da1f58832cbe84d909a8998ce4fa690 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 24 Jun 2023 09:30:09 +0200 Subject: [PATCH 052/357] code format --- docs/Changelog.md | 6 +++++- instrumentation/split-compares-pass.so.cc | 12 +++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index c850c43e0c..e6b90d3dcc 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -18,9 +18,13 @@ - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 - warn on crashing inputs - - afl-cc + - afl-cc: - fixed an off-by-one instrumentation of iselect, hurting coverage a bit. Thanks to @amykweon for spotting and fixing! + - @toka fixed a bug in laf-intel signed integer comparison splitting, + thanks a lot!! + - frida_mode: + - support for long form instrumentation on x86_x64 and arm64 ### Version ++4.07c (release) diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 3cfd196476..6eafb33269 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -464,8 +464,11 @@ bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst *IcmpInst, ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); #endif if (new_pred == CmpInst::ICMP_SGT || new_pred == CmpInst::ICMP_SLT) { + simplifySignedCompare(icmp_np, M, worklist); + } + worklist.push_back(icmp_eq); return true; @@ -751,11 +754,14 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, op0_high, op1_high); - } - else { + } else { + // Never gonna appen if (!be_quiet) - fprintf(stderr, "Error: split-compare: Equals or signed not removed: %d\n", pred); + fprintf(stderr, + "Error: split-compare: Equals or signed not removed: %d\n", + pred); + } #if LLVM_MAJOR >= 16 From 1e3890ea7f32866af97614c657afdf970be7168b Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Sat, 24 Jun 2023 15:34:12 +0200 Subject: [PATCH 053/357] delete duplicate branches --- instrumentation/SanitizerCoveragePCGUARD.so.cc | 7 ------- 1 file changed, 7 deletions(-) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 57b5d1280e..7d614f43ca 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -225,15 +225,8 @@ llvmGetPassPluginInfo() { } -#if LLVM_VERSION_MAJOR >= 16 PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, ModuleAnalysisManager &MAM) { - -#else -PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, - ModuleAnalysisManager &MAM) { - -#endif ModuleSanitizerCoverageAFL ModuleSancov(Options); auto &FAM = MAM.getResult(M).getManager(); auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ From cac713ec304b40e815d54e0991adcb14290f8f30 Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Sat, 24 Jun 2023 15:48:23 +0200 Subject: [PATCH 054/357] llvm 15 --- instrumentation/SanitizerCoverageLTO.so.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 2d17ffd4c1..d7b03634ae 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -331,7 +331,7 @@ llvmGetPassPluginInfo() { #if LLVM_VERSION_MAJOR <= 13 using OptimizationLevel = typename PassBuilder::OptimizationLevel; #endif -#if LLVM_VERSION_MAJOR >= 16 +#if LLVM_VERSION_MAJOR >= 15 PB.registerFullLinkTimeOptimizationLastEPCallback( #else PB.registerOptimizerLastEPCallback( From 32d5ccb92dd3f646db327d2b7c1ec5fa74b4d656 Mon Sep 17 00:00:00 2001 From: Siqi Chen Date: Tue, 27 Jun 2023 01:15:54 +0800 Subject: [PATCH 055/357] Increase the number of afl-cc supported params --- src/afl-cc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 9e56828c7d..58d44e5d3c 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -383,9 +383,11 @@ static u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, have_o = 0, have_pic = 0, have_c = 0, partial_linking = 0, non_dash = 0; +#define MAX_PARAMS_NUM 2048 + static void process_params(u32 argc, char **argv) { - if (cc_par_cnt + argc >= 1024) { FATAL("Too many command line parameters"); } + if (cc_par_cnt + argc >= MAX_PARAMS_NUM) { FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); } if (lto_mode && argc > 1) { @@ -679,7 +681,7 @@ static void process_params(u32 argc, char **argv) { static void edit_params(u32 argc, char **argv, char **envp) { - cc_params = ck_alloc(1024 * sizeof(u8 *)); + cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *)); if (lto_mode) { From 3e1d7941077b1457f702988063d6b9fdd9b80740 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 29 Jun 2023 16:57:20 +0200 Subject: [PATCH 056/357] update mutation strategy --- docs/Changelog.md | 4 ++- include/afl-fuzz.h | 59 +++++++++++++++++++++-------------------- include/afl-mutations.h | 6 ++--- src/afl-fuzz-one.c | 56 ++++++++++++++++++++++---------------- src/afl-fuzz.c | 26 ++++++++++++++---- 5 files changed, 90 insertions(+), 61 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index e6b90d3dcc..ad58e99efa 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,7 +8,8 @@ - new mutation engine: mutations that favor discovery more paths are prefered until no new finds for 10 minutes then switching to mutations that favor triggering crashes. Modes and switch time can be configured - with `-P`. + with `-P`. Also input mode for the target can be defined with `-a` to + be `text` or `binary` (defaults to `generic`) - new custom mutator that has the new afl++ engine (so it can easily incorporated into new custom mutators), and also comes with a standalone command line tool! See custom_mutators/aflpp/standalone/ @@ -23,6 +24,7 @@ Thanks to @amykweon for spotting and fixing! - @toka fixed a bug in laf-intel signed integer comparison splitting, thanks a lot!! + - more LLVM compatability - frida_mode: - support for long form instrumentation on x86_x64 and arm64 diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c6c45fbd63..9da5cc035e 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -505,36 +505,37 @@ typedef struct afl_state { is_main_node, /* if this is the main node */ is_secondary_node, /* if this is a secondary instance */ pizza_is_served, /* pizza mode */ - text_input, /* target wants text inputs */ - fuzz_mode, /* current mode: coverage/exploration or crash/exploitation */ + input_mode, /* target wants text inputs */ + fuzz_mode, /* coverage/exploration or crash/exploitation mode */ schedule, /* Power schedule (default: EXPLORE)*/ - havoc_max_mult, skip_deterministic, /* Skip deterministic stages? */ - use_splicing, /* Recombine input files? */ - non_instrumented_mode, /* Run in non-instrumented mode? */ - score_changed, /* Scoring for favorites changed? */ - resuming_fuzz, /* Resuming an older fuzzing job? */ - timeout_given, /* Specific timeout given? */ - not_on_tty, /* stdout is not a tty */ - term_too_small, /* terminal dimensions too small */ - no_forkserver, /* Disable forkserver? */ - crash_mode, /* Crash mode! Yeah! */ - in_place_resume, /* Attempt in-place resume? */ - autoresume, /* Resume if afl->out_dir exists? */ - auto_changed, /* Auto-generated tokens changed? */ - no_cpu_meter_red, /* Feng shui on the status screen */ - no_arith, /* Skip most arithmetic ops */ - shuffle_queue, /* Shuffle input queue? */ - bitmap_changed, /* Time to update bitmap? */ - unicorn_mode, /* Running in Unicorn mode? */ - use_wine, /* Use WINE with QEMU mode */ - skip_requested, /* Skip request, via SIGUSR1 */ - run_over10m, /* Run time over 10 minutes? */ - persistent_mode, /* Running in persistent mode? */ - deferred_mode, /* Deferred forkserver mode? */ - fixed_seed, /* do not reseed */ - fast_cal, /* Try to calibrate faster? */ - disable_trim, /* Never trim in fuzz_one */ - shmem_testcase_mode, /* If sharedmem testcases are used */ + havoc_max_mult, /* havoc multiplier */ + skip_deterministic, /* Skip deterministic stages? */ + use_splicing, /* Recombine input files? */ + non_instrumented_mode, /* Run in non-instrumented mode? */ + score_changed, /* Scoring for favorites changed? */ + resuming_fuzz, /* Resuming an older fuzzing job? */ + timeout_given, /* Specific timeout given? */ + not_on_tty, /* stdout is not a tty */ + term_too_small, /* terminal dimensions too small */ + no_forkserver, /* Disable forkserver? */ + crash_mode, /* Crash mode! Yeah! */ + in_place_resume, /* Attempt in-place resume? */ + autoresume, /* Resume if afl->out_dir exists? */ + auto_changed, /* Auto-generated tokens changed? */ + no_cpu_meter_red, /* Feng shui on the status screen */ + no_arith, /* Skip most arithmetic ops */ + shuffle_queue, /* Shuffle input queue? */ + bitmap_changed, /* Time to update bitmap? */ + unicorn_mode, /* Running in Unicorn mode? */ + use_wine, /* Use WINE with QEMU mode */ + skip_requested, /* Skip request, via SIGUSR1 */ + run_over10m, /* Run time over 10 minutes? */ + persistent_mode, /* Running in persistent mode? */ + deferred_mode, /* Deferred forkserver mode? */ + fixed_seed, /* do not reseed */ + fast_cal, /* Try to calibrate faster? */ + disable_trim, /* Never trim in fuzz_one */ + shmem_testcase_mode, /* If sharedmem testcases are used */ expand_havoc, /* perform expensive havoc after no find */ cycle_schedules, /* cycle power schedules? */ old_seed_selection, /* use vanilla afl seed selection */ diff --git a/include/afl-mutations.h b/include/afl-mutations.h index cc4840c8e7..0a9bbbf4a2 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -14,14 +14,14 @@ Parameters: afl_state_t *afl - the *afl state pointer u8 *buf - the input buffer to mutate which will be mutated into. - NOTE: must be able to contain a size of at least max_len (see below)! + NOTE: must be able to contain a size of at least max_len!! (see below) u32 len - the length of the input u32 steps - how many mutations to perform on the input bool is_text - is the target expecting text inputs bool is_exploration - mutate for exploration mode (instead of exploitation) splice_buf - a buffer from another corpus item to splice with. - If NULL then no splicing - splice_len - the length of the splice buffer. If 0 then no splicing + If NULL then no splicing is done (obviously). + splice_len - the length of the splice buffer. If 0 then no splicing. u32 max_len - the maximum size the mutated buffer may grow to */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index c6e4965303..0d3c29f29f 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2085,47 +2085,57 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 *mutation_array; u32 stack_max, rand_max; // stack_max_pow = afl->havoc_stack_pow2; - /* + switch (afl->input_mode) { - if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { + case 1: { // TEXT - mutation_array = full_splice_array; - rand_max = MUT_SPLICE_ARRAY_SIZE; + if (likely(afl->fuzz_mode == 0)) { // is exploration? + mutation_array = (unsigned int *)&binary_array; + rand_max = MUT_BIN_ARRAY_SIZE; - } else { + } else { // exploitation mode - mutation_array = normal_splice_array; - rand_max = MUT_NORMAL_ARRAY_SIZE; + mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; + rand_max = MUT_STRATEGY_ARRAY_SIZE; - } + } - */ + break; - if (unlikely(afl->text_input)) { // is text? + } - if (likely(afl->fuzz_mode == 0)) { // is exploration? + case 2: { // BINARY - mutation_array = (unsigned int *)&text_array; - rand_max = MUT_TXT_ARRAY_SIZE; + if (likely(afl->fuzz_mode == 0)) { // is exploration? + mutation_array = (unsigned int *)&mutation_strategy_exploration_binary; + rand_max = MUT_STRATEGY_ARRAY_SIZE; - } else { // is exploitation! + } else { // exploitation mode - mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; - rand_max = MUT_STRATEGY_ARRAY_SIZE; + mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; + rand_max = MUT_STRATEGY_ARRAY_SIZE; + + } + + break; } - } else { // is binary! + default: { // DEFAULT/GENERIC - if (likely(afl->fuzz_mode == 0)) { // is exploration? + if (likely(afl->fuzz_mode == 0)) { // is exploration? + mutation_array = (unsigned int *)&binary_array; + rand_max = MUT_BIN_ARRAY_SIZE; - mutation_array = (unsigned int *)&binary_array; - rand_max = MUT_BIN_ARRAY_SIZE; + } else { // exploitation mode - } else { // is exploitation! + // this will need to be changed I guess + mutation_array = (unsigned int *)&mutation_strategy_exploration_text; + rand_max = MUT_STRATEGY_ARRAY_SIZE; + + } - mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; - rand_max = MUT_STRATEGY_ARRAY_SIZE; + break; } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 79b05da76e..ab7d65340e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -125,7 +125,8 @@ static void usage(u8 *argv0, int more_help) { "Required parameters:\n" " -i dir - input directory with test cases (or '-' to resume, " - "also see AFL_AUTORESUME)\n" + "also see \n" + " AFL_AUTORESUME)\n" " -o dir - output directory for fuzzer findings\n\n" "Execution control settings:\n" @@ -164,8 +165,8 @@ static void usage(u8 *argv0, int more_help) { "\n" "Mutator settings:\n" - " -a - target expects ascii text input (prefer text " - "mutators)\n" + " -a - target input format, \"text\" or \"binary\" (default: " + "generic)\n" " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " "%lu)\n" @@ -506,13 +507,28 @@ int main(int argc, char **argv_orig, char **envp) { // still available: HjJkKqruvwz while ((opt = getopt(argc, argv, - "+aAb:B:c:CdDe:E:f:F:g:G:hi:I:l:L:m:M:nNo:Op:P:QRs:S:t:" + "+a:Ab:B:c:CdDe:E:f:F:g:G:hi:I:l:L:m:M:nNo:Op:P:QRs:S:t:" "T:UV:WXx:YZ")) > 0) { switch (opt) { case 'a': - afl->text_input = 1; + + if (!stricmp(optarg, "text") || !stricmp(optarg, "ascii") || + !stricmp(optarg, "txt") || !stricmp(optarg, "asc")) { + + afl->input_mode = 1; + + } else if (!stricmp(optarg, "bin") || !stricmp(optarg, "binary")) { + + afl->input_mode = 2; + + } else { + + FATAL("-a input mode needs to be \"text\" or \"binary\"."); + + } + break; case 'P': From 819ad95f03c06aad7b01c5ec127bd52d89f110e6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Jun 2023 12:17:57 +0200 Subject: [PATCH 057/357] afl-showmap fix --- src/afl-showmap.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 13867fda76..b82bcd7239 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -111,8 +111,9 @@ static sharedmem_t *shm_fuzz; static const u8 count_class_human[256] = { - [0] = 0, [1] = 1, [2] = 2, [3] = 3, [4] = 4, - [8] = 5, [16] = 6, [32] = 7, [128] = 8 + [0] = 0, [1] = 1, [2] = 2, [3] = 3, + [4 ... 7] = 4, [8 ... 15] = 5, [16 ... 31] = 6, [32 ... 127] = 7, + [128 ... 255] = 8 }; @@ -424,9 +425,9 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, } - if (fsrv->trace_bits[0] == 1) { + if (fsrv->trace_bits[0]) { - fsrv->trace_bits[0] = 0; + fsrv->trace_bits[0] -= 1; have_coverage = true; } else { @@ -655,9 +656,9 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { } - if (fsrv->trace_bits[0] == 1) { + if (fsrv->trace_bits[0]) { - fsrv->trace_bits[0] = 0; + fsrv->trace_bits[0] -= 1; have_coverage = true; } else { From 03bae6c4fe544f87f07cdb554daa6519d37cdfc8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 1 Jul 2023 12:19:44 +0200 Subject: [PATCH 058/357] switch exploit strategy --- src/afl-fuzz-one.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 0d3c29f29f..942381dd4d 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2095,8 +2095,8 @@ u8 fuzz_one_original(afl_state_t *afl) { } else { // exploitation mode - mutation_array = (unsigned int *)&mutation_strategy_exploitation_text; - rand_max = MUT_STRATEGY_ARRAY_SIZE; + mutation_array = (unsigned int *)&text_array; + rand_max = MUT_TXT_ARRAY_SIZE; } @@ -2129,9 +2129,8 @@ u8 fuzz_one_original(afl_state_t *afl) { } else { // exploitation mode - // this will need to be changed I guess - mutation_array = (unsigned int *)&mutation_strategy_exploration_text; - rand_max = MUT_STRATEGY_ARRAY_SIZE; + mutation_array = (unsigned int *)&text_array; + rand_max = MUT_TXT_ARRAY_SIZE; } From d5184263350335b24daab635f0bcee455302f990 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 2 Jul 2023 14:50:18 +0200 Subject: [PATCH 059/357] no_ui: display time --- include/common.h | 5 +++++ src/afl-common.c | 29 +++++++++++++++++++++++++++++ src/afl-fuzz-one.c | 10 +++++++--- 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/include/common.h b/include/common.h index 8d85d20184..a9739a7de5 100644 --- a/include/common.h +++ b/include/common.h @@ -115,6 +115,11 @@ u8 *stringify_mem_size(u8 *buf, size_t len, u64 val); u8 *stringify_time_diff(u8 *buf, size_t len, u64 cur_ms, u64 event_ms); +/* Unsafe describe time delta as simple string. + Returns a pointer to buf for convenience. */ + +u8 *u_simplestring_time_diff(u8 *buf, u64 cur_ms, u64 event_ms); + /* Unsafe Describe integer. The buf sizes are not checked. This is unsafe but fast. Will return buf for convenience. */ diff --git a/src/afl-common.c b/src/afl-common.c index 84ddefd83d..3e1ec09d0d 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -1298,6 +1298,35 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) { } +/* Unsafe describe time delta as simple string. + Returns a pointer to buf for convenience. */ + +u8 *u_simplestring_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) { + + if (!event_ms) { + + sprintf(buf, "00:00:00"); + + } else { + + u64 delta; + s32 t_d, t_h, t_m, t_s; + + delta = cur_ms - event_ms; + + t_d = delta / 1000 / 60 / 60 / 24; + t_h = (delta / 1000 / 60 / 60) % 24; + t_m = (delta / 1000 / 60) % 60; + t_s = (delta / 1000) % 60; + + sprintf(buf, "%d:%02d:%02d:%02d", t_d, t_h, t_m, t_s); + + } + + return buf; + +} + /* Reads the map size from ENV */ u32 get_map_size(void) { diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 942381dd4d..e1ca44abc9 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -399,20 +399,24 @@ u8 fuzz_one_original(afl_state_t *afl) { #endif /* ^IGNORE_FINDS */ - if (unlikely(afl->not_on_tty)) { + if (likely(afl->not_on_tty)) { + u8 time_tmp[64]; + + u_simplestring_time_diff(time_tmp, afl->prev_run_time + get_cur_time(), + afl->start_time); ACTF( "Fuzzing test case #%u (%u total, %llu crashes saved, state: %s, " "mode=%s, " "perf_score=%0.0f, weight=%0.0f, favorite=%u, was_fuzzed=%u, " - "exec_us=%llu, hits=%u, map=%u, ascii=%u)...", + "exec_us=%llu, hits=%u, map=%u, ascii=%u, run_time=%s)...", afl->current_entry, afl->queued_items, afl->saved_crashes, get_fuzzing_state(afl), afl->fuzz_mode ? "exploit" : "explore", afl->queue_cur->perf_score, afl->queue_cur->weight, afl->queue_cur->favored, afl->queue_cur->was_fuzzed, afl->queue_cur->exec_us, likely(afl->n_fuzz) ? afl->n_fuzz[afl->queue_cur->n_fuzz_entry] : 0, - afl->queue_cur->bitmap_size, afl->queue_cur->is_ascii); + afl->queue_cur->bitmap_size, afl->queue_cur->is_ascii, time_tmp); fflush(stdout); } From dcbfc88e7d1feae344a5288decc262fa7e8bce83 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 3 Jul 2023 09:17:41 +0200 Subject: [PATCH 060/357] comment --- src/afl-fuzz-one.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e1ca44abc9..8ee50bbf15 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2118,6 +2118,9 @@ u8 fuzz_one_original(afl_state_t *afl) { mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary; rand_max = MUT_STRATEGY_ARRAY_SIZE; + // or this one? we do not have enough binary bug benchmarks :-( + // mutation_array = (unsigned int *)&binary_array; + // rand_max = MUT_BIN_ARRAY_SIZE; } From 0966957631c3d537d38ae8f1c5cfdcbcc2779712 Mon Sep 17 00:00:00 2001 From: Eli Kobrin Date: Mon, 3 Jul 2023 15:03:45 +0300 Subject: [PATCH 061/357] Fix max_params define. --- src/afl-cc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/afl-cc.c b/src/afl-cc.c index 58d44e5d3c..07c2a2d3af 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -383,7 +383,9 @@ static u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, have_o = 0, have_pic = 0, have_c = 0, partial_linking = 0, non_dash = 0; +#ifndef MAX_PARAMS_NUM #define MAX_PARAMS_NUM 2048 +#endif static void process_params(u32 argc, char **argv) { From da3351085519acf73dc8ddde3cf0b526b816551b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 4 Jul 2023 11:34:13 +0200 Subject: [PATCH 062/357] nits --- src/afl-cc.c | 14 +++++++------- src/afl-fuzz.c | 4 ++++ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 07c2a2d3af..ec460f17f5 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2111,11 +2111,6 @@ int main(int argc, char **argv, char **envp) { "-------------|\n" "MODES: NCC PERSIST DICT LAF " "CMPLOG SELECT\n" - " [LTO] LLVM LTO: %s%s\n" - " PCGUARD DEFAULT yes yes yes yes yes " - " yes\n" - " CLASSIC yes yes yes yes yes " - " yes\n" " [LLVM] LLVM: %s%s\n" " PCGUARD %s yes yes module yes yes " "yes\n" @@ -2125,16 +2120,21 @@ int main(int argc, char **argv, char **envp) { " - CALLER\n" " - CTX\n" " - NGRAM-{2-16}\n" + " [LTO] LLVM LTO: %s%s\n" + " PCGUARD DEFAULT yes yes yes yes yes " + " yes\n" + " CLASSIC yes yes yes yes yes " + " yes\n" " [GCC_PLUGIN] gcc plugin: %s%s\n" " CLASSIC DEFAULT no yes no no no " "yes\n" " [GCC/CLANG] simple gcc/clang: %s%s\n" " CLASSIC DEFAULT no no no no no " "no\n\n", - have_lto ? "AVAILABLE" : "unavailable!", - compiler_mode == LTO ? " [SELECTED]" : "", have_llvm ? "AVAILABLE" : "unavailable!", compiler_mode == LLVM ? " [SELECTED]" : "", + have_lto ? "AVAILABLE" : "unavailable!", + compiler_mode == LTO ? " [SELECTED]" : "", LLVM_MAJOR >= 7 ? "DEFAULT" : " ", LLVM_MAJOR >= 7 ? " " : "DEFAULT", have_gcc_plugin ? "AVAILABLE" : "unavailable!", diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index ab7d65340e..70258e33e0 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1281,6 +1281,10 @@ int main(int argc, char **argv_orig, char **envp) { } + WARNF( + "Note that the MOpt mode is not maintained and is not as effective " + "normal havoc mode."); + } break; case 'h': From f37c4c86622c5e0ea10e0a0249e203c412c2db2e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Jul 2023 13:03:17 +0200 Subject: [PATCH 063/357] update llvm recommendations --- GNUmakefile.llvm | 12 +++++++----- instrumentation/README.llvm.md | 2 +- src/afl-cc.c | 17 +++++++++++++++-- src/afl-fuzz.c | 2 +- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 6ffac68f75..f298060e23 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -47,6 +47,7 @@ LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 ) LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[7-9]' && echo 1 || echo 0 ) +LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9]\.|^1[012]\.' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_NEWER_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[6-9]' && echo 1 || echo 0 ) LLVM_13_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[3-9]' && echo 1 || echo 0 ) @@ -69,6 +70,12 @@ ifeq "$(LLVM_TOO_NEW)" "1" $(warning you are using an in-development llvm version - this might break llvm_mode!) endif +ifeq "$(LLVM_TOO_OLD)" "1" + $(warning you are using an outdated LLVM version! Please use at least LLVM 13 or newer!) + $(shell sleep 2) +endif + +# No switching the meaning of LLVM_TOO_OLD LLVM_TOO_OLD=1 ifeq "$(LLVM_MAJOR)" "9" @@ -87,11 +94,6 @@ ifeq "$(LLVM_NEWER_API)" "1" LLVM_STDCXX = c++17 endif -ifeq "$(LLVM_TOO_OLD)" "1" - $(info [!] llvm_mode detected an old version of llvm, upgrade to at least 9 or preferable 11!) - $(shell sleep 1) -endif - ifeq "$(LLVM_HAVE_LTO)" "1" $(info [+] llvm_mode detected llvm 11+, enabling afl-lto LTO implementation) LLVM_LTO = 1 diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 126cf1a23d..34b80c855f 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -7,7 +7,7 @@ For the GCC-based instrumentation, see ## 1) Introduction -! llvm_mode works with llvm versions 3.8 up to 13 ! +! llvm_mode works with llvm versions 3.8 up to 17 - but 13+ is recommended ! The code in this directory allows you to instrument programs for AFL++ using true compiler-level instrumentation, instead of the more crude assembly-level diff --git a/src/afl-cc.c b/src/afl-cc.c index ec460f17f5..86b814599d 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -384,12 +384,16 @@ static u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, non_dash = 0; #ifndef MAX_PARAMS_NUM -#define MAX_PARAMS_NUM 2048 + #define MAX_PARAMS_NUM 2048 #endif static void process_params(u32 argc, char **argv) { - if (cc_par_cnt + argc >= MAX_PARAMS_NUM) { FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); } + if (cc_par_cnt + argc >= MAX_PARAMS_NUM) { + + FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); + + } if (lto_mode && argc > 1) { @@ -2350,6 +2354,15 @@ int main(int argc, char **argv, char **envp) { "AFL_LLVM_CMPLOG and " "AFL_LLVM_DICT2FILE+AFL_LLVM_DICT2FILE_NO_MAIN.\n\n"); + if (LLVM_MAJOR < 13) { + + SAYF( + "Warning: It is highly recommended to use at least LLVM version 13 " + "(or better, higher) rather than %d!\n\n", + LLVM_MAJOR); + + } + exit(1); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 70258e33e0..9afece6632 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1283,7 +1283,7 @@ int main(int argc, char **argv_orig, char **envp) { WARNF( "Note that the MOpt mode is not maintained and is not as effective " - "normal havoc mode."); + "as normal havoc mode."); } break; From 6e5ca0c78c4b982c6d238f66276a9fc4d43b9663 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 6 Jul 2023 14:28:37 +0200 Subject: [PATCH 064/357] higher tuples for afl-clang and afl-gcc in tests --- test/test-basic.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/test-basic.sh b/test/test-basic.sh index 5bb2ca28c7..61ad4b7c19 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -28,7 +28,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc rm -f test-instr.plain.0 test-instr.plain.1 SKIP= TUPLES=`echo 1|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain 2>&1 | grep Captur | awk '{print$3}'` - test "$TUPLES" -gt 1 -a "$TUPLES" -lt 12 && { + test "$TUPLES" -gt 1 -a "$TUPLES" -lt 22 && { $ECHO "$GREEN[+] ${AFL_GCC} run reported $TUPLES instrumented locations which is fine" } || { $ECHO "$RED[!] ${AFL_GCC} instrumentation produces weird numbers: $TUPLES" @@ -152,7 +152,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } rm -f test-instr.plain.0 test-instr.plain.1 TUPLES=`echo 1|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain 2>&1 | grep Captur | awk '{print$3}'` - test "$TUPLES" -gt 1 -a "$TUPLES" -lt 12 && { + test "$TUPLES" -gt 1 -a "$TUPLES" -lt 22 && { $ECHO "$GREEN[+] ${AFL_CLANG} run reported $TUPLES instrumented locations which is fine" } || { $ECHO "$RED[!] ${AFL_CLANG} instrumentation produces weird numbers: $TUPLES" From 877b2bcab614fdc4a076cf940fda8d0b11b95d42 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 7 Jul 2023 15:03:31 +0200 Subject: [PATCH 065/357] add limits.h to afl-ld-lto --- src/afl-ld-lto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index 420dd817bd..cb76ba9ca5 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include From e71de2f2b8f4507edef752ce865e49ef2d389e3e Mon Sep 17 00:00:00 2001 From: fuzzah Date: Fri, 7 Jul 2023 16:57:45 +0300 Subject: [PATCH 066/357] remove extra limits.h in afl-ld-lto for BSD --- src/afl-ld-lto.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index cb76ba9ca5..b306c8d556 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -46,11 +46,6 @@ #include -#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || \ - defined(__DragonFly__) - #include -#endif - #ifdef __APPLE__ #include #endif From 20dcb40c53811e36a3ace91a66a70cfddc4b3f1c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 8 Jul 2023 13:31:06 +0200 Subject: [PATCH 067/357] fix cmin -T --- afl-cmin | 5 +++++ afl-cmin.bash | 7 +++++++ docs/Changelog.md | 1 + 3 files changed, 13 insertions(+) diff --git a/afl-cmin b/afl-cmin index d0bbed2ba4..f3ae430488 100755 --- a/afl-cmin +++ b/afl-cmin @@ -493,6 +493,11 @@ BEGIN { } } + if (in_count < threads) { + threads = in_count + print "[!] WARNING: less inputs than threads, reducing threads to "threads" and likely the overhead of threading makes things slower..." + } + # Let's roll! ############################# diff --git a/afl-cmin.bash b/afl-cmin.bash index 1d08049100..b326bee891 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -339,6 +339,13 @@ fi echo "[*] Are you aware that afl-cmin is faster than this afl-cmin.bash script?" echo "[+] Found $IN_COUNT files for minimizing." +if [ -n "$THREADS" ]; then + if [ "$IN_COUNT" -lt "$THREADS" ]; then + THREADS=$IN_COUNT + echo "[!] WARNING: less inputs than threads, reducing threads to $THREADS and likely the overhead of threading makes things slower..." + fi +fi + FIRST_FILE=`ls "$IN_DIR" | head -1` # Make sure that we're not dealing with a directory. diff --git a/docs/Changelog.md b/docs/Changelog.md index ad58e99efa..032bb7747e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -19,6 +19,7 @@ - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 - warn on crashing inputs + - adjust threads if less inputs than threads specified - afl-cc: - fixed an off-by-one instrumentation of iselect, hurting coverage a bit. Thanks to @amykweon for spotting and fixing! From a560e42a4d4a41ca132cbc3d7d06c567c1f992a8 Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 10 Jul 2023 07:31:19 +0100 Subject: [PATCH 068/357] Increase dummy map size --- frida_mode/src/instrument/instrument_arm32.c | 2 +- frida_mode/src/instrument/instrument_arm64.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 51f78a35a1..2e123247db 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -15,7 +15,7 @@ static GHashTable *coverage_blocks = NULL; extern __thread guint64 instrument_previous_pc; -__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_SIZE]; +__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[2UL << 20]; #pragma pack(push, 1) typedef struct { diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 131eb4c5ce..a8d30dc18c 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -22,7 +22,7 @@ gboolean instrument_cache_enabled = FALSE; gsize instrument_cache_size = 0; static GHashTable *coverage_blocks = NULL; -__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_SIZE]; +__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[2UL << 20]; #pragma pack(push, 1) typedef struct { From b547a6ab0d0e94fc141b0c013f44c1aa02cb78cc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 Jul 2023 17:43:09 +0200 Subject: [PATCH 069/357] nits --- afl-cmin | 2 +- instrumentation/SanitizerCoverageLTO.so.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/afl-cmin b/afl-cmin index f3ae430488..23532b635a 100755 --- a/afl-cmin +++ b/afl-cmin @@ -425,7 +425,7 @@ BEGIN { cmd = "stat --version 2>/dev/null" cmd | getline statversion close(cmd) - if (statversion ~ /GNU coreutils/) { + if (statversion ~ /GNU coreutils/ || statversion ~ /BusyBox/) { stat_format = "-c '%s %n'" # GNU } else { stat_format = "-f '%z %N'" # *BSD, MacOS diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index d7b03634ae..c70fbd4f3c 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1081,7 +1081,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( } if (!be_quiet) - printf("AUTODICTIONARY: %lu string%s found\n", count, + printf("AUTODICTIONARY: %zu string%s found\n", count, count == 1 ? "" : "s"); if (count) { From a46d27fad51a8fdd905bb8771bd73eeb2c054895 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 Jul 2023 18:29:21 +0200 Subject: [PATCH 070/357] nits --- instrumentation/split-compares-pass.so.cc | 2 +- src/afl-common.c | 2 +- src/afl-forkserver.c | 8 ++++---- test/test-libextensions.sh | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 6eafb33269..09463fc51c 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -1740,7 +1740,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { if (!be_quiet && !debug) { errs() << "Split-floatingpoint-compare-pass: " << count - << " FP comparisons splitted\n"; + << " FP comparisons split\n"; } diff --git a/src/afl-common.c b/src/afl-common.c index 3e1ec09d0d..a6f83f6dd2 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -403,7 +403,7 @@ u8 *find_binary(u8 *fname) { FATAL( "Unexpected overflow when processing ENV. This should never " - "happend."); + "happened."); } diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 7322f1ad3a..ba7cdd666d 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -667,13 +667,13 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) { case Abort: - NYX_PRE_FATAL(fsrv, "Error: Nyx abort occured..."); + NYX_PRE_FATAL(fsrv, "Error: Nyx abort occurred..."); break; case IoError: NYX_PRE_FATAL(fsrv, "Error: QEMU-Nyx has died..."); break; case Error: - NYX_PRE_FATAL(fsrv, "Error: Nyx runtime error has occured..."); + NYX_PRE_FATAL(fsrv, "Error: Nyx runtime error has occurred..."); break; default: break; @@ -1581,7 +1581,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, FATAL("FixMe: Nyx InvalidWriteToPayload handler is missing"); break; case Abort: - FATAL("Error: Nyx abort occured..."); + FATAL("Error: Nyx abort occurred..."); case IoError: if (*stop_soon_p) { @@ -1595,7 +1595,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, break; case Error: - FATAL("Error: Nyx runtime error has occured..."); + FATAL("Error: Nyx runtime error has occurred..."); break; } diff --git a/test/test-libextensions.sh b/test/test-libextensions.sh index 40a898c817..f7f86de550 100755 --- a/test/test-libextensions.sh +++ b/test/test-libextensions.sh @@ -5,7 +5,7 @@ test -z "$AFL_CC" && unset AFL_CC $ECHO "$BLUE[*] Testing: shared library extensions" -cc $CFLAGS -o test-compcov test-compcov.c > /dev/null 2>&1 +cc $CFLAGS -O0 -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { From 2a34e845072204b29200bf0e480d1d4f2201b332 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 12 Jul 2023 16:08:22 +0200 Subject: [PATCH 071/357] nits --- include/afl-fuzz.h | 2 +- include/android-ashmem.h | 4 +++- src/afl-ld-lto.c | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 9da5cc035e..27668da0fb 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -31,7 +31,7 @@ #define MESSAGES_TO_STDOUT #ifndef _GNU_SOURCE - #define _GNU_SOURCE 1 + #define _GNU_SOURCE #endif #ifndef _FILE_OFFSET_BITS #define _FILE_OFFSET_BITS 64 diff --git a/include/android-ashmem.h b/include/android-ashmem.h index 1bfd322084..065c213b6c 100644 --- a/include/android-ashmem.h +++ b/include/android-ashmem.h @@ -2,7 +2,9 @@ #ifndef _ANDROID_ASHMEM_H #define _ANDROID_ASHMEM_H - #define _GNU_SOURCE + #ifndef _GNU_SOURCE + #define _GNU_SOURCE + #endif #include #include #include diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index b306c8d556..b1e6c84879 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -23,7 +23,9 @@ */ #define AFL_MAIN -#define _GNU_SOURCE +#ifndef _GNU_SOURCE + #define _GNU_SOURCE +#endif #include "config.h" #include "types.h" From 534b3eba143c0532e600eb6da08ac2195fa24570 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 13 Jul 2023 10:10:30 +0200 Subject: [PATCH 072/357] qemu_get_symbol_addr.sh --- Dockerfile | 2 +- docs/Changelog.md | 3 + frida_mode/test/bloaty/GNUmakefile | 2 +- frida_mode/test/cache/GNUmakefile | 2 +- frida_mode/test/cmov/GNUmakefile | 2 +- frida_mode/test/deferred/GNUmakefile | 2 +- frida_mode/test/dynamic/GNUmakefile | 2 +- frida_mode/test/entry_point/GNUmakefile | 2 +- frida_mode/test/freetype2/GNUmakefile | 2 +- frida_mode/test/jpeg/GNUmakefile | 2 +- frida_mode/test/libpcap/GNUmakefile | 2 +- frida_mode/test/libxml/GNUmakefile | 2 +- frida_mode/test/libxslt/GNUmakefile | 2 +- frida_mode/test/osx-lib/GNUmakefile | 2 +- frida_mode/test/perf/GNUmakefile | 2 +- frida_mode/test/persistent_ret/GNUmakefile | 2 +- frida_mode/test/png/persistent/GNUmakefile | 2 +- .../test/png/persistent/hook/GNUmakefile | 2 +- frida_mode/test/proj4/GNUmakefile | 2 +- frida_mode/test/re2/GNUmakefile | 2 +- frida_mode/test/sqlite/GNUmakefile | 2 +- frida_mode/test/unstable/GNUmakefile | 2 +- frida_mode/test/vorbis/GNUmakefile | 2 +- frida_mode/util/frida_get_symbol_addr.sh | 55 +++++++++++++++++++ frida_mode/util/get_symbol_addr.sh | 32 ----------- qemu_mode/util/qemu_get_symbol_addr.sh | 53 ++++++++++++++++++ 26 files changed, 133 insertions(+), 54 deletions(-) create mode 100755 frida_mode/util/frida_get_symbol_addr.sh delete mode 100755 frida_mode/util/get_symbol_addr.sh create mode 100755 qemu_mode/util/qemu_get_symbol_addr.sh diff --git a/Dockerfile b/Dockerfile index 1b5ffd2860..e1616198ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,7 +42,7 @@ RUN apt-get update && \ python3 python3-dev python3-pip python-is-python3 \ libtool libtool-bin libglib2.0-dev \ apt-transport-https gnupg dialog \ - gnuplot-nox libpixman-1-dev \ + gnuplot-nox libpixman-1-dev bc \ gcc-${GCC_VERSION} g++-${GCC_VERSION} gcc-${GCC_VERSION}-plugin-dev gdb lcov \ clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} \ libc++-${LLVM_VERSION}-dev libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev \ diff --git a/docs/Changelog.md b/docs/Changelog.md index 032bb7747e..d61ce8ec64 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -28,6 +28,9 @@ - more LLVM compatability - frida_mode: - support for long form instrumentation on x86_x64 and arm64 + - renamed utils/get_symbol_addr.sh to utils/frida_get_symbol_addr.sh + - qemu_mode: + - added qemu_mode/utils/qemu_get_symbol_addr.sh ### Version ++4.07c (release) diff --git a/frida_mode/test/bloaty/GNUmakefile b/frida_mode/test/bloaty/GNUmakefile index 8e767fae9b..02a0a1e2ff 100644 --- a/frida_mode/test/bloaty/GNUmakefile +++ b/frida_mode/test/bloaty/GNUmakefile @@ -35,7 +35,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/cache/GNUmakefile b/frida_mode/test/cache/GNUmakefile index 12736a3ffb..9877619343 100644 --- a/frida_mode/test/cache/GNUmakefile +++ b/frida_mode/test/cache/GNUmakefile @@ -11,7 +11,7 @@ QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so diff --git a/frida_mode/test/cmov/GNUmakefile b/frida_mode/test/cmov/GNUmakefile index 96f1ae5be2..0712e33be3 100644 --- a/frida_mode/test/cmov/GNUmakefile +++ b/frida_mode/test/cmov/GNUmakefile @@ -11,7 +11,7 @@ QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so diff --git a/frida_mode/test/deferred/GNUmakefile b/frida_mode/test/deferred/GNUmakefile index 22aeb2bf8f..e0b4879778 100644 --- a/frida_mode/test/deferred/GNUmakefile +++ b/frida_mode/test/deferred/GNUmakefile @@ -10,7 +10,7 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh ifndef ARCH diff --git a/frida_mode/test/dynamic/GNUmakefile b/frida_mode/test/dynamic/GNUmakefile index f43416f7f9..6c577dff64 100644 --- a/frida_mode/test/dynamic/GNUmakefile +++ b/frida_mode/test/dynamic/GNUmakefile @@ -17,7 +17,7 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) testinstr $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/entry_point/GNUmakefile b/frida_mode/test/entry_point/GNUmakefile index 08c660f74f..b8c0ecb56b 100644 --- a/frida_mode/test/entry_point/GNUmakefile +++ b/frida_mode/test/entry_point/GNUmakefile @@ -10,7 +10,7 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh ifndef ARCH diff --git a/frida_mode/test/freetype2/GNUmakefile b/frida_mode/test/freetype2/GNUmakefile index 8c35d5deff..23318d5249 100644 --- a/frida_mode/test/freetype2/GNUmakefile +++ b/frida_mode/test/freetype2/GNUmakefile @@ -64,7 +64,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/jpeg/GNUmakefile b/frida_mode/test/jpeg/GNUmakefile index a82420815d..a496703969 100644 --- a/frida_mode/test/jpeg/GNUmakefile +++ b/frida_mode/test/jpeg/GNUmakefile @@ -47,7 +47,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile index 1bf9cd7f94..745d7057fb 100644 --- a/frida_mode/test/libpcap/GNUmakefile +++ b/frida_mode/test/libpcap/GNUmakefile @@ -56,7 +56,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/libxml/GNUmakefile b/frida_mode/test/libxml/GNUmakefile index 6fc87585e7..f1f4a7384a 100644 --- a/frida_mode/test/libxml/GNUmakefile +++ b/frida_mode/test/libxml/GNUmakefile @@ -43,7 +43,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/libxslt/GNUmakefile b/frida_mode/test/libxslt/GNUmakefile index 655e652b68..48bb0b404d 100644 --- a/frida_mode/test/libxslt/GNUmakefile +++ b/frida_mode/test/libxslt/GNUmakefile @@ -42,7 +42,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/osx-lib/GNUmakefile b/frida_mode/test/osx-lib/GNUmakefile index 96dbb5ad1a..fdc9ec0460 100644 --- a/frida_mode/test/osx-lib/GNUmakefile +++ b/frida_mode/test/osx-lib/GNUmakefile @@ -26,7 +26,7 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out HARNESS_LDFLAGS:=-Wl,-no_pie LIB_CFLAGS:=-dynamiclib -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_MAIN_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) main 0x0) AFL_FRIDA_MAIN_ADDR2=$(shell $(GET_SYMBOL_ADDR) $(HARNESS2_BIN) main 0x0) AFL_FRIDA_FUZZ_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) LLVMFuzzerTestOneInput 0x0) diff --git a/frida_mode/test/perf/GNUmakefile b/frida_mode/test/perf/GNUmakefile index 2d7c02390d..6b49c2ba38 100644 --- a/frida_mode/test/perf/GNUmakefile +++ b/frida_mode/test/perf/GNUmakefile @@ -31,7 +31,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index 71f6a12418..73d710a1d5 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -23,7 +23,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh ifeq "$(shell uname)" "Darwin" TEST_BIN_LDFLAGS:=-Wl,-no_pie diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile index 94e2be385e..3dab713ebd 100644 --- a/frida_mode/test/png/persistent/GNUmakefile +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -22,7 +22,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index b6a1ca1a5b..f3d06c8724 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -33,7 +33,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/proj4/GNUmakefile b/frida_mode/test/proj4/GNUmakefile index debc8a88cf..17850fa866 100644 --- a/frida_mode/test/proj4/GNUmakefile +++ b/frida_mode/test/proj4/GNUmakefile @@ -47,7 +47,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile index 220e7616f0..0b79210b61 100644 --- a/frida_mode/test/re2/GNUmakefile +++ b/frida_mode/test/re2/GNUmakefile @@ -48,7 +48,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/sqlite/GNUmakefile b/frida_mode/test/sqlite/GNUmakefile index df470af8c3..6d3c749675 100644 --- a/frida_mode/test/sqlite/GNUmakefile +++ b/frida_mode/test/sqlite/GNUmakefile @@ -43,7 +43,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/unstable/GNUmakefile b/frida_mode/test/unstable/GNUmakefile index 59b4944981..3b7b6ddbc0 100644 --- a/frida_mode/test/unstable/GNUmakefile +++ b/frida_mode/test/unstable/GNUmakefile @@ -23,7 +23,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/test/vorbis/GNUmakefile b/frida_mode/test/vorbis/GNUmakefile index 4cb5d4177c..b10d059efa 100644 --- a/frida_mode/test/vorbis/GNUmakefile +++ b/frida_mode/test/vorbis/GNUmakefile @@ -54,7 +54,7 @@ endif endif ADDR_BIN:=$(ROOT)frida_mode/build/addr -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) diff --git a/frida_mode/util/frida_get_symbol_addr.sh b/frida_mode/util/frida_get_symbol_addr.sh new file mode 100755 index 0000000000..fb0002b787 --- /dev/null +++ b/frida_mode/util/frida_get_symbol_addr.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# Copyright 2023 AFLplusplus +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +target="$1" +symbol="$2" +base="$3" + +test -z "$target" -o -z "$symbol" -o '!' -x "$target" && { + echo "Syntax: $0 executable function [baseaddress]" + echo + echo Help script to calculate the function address of a binary QEMU will load it to. + echo function is e.g. LLVMFuzzerTestOneInput, afl_qemu_driver_stdin, etc. + echo "baseaddress is tried to be auto-detected, you can use 'AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace ./executable' to see the maps." + exit 1 +} + +file=$(file $target|sed 's/.*: //') + +arch=$(echo $file|awk -F, '{print$2}'|tr -d ' ') +bits=$(echo $file|sed 's/-bit .*//'|sed 's/.* //') +pie=$(echo $file|grep -wqi pie && echo pie) + +test $(uname -s) = "Darwin" && symbol=_"$symbol" +tmp_addr=$(nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F) + +test -z "$tmp_addr" && { echo Error: function $symbol not found 1>&2; exit 1; } +test -z "$pie" && { echo 0x$tmp_addr; exit 0; } + +test -z "$base" && { + test "$bits" = 32 -o "$bits" = 64 || { echo "Error: could not identify arch (bits=$bits)" 1>&2 ; exit 1; } + # is this true for arm/aarch64/i386 too? + base=0x555555554000 + #test "$arch" = Intel80386 && base=0x5555554000 + #test "$arch" = x86-64 && base=0x555555554000 + #test "$arch" = ARMaarch64 && base=0x5500000000 + # add more here, e.g. "$arch" = ARM +} + +test -z "$base" && { echo "Error: could not identify base address! bits=$bits arch=$arch" 1>&2 ; exit 1; } + +hex_base=$(echo "$base" | awk '{sub("^0x","");print $0}' | tr a-f A-F ) +echo $tmp_addr | echo "ibase=16;obase=10;$hex_base + $tmp_addr" | bc | tr A-F a-f | awk '{print "0x"$0}' +exit 0 diff --git a/frida_mode/util/get_symbol_addr.sh b/frida_mode/util/get_symbol_addr.sh deleted file mode 100755 index f5d8df91c0..0000000000 --- a/frida_mode/util/get_symbol_addr.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# set -x -target="$1" -symbol="$2" -base="$3" - -test -z "$target" -o -z "$symbol" -o '!' -e "$target" && exit 0 - -test $(uname -s) = "Darwin" && symbol=_"$symbol" - -file "$target" | grep -q executable && { - nm "$target" | grep -i "T $symbol" | awk '{print"0x"$1}' - exit 0 -} - -hex_base=$(echo "$3" | awk '{sub("^0x","");print $0}' | tr a-f A-F ) -nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F | \ - xargs echo "ibase=16;obase=10;$hex_base + " | bc | tr A-F a-f | awk '{print "0x"$0}' -exit 0 diff --git a/qemu_mode/util/qemu_get_symbol_addr.sh b/qemu_mode/util/qemu_get_symbol_addr.sh new file mode 100755 index 0000000000..e0a7ae80c5 --- /dev/null +++ b/qemu_mode/util/qemu_get_symbol_addr.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Copyright 2023 AFLplusplus +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +target="$1" +symbol="$2" +base="$3" + +test -z "$target" -o -z "$symbol" -o '!' -x "$target" && { + echo "Syntax: $0 executable function [baseaddress]" + echo + echo Help script to calculate the function address of a binary QEMU will load it to. + echo function is e.g. LLVMFuzzerTestOneInput, afl_qemu_driver_stdin, etc. + echo "baseaddress is tried to be auto-detected, you can use 'AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace ./executable' to see the maps." + exit 1 +} + +file=$(file $target|sed 's/.*: //') + +arch=$(echo $file|awk -F, '{print$2}'|tr -d ' ') +bits=$(echo $file|sed 's/-bit .*//'|sed 's/.* //') +pie=$(echo $file|grep -wqi pie && echo pie) + +test $(uname -s) = "Darwin" && symbol=_"$symbol" +tmp_addr=$(nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F) + +test -z "$tmp_addr" && { echo Error: function $symbol not found 1>&2; exit 1; } +test -z "$pie" && { echo 0x$tmp_addr; exit 0; } + +test -z "$base" && { + test "$bits" = 32 -o "$bits" = 64 || { echo "Error: could not identify arch (bits=$bits)" 1>&2 ; exit 1; } + test "$arch" = Intel80386 && base=0x40000000 + test "$arch" = x86-64 && base=0x4000000000 + test "$arch" = ARMaarch64 && base=0x5500000000 + # add more here, e.g. "$arch" = ARM +} + +test -z "$base" && { echo "Error: could not identify base address! bits=$bits arch=$arch" 1>&2 ; exit 1; } + +hex_base=$(echo "$base" | awk '{sub("^0x","");print $0}' | tr a-f A-F ) +echo $tmp_addr | echo "ibase=16;obase=10;$hex_base + $tmp_addr" | bc | tr A-F a-f | awk '{print "0x"$0}' +exit 0 From 1132b08d7d3ef6bae712ced57d32ce06abfa973d Mon Sep 17 00:00:00 2001 From: hexcoder Date: Thu, 13 Jul 2023 13:37:47 +0200 Subject: [PATCH 073/357] Update afl-common.c typo --- src/afl-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-common.c b/src/afl-common.c index a6f83f6dd2..b4143a1b9e 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -403,7 +403,7 @@ u8 *find_binary(u8 *fname) { FATAL( "Unexpected overflow when processing ENV. This should never " - "happened."); + "had happened."); } From 127c345161769c513275fed9d64de12536ee979d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 13 Jul 2023 14:26:26 +0200 Subject: [PATCH 074/357] nts --- frida_mode/src/instrument/instrument_arm32.c | 2 +- frida_mode/src/instrument/instrument_arm64.c | 2 +- include/config.h | 8 ++++++++ instrumentation/SanitizerCoveragePCGUARD.so.cc | 1 + instrumentation/afl-compiler-rt.o.c | 6 ------ 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 2e123247db..c1e3f18731 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -15,7 +15,7 @@ static GHashTable *coverage_blocks = NULL; extern __thread guint64 instrument_previous_pc; -__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[2UL << 20]; +__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_INITIAL_SIZE]; #pragma pack(push, 1) typedef struct { diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index a8d30dc18c..2256f941a9 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -22,7 +22,7 @@ gboolean instrument_cache_enabled = FALSE; gsize instrument_cache_size = 0; static GHashTable *coverage_blocks = NULL; -__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[2UL << 20]; +__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_INITIAL_SIZE]; #pragma pack(push, 1) typedef struct { diff --git a/include/config.h b/include/config.h index 8585041e1a..16f4b61349 100644 --- a/include/config.h +++ b/include/config.h @@ -446,7 +446,15 @@ after changing this - otherwise, SEGVs may ensue. */ #define MAP_SIZE_POW2 16 + +/* Do not change this unless you really know what you are doing. */ + #define MAP_SIZE (1U << MAP_SIZE_POW2) +#if MAP_SIZE <= 65536 + #define MAP_INITIAL_SIZE (2 << 20) // = 2097152 +#else + #define MAP_INITIAL_SIZE MAP_SIZE +#endif /* Maximum allocator request size (keep well under INT_MAX): */ diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 7d614f43ca..98c5973cf9 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -227,6 +227,7 @@ llvmGetPassPluginInfo() { PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, ModuleAnalysisManager &MAM) { + ModuleSanitizerCoverageAFL ModuleSancov(Options); auto &FAM = MAM.getResult(M).getManager(); auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 3f8b519bb9..dd9aae7741 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -87,12 +87,6 @@ is used for instrumentation output before __afl_map_shm() has a chance to run. It will end up as .comm, so it shouldn't be too wasteful. */ -#if MAP_SIZE <= 65536 - #define MAP_INITIAL_SIZE 2097152 -#else - #define MAP_INITIAL_SIZE MAP_SIZE -#endif - #if defined(__HAIKU__) extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); From 2b8e528a3b5f44df590b8f727983d142857d0433 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 13 Jul 2023 17:12:55 +0200 Subject: [PATCH 075/357] interesting32_float --- include/config.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/config.h b/include/config.h index 16f4b61349..7c29a67478 100644 --- a/include/config.h +++ b/include/config.h @@ -360,9 +360,10 @@ 65535, /* Overflow unsig 16-bit when incremented */ \ 65536, /* Overflow unsig 16 bit */ \ 100663045, /* Large positive number (endian-agnostic) */ \ + 2139095040, /* float infinite */ \ 2147483647 /* Overflow signed 32-bit when incremented */ -#define INTERESTING_32_LEN 8 +#define INTERESTING_32_LEN 9 /*********************************************************** * * From 4113b6ccada97c32b3852ece5ffe2fee6dcbc2c8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 18 Jul 2023 09:56:28 +0200 Subject: [PATCH 076/357] take care of uninstrumented mode for fuzz state and mode --- README.md | 1 + src/afl-fuzz-bitmap.c | 3 ++- src/afl-fuzz-stats.c | 9 +++++++-- src/afl-fuzz.c | 3 ++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 05c662c164..42fcaa0d5e 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ AFL++ is maintained by: * Andrea Fioraldi * Dominik Maier * Heiko "hexcoder-" Eißfeldt +* frida_mode is maintained by @Worksbutnottested * Documentation: Jana Aydinbas Originally developed by Michał "lcamtuf" Zalewski. diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index fb8a1d4b13..87157cad9c 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -533,7 +533,8 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { close(fd); add_to_queue(afl, queue_fn, len, 0); - if (unlikely(afl->fuzz_mode) && likely(afl->switch_fuzz_mode)) { + if (unlikely(afl->fuzz_mode) && + likely(afl->switch_fuzz_mode && !afl->non_instrumented_mode)) { if (afl->afl_env.afl_no_ui) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 4013370ded..3d0a9b9ae1 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -37,8 +37,13 @@ char *get_fuzzing_state(afl_state_t *afl) { u64 cur_run_time = cur_ms - afl->start_time; u64 cur_total_run_time = afl->prev_run_time + cur_run_time; - if (unlikely(cur_run_time < 60 * 3 * 1000 || - cur_total_run_time < 60 * 5 * 1000)) { + if (unlikely(afl->non_instrumented_mode)) { + + return fuzzing_state[1]; + + } else if (unlikely(cur_run_time < 60 * 3 * 1000 || + + cur_total_run_time < 60 * 5 * 1000)) { return fuzzing_state[0]; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9afece6632..d8a88f00d6 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2755,7 +2755,8 @@ int main(int argc, char **argv_orig, char **envp) { u64 cur_time = get_cur_time(); - if (likely(afl->switch_fuzz_mode && afl->fuzz_mode == 0) && + if (likely(afl->switch_fuzz_mode && afl->fuzz_mode == 0 && + !afl->non_instrumented_mode) && unlikely(cur_time > afl->last_find_time + afl->switch_fuzz_mode)) { if (afl->afl_env.afl_no_ui) { From 5f813bbb86e1c9e2480669c44501e9780043728c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 21 Jul 2023 18:02:30 +0200 Subject: [PATCH 077/357] improve cmplog level 3 --- docs/Changelog.md | 1 + include/afl-fuzz.h | 3 +- include/config.h | 8 +- src/afl-fuzz-redqueen.c | 171 +++++++++++++++++++++------------------- src/afl-fuzz.c | 7 +- 5 files changed, 100 insertions(+), 90 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index d61ce8ec64..7516717256 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,6 +15,7 @@ command line tool! See custom_mutators/aflpp/standalone/ - display the state of the fuzzing run in the UI :-) - fix timeout setting if '+' is used or a session is restarted + - -c X option to enable base64 transformation solving - afl-cmin/afl-cmin.bash: - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 27668da0fb..e114b0fcc8 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -674,7 +674,8 @@ typedef struct afl_state { u32 cmplog_max_filesize; u32 cmplog_lvl; u32 colorize_success; - u8 cmplog_enable_arith, cmplog_enable_transform, cmplog_random_colorization; + u8 cmplog_enable_arith, cmplog_enable_transform, + cmplog_enable_xtreme_transform, cmplog_random_colorization; struct afl_pass_stat *pass_stats; struct cmp_map *orig_cmp_map; diff --git a/include/config.h b/include/config.h index 7c29a67478..df54558386 100644 --- a/include/config.h +++ b/include/config.h @@ -60,10 +60,6 @@ * */ -/* if TRANSFORM is enabled with '-l T', this additionally enables base64 - encoding/decoding */ -// #define CMPLOG_SOLVE_TRANSFORM_BASE64 - /* If a redqueen pass finds more than one solution, try to combine them? */ #define CMPLOG_COMBINE @@ -71,10 +67,10 @@ #define CMPLOG_CORPUS_PERCENT 5U /* Number of potential positions from which we decide if cmplog becomes - useless, default 8096 */ + useless, default 12288 */ #define CMPLOG_POSITIONS_MAX (12 * 1024) -/* Maximum allowed fails per CMP value. Default: 128 */ +/* Maximum allowed fails per CMP value. Default: 96 */ #define CMPLOG_FAIL_MAX 96 /* -------------------------------------*/ diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 73e188e7a7..5a1f512d0e 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -571,7 +571,6 @@ static u8 its_fuzz(afl_state_t *afl, u8 *buf, u32 len, u8 *status) { } -// #ifdef CMPLOG_SOLVE_TRANSFORM static int strntoll(const char *str, size_t sz, char **end, int base, long long *out) { @@ -656,7 +655,6 @@ static int is_hex(const char *str) { } -#ifdef CMPLOG_SOLVE_TRANSFORM_BASE64 // tests 4 bytes at location static int is_base64(const char *str) { @@ -769,10 +767,6 @@ static void to_base64(u8 *src, u8 *dst, u32 dst_len) { } -#endif - -// #endif - static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, u64 pattern, u64 repl, u64 o_pattern, u64 changed_val, u8 attr, u32 idx, u32 taint_len, @@ -797,42 +791,54 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - // fprintf(stderr, - // "Encode: %llx->%llx into %llx(<-%llx) at idx=%u " - // "taint_len=%u shape=%u attr=%u\n", - // o_pattern, pattern, repl, changed_val, idx, taint_len, - // hshape, attr); + /* + fprintf(stderr, + "Encode: %llx->%llx into %llx(<-%llx) at idx=%u " + "taint_len=%u shape=%u attr=%u\n", + o_pattern, pattern, repl, changed_val, idx, taint_len, + hshape, attr); + */ - // #ifdef CMPLOG_SOLVE_TRANSFORM // reverse atoi()/strnu?toll() is expensive, so we only to it in lvl 3 if (afl->cmplog_enable_transform && (lvl & LVL3)) { u8 *endptr; u8 use_num = 0, use_unum = 0; - unsigned long long unum; - long long num; + unsigned long long unum = 0; + long long num = 0; + + // if (afl->queue_cur->is_ascii) { + + // we first check if our input are ascii numbers that are transformed to + // an integer and used for comparison: - if (afl->queue_cur->is_ascii) { + endptr = buf_8; + if (strntoll(buf_8, len - idx, (char **)&endptr, 0, &num)) { - endptr = buf_8; - if (strntoll(buf_8, len - idx, (char **)&endptr, 0, &num)) { + if (!strntoull(buf_8, len - idx, (char **)&endptr, 0, &unum)) { - if (!strntoull(buf_8, len - idx, (char **)&endptr, 0, &unum)) - use_unum = 1; + use_unum = 1; - } else + } + + } else { - use_num = 1; + use_num = 1; } + //} + #ifdef _DEBUG if (idx == 0) - fprintf(stderr, "ASCII is=%u use_num=%u use_unum=%u idx=%u %llx==%llx\n", - afl->queue_cur->is_ascii, use_num, use_unum, idx, num, pattern); + fprintf(stderr, + "ASCII is=%u use_num=%u>%lld use_unum=%u>%llu idx=%u " + "pattern=0x%llx\n", + afl->queue_cur->is_ascii, use_num, num, use_unum, unum, idx, + pattern); #endif - // num is likely not pattern as atoi("AAA") will be zero... + // atoi("AAA") == 0 so !num means we have to investigate if (use_num && ((u64)num == pattern || !num)) { u8 tmp_buf[32]; @@ -961,10 +967,12 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, // test for arithmetic, eg. "if ((user_val - 0x1111) == 0x1234) ..." s64 diff = pattern - b_val; s64 o_diff = o_pattern - o_b_val; - /* fprintf(stderr, "DIFF1 idx=%03u shape=%02u %llx-%llx=%lx\n", idx, - hshape, o_pattern, o_b_val, o_diff); - fprintf(stderr, "DIFF1 %016llx %llx-%llx=%lx\n", repl, pattern, - b_val, diff); */ + /* + fprintf(stderr, "DIFF1 idx=%03u shape=%02u %llx-%llx=%lx\n", idx, + hshape, o_pattern, o_b_val, o_diff); + fprintf(stderr, "DIFF1 %016llx %llx-%llx=%lx\n", repl, pattern, + b_val, diff); + */ if (diff == o_diff && diff) { // this could be an arithmetic transformation @@ -1275,7 +1283,6 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, // 16 = modified float, 32 = modified integer (modified = wont match // in original buffer) - // #ifdef CMPLOG_SOLVE_ARITHMETIC if (!afl->cmplog_enable_arith || lvl < LVL3 || attr == IS_TRANSFORM) { return 0; @@ -2009,8 +2016,12 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, its_len = MIN(its_len, taint_len); u32 saved_its_len = its_len; + if (its_len <= 1) { return 0; } + if (lvl & LVL3) { + if (memcmp(changed_val, repl, its_len) != 0) { return 0; } + u32 max_to = MIN(4U, idx); if (!(lvl & LVL1) && max_to) { from = 1; } to = max_to; @@ -2089,9 +2100,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, if (afl->cmplog_enable_transform && (lvl & LVL3)) { u32 toupper = 0, tolower = 0, xor = 0, arith = 0, tohex = 0, fromhex = 0; -#ifdef CMPLOG_SOLVE_TRANSFORM_BASE64 u32 tob64 = 0, fromb64 = 0; -#endif u32 from_0 = 0, from_x = 0, from_X = 0, from_slash = 0, from_up = 0; u32 to_0 = 0, to_x = 0, to_slash = 0, to_up = 0; u8 xor_val[32], arith_val[32], tmp[48]; @@ -2144,7 +2153,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } - if (i < 16 && is_hex(repl + (i << 1))) { + if (afl->cmplog_enable_xtreme_transform && i < 16 && + is_hex(repl + (i << 1))) { ++tohex; @@ -2163,7 +2173,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } - if ((i % 2)) { + if (afl->cmplog_enable_xtreme_transform && (i % 2)) { if (len > idx + i + 1 && is_hex(orig_buf + idx + i)) { @@ -2187,20 +2197,21 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } -#ifdef CMPLOG_SOLVE_TRANSFORM_BASE64 - if (i % 3 == 2 && i < 24) { + if (afl->cmplog_enable_xtreme_transform) { - if (is_base64(repl + ((i / 3) << 2))) tob64 += 3; + if (i % 3 == 2 && i < 24) { - } + if (is_base64(repl + ((i / 3) << 2))) tob64 += 3; + + } - if (i % 4 == 3 && i < 24) { + if (i % 4 == 3 && i < 24) { - if (is_base64(orig_buf + idx + i - 3)) fromb64 += 4; + if (is_base64(orig_buf + idx + i - 3)) fromb64 += 4; - } + } -#endif + } if ((o_pattern[i] ^ orig_buf[idx + i]) == xor_val[i] && xor_val[i]) { @@ -2229,45 +2240,50 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } #ifdef _DEBUG + fprintf(stderr, "RTN %s %s %s %s\n", buf, pattern, orig_buf, o_pattern); fprintf(stderr, - "RTN idx=%u loop=%u xor=%u arith=%u tolower=%u toupper=%u " + "RTN idx=%u len=%u loop=%u xor=%u arith=%u tolower=%u toupper=%u " "tohex=%u fromhex=%u to_0=%u to_slash=%u to_x=%u " "from_0=%u from_slash=%u from_x=%u\n", - idx, i, xor, arith, tolower, toupper, tohex, fromhex, to_0, - to_slash, to_x, from_0, from_slash, from_x); - #ifdef CMPLOG_SOLVE_TRANSFORM_BASE64 - fprintf(stderr, "RTN idx=%u loop=%u tob64=%u from64=%u\n", tob64, - fromb64); - #endif + idx, its_len, i, xor, arith, tolower, toupper, tohex, fromhex, + to_0, to_slash, to_x, from_0, from_slash, from_x); + if (afl->cmplog_enable_xtreme_transform) { + + fprintf(stderr, "RTN idx=%u loop=%u tob64=%u from64=%u\n", idx, i, + tob64, fromb64); + + } + #endif -#ifdef CMPLOG_SOLVE_TRANSFORM_BASE64 - // input is base64 and converted to binary? convert repl to base64! - if ((i % 4) == 3 && i < 24 && fromb64 > i) { + if (afl->cmplog_enable_xtreme_transform) { - to_base64(repl, tmp, i + 1); - memcpy(buf + idx, tmp, i + 1); - if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT fromb64 %u result %u\n", fromb64, - // *status); + // input is base64 and converted to binary? convert repl to base64! + if ((i % 4) == 3 && i < 24 && fromb64 > i) { - } + to_base64(repl, tmp, i + 1); + memcpy(buf + idx, tmp, i + 1); + if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } + // fprintf(stderr, "RTN ATTEMPT fromb64 %u result %u\n", fromb64, + // *status); + + } - // input is converted to base64? decode repl with base64! - if ((i % 3) == 2 && i < 24 && tob64 > i) { + // input is converted to base64? decode repl with base64! + if ((i % 3) == 2 && i < 24 && tob64 > i) { - u32 olen = from_base64(repl, tmp, i + 1); - memcpy(buf + idx, tmp, olen); - if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT tob64 %u idx=%u result %u\n", tob64, - // idx, *status); + u32 olen = from_base64(repl, tmp, i + 1); + memcpy(buf + idx, tmp, olen); + if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } + // fprintf(stderr, "RTN ATTEMPT tob64 %u idx=%u result %u\n", tob64, + // idx, *status); - } + } -#endif + } // input is converted to hex? convert repl to binary! - if (i < 16 && tohex > i) { + if (afl->cmplog_enable_xtreme_transform && i < 16 && tohex > i) { u32 off; if (to_slash + to_x + to_0 == 2) { @@ -2292,8 +2308,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } // input is hex and converted to binary? convert repl to hex! - if (i && (i % 2) && i < 16 && fromhex && - fromhex + from_slash + from_x + from_0 > i) { + if (afl->cmplog_enable_xtreme_transform && i && (i % 2) && i < 16 && + fromhex && fromhex + from_slash + from_x + from_0 > i) { u8 off = 0; if (from_slash && from_x) { @@ -2401,11 +2417,9 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, if ((i >= 7 && (i >= xor&&i >= arith &&i >= tolower &&i >= toupper &&i > tohex &&i > - (fromhex + from_0 + from_x + from_slash + 1) -#ifdef CMPLOG_SOLVE_TRANSFORM_BASE64 - && i > tob64 + 3 && i > fromb64 + 4 -#endif - )) || + (fromhex + from_0 + from_x + from_slash + 1) && + (afl->cmplog_enable_xtreme_transform && i > tob64 + 3 && + i > fromb64 + 4))) || repl[i] != changed_val[i] || *status == 1) { break; @@ -2418,8 +2432,6 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } - // #endif - return 0; } @@ -2818,12 +2830,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) { } - } else if ((lvl & LVL1) - - // #ifdef CMPLOG_SOLVE_TRANSFORM - || ((lvl & LVL3) && afl->cmplog_enable_transform) - // #endif - ) { + } else if ((lvl & LVL1) || ((lvl & LVL3) && afl->cmplog_enable_transform)) { if (unlikely(rtn_fuzz(afl, k, orig_buf, buf, cbuf, len, lvl, taint))) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index d8a88f00d6..21a8915cdd 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -185,7 +185,8 @@ static void usage(u8 *argv0, int more_help) { " 1=small files, 2=larger files (default), 3=all " "files,\n" " A=arithmetic solving, T=transformational solving,\n" - " R=random colorization bytes.\n\n" + " X=extreme transform solving, R=random colorization " + "bytes.\n\n" "Fuzzing behavior settings:\n" " -Z - sequential queue selection instead of weighted " "random\n" @@ -1120,6 +1121,10 @@ int main(int argc, char **argv_orig, char **envp) { case 'T': afl->cmplog_enable_transform = 1; break; + case 'x': + case 'X': + afl->cmplog_enable_xtreme_transform = 1; + break; case 'r': case 'R': afl->cmplog_random_colorization = 1; From 705cdf45fc32e6f5fcf3b8e58242ede3b99b8b6e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 23 Jul 2023 13:05:10 +0200 Subject: [PATCH 078/357] temp cmplog fixes --- GNUmakefile | 6 +- GNUmakefile.gcc_plugin | 6 +- GNUmakefile.llvm | 6 +- src/afl-fuzz-redqueen.c | 190 +++++++++++++++++++++++++--------------- 4 files changed, 130 insertions(+), 78 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 71011858a8..f6b76a6c3e 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -91,9 +91,9 @@ ifneq "$(SYS)" "Darwin" #ifeq "$(HAVE_MARCHNATIVE)" "1" # SPECIAL_PERFORMANCE += -march=native #endif - ifndef DEBUG - CFLAGS_OPT += -D_FORTIFY_SOURCE=1 - endif + #ifndef DEBUG + # CFLAGS_OPT += -D_FORTIFY_SOURCE=1 + #endif else # On some odd MacOS system configurations, the Xcode sdk path is not set correctly SDK_LD = -L$(shell xcrun --show-sdk-path)/usr/lib diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index 41face4c7c..29d0ed9d01 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -28,14 +28,16 @@ MAN_PATH ?= $(PREFIX)/share/man/man8 VERSION = $(shell grep '^$(HASH)define VERSION ' ./config.h | cut -d '"' -f2) -CFLAGS ?= -O3 -g -funroll-loops -D_FORTIFY_SOURCE=1 +CFLAGS ?= -O3 -g -funroll-loops +# -D_FORTIFY_SOURCE=1 CFLAGS_SAFE := -Wall -Iinclude -Wno-pointer-sign \ -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \ -DGCC_VERSION=\"$(GCCVER)\" -DGCC_BINDIR=\"$(GCCBINDIR)\" \ -Wno-unused-function override CFLAGS += $(CFLAGS_SAFE) -CXXFLAGS ?= -O3 -g -funroll-loops -D_FORTIFY_SOURCE=1 +CXXFLAGS ?= -O3 -g -funroll-loops +# -D_FORTIFY_SOURCE=1 CXXEFLAGS := $(CXXFLAGS) -Wall -std=c++11 CC ?= gcc diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index f298060e23..75fb664b6f 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -262,7 +262,8 @@ else AFL_CLANG_DEBUG_PREFIX = endif -CFLAGS ?= -O3 -funroll-loops -fPIC -D_FORTIFY_SOURCE=1 +CFLAGS ?= -O3 -funroll-loops -fPIC +# -D_FORTIFY_SOURCE=1 CFLAGS_SAFE := -Wall -g -Wno-cast-qual -Wno-variadic-macros -Wno-pointer-sign \ -I ./include/ -I ./instrumentation/ \ -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \ @@ -287,7 +288,8 @@ ifdef AFL_TRACE_PC $(info Compile option AFL_TRACE_PC is deprecated, just set AFL_LLVM_INSTRUMENT=PCGUARD to activate when compiling targets ) endif -CXXFLAGS ?= -O3 -funroll-loops -fPIC -D_FORTIFY_SOURCE=1 +CXXFLAGS ?= -O3 -funroll-loops -fPIC +# -D_FORTIFY_SOURCE=1 override CXXFLAGS += -Wall -g -I ./include/ \ -DVERSION=\"$(VERSION)\" -Wno-variadic-macros -Wno-deprecated-copy-with-dtor \ -DLLVM_MINOR=$(LLVM_MINOR) -DLLVM_MAJOR=$(LLVM_MAJOR) diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 5a1f512d0e..8a652a9f72 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -129,7 +129,6 @@ static struct range *pop_biggest_range(struct range **ranges) { } #ifdef _DEBUG -// static int logging = 0; static void dump(char *txt, u8 *buf, u32 len) { u32 i; @@ -140,6 +139,7 @@ static void dump(char *txt, u8 *buf, u32 len) { } +/* static void dump_file(char *path, char *name, u32 counter, u8 *buf, u32 len) { char fn[4096]; @@ -155,6 +155,8 @@ static void dump_file(char *path, char *name, u32 counter, u8 *buf, u32 len) { } +*/ + #endif static u8 get_exec_checksum(afl_state_t *afl, u8 *buf, u32 len, u64 *cksum) { @@ -730,12 +732,14 @@ static u32 from_base64(u8 *src, u8 *dst, u32 dst_len) { } -static void to_base64(u8 *src, u8 *dst, u32 dst_len) { +static u32 to_base64(u8 *src, u8 *dst, u32 dst_len) { u32 i, j, v; - u32 len = (dst_len >> 2) * 3; + // u32 len = (dst_len >> 2) * 3; + u32 len = (dst_len / 3) * 4; + if (dst_len % 3) len += 4; - for (i = 0, j = 0; i < len; i += 3, j += 4) { + for (i = 0, j = 0; j < len; i += 3, j += 4) { v = src[i]; v = i + 1 < len ? v << 8 | src[i + 1] : v << 8; @@ -743,7 +747,8 @@ static void to_base64(u8 *src, u8 *dst, u32 dst_len) { dst[j] = base64_encode_table[(v >> 18) & 0x3F]; dst[j + 1] = base64_encode_table[(v >> 12) & 0x3F]; - if (i + 1 < len) { + + if (i + 1 < dst_len) { dst[j + 2] = base64_encode_table[(v >> 6) & 0x3F]; @@ -753,7 +758,7 @@ static void to_base64(u8 *src, u8 *dst, u32 dst_len) { } - if (i + 2 < len) { + if (i + 2 < dst_len) { dst[j + 3] = base64_encode_table[v & 0x3F]; @@ -765,6 +770,9 @@ static void to_base64(u8 *src, u8 *dst, u32 dst_len) { } + dst[len] = 0; + return len; + } static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, @@ -2016,6 +2024,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, its_len = MIN(its_len, taint_len); u32 saved_its_len = its_len; + // fprintf(stderr, "its_len=%u repl=%s\n", its_len, repl); + if (its_len <= 1) { return 0; } if (lvl & LVL3) { @@ -2032,27 +2042,32 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, (void)(j); #ifdef _DEBUG - fprintf(stderr, "RTN T idx=%u lvl=%02x is_txt=%u shape=%u/%u ", idx, lvl, - o->v0_len >= 0x80 ? 1 : 0, hshape, l0); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", orig_buf[idx + j]); - fprintf(stderr, " -> "); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", o_pattern[j]); - fprintf(stderr, " <= "); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", repl[j]); - fprintf(stderr, "\n"); - fprintf(stderr, " "); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", buf[idx + j]); - fprintf(stderr, " -> "); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", pattern[j]); - fprintf(stderr, " <= "); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", changed_val[j]); - fprintf(stderr, "\n"); + if (idx == 0) { + + fprintf(stderr, "RTN T idx=%u lvl=%02x is_txt=%u shape=%u/%u ", idx, lvl, + o->v0_len >= 0x80 ? 1 : 0, hshape, l0); + for (j = 0; j < 8; j++) + fprintf(stderr, "%02x", orig_buf[idx + j]); + fprintf(stderr, " -> "); + for (j = 0; j < 8; j++) + fprintf(stderr, "%02x", o_pattern[j]); + fprintf(stderr, " <= "); + for (j = 0; j < 8; j++) + fprintf(stderr, "%02x", repl[j]); + fprintf(stderr, "\n"); + fprintf(stderr, " "); + for (j = 0; j < 8; j++) + fprintf(stderr, "%02x", buf[idx + j]); + fprintf(stderr, " -> "); + for (j = 0; j < 8; j++) + fprintf(stderr, "%02x", pattern[j]); + fprintf(stderr, " <= "); + for (j = 0; j < 8; j++) + fprintf(stderr, "%02x", changed_val[j]); + fprintf(stderr, "\n"); + + } + #endif // Try to match the replace value up to 4 bytes before the current idx. @@ -2061,6 +2076,9 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, // if (memcmp(user_val, "TEST-VALUE") == 0) ... // We only do this in lvl 3, otherwise we only do direct matching + // fprintf(stderr, "XXXX FROMB64 saved_idx=%u its_len=%u from=%u to=%u FROMHEX + // repl=%s\n", saved_idx, saved_its_len, from, to, repl); + for (pre = from; pre <= to; pre++) { if (*status != 1 && (!pre || !memcmp(buf + saved_idx - pre, repl, pre))) { @@ -2173,9 +2191,9 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } - if (afl->cmplog_enable_xtreme_transform && (i % 2)) { + if (afl->cmplog_enable_xtreme_transform && (i % 2) == 1) { - if (len > idx + i + 1 && is_hex(orig_buf + idx + i)) { + if (len > idx + i + 1 && is_hex(orig_buf + idx + i - 1)) { fromhex += 2; @@ -2205,6 +2223,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } + // fprintf(stderr, "X FROMB64 idx=%u i=%u repl=%s\n", saved_idx, i, + // repl); if (i % 4 == 3 && i < 24) { if (is_base64(orig_buf + idx + i - 3)) fromb64 += 4; @@ -2240,17 +2260,23 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } #ifdef _DEBUG - fprintf(stderr, "RTN %s %s %s %s\n", buf, pattern, orig_buf, o_pattern); - fprintf(stderr, - "RTN idx=%u len=%u loop=%u xor=%u arith=%u tolower=%u toupper=%u " - "tohex=%u fromhex=%u to_0=%u to_slash=%u to_x=%u " - "from_0=%u from_slash=%u from_x=%u\n", - idx, its_len, i, xor, arith, tolower, toupper, tohex, fromhex, - to_0, to_slash, to_x, from_0, from_slash, from_x); - if (afl->cmplog_enable_xtreme_transform) { + if (idx == 0) { + + fprintf(stderr, "RTN Z %s %s %s %s repl=%s\n", buf, pattern, orig_buf, + o_pattern, repl); + fprintf( + stderr, + "RTN Z idx=%u len=%u loop=%u xor=%u arith=%u tolower=%u toupper=%u " + "tohex=%u fromhex=%u to_0=%u to_slash=%u to_x=%u " + "from_0=%u from_slash=%u from_x=%u\n", + idx, its_len, i, xor, arith, tolower, toupper, tohex, fromhex, to_0, + to_slash, to_x, from_0, from_slash, from_x); + if (afl->cmplog_enable_xtreme_transform) { + + fprintf(stderr, "RTN Z idx=%u loop=%u tob64=%u from64=%u\n", idx, i, + tob64, fromb64); - fprintf(stderr, "RTN idx=%u loop=%u tob64=%u from64=%u\n", idx, i, - tob64, fromb64); + } } @@ -2259,13 +2285,27 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, if (afl->cmplog_enable_xtreme_transform) { // input is base64 and converted to binary? convert repl to base64! + // fprintf(stderr, "FROMB64 idx=%u i=%u %% 4 == 3 && i < 24 && + // fromb64=%u > i, repl=%s\n", saved_idx, i, fromb64, repl); if ((i % 4) == 3 && i < 24 && fromb64 > i) { - to_base64(repl, tmp, i + 1); - memcpy(buf + idx, tmp, i + 1); - if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT fromb64 %u result %u\n", fromb64, - // *status); + for (u32 hlen = i; hlen + saved_idx < len && hlen <= its_len; + ++hlen) { + + u32 res = to_base64(repl, tmp, hlen); + // fprintf(stderr, "FROMB64 GOGO! idx=%u repl=%s tmp[%u]=%s + // hlen=%u\n", saved_idx, repl, res, tmp, hlen); + if (res + saved_idx < len) { + + memcpy(buf + idx, tmp, res); + if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } + // fprintf(stderr, "RTN ATTEMPT FROMB64 idx=%u fromb64 %u %s %s + // result %u\n", saved_idx, fromb64, tmp, repl, + // *status); + + } + + } } @@ -2308,7 +2348,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } // input is hex and converted to binary? convert repl to hex! - if (afl->cmplog_enable_xtreme_transform && i && (i % 2) && i < 16 && + if (afl->cmplog_enable_xtreme_transform && (i % 2) == 1 && i < 16 && fromhex && fromhex + from_slash + from_x + from_0 > i) { u8 off = 0; @@ -2344,31 +2384,36 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } - if (to_up == 1) { + for (u32 hlen = i; hlen <= (i << 1) && hlen + idx < len; hlen += i) { - for (j = 0; j <= (i >> 1); j++) { + if (to_up == 1) { - tmp[off + (j << 1)] = hex_table_up[repl[j] >> 4]; - tmp[off + (j << 1) + 1] = hex_table_up[repl[j] % 16]; + for (j = 0; j <= (hlen >> 1); j++) { - } + tmp[off + (j << 1)] = hex_table_up[repl[j] >> 4]; + tmp[off + (j << 1) + 1] = hex_table_up[repl[j] % 16]; - } else { + } + + } else { + + for (j = 0; j <= (hlen >> 1); j++) { - for (j = 0; j <= (i >> 1); j++) { + tmp[off + (j << 1)] = hex_table_low[repl[j] >> 4]; + tmp[off + (j << 1) + 1] = hex_table_low[repl[j] % 16]; - tmp[off + (j << 1)] = hex_table_low[repl[j] >> 4]; - tmp[off + (j << 1) + 1] = hex_table_low[repl[j] % 16]; + } } - } + memcpy(buf + idx, tmp, hlen + 1 + off); + if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } + tmp[hlen + 1 + off] = 0; + // fprintf(stderr, "RTN ATTEMPT idx=%u len=%u fromhex %u %s %s result + // %u\n", idx, len, fromhex, tmp, repl, *status); + memcpy(buf + idx, save, hlen + 1 + off); - memcpy(buf + idx, tmp, i + 1 + off); - if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT fromhex %u result %u\n", fromhex, - // *status); - memcpy(buf + idx, save, i + 1 + off); + } } @@ -2441,7 +2486,7 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, struct tainted *t; struct cmp_header *h = &afl->shm.cmp_map->headers[key]; - u32 i, j, idx, have_taint = 1, taint_len, loggeds; + u32 i, idx, have_taint = 1, taint_len, loggeds; u8 status = 0, found_one = 0; hshape = SHAPE_BYTES(h->shape); @@ -2464,19 +2509,22 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, struct cmpfn_operands *orig_o = &((struct cmpfn_operands *)afl->orig_cmp_map->log[key])[i]; - // opt not in the paper - for (j = 0; j < i; ++j) { + /* + // opt not in the paper + for (j = 0; j < i; ++j) { - if (!memcmp(&((struct cmpfn_operands *)afl->shm.cmp_map->log[key])[j], o, - sizeof(struct cmpfn_operands))) { + if (!memcmp(&((struct cmpfn_operands *)afl->shm.cmp_map->log[key])[j], + o, sizeof(struct cmpfn_operands))) { - goto rtn_fuzz_next_iter; + goto rtn_fuzz_next_iter; - } + } - } + } - /* + */ + +#ifdef _DEBUG struct cmp_header *hh = &afl->orig_cmp_map->headers[key]; fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, h->id, hshape, h->attribute); @@ -2493,7 +2541,7 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, for (j = 0; j < 8; j++) fprintf(stderr, "%02x", orig_o->v1[j]); fprintf(stderr, "\n"); - */ +#endif t = taint; while (t->next) { @@ -2527,7 +2575,7 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, status = 0; #ifdef _DEBUG - int w; + u32 w; fprintf(stderr, "key=%u idx=%u len=%u o0=", key, idx, hshape); for (w = 0; w < hshape; ++w) fprintf(stderr, "%02x", orig_o->v0[w]); From bd1648e707b85b79d816fd8737909789d7d2a09c Mon Sep 17 00:00:00 2001 From: mark0 <757410129@qq.com> Date: Fri, 28 Jul 2023 17:32:59 +0800 Subject: [PATCH 079/357] fix the file descriptor without determining null --- custom_mutators/aflpp/standalone/aflpp-standalone.c | 1 + src/afl-showmap.c | 1 + test/unittests/unit_rand.c | 1 + 3 files changed, 3 insertions(+) diff --git a/custom_mutators/aflpp/standalone/aflpp-standalone.c b/custom_mutators/aflpp/standalone/aflpp-standalone.c index 91bac4a838..361feabae4 100644 --- a/custom_mutators/aflpp/standalone/aflpp-standalone.c +++ b/custom_mutators/aflpp/standalone/aflpp-standalone.c @@ -39,6 +39,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { data->afl = calloc(1, sizeof(afl_state_t)); data->afl->queue_cycle = 1; data->afl->fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); + if (data->afl->fsrv.dev_urandom_fd < 0) { PFATAL("Unable to open /dev/urandom"); } rand_set_seed(data->afl, getpid()); return data; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index b82bcd7239..7a639cf61b 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1611,6 +1611,7 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir || in_filelist) { afl->fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); + if (afl->fsrv.dev_urandom_fd < 0) { PFATAL("Unable to open /dev/urandom"); } afl->afl_env.afl_custom_mutator_library = getenv("AFL_CUSTOM_MUTATOR_LIBRARY"); afl->afl_env.afl_python_module = getenv("AFL_PYTHON_MODULE"); diff --git a/test/unittests/unit_rand.c b/test/unittests/unit_rand.c index 1ad02a8029..f89b2ab56f 100644 --- a/test/unittests/unit_rand.c +++ b/test/unittests/unit_rand.c @@ -67,6 +67,7 @@ static void test_rand_below(void **state) { rand_set_seed(&afl, 1337); afl.fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); + if (afl.fsrv.dev_urandom_fd < 0) { PFATAL("Unable to open /dev/urandom"); } assert(!(rand_below(&afl, 9000) > 9000)); assert_int_equal(rand_below(&afl, 1), 0); From f87ba7ed6324e9d33c2b93da5103344d53218f2c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 28 Jul 2023 15:18:12 +0200 Subject: [PATCH 080/357] doc fix --- docs/env_variables.md | 3 ++- src/afl-fuzz.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index 0f0869d221..1f73bbdf38 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -585,7 +585,8 @@ checks or alter some of the more exotic semantics of the tool: Note that this is not a compile time option but a runtime option :-) - Set `AFL_PIZZA_MODE` to 1 to enable the April 1st stats menu, set to -1 - to disable although it is 1st of April. + to disable although it is 1st of April. 0 is the default and means enable + on the 1st of April automatically. - If you need a specific interval to update fuzzer_stats file, you can set `AFL_FUZZER_STATS_UPDATE_INTERVAL` to the interval in seconds you'd diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 21a8915cdd..bacbafc45e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -278,7 +278,8 @@ static void usage(u8 *argv0, int more_help) { "AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n" "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n" "AFL_INPUT_LEN_MIN/AFL_INPUT_LEN_MAX: like -g/-G set min/max fuzz length produced\n" - "AFL_PIZZA_MODE: 1 - enforce pizza mode, 0 - disable for April 1st\n" + "AFL_PIZZA_MODE: 1 - enforce pizza mode, -1 - disable for April 1st,\n" + " 0 (default) - activate on April 1st\n" "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc.\n" " (default: SIGKILL)\n" "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on termination\n" From 168ade3b70077ec6a24df9fc594e3b8c1db89bd6 Mon Sep 17 00:00:00 2001 From: mark0 <59284400+mark0-cn@users.noreply.github.com> Date: Mon, 31 Jul 2023 05:51:24 +0800 Subject: [PATCH 081/357] Fix format specifiers (#1818) * Update afl-mutations.h Fix bug: compilation cannot pass when DEBUG macro is enabled * Update afl-fuzz-one.c Fix bug: compilation cannot pass when DEBUG macro is enabled --- include/afl-mutations.h | 2 +- src/afl-fuzz-one.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 0a9bbbf4a2..5dde447331 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -2456,7 +2456,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } char buf[20]; - snprintf(buf, sizeof(buf), "%ld", val); + snprintf(buf, sizeof(buf), "%lld", val); u32 old_len = off2 - off; u32 new_len = strlen(buf); diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 8ee50bbf15..f4ae7bfdfc 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2995,7 +2995,7 @@ u8 fuzz_one_original(afl_state_t *afl) { // fprintf(stderr, "val: %u-%u = %ld\n", off, off2, val); char buf[20]; - snprintf(buf, sizeof(buf), "%ld", val); + snprintf(buf, sizeof(buf), "%lld", val); // fprintf(stderr, "BEFORE: %s\n", out_buf); From d0782a7f03a23f8323772d189e5b66a4eb086afd Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 30 Jul 2023 21:59:57 +0000 Subject: [PATCH 082/357] Various fixes for warnings, extends #1818 --- include/afl-mutations.h | 13 +++++++------ src/afl-fuzz-one.c | 2 +- src/afl-fuzz-redqueen.c | 2 +- unicorn_mode/unicornafl | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 5dde447331..1806790e4f 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -25,13 +25,14 @@ u32 max_len - the maximum size the mutated buffer may grow to */ -#ifndef _ANDROID_ASHMEM_H - #define AFL_MUTATIONS_H +#ifndef AFL_MUTATIONS_H +#define AFL_MUTATIONS_H - #include - #include "afl-fuzz.h" +#include +#include +#include "afl-fuzz.h" - #define MUT_STRATEGY_ARRAY_SIZE 256 +#define MUT_STRATEGY_ARRAY_SIZE 256 enum { @@ -2456,7 +2457,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } char buf[20]; - snprintf(buf, sizeof(buf), "%lld", val); + snprintf(buf, sizeof(buf), "%" PRId64, val); u32 old_len = off2 - off; u32 new_len = strlen(buf); diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index f4ae7bfdfc..2ad4697edd 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2995,7 +2995,7 @@ u8 fuzz_one_original(afl_state_t *afl) { // fprintf(stderr, "val: %u-%u = %ld\n", off, off2, val); char buf[20]; - snprintf(buf, sizeof(buf), "%lld", val); + snprintf(buf, sizeof(buf), "%" PRId64, val); // fprintf(stderr, "BEFORE: %s\n", out_buf); diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 8a652a9f72..54bf4e3218 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2665,7 +2665,7 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, } - rtn_fuzz_next_iter: + // rtn_fuzz_next_iter: afl->stage_cur++; } diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index f2cede37a7..2df75f3e10 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit f2cede37a75bbd4a9b9438f0277727b5d4620572 +Subproject commit 2df75f3e1045367cab95fe3471191b38c1a9f79e From f75c4303654602442987b9a653e5ad3af4974b43 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 30 Jul 2023 22:02:18 +0000 Subject: [PATCH 083/357] Go back to correct unicornafl version --- unicorn_mode/unicornafl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 2df75f3e10..f2cede37a7 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 2df75f3e1045367cab95fe3471191b38c1a9f79e +Subproject commit f2cede37a75bbd4a9b9438f0277727b5d4620572 From 82635dc6569d84899147b2487f19ebe3eaee92b2 Mon Sep 17 00:00:00 2001 From: Jesse Schwartzentruber Date: Fri, 28 Jul 2023 12:02:05 -0400 Subject: [PATCH 084/357] Use CPPFLAGS for C++ too. --- GNUmakefile.gcc_plugin | 2 +- GNUmakefile.llvm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index 29d0ed9d01..a90b02eab2 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -38,7 +38,7 @@ override CFLAGS += $(CFLAGS_SAFE) CXXFLAGS ?= -O3 -g -funroll-loops # -D_FORTIFY_SOURCE=1 -CXXEFLAGS := $(CXXFLAGS) -Wall -std=c++11 +CXXEFLAGS := $(CXXFLAGS) $(CPPFLAGS) -Wall -std=c++11 CC ?= gcc CXX ?= g++ diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 75fb664b6f..d8c47ccc49 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -300,7 +300,7 @@ endif ifneq "$(LLVM_CONFIG)" "" CLANG_CFL += -I$(shell dirname $(LLVM_CONFIG))/../include endif -CLANG_CPPFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fPIC $(CXXFLAGS) -Wno-deprecated-declarations +CLANG_CPPFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fPIC $(CXXFLAGS) $(CPPFLAGS) -Wno-deprecated-declarations CLANG_LFL = `$(LLVM_CONFIG) --ldflags` $(LDFLAGS) # wasm fuzzing: disable thread-local storage and unset LLVM debug flag From 1429c9724efb62e5ac90ec27d93a64c28632ba5d Mon Sep 17 00:00:00 2001 From: Junwha Date: Wed, 2 Aug 2023 02:59:07 +0900 Subject: [PATCH 085/357] Add option for treating crashing input as new crash Signed-off-by: Junwha Hong --- include/afl-fuzz.h | 3 +- include/envs.h | 1 + src/afl-fuzz-init.c | 99 ++++++++++++++++++++++++++++++++++++--------- src/afl-fuzz.c | 3 +- 4 files changed, 86 insertions(+), 20 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index e114b0fcc8..7bedc98fb5 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -539,7 +539,8 @@ typedef struct afl_state { expand_havoc, /* perform expensive havoc after no find */ cycle_schedules, /* cycle power schedules? */ old_seed_selection, /* use vanilla afl seed selection */ - reinit_table; /* reinit the queue weight table */ + reinit_table, /* reinit the queue weight table */ + crashing_seeds_as_new_crash; /* treat crashing seeds as normal corpus */ u8 *virgin_bits, /* Regions yet untouched by fuzzing */ *virgin_tmout, /* Bits we haven't seen in tmouts */ diff --git a/include/envs.h b/include/envs.h index edfd06e4e6..e396acd24a 100644 --- a/include/envs.h +++ b/include/envs.h @@ -35,6 +35,7 @@ static char *afl_environment_variables[] = { "AFL_COMPCOV_BINNAME", "AFL_COMPCOV_LEVEL", "AFL_CRASH_EXITCODE", + "AFL_CRASHING_SEEDS_AS_NEW_CRASH", "AFL_CUSTOM_MUTATOR_LIBRARY", "AFL_CUSTOM_MUTATOR_ONLY", "AFL_CUSTOM_INFO_PROGRAM", diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 24fd707781..6b7f30363e 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1056,6 +1056,13 @@ void perform_dry_run(afl_state_t *afl) { "skipping", fn, (int)(s8)afl->fsrv.crash_exitcode); + } else if (afl->crashing_seeds_as_new_crash) { + + WARNF( + "Test case '%s' results in a crash," + "as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, " + "saving as a crash", fn); + } else { WARNF("Test case '%s' results in a crash, skipping", fn); @@ -1078,38 +1085,94 @@ void perform_dry_run(afl_state_t *afl) { } - q->disabled = 1; - q->perf_score = 0; + /* Crashing corpus will regrad as normal, and categorized as new crash at fuzzing */ + if (afl->crashing_seeds_as_new_crash) { + + ++afl->total_crashes; - u32 i = 0; - while (unlikely(i < afl->queued_items && afl->queue_buf[i] && - afl->queue_buf[i]->disabled)) { + if (likely(!afl->non_instrumented_mode)) { - ++i; + classify_counts(&afl->fsrv); + + simplify_trace(afl, afl->fsrv.trace_bits); - } + if (!has_new_bits(afl, afl->virgin_crash)) { break; } + + } + + + if (unlikely(!afl->saved_crashes) && + (afl->afl_env.afl_no_crash_readme != 1)) { + + write_crash_readme(afl); + + } + + u8 crash_fn[PATH_MAX]; + u8 *use_name = strstr(q->fname, ",orig:"); + + afl->stage_name = "dry_run"; + afl->stage_short = "dry_run"; + + #ifndef SIMPLE_FILES + + snprintf(crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s", afl->out_dir, + afl->saved_crashes, afl->fsrv.last_kill_signal, + describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,") - strlen(use_name)), use_name); + + #else + + snprintf(crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u", afl->out_dir, + afl->saved_crashes, afl->fsrv.last_kill_signal); + + #endif - if (i < afl->queued_items && afl->queue_buf[i]) { + ++afl->saved_crashes; - afl->queue = afl->queue_buf[i]; + fd = open(crash_fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", crash_fn); } + ck_write(fd, use_mem, read_len, crash_fn); + close(fd); + + afl->last_crash_time = get_cur_time(); + afl->last_crash_execs = afl->fsrv.total_execs; } else { - afl->queue = afl->queue_buf[0]; + q->disabled = 1; + q->perf_score = 0; - } + u32 i = 0; + while (unlikely(i < afl->queued_items && afl->queue_buf[i] && + afl->queue_buf[i]->disabled)) { - afl->max_depth = 0; - for (i = 0; i < afl->queued_items && likely(afl->queue_buf[i]); i++) { + ++i; - if (!afl->queue_buf[i]->disabled && - afl->queue_buf[i]->depth > afl->max_depth) - afl->max_depth = afl->queue_buf[i]->depth; + } - } + if (i < afl->queued_items && afl->queue_buf[i]) { - break; + afl->queue = afl->queue_buf[i]; + + } else { + afl->queue = afl->queue_buf[0]; + + } + + afl->max_depth = 0; + for (i = 0; i < afl->queued_items && likely(afl->queue_buf[i]); i++) { + + if (!afl->queue_buf[i]->disabled && + afl->queue_buf[i]->depth > afl->max_depth) + afl->max_depth = afl->queue_buf[i]->depth; + + } + + } + + break; + case FSRV_RUN_ERROR: FATAL("Unable to execute target application ('%s')", afl->argv[0]); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bacbafc45e..5cbebb0ee8 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1573,7 +1573,8 @@ int main(int argc, char **argv_orig, char **envp) { if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; } if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; } if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; } - + if (get_afl_env("AFL_CRASHING_SEEDS_AS_NEW_CRASH")) { afl->crashing_seeds_as_new_crash = 1; } + if (afl->afl_env.afl_autoresume) { afl->autoresume = 1; From a61e1ffe4dceb5b4dec3409faf037bea4c05bef9 Mon Sep 17 00:00:00 2001 From: Junwha Date: Wed, 2 Aug 2023 19:21:41 +0900 Subject: [PATCH 086/357] Add AFL_CRASHING_SEEDS_AS_NEW_CRASH to doc Signed-off-by: Junwha --- docs/env_variables.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/env_variables.md b/docs/env_variables.md index 1f73bbdf38..affc9e3c2e 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -365,6 +365,9 @@ checks or alter some of the more exotic semantics of the tool: - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behavior which does not allow crashes or timeout seeds in the initial -i corpus. + - `AFL_CRASHING_SEEDS_AS_NEW_CRASH` will treat crashing seeds as new crash. these + crashes will be written to crashes folder as op:dry_run, and orig:. + - `AFL_EXIT_ON_TIME` causes afl-fuzz to terminate if no new paths were found within a specified period of time (in seconds). May be convenient for some types of automated jobs. From 641c551ba05bcd602bd351cb705b14cd652e0dda Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Thu, 3 Aug 2023 13:46:54 +0200 Subject: [PATCH 087/357] update Nyx submodules --- nyx_mode/LIBNYX_VERSION | 2 +- nyx_mode/PACKER_VERSION | 2 +- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- nyx_mode/libnyx | 2 +- nyx_mode/packer | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION index ed88ec10f7..a4ffd230bd 100644 --- a/nyx_mode/LIBNYX_VERSION +++ b/nyx_mode/LIBNYX_VERSION @@ -1 +1 @@ -c8a72dc +8291ef4 diff --git a/nyx_mode/PACKER_VERSION b/nyx_mode/PACKER_VERSION index 7db88233bd..cc20a3b66a 100644 --- a/nyx_mode/PACKER_VERSION +++ b/nyx_mode/PACKER_VERSION @@ -1 +1 @@ -202bace +bcf3e24 diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 60c216bc9e..a09d3ae2e6 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 60c216bc9e4c79834716d4099993d8397a3a8fd9 +Subproject commit a09d3ae2e66cfe82884a227ea872e48dd2c2ad25 diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index 98cb134fd1..75dcbe836f 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -60c216bc9e +a09d3ae2e6 diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx index 2da7f08b6e..8291ef4cb4 160000 --- a/nyx_mode/libnyx +++ b/nyx_mode/libnyx @@ -1 +1 @@ -Subproject commit 2da7f08b6e0267ccfe64e1320b24cdb29223459c +Subproject commit 8291ef4cb4f1d4bfe3026fe198167fd5c98e3a15 diff --git a/nyx_mode/packer b/nyx_mode/packer index 202bace888..bcf3e248b6 160000 --- a/nyx_mode/packer +++ b/nyx_mode/packer @@ -1 +1 @@ -Subproject commit 202bace888d237e4e8f4507d0eba6791a811554d +Subproject commit bcf3e248b660764f48af54232a3388389a2dfc22 From 8f31086a7fa1d7ef9d4dc416f238a10dd140e2d3 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Thu, 3 Aug 2023 14:40:10 +0200 Subject: [PATCH 088/357] make nyx aux buffer size configurable --- include/envs.h | 1 + include/forkserver.h | 1 + src/afl-forkserver.c | 10 ++++++++++ src/afl-fuzz.c | 3 +++ 4 files changed, 15 insertions(+) diff --git a/include/envs.h b/include/envs.h index edfd06e4e6..0ef331ae95 100644 --- a/include/envs.h +++ b/include/envs.h @@ -189,6 +189,7 @@ static char *afl_environment_variables[] = { "AFL_MAX_DET_EXTRAS", "AFL_NO_X86", // not really an env but we dont want to warn on it "AFL_NOOPT", + "AFL_NYX_AUX_SIZE", "AFL_PASSTHROUGH", "AFL_PATH", "AFL_PERFORMANCE_FILE", diff --git a/include/forkserver.h b/include/forkserver.h index f5069ce260..c93c6f61c9 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -86,6 +86,7 @@ typedef struct { uint32_t size); bool (*nyx_remove_work_dir)(const char *workdir); + bool (*nyx_config_set_aux_buffer_size)(void *config, uint32_t aux_buffer_size); } nyx_plugin_handler_t; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index ba7cdd666d..957cb2b7cf 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -129,6 +129,9 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) { plugin->nyx_remove_work_dir = dlsym(handle, "nyx_remove_work_dir"); if (plugin->nyx_remove_work_dir == NULL) { goto fail; } + plugin->nyx_config_set_aux_buffer_size = dlsym(handle, "nyx_config_set_aux_buffer_size"); + if (plugin->nyx_config_set_aux_buffer_size == NULL) { goto fail; } + OKF("libnyx plugin is ready!"); return plugin; @@ -589,6 +592,13 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + if (getenv("AFL_NYX_AUX_SIZE") != NULL) { + if(fsrv->nyx_handlers->nyx_config_set_aux_buffer_size( + nyx_config, atoi(getenv("AFL_NYX_AUX_SIZE"))) != 1) { + NYX_PRE_FATAL(fsrv, "Invalid AFL_NYX_AUX_SIZE value set (must be a multiple of 4096) ..."); + } + } + if (getenv("NYX_REUSE_SNAPSHOT") != NULL) { if (access(getenv("NYX_REUSE_SNAPSHOT"), F_OK) == -1) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bacbafc45e..9504d9085d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -299,6 +299,9 @@ static void usage(u8 *argv0, int more_help) { "AFL_NO_SNAPSHOT: do not use the snapshot feature (if the snapshot lkm is loaded)\n" "AFL_NO_STARTUP_CALIBRATION: no initial seed calibration, start fuzzing at once\n" "AFL_NO_UI: switch status screen off\n" + "AFL_NYX_AUX_SIZE: size of the Nyx auxiliary buffer. Must be a multiple of 4096.\n" + " Increase this value in case the crash reports are truncated.\n" + " Default value is 4096.\n" DYN_COLOR From 5d78a6f592fff853ff722f2722a6576b0f565abd Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Thu, 3 Aug 2023 14:43:16 +0200 Subject: [PATCH 089/357] update nyx mode readme (NYX_AUX_BUFFER_SIZE) --- nyx_mode/README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/nyx_mode/README.md b/nyx_mode/README.md index eee7d36379..605bc1037f 100644 --- a/nyx_mode/README.md +++ b/nyx_mode/README.md @@ -313,6 +313,27 @@ command: If you want to disable fast snapshots (except for crashes), you can simply set the `NYX_DISABLE_SNAPSHOT_MODE` environment variable. +### Nyx crash reports + +If the Nyx agent detects a crash in the target application, it can pass +additional information on that crash to AFL++ (assuming that the agent +implements this feature). For each saved crashing input AFL++ will also create +an additional file in the `crashes` directory with a `.log` file extension. +Crash reports generated by the default agent shipped with the Nyx packer will +contain information such as the faulting address and signal number. +Additionally, if the target is compiled with AddressSanitizer, the crash report +will also contain the entire ASan report. + +From a technical perspective, the crash report is passed from QEMU-Nyx to AFL++ +via a shared memory region called Nyx Auxiliary Buffer which is by default 4096 +bytes in size. In this shared memory region a specific amount is reserved for +the header (1408 bytes) and the remaining bytes can be used to transfer crash +reports (also the `hprintf` feature utilizes the very same shared memory for +transferring data). By default a crash report will be truncated to 2688 bytes. +However, if you want to increase the size of the shared memory region, you can +set the `NYX_AUX_BUFFER_SIZE` environment variable to a higher value (keep in +mind that this value must be a multiple of 4096). + ### Run AFL++Nyx with a custom agent Most of the common use-cases for linux userland targets are already handled by From 79640acbf1ffff9677ec9094b61ac4a158b1551c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 4 Aug 2023 09:25:19 +0200 Subject: [PATCH 090/357] nits --- include/afl-mutations.h | 8 ++++---- include/forkserver.h | 3 ++- src/afl-forkserver.c | 17 ++++++++++++----- src/afl-fuzz-redqueen.c | 2 +- src/afl-fuzz.c | 15 +++++++-------- 5 files changed, 26 insertions(+), 19 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 1806790e4f..98ba6fcf56 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -78,7 +78,7 @@ enum { }; - #define MUT_TXT_ARRAY_SIZE 200 +#define MUT_TXT_ARRAY_SIZE 200 u32 text_array[MUT_TXT_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_FLIPBIT, MUT_FLIPBIT, @@ -280,7 +280,7 @@ u32 text_array[MUT_TXT_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_SPLICE_INSERT, MUT_SPLICE_INSERT}; - #define MUT_BIN_ARRAY_SIZE 256 +#define MUT_BIN_ARRAY_SIZE 256 u32 binary_array[MUT_BIN_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_FLIPBIT, MUT_FLIPBIT, @@ -538,7 +538,7 @@ u32 binary_array[MUT_BIN_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_SPLICE_INSERT, MUT_SPLICE_INSERT}; - #define MUT_NORMAL_ARRAY_SIZE 77 +#define MUT_NORMAL_ARRAY_SIZE 77 u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_FLIPBIT, MUT_FLIPBIT, @@ -617,7 +617,7 @@ u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_SPLICE_INSERT, MUT_SPLICE_INSERT}; - #define MUT_SPLICE_ARRAY_SIZE 81 +#define MUT_SPLICE_ARRAY_SIZE 81 u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT, MUT_FLIPBIT, MUT_FLIPBIT, diff --git a/include/forkserver.h b/include/forkserver.h index c93c6f61c9..1d41d83d55 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -86,7 +86,8 @@ typedef struct { uint32_t size); bool (*nyx_remove_work_dir)(const char *workdir); - bool (*nyx_config_set_aux_buffer_size)(void *config, uint32_t aux_buffer_size); + bool (*nyx_config_set_aux_buffer_size)(void *config, + uint32_t aux_buffer_size); } nyx_plugin_handler_t; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 957cb2b7cf..e90ea46038 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -129,7 +129,8 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) { plugin->nyx_remove_work_dir = dlsym(handle, "nyx_remove_work_dir"); if (plugin->nyx_remove_work_dir == NULL) { goto fail; } - plugin->nyx_config_set_aux_buffer_size = dlsym(handle, "nyx_config_set_aux_buffer_size"); + plugin->nyx_config_set_aux_buffer_size = + dlsym(handle, "nyx_config_set_aux_buffer_size"); if (plugin->nyx_config_set_aux_buffer_size == NULL) { goto fail; } OKF("libnyx plugin is ready!"); @@ -593,10 +594,16 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } if (getenv("AFL_NYX_AUX_SIZE") != NULL) { - if(fsrv->nyx_handlers->nyx_config_set_aux_buffer_size( - nyx_config, atoi(getenv("AFL_NYX_AUX_SIZE"))) != 1) { - NYX_PRE_FATAL(fsrv, "Invalid AFL_NYX_AUX_SIZE value set (must be a multiple of 4096) ..."); - } + + if (fsrv->nyx_handlers->nyx_config_set_aux_buffer_size( + nyx_config, atoi(getenv("AFL_NYX_AUX_SIZE"))) != 1) { + + NYX_PRE_FATAL(fsrv, + "Invalid AFL_NYX_AUX_SIZE value set (must be a multiple " + "of 4096) ..."); + + } + } if (getenv("NYX_REUSE_SNAPSHOT") != NULL) { diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 54bf4e3218..ca5104c057 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2665,7 +2665,7 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, } - // rtn_fuzz_next_iter: + // rtn_fuzz_next_iter: afl->stage_cur++; } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9504d9085d..29659013e8 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -311,8 +311,8 @@ static void usage(u8 *argv0, int more_help) { PERSISTENT_MSG - "AFL_POST_PROCESS_KEEP_ORIGINAL: save the file as it was prior post-processing to the queue,\n" - " but execute the post-processed one\n" + "AFL_POST_PROCESS_KEEP_ORIGINAL: save the file as it was prior post-processing to\n" + " the queue, but execute the post-processed one\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" @@ -323,18 +323,17 @@ static void usage(u8 *argv0, int more_help) { "AFL_STATSD_HOST: change default statsd host (default 127.0.0.1)\n" "AFL_STATSD_PORT: change default statsd port (default: 8125)\n" "AFL_STATSD_TAGS_FLAVOR: set statsd tags format (default: disable tags)\n" - " Supported formats are: 'dogstatsd', 'librato',\n" - " 'signalfx' and 'influxdb'\n" + " suported formats: dogstatsd, librato, signalfx, influxdb\n" "AFL_SYNC_TIME: sync time between fuzzing instances (in minutes)\n" "AFL_NO_CRASH_README: do not create a README in the crashes directory\n" "AFL_TESTCACHE_SIZE: use a cache for testcases, improves performance (in MB)\n" "AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n" "AFL_EARLY_FORKSERVER: force an early forkserver in an afl-clang-fast/\n" " afl-clang-lto/afl-gcc-fast target\n" - "AFL_PERSISTENT: enforce persistent mode (if __AFL_LOOP is in a shared lib\n" - "AFL_DEFER_FORKSRV: enforced deferred forkserver (__AFL_INIT is in a .so)\n" - "AFL_FUZZER_STATS_UPDATE_INTERVAL: interval to update fuzzer_stats file in seconds, " - "(default: 60, minimum: 1)\n" + "AFL_PERSISTENT: enforce persistent mode (if __AFL_LOOP is in a shared lib)\n" + "AFL_DEFER_FORKSRV: enforced deferred forkserver (__AFL_INIT is in a shared lib)\n" + "AFL_FUZZER_STATS_UPDATE_INTERVAL: interval to update fuzzer_stats file in\n" + " seconds (default: 60, minimum: 1)\n" "\n" ); From 0a28bce0167416aa5dbe9d23c242f4ec43e79b75 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 4 Aug 2023 09:45:11 +0200 Subject: [PATCH 091/357] update docs --- docs/afl-fuzz_approach.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/afl-fuzz_approach.md b/docs/afl-fuzz_approach.md index cb173f1077..7d18b17883 100644 --- a/docs/afl-fuzz_approach.md +++ b/docs/afl-fuzz_approach.md @@ -419,8 +419,8 @@ the process. Be sure to consult this file especially if any UI elements are highlighted in red. The fuzzing process will continue until you press Ctrl-C. At a minimum, you want -to allow the fuzzer to complete one queue cycle, which may take anywhere from a -couple of hours to a week or so. +to allow the fuzzer to at least one queue cycle without any new finds, which may +take anywhere from a couple of hours to a week or so. There are three subdirectories created within the output directory and updated in real-time: From fcdfe9e990d84ab477cd3c571cbf540e8bc8e15a Mon Sep 17 00:00:00 2001 From: Junwha Date: Fri, 4 Aug 2023 18:36:58 +0900 Subject: [PATCH 092/357] Define AFL_CRASHING_SEEDS_AS_NEW_CRASH as env variable - and fix typo Signed-off-by: Junwha --- include/afl-fuzz.h | 6 +++--- src/afl-fuzz-init.c | 30 ++++++++++++++++-------------- src/afl-fuzz-state.c | 7 +++++++ src/afl-fuzz.c | 1 - 4 files changed, 26 insertions(+), 18 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 7bedc98fb5..18352acb34 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1,3 +1,4 @@ + /* american fuzzy lop++ - fuzzer header ------------------------------------ @@ -408,7 +409,7 @@ typedef struct afl_env_vars { *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, *afl_testcache_entries, *afl_child_kill_signal, *afl_fsrv_kill_signal, - *afl_target_env, *afl_persistent_record, *afl_exit_on_time; + *afl_target_env, *afl_persistent_record, *afl_exit_on_time, *afl_crashing_seeds_as_new_crash; s32 afl_pizza_mode; @@ -539,8 +540,7 @@ typedef struct afl_state { expand_havoc, /* perform expensive havoc after no find */ cycle_schedules, /* cycle power schedules? */ old_seed_selection, /* use vanilla afl seed selection */ - reinit_table, /* reinit the queue weight table */ - crashing_seeds_as_new_crash; /* treat crashing seeds as normal corpus */ + reinit_table; /* reinit the queue weight table */ u8 *virgin_bits, /* Regions yet untouched by fuzzing */ *virgin_tmout, /* Bits we haven't seen in tmouts */ diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 6b7f30363e..d994d74947 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1056,17 +1056,19 @@ void perform_dry_run(afl_state_t *afl) { "skipping", fn, (int)(s8)afl->fsrv.crash_exitcode); - } else if (afl->crashing_seeds_as_new_crash) { - - WARNF( - "Test case '%s' results in a crash," - "as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, " - "saving as a crash", fn); - } else { + if (afl->afl_env.afl_crashing_seeds_as_new_crash) { + + WARNF( + "Test case '%s' results in a crash, " + "as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, " + "saving as a new crash", fn); + + } else { - WARNF("Test case '%s' results in a crash, skipping", fn); - + WARNF("Test case '%s' results in a crash, skipping", fn); + + } } if (afl->afl_env.afl_exit_on_seed_issues) { @@ -1085,8 +1087,8 @@ void perform_dry_run(afl_state_t *afl) { } - /* Crashing corpus will regrad as normal, and categorized as new crash at fuzzing */ - if (afl->crashing_seeds_as_new_crash) { + /* Crashing seeds will be regarded as new crashes on startup */ + if (afl->afl_env.afl_crashing_seeds_as_new_crash) { ++afl->total_crashes; @@ -1139,9 +1141,6 @@ void perform_dry_run(afl_state_t *afl) { } else { - q->disabled = 1; - q->perf_score = 0; - u32 i = 0; while (unlikely(i < afl->queued_items && afl->queue_buf[i] && afl->queue_buf[i]->disabled)) { @@ -1171,6 +1170,9 @@ void perform_dry_run(afl_state_t *afl) { } + q->disabled = 1; + q->perf_score = 0; + break; case FSRV_RUN_ERROR: diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 99f69314bf..5a6b95cf4b 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -200,6 +200,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_exit_on_time = (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_CRASHING_SEEDS_AS_NEW_CRASH", + + afl_environment_variable_len)) { + + afl->afl_env.afl_crashing_seeds_as_new_crash = + atoi((u8 *)get_afl_env(afl_environment_variables[i])); + } else if (!strncmp(env, "AFL_NO_AFFINITY", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5cbebb0ee8..51ca4ee693 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1573,7 +1573,6 @@ int main(int argc, char **argv_orig, char **envp) { if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; } if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; } if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; } - if (get_afl_env("AFL_CRASHING_SEEDS_AS_NEW_CRASH")) { afl->crashing_seeds_as_new_crash = 1; } if (afl->afl_env.afl_autoresume) { From 4f3aa90a5f2b8bb53f2e1de964d54ec7f9be0578 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Fri, 4 Aug 2023 11:52:39 +0200 Subject: [PATCH 093/357] update QEMU-Nyx submodule --- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index a09d3ae2e6..874fa033d1 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit a09d3ae2e66cfe82884a227ea872e48dd2c2ad25 +Subproject commit 874fa033d117a3e9931245cb9e82836a4abc0425 diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index 75dcbe836f..d0a435a403 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -a09d3ae2e6 +874fa033d1 From 1fd1f0d8ce0db7e5ccee4462c85c264dcfca328d Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Fri, 4 Aug 2023 11:54:58 +0200 Subject: [PATCH 094/357] fix typo in nyx_mode/README.md --- nyx_mode/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nyx_mode/README.md b/nyx_mode/README.md index 605bc1037f..0565331bf4 100644 --- a/nyx_mode/README.md +++ b/nyx_mode/README.md @@ -331,7 +331,7 @@ the header (1408 bytes) and the remaining bytes can be used to transfer crash reports (also the `hprintf` feature utilizes the very same shared memory for transferring data). By default a crash report will be truncated to 2688 bytes. However, if you want to increase the size of the shared memory region, you can -set the `NYX_AUX_BUFFER_SIZE` environment variable to a higher value (keep in +set the `AFL_NYX_AUX_SIZE` environment variable to a higher value (keep in mind that this value must be a multiple of 4096). ### Run AFL++Nyx with a custom agent From 08a6fd7c29489f5477f50b94d7a0e425f64fef34 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Fri, 4 Aug 2023 12:13:06 +0200 Subject: [PATCH 095/357] update the old nyx env var naming scheme (to have a more consistent naming overall) --- include/envs.h | 2 ++ nyx_mode/README.md | 6 +++--- src/afl-forkserver.c | 27 ++++++++++++++------------- src/afl-fuzz.c | 3 ++- 4 files changed, 21 insertions(+), 17 deletions(-) diff --git a/include/envs.h b/include/envs.h index 0ef331ae95..ff303387cf 100644 --- a/include/envs.h +++ b/include/envs.h @@ -190,6 +190,8 @@ static char *afl_environment_variables[] = { "AFL_NO_X86", // not really an env but we dont want to warn on it "AFL_NOOPT", "AFL_NYX_AUX_SIZE", + "AFL_NYX_DISABLE_SNAPSHOT_MODE", + "AFL_NYX_REUSE_SNAPSHOT", "AFL_PASSTHROUGH", "AFL_PATH", "AFL_PERFORMANCE_FILE", diff --git a/nyx_mode/README.md b/nyx_mode/README.md index 0565331bf4..aee9879ed4 100644 --- a/nyx_mode/README.md +++ b/nyx_mode/README.md @@ -150,12 +150,12 @@ afl-cmin -i in_dir -o out_dir -X -- ./PACKAGE-DIRECTORY On each program startup of one the AFL++ tools in Nyx mode, a Nyx VM is spawned, and a bootstrapping procedure is performed inside the VM to prepare the target environment. As a consequence, due to the bootstrapping procedure, the launch performance is much slower compared to other modes. However, this can be optimized by reusing an existing fuzzing snapshot to avoid the slow re-execution of the bootstrap procedure. -A fuzzing snapshot is automatically created and stored in the output directory at `out_dir/workdir/snapshot/` by the first parent process of `afl-fuzz` if parallel mode is used. To enable this feature, set the path to an existing snapshot directory in the `NYX_REUSE_SNAPSHOT` environment variable and use the tools as usual: +A fuzzing snapshot is automatically created and stored in the output directory at `out_dir/workdir/snapshot/` by the first parent process of `afl-fuzz` if parallel mode is used. To enable this feature, set the path to an existing snapshot directory in the `AFL_NYX_REUSE_SNAPSHOT` environment variable and use the tools as usual: ```shell afl-fuzz -i ./in_dir -o ./out_dir -Y -M 0 ./PACKAGE-DIRECTORY -NYX_REUSE_SNAPSHOT=./out_dir/workdir/snapshot/ afl-analyze -i in_file -X -- ./PACKAGE-DIRECTORY +AFL_NYX_REUSE_SNAPSHOT=./out_dir/workdir/snapshot/ afl-analyze -i in_file -X -- ./PACKAGE-DIRECTORY ``` @@ -311,7 +311,7 @@ command: ``` If you want to disable fast snapshots (except for crashes), you can simply set -the `NYX_DISABLE_SNAPSHOT_MODE` environment variable. +the `AFL_NYX_DISABLE_SNAPSHOT_MODE` environment variable. ### Nyx crash reports diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index e90ea46038..717898d193 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -606,23 +606,23 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } - if (getenv("NYX_REUSE_SNAPSHOT") != NULL) { + if (getenv("AFL_NYX_REUSE_SNAPSHOT") != NULL) { - if (access(getenv("NYX_REUSE_SNAPSHOT"), F_OK) == -1) { + if (access(getenv("AFL_NYX_REUSE_SNAPSHOT"), F_OK) == -1) { - NYX_PRE_FATAL(fsrv, "NYX_REUSE_SNAPSHOT path does not exist"); + NYX_PRE_FATAL(fsrv, "AFL_NYX_REUSE_SNAPSHOT path does not exist"); } /* stupid sanity check to avoid passing an empty or invalid snapshot * directory */ char *snapshot_file_path = - alloc_printf("%s/global.state", getenv("NYX_REUSE_SNAPSHOT")); + alloc_printf("%s/global.state", getenv("AFL_NYX_REUSE_SNAPSHOT")); if (access(snapshot_file_path, R_OK) == -1) { - NYX_PRE_FATAL( - fsrv, - "NYX_REUSE_SNAPSHOT path does not contain a valid Nyx snapshot"); + NYX_PRE_FATAL(fsrv, + "AFL_NYX_REUSE_SNAPSHOT path does not contain a valid " + "Nyx snapshot"); } @@ -634,13 +634,14 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, char *workdir_snapshot_path = alloc_printf("%s/workdir/snapshot", outdir_path_absolute); char *reuse_snapshot_path_real = - realpath(getenv("NYX_REUSE_SNAPSHOT"), NULL); + realpath(getenv("AFL_NYX_REUSE_SNAPSHOT"), NULL); if (strcmp(workdir_snapshot_path, reuse_snapshot_path_real) == 0) { - NYX_PRE_FATAL(fsrv, - "NYX_REUSE_SNAPSHOT path is located in current workdir " - "(use another output directory)"); + NYX_PRE_FATAL( + fsrv, + "AFL_NYX_REUSE_SNAPSHOT path is located in current workdir " + "(use another output directory)"); } @@ -648,7 +649,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, ck_free(workdir_snapshot_path); fsrv->nyx_handlers->nyx_config_set_reuse_snapshot_path( - nyx_config, getenv("NYX_REUSE_SNAPSHOT")); + nyx_config, getenv("AFL_NYX_REUSE_SNAPSHOT")); } @@ -670,7 +671,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->nyx_handlers->nyx_get_bitmap_buffer(fsrv->nyx_runner); fsrv->nyx_handlers->nyx_option_set_reload_mode( - fsrv->nyx_runner, getenv("NYX_DISABLE_SNAPSHOT_MODE") == NULL); + fsrv->nyx_runner, getenv("AFL_NYX_DISABLE_SNAPSHOT_MODE") == NULL); fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner); fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 29659013e8..3d7adf41d3 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -302,7 +302,8 @@ static void usage(u8 *argv0, int more_help) { "AFL_NYX_AUX_SIZE: size of the Nyx auxiliary buffer. Must be a multiple of 4096.\n" " Increase this value in case the crash reports are truncated.\n" " Default value is 4096.\n" - + "AFL_NYX_DISABLE_SNAPSHOT_MODE: disable snapshot mode (must be supported by the agent)\n" + "AFL_NYX_REUSE_SNAPSHOT: reuse an existing Nyx root snapshot\n" DYN_COLOR "AFL_PATH: path to AFL support binaries\n" From c2a0a245940f71c466a776d1217adac3f8b25373 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Fri, 4 Aug 2023 12:20:44 +0200 Subject: [PATCH 096/357] add someone else to the "list of contributors" :-) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 42fcaa0d5e..b73cf2c1c5 100644 --- a/README.md +++ b/README.md @@ -229,7 +229,7 @@ Thank you! (For people sending pull requests - please add yourself to this list Thomas Rooijakkers David Carlier Ruben ten Hove Joey Jiao fuzzah @intrigus-lgtm - Yaakov Saxon + Yaakov Saxon Sergej Schumilo ``` From 247d8539feb0dee3eab80586ee4e32292dc7ca78 Mon Sep 17 00:00:00 2001 From: Jesse Schwartzentruber Date: Fri, 4 Aug 2023 15:29:10 -0400 Subject: [PATCH 097/357] Add AFL_NYX_LOG to redirect NYX hprintf messages to a file. --- include/envs.h | 1 + include/forkserver.h | 1 + src/afl-forkserver.c | 19 +++++++++++++++++++ src/afl-fuzz.c | 1 + 4 files changed, 22 insertions(+) diff --git a/include/envs.h b/include/envs.h index ff303387cf..963e13677c 100644 --- a/include/envs.h +++ b/include/envs.h @@ -191,6 +191,7 @@ static char *afl_environment_variables[] = { "AFL_NOOPT", "AFL_NYX_AUX_SIZE", "AFL_NYX_DISABLE_SNAPSHOT_MODE", + "AFL_NYX_LOG", "AFL_NYX_REUSE_SNAPSHOT", "AFL_PASSTHROUGH", "AFL_PATH", diff --git a/include/forkserver.h b/include/forkserver.h index 1d41d83d55..5e498c5635 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -199,6 +199,7 @@ typedef struct afl_forkserver { char *nyx_aux_string; bool nyx_use_tmp_workdir; char *nyx_tmp_workdir_path; + s32 nyx_log_fd; #endif } afl_forkserver_t; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 717898d193..9da096f74b 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -164,6 +164,8 @@ void afl_nyx_runner_kill(afl_forkserver_t *fsrv) { } + if (fsrv->nyx_log_fd >= 0) { close(fsrv->nyx_log_fd); } + } } @@ -218,6 +220,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { fsrv->nyx_bind_cpu_id = 0xFFFFFFFF; fsrv->nyx_use_tmp_workdir = false; fsrv->nyx_tmp_workdir_path = NULL; + fsrv->nyx_log_fd = -1; #endif // this structure needs default so we initialize it if this was not done @@ -575,6 +578,22 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->nyx_handlers->nyx_config_set_input_buffer_write_protection(nyx_config, true); + char *nyx_log_path = getenv("AFL_NYX_LOG"); + if (nyx_log_path) { + + fsrv->nyx_log_fd = + open(nyx_log_path, O_CREAT | O_TRUNC | O_WRONLY, DEFAULT_PERMISSION); + if (fsrv->nyx_log_fd < 0) { + + NYX_PRE_FATAL(fsrv, "AFL_NYX_LOG path could not be written"); + + } + + fsrv->nyx_handlers->nyx_config_set_hprintf_fd(nyx_config, + fsrv->nyx_log_fd); + + } + if (fsrv->nyx_standalone) { fsrv->nyx_handlers->nyx_config_set_process_role(nyx_config, StandAlone); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 3d7adf41d3..e1f93f0ded 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -303,6 +303,7 @@ static void usage(u8 *argv0, int more_help) { " Increase this value in case the crash reports are truncated.\n" " Default value is 4096.\n" "AFL_NYX_DISABLE_SNAPSHOT_MODE: disable snapshot mode (must be supported by the agent)\n" + "AFL_NYX_LOG: output NYX hprintf messages to another file\n" "AFL_NYX_REUSE_SNAPSHOT: reuse an existing Nyx root snapshot\n" DYN_COLOR From 5b55cf84c14cab3c37d659874c02332cbffb7242 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 5 Aug 2023 14:21:56 +0100 Subject: [PATCH 098/357] disable exceptions on LLVM/GCC plugins, decreasing further the libraries's binaries size in the process. --- GNUmakefile.gcc_plugin | 2 +- GNUmakefile.llvm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index a90b02eab2..16c98399d3 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -61,7 +61,7 @@ ifeq "$(findstring Foundation,$(shell $(CC) --version))" "" endif PLUGIN_BASE = "$(shell $(CC) -print-file-name=plugin)" -PLUGIN_FLAGS = -fPIC -fno-rtti -I$(PLUGIN_BASE)/include -I$(PLUGIN_BASE) +PLUGIN_FLAGS = -fPIC -fno-rtti -fno-exceptions -I$(PLUGIN_BASE)/include -I$(PLUGIN_BASE) HASH=\# GCCVER = $(shell $(CC) --version 2>/dev/null | awk 'NR == 1 {print $$NF}') diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index d8c47ccc49..65786d8b0e 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -300,7 +300,7 @@ endif ifneq "$(LLVM_CONFIG)" "" CLANG_CFL += -I$(shell dirname $(LLVM_CONFIG))/../include endif -CLANG_CPPFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fPIC $(CXXFLAGS) $(CPPFLAGS) -Wno-deprecated-declarations +CLANG_CPPFL = `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fno-exceptions -fPIC $(CXXFLAGS) $(CPPFLAGS) -Wno-deprecated-declarations CLANG_LFL = `$(LLVM_CONFIG) --ldflags` $(LDFLAGS) # wasm fuzzing: disable thread-local storage and unset LLVM debug flag From 2c376f899456f3c9ecd010832e5be87c59e8c947 Mon Sep 17 00:00:00 2001 From: David CARLIER Date: Tue, 8 Aug 2023 21:24:05 +0100 Subject: [PATCH 099/357] afl-fuzz-redqueen.c fix build, also forgotten math lib for ilog* calls --- GNUmakefile | 6 +++--- src/afl-fuzz-redqueen.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index f6b76a6c3e..88816e8585 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -255,17 +255,17 @@ endif ifneq "$(findstring FreeBSD, $(SYS))" "" override CFLAGS += -pthread - override LDFLAGS += -lpthread + override LDFLAGS += -lpthread -lm endif ifneq "$(findstring NetBSD, $(SYS))" "" override CFLAGS += -pthread - override LDFLAGS += -lpthread + override LDFLAGS += -lpthread -lm endif ifneq "$(findstring OpenBSD, $(SYS))" "" override CFLAGS += -pthread - override LDFLAGS += -lpthread + override LDFLAGS += -lpthread -lm endif COMM_HDR = include/alloc-inl.h include/config.h include/debug.h include/types.h diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index ca5104c057..509f66a3ee 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2525,6 +2525,7 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, */ #ifdef _DEBUG + u32 j; struct cmp_header *hh = &afl->orig_cmp_map->headers[key]; fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, h->id, hshape, h->attribute); From 5618062cb55f1ac094e33ad662a03df45e048f45 Mon Sep 17 00:00:00 2001 From: marc Date: Wed, 9 Aug 2023 16:28:04 +0200 Subject: [PATCH 100/357] -c - support --- docs/Changelog.md | 2 ++ src/afl-fuzz.c | 25 ++++++++++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index d61ce8ec64..d45b49fe37 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,6 +15,8 @@ command line tool! See custom_mutators/aflpp/standalone/ - display the state of the fuzzing run in the UI :-) - fix timeout setting if '+' is used or a session is restarted + - allow to disable CMPLOG with '-c -' (e.g. afl.rs enforces '-c 0' on + every instance which is counterproductive. - afl-cmin/afl-cmin.bash: - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9afece6632..e0e54b499f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -180,7 +180,8 @@ static void usage(u8 *argv0, int more_help) { "it.\n" " if using QEMU/FRIDA or the fuzzing target is " "compiled\n" - " for CmpLog then just use -c 0.\n" + " for CmpLog then use '-c 0'. To disable Cmplog use '-c " + "-'.\n" " -l cmplog_opts - CmpLog configuration values (e.g. \"2ATR\"):\n" " 1=small files, 2=larger files (default), 3=all " "files,\n" @@ -594,8 +595,23 @@ int main(int argc, char **argv_orig, char **envp) { case 'c': { - afl->shm.cmplog_mode = 1; - afl->cmplog_binary = ck_strdup(optarg); + if (strcmp(optarg, "-") == 0) { + + if (afl->shm.cmplog_mode) { + + ACTF("Disabling cmplog again because of '-c -'."); + afl->shm.cmplog_mode = 0; + afl->cmplog_binary = NULL; + + } + + } else { + + afl->shm.cmplog_mode = 1; + afl->cmplog_binary = ck_strdup(optarg); + + } + break; } @@ -1500,8 +1516,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!afl->use_banner) { afl->use_banner = argv[optind]; } - if (afl->shm.cmplog_mode && - (!strcmp("-", afl->cmplog_binary) || !strcmp("0", afl->cmplog_binary))) { + if (afl->shm.cmplog_mode && strcmp("0", afl->cmplog_binary) == 0) { afl->cmplog_binary = strdup(argv[optind]); From 18d9234dfe4b6db32a2da335834908e49300e5cd Mon Sep 17 00:00:00 2001 From: marc Date: Wed, 9 Aug 2023 16:29:56 +0200 Subject: [PATCH 101/357] Revert "-c - support" This reverts commit 5618062cb55f1ac094e33ad662a03df45e048f45. --- docs/Changelog.md | 2 -- src/afl-fuzz.c | 25 +++++-------------------- 2 files changed, 5 insertions(+), 22 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index d45b49fe37..d61ce8ec64 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,8 +15,6 @@ command line tool! See custom_mutators/aflpp/standalone/ - display the state of the fuzzing run in the UI :-) - fix timeout setting if '+' is used or a session is restarted - - allow to disable CMPLOG with '-c -' (e.g. afl.rs enforces '-c 0' on - every instance which is counterproductive. - afl-cmin/afl-cmin.bash: - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e0e54b499f..9afece6632 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -180,8 +180,7 @@ static void usage(u8 *argv0, int more_help) { "it.\n" " if using QEMU/FRIDA or the fuzzing target is " "compiled\n" - " for CmpLog then use '-c 0'. To disable Cmplog use '-c " - "-'.\n" + " for CmpLog then just use -c 0.\n" " -l cmplog_opts - CmpLog configuration values (e.g. \"2ATR\"):\n" " 1=small files, 2=larger files (default), 3=all " "files,\n" @@ -595,23 +594,8 @@ int main(int argc, char **argv_orig, char **envp) { case 'c': { - if (strcmp(optarg, "-") == 0) { - - if (afl->shm.cmplog_mode) { - - ACTF("Disabling cmplog again because of '-c -'."); - afl->shm.cmplog_mode = 0; - afl->cmplog_binary = NULL; - - } - - } else { - - afl->shm.cmplog_mode = 1; - afl->cmplog_binary = ck_strdup(optarg); - - } - + afl->shm.cmplog_mode = 1; + afl->cmplog_binary = ck_strdup(optarg); break; } @@ -1516,7 +1500,8 @@ int main(int argc, char **argv_orig, char **envp) { if (!afl->use_banner) { afl->use_banner = argv[optind]; } - if (afl->shm.cmplog_mode && strcmp("0", afl->cmplog_binary) == 0) { + if (afl->shm.cmplog_mode && + (!strcmp("-", afl->cmplog_binary) || !strcmp("0", afl->cmplog_binary))) { afl->cmplog_binary = strdup(argv[optind]); From d9cadb2e7db1d1c208cd40299f0e5c4f6364aa2c Mon Sep 17 00:00:00 2001 From: marc Date: Wed, 9 Aug 2023 16:31:30 +0200 Subject: [PATCH 102/357] -c - support --- docs/Changelog.md | 5 ++++- src/afl-fuzz.c | 25 ++++++++++++++++++++----- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 7516717256..76f9854739 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,7 +15,10 @@ command line tool! See custom_mutators/aflpp/standalone/ - display the state of the fuzzing run in the UI :-) - fix timeout setting if '+' is used or a session is restarted - - -c X option to enable base64 transformation solving + - -l X option to enable base64 transformation solving + - allow to disable CMPLOG with '-c -' (e.g. afl.rs enforces '-c 0' on + every instance which is counterproductive). + - afl-cmin/afl-cmin.bash: - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e1f93f0ded..cdb3f99662 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -180,7 +180,8 @@ static void usage(u8 *argv0, int more_help) { "it.\n" " if using QEMU/FRIDA or the fuzzing target is " "compiled\n" - " for CmpLog then just use -c 0.\n" + " for CmpLog then use '-c 0'. To disable Cmplog use '-c " + "-'.\n" " -l cmplog_opts - CmpLog configuration values (e.g. \"2ATR\"):\n" " 1=small files, 2=larger files (default), 3=all " "files,\n" @@ -600,8 +601,23 @@ int main(int argc, char **argv_orig, char **envp) { case 'c': { - afl->shm.cmplog_mode = 1; - afl->cmplog_binary = ck_strdup(optarg); + if (strcmp(optarg, "-") == 0) { + + if (afl->shm.cmplog_mode) { + + ACTF("Disabling cmplog again because of '-c -'."); + afl->shm.cmplog_mode = 0; + afl->cmplog_binary = NULL; + + } + + } else { + + afl->shm.cmplog_mode = 1; + afl->cmplog_binary = ck_strdup(optarg); + + } + break; } @@ -1510,8 +1526,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!afl->use_banner) { afl->use_banner = argv[optind]; } - if (afl->shm.cmplog_mode && - (!strcmp("-", afl->cmplog_binary) || !strcmp("0", afl->cmplog_binary))) { + if (afl->shm.cmplog_mode && strcmp("0", afl->cmplog_binary) == 0) { afl->cmplog_binary = strdup(argv[optind]); From 55d696fbae435e0e69adf75cb2df1361186fb999 Mon Sep 17 00:00:00 2001 From: marc Date: Wed, 9 Aug 2023 17:14:13 +0200 Subject: [PATCH 103/357] code format --- include/afl-fuzz.h | 4 ++-- src/afl-fuzz-init.c | 42 +++++++++++++++++++++++------------------ src/afl-fuzz-redqueen.c | 2 +- src/afl-fuzz.c | 2 +- 4 files changed, 28 insertions(+), 22 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 18352acb34..ef84a18c0b 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -402,14 +402,14 @@ typedef struct afl_env_vars { afl_exit_on_seed_issues, afl_try_affinity, afl_ignore_problems, afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts, afl_no_startup_calibration, afl_no_warn_instability, - afl_post_process_keep_original; + afl_post_process_keep_original, afl_crashing_seeds_as_new_crash; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, *afl_testcache_entries, *afl_child_kill_signal, *afl_fsrv_kill_signal, - *afl_target_env, *afl_persistent_record, *afl_exit_on_time, *afl_crashing_seeds_as_new_crash; + *afl_target_env, *afl_persistent_record, *afl_exit_on_time; s32 afl_pizza_mode; diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index d994d74947..5a530821a0 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1057,18 +1057,21 @@ void perform_dry_run(afl_state_t *afl) { fn, (int)(s8)afl->fsrv.crash_exitcode); } else { + if (afl->afl_env.afl_crashing_seeds_as_new_crash) { - + WARNF( "Test case '%s' results in a crash, " "as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, " - "saving as a new crash", fn); - + "saving as a new crash", + fn); + } else { WARNF("Test case '%s' results in a crash, skipping", fn); - + } + } if (afl->afl_env.afl_exit_on_seed_issues) { @@ -1089,20 +1092,19 @@ void perform_dry_run(afl_state_t *afl) { /* Crashing seeds will be regarded as new crashes on startup */ if (afl->afl_env.afl_crashing_seeds_as_new_crash) { - + ++afl->total_crashes; if (likely(!afl->non_instrumented_mode)) { classify_counts(&afl->fsrv); - + simplify_trace(afl, afl->fsrv.trace_bits); if (!has_new_bits(afl, afl->virgin_crash)) { break; } } - if (unlikely(!afl->saved_crashes) && (afl->afl_env.afl_no_crash_readme != 1)) { @@ -1116,18 +1118,22 @@ void perform_dry_run(afl_state_t *afl) { afl->stage_name = "dry_run"; afl->stage_short = "dry_run"; - #ifndef SIMPLE_FILES +#ifndef SIMPLE_FILES - snprintf(crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s", afl->out_dir, - afl->saved_crashes, afl->fsrv.last_kill_signal, - describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,") - strlen(use_name)), use_name); + snprintf(crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s", + afl->out_dir, afl->saved_crashes, afl->fsrv.last_kill_signal, + describe_op(afl, 0, + NAME_MAX - strlen("id:000000,sig:00,") - + strlen(use_name)), + use_name); - #else +#else - snprintf(crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u", afl->out_dir, - afl->saved_crashes, afl->fsrv.last_kill_signal); + snprintf(crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u", + afl->out_dir, afl->saved_crashes, + afl->fsrv.last_kill_signal); - #endif +#endif ++afl->saved_crashes; @@ -1169,12 +1175,12 @@ void perform_dry_run(afl_state_t *afl) { } } - + q->disabled = 1; q->perf_score = 0; - break; - + break; + case FSRV_RUN_ERROR: FATAL("Unable to execute target application ('%s')", afl->argv[0]); diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 509f66a3ee..db4991dbf8 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2525,7 +2525,7 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, */ #ifdef _DEBUG - u32 j; + u32 j; struct cmp_header *hh = &afl->orig_cmp_map->headers[key]; fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, h->id, hshape, h->attribute); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 733c7429cd..cdb3f99662 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1592,7 +1592,7 @@ int main(int argc, char **argv_orig, char **envp) { if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; } if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; } if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; } - + if (afl->afl_env.afl_autoresume) { afl->autoresume = 1; From 3721c65a0b7fdf2b24713f8009030c6c241e200b Mon Sep 17 00:00:00 2001 From: marc Date: Thu, 10 Aug 2023 10:41:55 +0200 Subject: [PATCH 104/357] v4.08c release --- README.md | 10 +++++----- docs/Changelog.md | 2 +- include/config.h | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index b73cf2c1c5..951efe5948 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ logo -Release version: [4.07c](https://github.com/AFLplusplus/AFLplusplus/releases) +Release version: [4.08c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.08a +GitHub version: 4.08c Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) @@ -12,13 +12,13 @@ Repository: AFL++ is maintained by: * Marc "van Hauser" Heuse -* Andrea Fioraldi * Dominik Maier -* Heiko "hexcoder-" Eißfeldt +* Andrea Fioraldi +* Heiko "hexcoder-" Eissfeldt * frida_mode is maintained by @Worksbutnottested * Documentation: Jana Aydinbas -Originally developed by Michał "lcamtuf" Zalewski. +Originally developed by Michal "lcamtuf" Zalewski. AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc. diff --git a/docs/Changelog.md b/docs/Changelog.md index 76f9854739..2c747e4211 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,7 +3,7 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. -### Version ++4.08a (dev) +### Version ++4.08c (release) - afl-fuzz: - new mutation engine: mutations that favor discovery more paths are prefered until no new finds for 10 minutes then switching to mutations diff --git a/include/config.h b/include/config.h index df54558386..5a81c4e281 100644 --- a/include/config.h +++ b/include/config.h @@ -5,9 +5,9 @@ Originally written by Michal Zalewski Now maintained by Marc Heuse , - Heiko Eißfeldt , - Andrea Fioraldi , Dominik Maier + Andrea Fioraldi , + Heiko Eissfeldt , Copyright 2016, 2017 Google Inc. All rights reserved. Copyright 2019-2023 AFLplusplus Project. All rights reserved. @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.08a" +#define VERSION "++4.08c" /****************************************************** * * From 9607d1db06ebfc2fe1ba565a0ef0123ab3f3e76c Mon Sep 17 00:00:00 2001 From: marc Date: Thu, 10 Aug 2023 10:56:20 +0200 Subject: [PATCH 105/357] v4.09a init --- README.md | 2 +- docs/Changelog.md | 4 ++++ include/config.h | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 951efe5948..322ebcf22d 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Release version: [4.08c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.08c +GitHub version: 4.09a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index 2c747e4211..94b4c50276 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,6 +3,10 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. +### Version ++4.09a (dev) + - something cool :-) + + ### Version ++4.08c (release) - afl-fuzz: - new mutation engine: mutations that favor discovery more paths are diff --git a/include/config.h b/include/config.h index 5a81c4e281..6a75737ffd 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.08c" +#define VERSION "++4.09a" /****************************************************** * * From 1cd9258768253e082baa1cc453c578b373839dbc Mon Sep 17 00:00:00 2001 From: marc Date: Thu, 10 Aug 2023 14:46:37 +0200 Subject: [PATCH 106/357] update tritondse script --- custom_mutators/aflpp_tritondse/aflpp_tritondse.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/custom_mutators/aflpp_tritondse/aflpp_tritondse.py b/custom_mutators/aflpp_tritondse/aflpp_tritondse.py index 58b506b60c..587396963a 100644 --- a/custom_mutators/aflpp_tritondse/aflpp_tritondse.py +++ b/custom_mutators/aflpp_tritondse/aflpp_tritondse.py @@ -164,7 +164,7 @@ def init(seed): format = SeedFormat.COMPOSITE # Now set up TritonDSE config = Config(coverage_strategy = CoverageStrategy.PATH, - debug = is_debug, + # debug = is_debug, pipe_stdout = is_debug, pipe_stderr = is_debug, execution_timeout = 1, From 8823f22a9c87123c1bfcc5bff10044de4c7a4a1f Mon Sep 17 00:00:00 2001 From: marc Date: Fri, 11 Aug 2023 11:22:18 +0200 Subject: [PATCH 107/357] add AFL_FINAL_SYNC --- docs/Changelog.md | 7 +++---- docs/env_variables.md | 13 +++++++++---- include/afl-fuzz.h | 3 ++- include/envs.h | 1 + src/afl-fuzz-state.c | 7 +++++++ src/afl-fuzz.c | 9 +++++++++ 6 files changed, 31 insertions(+), 9 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 94b4c50276..8f2b254520 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,7 +4,9 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.09a (dev) - - something cool :-) + - afl-fuzz: + - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) + before terminating. ### Version ++4.08c (release) @@ -22,7 +24,6 @@ - -l X option to enable base64 transformation solving - allow to disable CMPLOG with '-c -' (e.g. afl.rs enforces '-c 0' on every instance which is counterproductive). - - afl-cmin/afl-cmin.bash: - fixed a bug inherited from vanilla AFL where a coverage of map[123] = 11 would be the same as map[1123] = 1 @@ -40,7 +41,6 @@ - qemu_mode: - added qemu_mode/utils/qemu_get_symbol_addr.sh - ### Version ++4.07c (release) - afl-fuzz: - reverse reading the seeds only on restarts (increases performance) @@ -69,7 +69,6 @@ - TritonDSE in custom_mutators/aflpp_tritondse - SymQEMU in custom_mutators/symqemu - ### Version ++4.06c (release) - afl-fuzz: - ensure temporary file descriptor is closed when not used diff --git a/docs/env_variables.md b/docs/env_variables.md index affc9e3c2e..2ce274d355 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -412,10 +412,15 @@ checks or alter some of the more exotic semantics of the tool: set `AFL_IGNORE_PROBLEMS`. If you additionally want to also ignore coverage from late loaded libraries, you can set `AFL_IGNORE_PROBLEMS_COVERAGE`. - - When running in the `-M` or `-S` mode, setting `AFL_IMPORT_FIRST` causes the - fuzzer to import test cases from other instances before doing anything else. - This makes the "own finds" counter in the UI more accurate. Beyond counter - aesthetics, not much else should change. + - When running with multiple afl-fuzz or with `-F`, setting `AFL_IMPORT_FIRST` + causes the fuzzer to import test cases from other instances before doing + anything else. This makes the "own finds" counter in the UI more accurate. + + - When running with multiple afl-fuzz or with `-F`, setting `AFL_FINAL_SYNC` + will cause the fuzzer to perform a final import of test cases when + terminating. This is beneficial for `-M` main fuzzers to ensure it has all + unique test cases and hence you only need to `afl-cmin` this single + queue. - Setting `AFL_INPUT_LEN_MIN` and `AFL_INPUT_LEN_MAX` are an alternative to the afl-fuzz -g/-G command line option to control the minimum/maximum diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index ef84a18c0b..1f89bbd824 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -402,7 +402,8 @@ typedef struct afl_env_vars { afl_exit_on_seed_issues, afl_try_affinity, afl_ignore_problems, afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts, afl_no_startup_calibration, afl_no_warn_instability, - afl_post_process_keep_original, afl_crashing_seeds_as_new_crash; + afl_post_process_keep_original, afl_crashing_seeds_as_new_crash, + afl_final_sync; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, diff --git a/include/envs.h b/include/envs.h index 0007d5a89a..3f5a9e1c35 100644 --- a/include/envs.h +++ b/include/envs.h @@ -59,6 +59,7 @@ static char *afl_environment_variables[] = { "AFL_EXIT_ON_TIME", "AFL_EXIT_ON_SEED_ISSUES", "AFL_FAST_CAL", + "AFL_FINAL_SYNC", "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS", "AFL_FRIDA_DRIVER_NO_HOOK", diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 5a6b95cf4b..97e00415ad 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -269,6 +269,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_import_first = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_FINAL_SYNC", + + afl_environment_variable_len)) { + + afl->afl_env.afl_final_sync = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index cdb3f99662..c2ec4a1d14 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2899,6 +2899,15 @@ int main(int argc, char **argv_orig, char **envp) { time_spent_working / afl->fsrv.total_execs); #endif + if (afl->afl_env.afl_final_sync) { + + SAYF(cYEL "[!] " cRST "\nPerforming final sync, this make take some time ...\n"); + sync_fuzzers(afl); + write_bitmap(afl); + SAYF(cYEL "[!] " cRST "Done!\n\n"); + + } + if (afl->is_main_node) { u8 path[PATH_MAX]; From 030799638ddb7bd42d97fea81951c7cb246e263b Mon Sep 17 00:00:00 2001 From: chinggg <24590067+chinggg@users.noreply.github.com> Date: Sun, 13 Aug 2023 00:24:44 +0800 Subject: [PATCH 108/357] Remove redundant comparison of `fav_factor` in `update_bitmap_score` `top_rated_fav_factor` was actually calculated twice, but only one calculation and comparison is needed. Since `fav_factor` > `top_rated_fav_factor` will always cause skip of current iteration, `else if (fuzz_p2 == top_rated_fuzz_p2)` is also redundant. --- src/afl-fuzz-queue.c | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 48fd33ecba..20973f51c3 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -746,30 +746,9 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { } - if (fuzz_p2 > top_rated_fuzz_p2) { + if (fuzz_p2 > top_rated_fuzz_p2) continue; - continue; - - } else if (fuzz_p2 == top_rated_fuzz_p2) { - - if (fav_factor > top_rated_fav_factor) { continue; } - - } - - if (unlikely(afl->schedule >= RARE) || unlikely(afl->fixed_seed)) { - - if (fav_factor > afl->top_rated[i]->len << 2) { continue; } - - } else { - - if (fav_factor > - afl->top_rated[i]->exec_us * afl->top_rated[i]->len) { - - continue; - - } - - } + if (fav_factor > top_rated_fav_factor) continue; /* Looks like we're going to win. Decrease ref count for the previous winner, discard its afl->fsrv.trace_bits[] if necessary. */ From 26f29fd485efaa08824c27501f82caeea525b5e3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 13 Aug 2023 10:18:33 +0200 Subject: [PATCH 109/357] nits --- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-queue.c | 27 ++++++++++++++++++++------- src/afl-fuzz.c | 3 ++- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 87157cad9c..0429db34ed 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -474,7 +474,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { /* Generating a hash on every input is super expensive. Bad idea and should only be used for special schedules */ - if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) { + if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { classify_counts(&afl->fsrv); classified = 1; diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 20973f51c3..14ba1aceab 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -701,13 +701,20 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { u64 fav_factor; u64 fuzz_p2; - if (unlikely(afl->schedule >= FAST && afl->schedule < RARE)) + if (likely(afl->schedule >= FAST && afl->schedule < RARE)) { + fuzz_p2 = 0; // Skip the fuzz_p2 comparison - else if (unlikely(afl->schedule == RARE)) + + } else if (unlikely(afl->schedule == RARE)) { + fuzz_p2 = next_pow2(afl->n_fuzz[q->n_fuzz_entry]); - else + + } else { + fuzz_p2 = q->fuzz_level; + } + if (unlikely(afl->schedule >= RARE) || unlikely(afl->fixed_seed)) { fav_factor = q->len << 2; @@ -729,12 +736,18 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { /* Faster-executing or smaller test cases are favored. */ u64 top_rated_fav_factor; u64 top_rated_fuzz_p2; - if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) + + if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { + top_rated_fuzz_p2 = next_pow2(afl->n_fuzz[afl->top_rated[i]->n_fuzz_entry]); - else + + } else { + top_rated_fuzz_p2 = afl->top_rated[i]->fuzz_level; + } + if (unlikely(afl->schedule >= RARE) || unlikely(afl->fixed_seed)) { top_rated_fav_factor = afl->top_rated[i]->len << 2; @@ -746,9 +759,9 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { } - if (fuzz_p2 > top_rated_fuzz_p2) continue; + if (likely(fuzz_p2 > top_rated_fuzz_p2)) { continue; } - if (fav_factor > top_rated_fav_factor) continue; + if (likely(fav_factor > top_rated_fav_factor)) { continue; } /* Looks like we're going to win. Decrease ref count for the previous winner, discard its afl->fsrv.trace_bits[] if necessary. */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index c2ec4a1d14..93bcdccf43 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2901,7 +2901,8 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->afl_env.afl_final_sync) { - SAYF(cYEL "[!] " cRST "\nPerforming final sync, this make take some time ...\n"); + SAYF(cYEL "[!] " cRST + "\nPerforming final sync, this make take some time ...\n"); sync_fuzzers(afl); write_bitmap(afl); SAYF(cYEL "[!] " cRST "Done!\n\n"); From 4d8d8633ff39cda2f1d48b66c45e5ae6cd2af477 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 13 Aug 2023 11:44:37 +0200 Subject: [PATCH 110/357] update faq --- docs/FAQ.md | 40 ++++++++++++++++++++++++++++++++++++++-- include/afl-fuzz.h | 9 ++++----- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/docs/FAQ.md b/docs/FAQ.md index 9275eb94a7..242a379b8d 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -29,8 +29,8 @@ If you find an interesting or important question missing, submit it via which then implemented their own research and features, making it now by far the most flexible and feature rich guided fuzzer available as open source. And in independent fuzzing benchmarks it is one of the best fuzzers available, - e.g., [Fuzzbench - Report](https://www.fuzzbench.com/reports/2020-08-03/index.html). + e.g., + [Fuzzbench Report](https://www.fuzzbench.com/reports/2020-08-03/index.html).

@@ -103,6 +103,42 @@ If you find an interesting or important question missing, submit it via to itself, this too would be an edge.

+
+ Should you ever stop afl-fuzz, minimize the corpus and restart?

+ + To stop afl-fuzz, minimize it's corpus and restart you would usually do: + + ``` + Control-C # to terminate afl-fuzz + $ afl-cmin -T nproc -i out/default/queue -o minimized_queue -- ./target + $ AFL_FAST_CAL=1 AFL_CMPLOG_ONLY_NEW=1 afl-fuzz -i minimized_queue -o out2 [other options] -- ./target + ``` + + If this improves fuzzing or not is debated and no consensus has been reached + or in-depth analysis been performed. + + On the pro side: + * The queue/corpus is reduced (up to 20%) by removing intermediate paths + that are maybe not needed anymore. + + On the con side: + * Fuzzing time is lost for the time the fuzzing is stopped, minimized and + restarted. + + The the big question: + * Does a minimized queue/corpus improve finding new coverage or does it + hinder it? + + The AFL++ team's own limited analysis seem to to show that keeping + intermediate paths help to find more coverage, at least for afl-fuzz. + + For honggfuzz in comparison it is a good idea to restart it from time to + time if you have other fuzzers (e.g: AFL++) running in parallel to sync + the finds of other fuzzers to honggfuzz as it has no syncing feature like + AFL++ or libfuzzer. + +

+ ## Targets
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 1f89bbd824..3dfd2b2c9d 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -158,6 +158,7 @@ struct queue_entry { u8 colorized, /* Do not run redqueen stage again */ cal_failed; /* Calibration failed? */ + bool trim_done, /* Trimmed? */ was_fuzzed, /* historical, but needed for MOpt */ passed_det, /* Deterministic stages passed? */ @@ -169,17 +170,15 @@ struct queue_entry { disabled; /* Is disabled from fuzz selection */ u32 bitmap_size, /* Number of bits set in bitmap */ - fuzz_level, /* Number of fuzzing iterations */ - n_fuzz_entry /* offset in n_fuzz */ #ifdef INTROSPECTION - , stats_selected, /* stats: how often selected */ stats_skipped, /* stats: how often skipped */ stats_finds, /* stats: # of saved finds */ stats_crashes, /* stats: # of saved crashes */ - stats_tmouts /* stats: # of saved timeouts */ + stats_tmouts, /* stats: # of saved timeouts */ #endif - ; + fuzz_level, /* Number of fuzzing iterations */ + n_fuzz_entry; /* offset in n_fuzz */ u64 exec_us, /* Execution time (us) */ handicap, /* Number of queue cycles behind */ From fdb4ed2131347b78ae2904978a331d87333f8f3f Mon Sep 17 00:00:00 2001 From: echel0nn Date: Sun, 13 Aug 2023 19:41:43 +0300 Subject: [PATCH 111/357] added an example of ELF Header mutator --- custom_mutators/examples/elf_header_mutator.c | 684 ++++++++++++++++++ 1 file changed, 684 insertions(+) create mode 100644 custom_mutators/examples/elf_header_mutator.c diff --git a/custom_mutators/examples/elf_header_mutator.c b/custom_mutators/examples/elf_header_mutator.c new file mode 100644 index 0000000000..32980d1233 --- /dev/null +++ b/custom_mutators/examples/elf_header_mutator.c @@ -0,0 +1,684 @@ +/* + AFL++ Custom Mutator for ELF Headers + Written by @echel0n + based on libgolf.h by @xcellerator + $ gcc -O3 -fPIC -shared -o elf_mutator.so -I ~/AFLplusplus/include/ + */ +#include "afl-fuzz.h" +#include +#include +#include +#include +#include +#include + +/* EI_ABIVERSION isn't used anymore and elf.h defines EI_PAD to be 0x09 */ +#define EI_ABIVERSION 0x08 +#define EI_PAD 0x09 +/* Define the Architecture and ISA constants to match those in */ +#define X86_64 EM_X86_64 +#define ARM32 EM_ARM +#define AARCH64 EM_AARCH64 +#define uchar unsigned char +#define DATA_SIZE 0x100 + +/* + * The ELF and Program headers are different sizes depending on 32- and 64-bit + * architectures + * taken from libgolf.h + */ +#define EHDR_T(x) Elf##x##_Ehdr +#define PHDR_T(x) Elf##x##_Phdr +#define EHDR(x) ehdr##x +#define PHDR(x) phdr##x +#define GET_EHDR(x) (&(elf_ptr->EHDR(x))); +#define GET_PHDR(x) (&(elf_ptr->PHDR(x))); +#define REF_EHDR(b, x) ((Elf##b##_Ehdr *)ehdr)->x +#define REF_PHDR(b, x) ((Elf##b##_Phdr *)phdr)->x +int ehdr_size; +int phdr_size; +/* + * This struct holds the bytes that will be executed, and the size. + */ +typedef struct text_segment { + + size_t text_size; + unsigned char *text_segment; + +} TextSegment; + +// example shellcode that exits +// taken from libgolf.h +unsigned char buf[] = {0xb0, 0x3c, 0x31, 0xff, 0x0f, 0x05}; + +/* + * This is the raw ELF file + * - EHDR(xx) is the ELF header + * - PHDR(xx) is the program header + * - text is the text segment + * - filename is the name of the golf'd binary + * - isa is the target architecture (X86_64, ARM32, AARCH64) + * taken from libgolf.h + */ +typedef struct rawbinary_t { + + EHDR_T(32) EHDR(32); + PHDR_T(32) PHDR(32); + EHDR_T(64) EHDR(64); + PHDR_T(64) PHDR(64); + TextSegment text; + char *filename; + int isa; + +} RawBinary; + +/* + * Copy an E_IDENT array into the corresponding fields in the ELF header + * Called by populate_ehdr() + * taken from libgolf.h + */ +int populate_e_ident(RawBinary *elf_ptr, unsigned char e_ident[]) { + + int i; + /* Depending on whether the target ISA is 32- or 64-bit, set e_ident */ + switch (elf_ptr->isa) { + + case X86_64: + case AARCH64: + for (i = 0; i < EI_NIDENT; i++) + elf_ptr->EHDR(64).e_ident[i] = e_ident[i]; + break; + case ARM32: + for (i = 0; i < EI_NIDENT; i++) + elf_ptr->EHDR(32).e_ident[i] = e_ident[i]; + break; + default: + exit(1); + + } + + return 0; + +} + +/* + * Copy bytes from buf[] array into text_segment in ELF struct + * taken from libgolf.h + */ +int copy_text_segment(RawBinary *elf_ptr, unsigned char buf[], int text_size) { + + int i; + + /* Set size of text segment and allocate the buffer */ + elf_ptr->text.text_size = text_size; + elf_ptr->text.text_segment = + malloc(elf_ptr->text.text_size * sizeof(unsigned char)); + + /* Copy the bytes into the text segment buffer */ + for (i = 0; i < elf_ptr->text.text_size; i++) { + + elf_ptr->text.text_segment[i] = buf[i]; + + } + +} + +/* + * Populate the ELF Header with sane values + * Returns a pointer to an EHDR struct + * taken from libgolf.h + */ +void *populate_ehdr(RawBinary *elf_ptr) { + + /* + * Set ehdr_size and phdr_size. Determined by whether target ISA is 32- or + * 64-bit. + */ + switch (elf_ptr->isa) { + + case X86_64: + case AARCH64: + ehdr_size = sizeof(EHDR_T(64)); + phdr_size = sizeof(PHDR_T(64)); + break; + case ARM32: + ehdr_size = sizeof(EHDR_T(32)); + phdr_size = sizeof(PHDR_T(32)); + break; + default: + exit(1); + + }; + + /* Start with the E_IDENT area at the top of the file */ + unsigned char e_ident[EI_NIDENT] = {0}; + + /* Magic Bytes */ + e_ident[EI_MAG0] = 0x7F; + e_ident[EI_MAG1] = 0x45; // E + e_ident[EI_MAG2] = 0x4C; // L + e_ident[EI_MAG3] = 0x46; // F + + /* + * EI_CLASS denotes the architecture: + * ELFCLASS32: 0x01 + * ELFCLASS64: 0x02 + */ + switch (elf_ptr->isa) { + + case X86_64: + case AARCH64: + e_ident[EI_CLASS] = ELFCLASS64; + break; + case ARM32: + e_ident[EI_CLASS] = ELFCLASS32; + break; + default: + exit(1); + + } + + /* + * EI_DATA denotes the endianness: + * ELFDATA2LSB: 0x01 + * ELFDATA2MSB: 0x02 + */ + e_ident[EI_DATA] = ELFDATA2LSB; + + /* EI_VERSION is always 0x01 */ + e_ident[EI_VERSION] = EV_CURRENT; + + /* + * EI_OSABI defines the target OS. Ignored by most modern ELF parsers. + */ + e_ident[EI_OSABI] = ELFOSABI_NONE; + + /* EI_ABIVERSION was for sub-classification. Un-defined since Linux 2.6 */ + e_ident[EI_ABIVERSION] = 0x00; + + /* EI_PAD is currently unused */ + e_ident[EI_PAD] = 0x00; + + /* Copy the E_IDENT section to the ELF struct */ + populate_e_ident(elf_ptr, e_ident); + + /* + * The remainder of the ELF header following E_IDENT follows. + * + * ehdr is a pointer to either an Elf32_Edhr, or Elf64_Ehdr struct. + */ + void *ehdr = NULL; + switch (elf_ptr->isa) { + + case X86_64: + case AARCH64: + ehdr = (&(elf_ptr->EHDR(64))); + break; + case ARM32: + ehdr = (&(elf_ptr->EHDR(32))); + break; + default: + exit(1); + + } + + /* + * Depending on whether the ISA is 32- or 64-bit determines the size of + * many of the fields in the ELF Header. This switch case deals with it. + */ + switch (elf_ptr->isa) { + + // 64-Bit ISAs + case X86_64: + case AARCH64: + /* + * e_type specifies what kind of ELF file this is: + * ET_NONE: 0x00 // Unknown Type + * ET_REL: 0x01 // Relocatable + * ET_EXEC: 0x02 // Executable File + * ET_DYN: 0x03 // Shared Object + * ET_CORE: 0x04 // Core Dump + */ + REF_EHDR(64, e_type) = ET_EXEC; // 0x0002 + + /* e_machine specifies the target ISA */ + REF_EHDR(64, e_machine) = elf_ptr->isa; + + /* e_version is always set of 0x01 for the original ELF spec */ + REF_EHDR(64, e_version) = EV_CURRENT; // 0x00000001 + + /* + * e_entry is the memory address of the entry point + * Set by set_entry_point() after p_vaddr is set in the phdr + */ + REF_EHDR(64, e_entry) = 0x0; + + /* + * e_phoff points to the start of the program header, which + * immediately follows the ELF header + */ + REF_EHDR(64, e_phoff) = ehdr_size; + + /* e_shoff points to the start of the section header table */ + REF_EHDR(64, e_shoff) = 0x00; + + /* e_flags is architecture dependent */ + REF_EHDR(64, e_flags) = 0x0; + + /* e_ehsize contains the size of the ELF header */ + REF_EHDR(64, e_ehsize) = ehdr_size; + + /* e_phentsize is the size of the program header */ + REF_EHDR(64, e_phentsize) = phdr_size; + + /* + * e_phnum contains the number of entries in the program header + * e_phnum * e_phentsize = size of program header table + */ + REF_EHDR(64, e_phnum) = 0x1; + + /* e_shentsize contains the size of a section header entry */ + REF_EHDR(64, e_shentsize) = 0x0; + + /* + * e_shnum contains the number of entries in the section header + * e_shnum * e_shentsize = size of section header table + */ + REF_EHDR(64, e_shnum) = 0x0; + + /* + * e_shstrndx contains the index of the section header table that + * contains the section names + */ + REF_EHDR(64, e_shstrndx) = 0x0; + + break; + // 32-Bit ISAs + case ARM32: + /* + * e_type specifies what kind of ELF file this is: + * ET_NONE: 0x00 // Unknown Type + * ET_REL: 0x01 // Relocatable + * ET_EXEC: 0x02 // Executable File + * ET_DYN: 0x03 // Shared Object + * ET_CORE: 0x04 // Core Dump + */ + REF_EHDR(32, e_type) = ET_EXEC; // 0x0002 + + /* e_machine specifies the target ISA */ + REF_EHDR(32, e_machine) = elf_ptr->isa; + + /* e_version is always set of 0x01 for the original ELF spec */ + REF_EHDR(32, e_version) = EV_CURRENT; // 0x00000001 + + /* + * e_entry is the memory address of the entry point + * Set by set_entry_point() after p_vaddr is set in the phdr + */ + REF_EHDR(32, e_entry) = 0x0; + + /* + * e_phoff points to the start of the program header, which + * immediately follows the ELF header + */ + REF_EHDR(32, e_phoff) = ehdr_size; + + /* e_shoff points to the start of the section header table */ + REF_EHDR(32, e_shoff) = 0x0i; + + /* e_flags is architecture dependent */ + REF_EHDR(32, e_flags) = 0x0; + + /* e_ehsize contains the size of the ELF header */ + REF_EHDR(32, e_ehsize) = ehdr_size; + + /* e_phentsize is the size of the program header */ + REF_EHDR(32, e_phentsize) = phdr_size; + + /* + * e_phnum contains the number of entries in the program header + * e_phnum * e_phentsize = size of program header table + */ + REF_EHDR(32, e_phnum) = 0x1; + + /* e_shentsize contains the size of a section header entry */ + REF_EHDR(32, e_shentsize) = 0x0; + + /* + * e_shnum contains the number of entries in the section header + * e_shnum * e_shentsize = size of section header table + */ + REF_EHDR(32, e_shnum) = 0x0; + + /* + * e_shstrndx contains the index of the section header table that + * contains the section names + */ + REF_EHDR(32, e_shnum) = 0x0; + + break; + + } + + return ehdr; + +} + +/* + * Populate the program headers with sane values + * Returns a pointer to a PHDR struct + * taken from libgolf.h + */ +void *populate_phdr(RawBinary *elf_ptr) { + + /* + * All offsets are relative to the start of the program header (0x40) + * + * phdr is a pointer to either an Elf32_Phdr, or Elf64_Phdr struct. + */ + void *phdr = NULL; + switch (elf_ptr->isa) { + + case X86_64: + case AARCH64: + phdr = (&(elf_ptr->PHDR(64))); + break; + case ARM32: + phdr = (&(elf_ptr->PHDR(32))); + break; + default: + exit(1); + + } + + /* + * Depending on whether the ISA is 32- or 64-bit determines the size of + * many of the fields in the Progra Header. This switch case deals with it. + */ + switch (elf_ptr->isa) { + + // 64-Bit ISAs + case X86_64: + case AARCH64: + /* + * p_type identifies what type of segment this is + * PT_NULL: 0x0 // Unused + * PT_LOAD: 0x1 // Loadable Segment + * PT_DYNAMIC: 0x2 // Dynamic Linker Information + * PT_INTERP: 0x3 // Interpreter Information + * PT_NOTE: 0x4 // Auxiliary Information + * PT_SHLIB: 0x5 // Reserved + * PT_PHDR: 0x6 // Segment with Program Header + * PT_TLS: 0x7 // Thread Local Storage + */ + REF_PHDR(64, p_type) = PT_LOAD; // 0x1 + + /* + * p_flags defines permissions for this section + * PF_R: 0x4 // Read + * PF_W: 0x2 // Write + * PF_X: 0x1 // Execute + */ + REF_PHDR(64, p_flags) = PF_R | PF_X; // 0x5 + + /* + * p_offset is the offset in the file image (relative to the start + * of the program header) for this segment. + */ + REF_PHDR(64, p_offset) = 0x0; + + /* + * p_vaddr is the virtual address where this segment should be loaded + * p_paddr is for the physical address (unused by System V) + */ + REF_PHDR(64, p_vaddr) = 0x400000; + REF_PHDR(64, p_paddr) = 0x400000; + + /* + * p_filesz is the size of the segment in the file image + * p_memsz is the size of the segment in memory + * + * Note: p_filesz doesn't have to equal p_memsz + */ + REF_PHDR(64, p_filesz) = elf_ptr->text.text_size; + REF_PHDR(64, p_memsz) = elf_ptr->text.text_size; + + break; + // 32-Bit ISAs + case ARM32: + /* + * p_type identifies what type of segment this is + * PT_NULL: 0x0 // Unused + * PT_LOAD: 0x1 // Loadable Segment + * PT_DYNAMIC: 0x2 // Dynamic Linker Information + * PT_INTERP: 0x3 // Interpreter Information + * PT_NOTE: 0x4 // Auxiliary Information + * PT_SHLIB: 0x5 // Reserved + * PT_PHDR: 0x6 // Segment with Program Header + * PT_TLS: 0x7 // Thread Local Storage + */ + REF_PHDR(32, p_type) = PT_LOAD; // 0x1 + + /* + * p_flags defines permissions for this section + * PF_R: 0x4 // Read + * PF_W: 0x2 // Write + * PF_X: 0x1 // Execute + */ + REF_PHDR(32, p_flags) = PF_R | PF_X; // 0x5 + + /* + * p_offset is the offset in the file image (relative to the start + * of the program header) for this segment. + */ + REF_PHDR(32, p_offset) = 0x0; + + /* + * p_vaddr is the virtual address where this segment should be loaded + * p_paddr is for the physical address (unused by System V) + */ + REF_PHDR(32, p_vaddr) = 0x10000; + REF_PHDR(32, p_paddr) = 0x10000; + + /* + * p_filesz is the size of the segment in the file image + * p_memsz is the size of the segment in memory + * + * Note: p_filesz doesn't have to equal p_memsz + */ + REF_PHDR(32, p_filesz) = elf_ptr->text.text_size; + REF_PHDR(32, p_memsz) = elf_ptr->text.text_size; + + break; + default: + exit(1); + + } + + /* + * p_align is the memory alignment + * + * Note: p_vaddr = p_offset % p_align + */ + switch (elf_ptr->isa) { + + case X86_64: + REF_PHDR(64, p_align) = 0x400000; + break; + case ARM32: + REF_PHDR(32, p_align) = 0x10000; + break; + case AARCH64: + REF_PHDR(64, p_align) = 0x400000; + break; + + } + + return phdr; + +} + +/* + * e_entry depends on p_vaddr, so has to be set after populate_ehdr() + * and populate_phdr() have been called. + * taken from libgolf.h + */ +int set_entry_point(RawBinary *elf_ptr) { + + /* + * Once the whole ELF file is copied into memory, control is handed to + * e_entry. Relative to the process's virtual memory address, the .text + * segment will be located immediately after the ELF and program header. + * + * ehdr and phdr are pointers to the ELF and Program headers respectively. + * The switch case casts and assigns them to the correct fields of the ELF + * struct, then sets ehdr->e_entry. + */ + void *ehdr, *phdr; + + switch (elf_ptr->isa) { + + case X86_64: + case AARCH64: + ehdr = GET_EHDR(64); + phdr = GET_PHDR(64); + REF_EHDR(64, e_entry) = REF_PHDR(64, p_vaddr) + ehdr_size + phdr_size; + break; + case ARM32: + ehdr = GET_EHDR(32); + phdr = GET_PHDR(32); + REF_EHDR(32, e_entry) = REF_PHDR(32, p_vaddr) + ehdr_size + phdr_size; + break; + default: + exit(1); + + } + + return 0; + +} + +typedef struct my_mutator { + + afl_state_t *afl; + size_t trim_size_current; + int trimmming_steps; + int cur_step; + u8 *mutated_out, *post_process_buf, *trim_buf; + +} my_mutator_t; + +my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { + + srand(seed); // needed also by surgical_havoc_mutate() + my_mutator_t *data = calloc(1, sizeof(my_mutator_t)); + if (!data) { + + perror("afl_custom_init alloc"); + return NULL; + + } + + if ((data->mutated_out = (u8 *)malloc(MAX_FILE)) == NULL) { + + perror("afl_custom_init malloc"); + return NULL; + + } + + if ((data->post_process_buf = (u8 *)malloc(MAX_FILE)) == NULL) { + + perror("afl_custom_init malloc"); + return NULL; + + } + + if ((data->trim_buf = (u8 *)malloc(MAX_FILE)) == NULL) { + + perror("afl_custom_init malloc"); + return NULL; + + } + + data->afl = afl; + return data; + +} + +size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *in_buf, size_t buf_size, + u8 **out_buf, uint8_t *add_buf, + size_t add_buf_size, // add_buf can be NULL + size_t max_size) { + + RawBinary elf_obj; + RawBinary *elf = &elf_obj; + elf->isa = 62; + Elf64_Ehdr *ehdr; + Elf64_Phdr *phdr; + copy_text_segment(elf, buf, sizeof(buf)); + ehdr = populate_ehdr(elf); + phdr = populate_phdr(elf); + set_entry_point(elf); + + size_t mutated_size = ehdr_size + phdr_size + elf->text.text_size; + int pos = 0; + // example fields + ehdr->e_ident[EI_CLASS] = (uint8_t *)(in_buf + pos); + pos = pos + 1; + ehdr->e_ident[EI_DATA] = (uint8_t *)(in_buf + pos); + pos = pos + 1; + ehdr->e_ident[EI_VERSION] = (uint8_t *)(in_buf + pos); + pos = pos + 1; + ehdr->e_ident[EI_OSABI] = (uint8_t *)(in_buf + pos); + pos = pos + 1; + for (int i = 0x8; i < 0x10; ++i) { + + (ehdr->e_ident)[i] = (uint8_t *)(in_buf + pos); + pos = pos + 1; + + } + + ehdr->e_version = (uint32_t *)(in_buf + pos); + pos = pos + 4; + // sections headers + ehdr->e_shoff = (uint64_t *)(in_buf + pos); + pos = pos + 8; + ehdr->e_shentsize = (uint16_t *)(in_buf + pos); + pos = pos + 2; + ehdr->e_shnum = (uint16_t *)(in_buf + pos); + pos = pos + 2; + ehdr->e_shstrndx = (uint16_t *)(in_buf + pos); + pos = pos + 2; + ehdr->e_flags = (uint32_t *)(in_buf + pos); + pos = pos + 4; + // physical addr + phdr->p_paddr = (uint64_t *)(in_buf + pos); + pos = pos + 8; + phdr->p_align = (uint64_t *)(in_buf + pos); + pos = pos + 8; + + /* mimic GEN_ELF() + * Write: + * - ELF Header + * - Program Header + * - Text Segment + */ + memcpy(data->mutated_out, ehdr, ehdr_size); + memcpy(data->mutated_out + ehdr_size, phdr, phdr_size); + memcpy(data->mutated_out + ehdr_size + phdr_size, elf->text.text_segment, + elf->text.text_size); + + *out_buf = data->mutated_out; + return mutated_size; + +} + +void afl_custom_deinit(my_mutator_t *data) { + + free(data->post_process_buf); + free(data->mutated_out); + free(data->trim_buf); + free(data); + +} + From ca82b65d6c10482aee9cedbea43a5078011b1ce2 Mon Sep 17 00:00:00 2001 From: echel0nn Date: Sun, 13 Aug 2023 21:59:00 +0300 Subject: [PATCH 112/357] added README description & shortened pos defs --- custom_mutators/examples/README.md | 3 ++ custom_mutators/examples/elf_header_mutator.c | 31 ++++++++----------- 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/custom_mutators/examples/README.md b/custom_mutators/examples/README.md index 655f7a5ed6..112db2432a 100644 --- a/custom_mutators/examples/README.md +++ b/custom_mutators/examples/README.md @@ -33,3 +33,6 @@ like surgical_havoc_mutate() that allow to perform a randomly chosen mutation from a subset of the havoc mutations. If you do so, you have to specify -I /path/to/AFLplusplus/include when compiling. + +elf_header_mutator.c - example ELF header mutator based on + [LibGolf](https://github.com/xcellerator/libgolf/) diff --git a/custom_mutators/examples/elf_header_mutator.c b/custom_mutators/examples/elf_header_mutator.c index 32980d1233..b985257afa 100644 --- a/custom_mutators/examples/elf_header_mutator.c +++ b/custom_mutators/examples/elf_header_mutator.c @@ -623,39 +623,34 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *in_buf, size_t buf_size, size_t mutated_size = ehdr_size + phdr_size + elf->text.text_size; int pos = 0; // example fields - ehdr->e_ident[EI_CLASS] = (uint8_t *)(in_buf + pos); - pos = pos + 1; - ehdr->e_ident[EI_DATA] = (uint8_t *)(in_buf + pos); - pos = pos + 1; - ehdr->e_ident[EI_VERSION] = (uint8_t *)(in_buf + pos); - pos = pos + 1; - ehdr->e_ident[EI_OSABI] = (uint8_t *)(in_buf + pos); - pos = pos + 1; + ehdr->e_ident[EI_CLASS] = (uint8_t *)(in_buf + pos++); + ehdr->e_ident[EI_DATA] = (uint8_t *)(in_buf + pos++); + ehdr->e_ident[EI_VERSION] = (uint8_t *)(in_buf + pos++); + ehdr->e_ident[EI_OSABI] = (uint8_t *)(in_buf + pos++); for (int i = 0x8; i < 0x10; ++i) { - (ehdr->e_ident)[i] = (uint8_t *)(in_buf + pos); - pos = pos + 1; + (ehdr->e_ident)[i] = (uint8_t *)(in_buf + pos++); } ehdr->e_version = (uint32_t *)(in_buf + pos); - pos = pos + 4; + pos += 4; // sections headers ehdr->e_shoff = (uint64_t *)(in_buf + pos); - pos = pos + 8; + pos += 8; ehdr->e_shentsize = (uint16_t *)(in_buf + pos); - pos = pos + 2; + pos += 2; ehdr->e_shnum = (uint16_t *)(in_buf + pos); - pos = pos + 2; + pos += 2; ehdr->e_shstrndx = (uint16_t *)(in_buf + pos); - pos = pos + 2; + pos += 2; ehdr->e_flags = (uint32_t *)(in_buf + pos); - pos = pos + 4; + pos += 4; // physical addr phdr->p_paddr = (uint64_t *)(in_buf + pos); - pos = pos + 8; + pos += 8; phdr->p_align = (uint64_t *)(in_buf + pos); - pos = pos + 8; + pos += 8; /* mimic GEN_ELF() * Write: From c2c8e780a5d10fe7500ec9add0aa5b2cb081fe71 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Aug 2023 10:50:07 +0200 Subject: [PATCH 113/357] add benchmark --- benchmark/COMPARISON | 4 ++++ benchmark/benchmark.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ docs/Changelog.md | 2 ++ 3 files changed, 48 insertions(+) create mode 100644 benchmark/COMPARISON create mode 100755 benchmark/benchmark.sh diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON new file mode 100644 index 0000000000..55ab94b4d1 --- /dev/null +++ b/benchmark/COMPARISON @@ -0,0 +1,4 @@ +CPU | Mz | exec/s | afl-*-config | +========================================|======|========|==============| +CPU 12th Gen Intel(R) Core(TM) i7-1270P | 4200 | 12750 | both | +AMD EPYC 7282 16-Core Processor | 3190 | 10060 | both | diff --git a/benchmark/benchmark.sh b/benchmark/benchmark.sh new file mode 100755 index 0000000000..3318adceef --- /dev/null +++ b/benchmark/benchmark.sh @@ -0,0 +1,42 @@ +#!/bin/sh +test -x ../afl-fuzz -a -x ../afl-cc -a -e ../SanitizerCoveragePCGUARD.so || { + echo Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built. + exit 1 +} + +echo Preparing environment + +env | grep AFL_ | sed 's/=.*//' | while read e; do + unset $e +done + +AFL_PATH=`pwd`/.. +export PATH=$AFL_PATH:$PATH + +AFL_LLVM_INSTRUMENT=PCGUARD afl-cc -o test-instr ../test-instr.c > afl.log 2>&1 || { + echo Error: afl-cc is unable to compile + exit 1 +} + +{ +mkdir in +dd if=/dev/zero of=in/in.txt bs=10K count=1 +} > /dev/null 2>&1 + +echo Ready, starting benchmark - this will take approx 20-30 seconds ... + +AFL_DISABLE_TRIM=1 AFL_NO_UI=1 AFL_TRY_AFFINITY=1 AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_BENCH_JUST_ONE=1 time afl-fuzz -i in -o out -s 123 -D ./test-instr >> afl.log 2>&1 + +echo Analysis: + +CPUID=$(grep 'try binding to' afl.log | tail -n 1 | sed 's/.*#//' | sed 's/\..*//') +grep 'model name' /proc/cpuinfo | head -n 1 | sed 's/.*:/ CPU:/' +test -n "$CPUID" && grep -E '^processor|^cpu MHz' /proc/cpuinfo | grep -A1 -w "$CPUID" | grep 'cpu MHz' | head -n 1 | sed 's/.*:/ Mhz:/' +test -z "$CPUID" && grep 'cpu MHz' /proc/cpuinfo | head -n 1 | sed 's/.*:/ Mhz:/' +grep execs_per_sec out/default/fuzzer_stats | sed 's/.*:/ execs\/s:/' + +echo +echo "Comparison: (note that values can change by 10-15% per run)" +cat COMPARISON + +rm -rf in out test-instr afl.log diff --git a/docs/Changelog.md b/docs/Changelog.md index 8f2b254520..b809559eeb 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -7,6 +7,8 @@ - afl-fuzz: - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) before terminating. + - added benchmark/benchmark.sh if you want to see how good your fuzzing + speed is in comparison to other setups. ### Version ++4.08c (release) From 8cf6a13eb7f0d56495baf92745fae3084dc2fb67 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 17 Aug 2023 11:47:12 +0200 Subject: [PATCH 114/357] add env var to help output --- src/afl-fuzz.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 93bcdccf43..43834172b7 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -299,6 +299,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" "AFL_NO_SNAPSHOT: do not use the snapshot feature (if the snapshot lkm is loaded)\n" "AFL_NO_STARTUP_CALIBRATION: no initial seed calibration, start fuzzing at once\n" + "AFL_NO_WARN_INSTABILITY: no warn about instability issues on startup calibration\n" "AFL_NO_UI: switch status screen off\n" "AFL_NYX_AUX_SIZE: size of the Nyx auxiliary buffer. Must be a multiple of 4096.\n" " Increase this value in case the crash reports are truncated.\n" From 53c26d086b94c4e5f31dddac0dd212cbff89e957 Mon Sep 17 00:00:00 2001 From: "Samuel E. Moelius III" Date: Sat, 19 Aug 2023 08:17:23 -0400 Subject: [PATCH 115/357] Loosen `ReportCrash` check --- afl-system-config | 2 +- src/afl-fuzz-init.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/afl-system-config b/afl-system-config index b50bb06ef9..e3eb85273c 100755 --- a/afl-system-config +++ b/afl-system-config @@ -110,7 +110,7 @@ if [ "$PLATFORM" = "Darwin" ] ; then sysctl kern.sysv.shmall=131072000 echo Settings applied. echo - if $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ; then + if $(launchctl list 2>/dev/null | grep -q '\.ReportCrash\>') ; then echo echo Unloading the default crash reporter SL=/System/Library; PL=com.apple.ReportCrash diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 5a530821a0..4c09fab790 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2270,7 +2270,7 @@ void check_crash_handling(void) { reporting the awful way. */ #if !TARGET_OS_IPHONE - if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash$'")) return; + if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash\\>'")) return; SAYF( "\n" cLRD "[-] " cRST From 80f74934dd413c35fe71c27214d18cfd16de3cce Mon Sep 17 00:00:00 2001 From: "Samuel E. Moelius III" Date: Sat, 19 Aug 2023 08:43:47 -0400 Subject: [PATCH 116/357] Don't hide errors --- afl-system-config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/afl-system-config b/afl-system-config index e3eb85273c..07d509ff0f 100755 --- a/afl-system-config +++ b/afl-system-config @@ -114,8 +114,8 @@ if [ "$PLATFORM" = "Darwin" ] ; then echo echo Unloading the default crash reporter SL=/System/Library; PL=com.apple.ReportCrash - launchctl unload -w ${SL}/LaunchAgents/${PL}.plist >/dev/null 2>&1 - sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist >/dev/null 2>&1 + launchctl unload -w ${SL}/LaunchAgents/${PL}.plist + sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist echo fi echo It is recommended to disable System Integrity Protection for increased performance. From 71f9999f292ba524a4c67a124c00db4205111350 Mon Sep 17 00:00:00 2001 From: "Samuel E. Moelius III" Date: Sat, 19 Aug 2023 11:08:01 -0400 Subject: [PATCH 117/357] Adjust use of `sudo` --- afl-system-config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/afl-system-config b/afl-system-config index 07d509ff0f..e64857eb5c 100755 --- a/afl-system-config +++ b/afl-system-config @@ -114,8 +114,8 @@ if [ "$PLATFORM" = "Darwin" ] ; then echo echo Unloading the default crash reporter SL=/System/Library; PL=com.apple.ReportCrash - launchctl unload -w ${SL}/LaunchAgents/${PL}.plist - sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist + sudo -u "$SUDO_USER" launchctl unload -w ${SL}/LaunchAgents/${PL}.plist + launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist echo fi echo It is recommended to disable System Integrity Protection for increased performance. From 213298fe5939df730d2341e2d2f75cd6daf77df7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 21 Aug 2023 16:38:48 +0200 Subject: [PATCH 118/357] afl-whatsup add coverage output --- afl-whatsup | 12 ++++++++++++ docs/Changelog.md | 1 + 2 files changed, 13 insertions(+) diff --git a/afl-whatsup b/afl-whatsup index 6f29ab242b..c1f0abaab3 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -70,6 +70,8 @@ if [ -d queue ]; then fi +BC=`which bc 2>/dev/null` + RED=`tput setaf 9 1 1 2>/dev/null` GREEN=`tput setaf 2 1 1 2>/dev/null` BLUE=`tput setaf 4 1 1 2>/dev/null` @@ -91,6 +93,7 @@ TOTAL_CRASHES=0 TOTAL_HANGS=0 TOTAL_PFAV=0 TOTAL_PENDING=0 +TOTAL_COVERAGE= # Time since last find / crash / hang, formatted as string FMT_TIME="0 days 0 hours" @@ -147,6 +150,13 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do RUN_UNIX=$run_time RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) RUN_HRS=$(((RUN_UNIX / 60 / 60) % 24)) + COVERAGE=$(echo $bitmap_cvg|tr -d %) + if [ -n "$TOTAL_COVERAGE" -a -n "$B" ]; then + if [ "$(echo "$TOTAL_COVERAGE < $COVERAGE" | bc)" -eq 1 ]; then + TOTAL_COVERAGE=$COVERAGE + fi + fi + if [ -z "$TOTAL_COVERAGE" ]; then TOTAL_COVERAGE=$COVERAGE ; fi test -n "$cycles_wo_finds" && { test -z "$FIRST" && TOTAL_WCOP="${TOTAL_WCOP}/" @@ -227,6 +237,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do echo " last_crash : $FMT_CRASH" echo " last_hang : $FMT_HANG" echo " cycles_wo_finds : $FMT_CWOP" + echo " coverage : $COVERAGE%" CPU_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $3}') MEM_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $4}') @@ -302,6 +313,7 @@ if [ "$ALIVE_CNT" -gt "1" ]; then echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)" fi +echo " Coverage reached : ${TOTAL_COVERAGE}%" echo " Crashes saved : $TOTAL_CRASHES" echo " Hangs saved : $TOTAL_HANGS" echo "Cycles without finds : $TOTAL_WCOP" diff --git a/docs/Changelog.md b/docs/Changelog.md index b809559eeb..dfb5afa163 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -7,6 +7,7 @@ - afl-fuzz: - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) before terminating. + - afl-whatsup: now also shows coverage reached - added benchmark/benchmark.sh if you want to see how good your fuzzing speed is in comparison to other setups. From f41d121f0767d929e34bbac7cb8d09ba4731730c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 22 Aug 2023 10:03:03 +0200 Subject: [PATCH 119/357] afl-whatsup -m -n --- afl-whatsup | 89 +++++++++++++++++++++++++++++++++-------------- docs/Changelog.md | 5 ++- 2 files changed, 67 insertions(+), 27 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index c1f0abaab3..47133a139e 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -24,38 +24,60 @@ test "$1" = "-h" -o "$1" = "-hh" && { echo "Usage: $0 [-s] [-d] afl_output_directory" echo echo Options: - echo " -s - skip details and output summary results only" echo " -d - include dead fuzzer stats" + echo " -m - just show minimal stats" + echo " -n - no color output" + echo " -s - skip details and output summary results only" echo exit 1 } -unset SUMMARY_ONLY +unset MINIMAL_ONLY +unset NO_COLOR unset PROCESS_DEAD +unset SUMMARY_ONLY +unset RED +unset GREEN +unset YELLOW +unset BLUE +unset NC +unset RESET -while [ "$1" = "-s" -o "$1" = "-d" ]; do +if [ -z "$TERM" ]; then export TERM=vt220; fi - if [ "$1" = "-s" ]; then - SUMMARY_ONLY=1 - fi +while [ "$1" = "-d" -o "$1" = "-m" -o "$1" = "-n" -o "$1" = "-s" ]; do if [ "$1" = "-d" ]; then PROCESS_DEAD=1 fi + if [ "$1" = "-m" ]; then + MINIMAL_ONLY=1 + fi + + if [ "$1" = "-n" ]; then + NO_COLOR=1 + fi + + if [ "$1" = "-s" ]; then + SUMMARY_ONLY=1 + fi + shift done DIR="$1" -if [ "$DIR" = "" ]; then +if [ "$DIR" = "" -o "$DIR" = "-h" -o "$DIR" = "--help" ]; then - echo "Usage: $0 [-s] [-d] afl_output_directory" 1>&2 + echo "Usage: $0 [-d] [-m] [-n] [-s] afl_output_directory" 1>&2 echo 1>&2 echo Options: 1>&2 - echo " -s - skip details and output summary results only" 1>&2 echo " -d - include dead fuzzer stats" 1>&2 + echo " -m - just show minimal stats" 1>&2 + echo " -n - no color output" 1>&2 + echo " -s - skip details and output summary results only" 1>&2 echo 1>&2 exit 1 @@ -72,12 +94,14 @@ fi BC=`which bc 2>/dev/null` -RED=`tput setaf 9 1 1 2>/dev/null` -GREEN=`tput setaf 2 1 1 2>/dev/null` -BLUE=`tput setaf 4 1 1 2>/dev/null` -YELLOW=`tput setaf 11 1 1 2>/dev/null` -NC=`tput sgr0` -RESET="$NC" +if [ -z "$NO_COLOR" ]; then + RED=`tput setaf 9 1 1 2>/dev/null` + GREEN=`tput setaf 2 1 1 2>/dev/null` + BLUE=`tput setaf 4 1 1 2>/dev/null` + YELLOW=`tput setaf 11 1 1 2>/dev/null` + NC=`tput sgr0` + RESET="$NC" +fi CUR_TIME=`date +%s` @@ -235,14 +259,21 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do echo " last_find : $FMT_FIND" echo " last_crash : $FMT_CRASH" - echo " last_hang : $FMT_HANG" - echo " cycles_wo_finds : $FMT_CWOP" + if [ -z "$MINIMAL_ONLY" ]; then + echo " last_hang : $FMT_HANG" + echo " cycles_wo_finds : $FMT_CWOP" + fi echo " coverage : $COVERAGE%" - CPU_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $3}') - MEM_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $4}') + if [ -z "$MINIMAL_ONLY" ]; then + + CPU_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $3}') + MEM_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $4}') + + echo " cpu usage $CPU_USAGE%, memory usage $MEM_USAGE%" + + fi - echo " cpu usage $CPU_USAGE%, memory usage $MEM_USAGE%" echo " cycles $((cycles_done + 1)), lifetime speed $EXEC_SEC execs/sec, items $cur_item/$corpus_count (${PATH_PERC}%)" if [ "$saved_crashes" = "0" ]; then @@ -302,21 +333,27 @@ if [ ! "$DEAD_CNT" = "0" ]; then fi echo " Total run time : $FMT_TIME" -echo " Total execs : $FMT_EXECS" -echo " Cumulative speed : $TOTAL_EPS execs/sec" +if [ -z "$MINIMAL_ONLY" ]; then + echo " Total execs : $FMT_EXECS" + echo " Cumulative speed : $TOTAL_EPS execs/sec" +fi if [ "$ALIVE_CNT" -gt "0" ]; then echo " Average speed : $((TOTAL_EPS / ALIVE_CNT)) execs/sec" fi -echo " Pending items : $TOTAL_PFAV faves, $TOTAL_PENDING total" +if [ -z "$MINIMAL_ONLY" ]; then + echo " Pending items : $TOTAL_PFAV faves, $TOTAL_PENDING total" +fi -if [ "$ALIVE_CNT" -gt "1" ]; then +if [ "$ALIVE_CNT" -gt "1" -o -n "$MINIMAL_ONLY" ]; then echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)" fi echo " Coverage reached : ${TOTAL_COVERAGE}%" echo " Crashes saved : $TOTAL_CRASHES" -echo " Hangs saved : $TOTAL_HANGS" -echo "Cycles without finds : $TOTAL_WCOP" +if [ -z "$MINIMAL_ONLY" ]; then + echo " Hangs saved : $TOTAL_HANGS" + echo "Cycles without finds : $TOTAL_WCOP" +fi echo " Time without finds : $TOTAL_LAST_FIND" echo diff --git a/docs/Changelog.md b/docs/Changelog.md index dfb5afa163..fa9099c047 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -7,7 +7,10 @@ - afl-fuzz: - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) before terminating. - - afl-whatsup: now also shows coverage reached + - afl-whatsup: + - now also shows coverage reached + - option -m shows only very relevant stats + - option -n will not use color in the output - added benchmark/benchmark.sh if you want to see how good your fuzzing speed is in comparison to other setups. From 959b75358971c41956346636ce84d46dbe1bf286 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 22 Aug 2023 10:09:49 +0200 Subject: [PATCH 120/357] fix --- afl-whatsup | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index 47133a139e..bbb73e4778 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -18,9 +18,9 @@ # instances of afl-fuzz. # -echo "$0 status check tool for afl-fuzz by Michal Zalewski" -echo test "$1" = "-h" -o "$1" = "-hh" && { + echo "$0 status check tool for afl-fuzz by Michal Zalewski" + echo echo "Usage: $0 [-s] [-d] afl_output_directory" echo echo Options: @@ -71,6 +71,8 @@ DIR="$1" if [ "$DIR" = "" -o "$DIR" = "-h" -o "$DIR" = "--help" ]; then + echo "$0 status check tool for afl-fuzz by Michal Zalewski" 1>&2 + echo 1>&2 echo "Usage: $0 [-d] [-m] [-n] [-s] afl_output_directory" 1>&2 echo 1>&2 echo Options: 1>&2 @@ -83,6 +85,11 @@ if [ "$DIR" = "" -o "$DIR" = "-h" -o "$DIR" = "--help" ]; then fi +if [ -z "$MINIMAL_ONLY" ]; then + echo "$0 status check tool for afl-fuzz by Michal Zalewski" + echo +fi + cd "$DIR" || exit 1 if [ -d queue ]; then @@ -325,7 +332,10 @@ fi echo "Summary stats" echo "=============" -echo +if [ -z "$SUMMARY_ONLY" -o -z "$MINIMAL_ONLY" ]; then + echo +fi + echo " Fuzzers alive : $ALIVE_CNT" if [ ! "$DEAD_CNT" = "0" ]; then @@ -345,7 +355,9 @@ if [ -z "$MINIMAL_ONLY" ]; then fi if [ "$ALIVE_CNT" -gt "1" -o -n "$MINIMAL_ONLY" ]; then - echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)" + if [ "$ALIVE_CNT" -gt "0" ]; then + echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)" + fi fi echo " Coverage reached : ${TOTAL_COVERAGE}%" From 19d0c6a4c5015368ff610418994b2dc8f3f66117 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 23 Aug 2023 17:35:24 +0200 Subject: [PATCH 121/357] afl-whatsup startup detection --- afl-whatsup | 63 +++++++++++++++++++++++++++++++++++++++++------ docs/Changelog.md | 1 + 2 files changed, 56 insertions(+), 8 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index bbb73e4778..ebd1ce6127 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -100,6 +100,7 @@ if [ -d queue ]; then fi BC=`which bc 2>/dev/null` +FUSER=`which fuser 2>/dev/null` if [ -z "$NO_COLOR" ]; then RED=`tput setaf 9 1 1 2>/dev/null` @@ -116,6 +117,7 @@ TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-wha ALIVE_CNT=0 DEAD_CNT=0 +START_CNT=0 TOTAL_TIME=0 TOTAL_EXECS=0 @@ -177,6 +179,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do sed 's/^command_line.*$/_skip:1/;s/[ ]*:[ ]*/="/;s/$/"/' "$i" >"$TMP" . "$TMP" DIR=$(dirname "$i") + DIRECTORY=$DIR DIR=${DIR##*/} RUN_UNIX=$run_time RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) @@ -204,19 +207,59 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do if ! kill -0 "$fuzzer_pid" 2>/dev/null; then - if [ "$SUMMARY_ONLY" = "" ]; then + IS_STARTING= + IS_DEAD= - echo " Instance is dead or running remotely, skipping." - echo + if [ -e "$i" ] && [ -e "$DIRECTORY/fuzzer_setup" ] && [ -n "$FUSER" ]; then + + if [ "$i" -ot "$DIRECTORY/fuzzer_setup" ]; then + + # fuzzer_setup is newer than fuzzer_stats, maybe the instance is starting? + TMP_PID=`fuser -v "$DIRECTORY" 2>&1 | grep afl-fuzz` + + if [ -n "$TMP_PID" ]; then + + if [ "$SUMMARY_ONLY" = "" ]; then + + echo " Instance is still starting up, skipping." + echo + + fi + + START_CNT=$((START_CNT + 1)) + last_find=0 + IS_STARTING=1 + + if [ "$PROCESS_DEAD" = "" ]; then + + continue + + fi + + fi + + fi fi - DEAD_CNT=$((DEAD_CNT + 1)) - last_find=0 + if [ -z "$IS_STARTING" ]; then + + if [ "$SUMMARY_ONLY" = "" ]; then + + echo " Instance is dead or running remotely, skipping." + echo + + fi - if [ "$PROCESS_DEAD" = "" ]; then + DEAD_CNT=$((DEAD_CNT + 1)) + IS_DEAD=1 + last_find=0 - continue + if [ "$PROCESS_DEAD" = "" ]; then + + continue + + fi fi @@ -326,7 +369,7 @@ if [ "$PROCESS_DEAD" = "" ]; then else TXT="included in stats" - ALIVE_CNT=$(($ALIVE_CNT - $DEAD_CNT)) + ALIVE_CNT=$(($ALIVE_CNT - $DEAD_CNT - $START_CNT)) fi @@ -338,6 +381,10 @@ fi echo " Fuzzers alive : $ALIVE_CNT" +if [ ! "$START_CNT" = "0" ]; then + echo " Starting up : $START_CNT ($TXT)" +fi + if [ ! "$DEAD_CNT" = "0" ]; then echo " Dead or remote : $DEAD_CNT ($TXT)" fi diff --git a/docs/Changelog.md b/docs/Changelog.md index fa9099c047..961b294039 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,6 +8,7 @@ - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) before terminating. - afl-whatsup: + - detect instanced that are starting up and show them as such as not dead - now also shows coverage reached - option -m shows only very relevant stats - option -n will not use color in the output From d95cef82730c8ea7debbac676aeeee232c08fc5a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 23 Aug 2023 17:47:12 +0200 Subject: [PATCH 122/357] fix --- afl-whatsup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl-whatsup b/afl-whatsup index ebd1ce6127..093cda81eb 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -185,7 +185,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) RUN_HRS=$(((RUN_UNIX / 60 / 60) % 24)) COVERAGE=$(echo $bitmap_cvg|tr -d %) - if [ -n "$TOTAL_COVERAGE" -a -n "$B" ]; then + if [ -n "$TOTAL_COVERAGE" -a -n "$COVERAGE" ]; then if [ "$(echo "$TOTAL_COVERAGE < $COVERAGE" | bc)" -eq 1 ]; then TOTAL_COVERAGE=$COVERAGE fi From 549e5dd9269238ac43ff482d439f7f671946185c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 23 Aug 2023 18:02:33 +0200 Subject: [PATCH 123/357] AFL_IGNORE_SEED_PROBLEMS --- docs/Changelog.md | 2 ++ docs/env_variables.md | 3 +++ include/afl-fuzz.h | 7 +++--- include/envs.h | 1 + src/afl-fuzz-init.c | 53 +++++++++++++++++++++++++++++++++---------- src/afl-fuzz-state.c | 7 ++++++ src/afl-fuzz.c | 2 ++ 7 files changed, 59 insertions(+), 16 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 961b294039..87c01f21bf 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -7,6 +7,8 @@ - afl-fuzz: - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) before terminating. + - added AFL_IGNORE_SEED_PROBLEMS to skip over seeds that time out instead + of exiting with an error message - afl-whatsup: - detect instanced that are starting up and show them as such as not dead - now also shows coverage reached diff --git a/docs/env_variables.md b/docs/env_variables.md index 2ce274d355..3bb4e84470 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -327,6 +327,9 @@ checks or alter some of the more exotic semantics of the tool: (`-i in`). This is an important feature to set when resuming a fuzzing session. + - `AFL_IGNORE_SEED_PROBLEMS` will skip over crashes and timeouts in the seeds + instead of exiting. + - Setting `AFL_CRASH_EXITCODE` sets the exit code AFL++ treats as crash. For example, if `AFL_CRASH_EXITCODE='-1'` is set, each input resulting in a `-1` return code (i.e. `exit(-1)` got called), will be treated as if a crash had diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 3dfd2b2c9d..d02e852ea1 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1,4 +1,3 @@ - /* american fuzzy lop++ - fuzzer header ------------------------------------ @@ -175,10 +174,10 @@ struct queue_entry { stats_skipped, /* stats: how often skipped */ stats_finds, /* stats: # of saved finds */ stats_crashes, /* stats: # of saved crashes */ - stats_tmouts, /* stats: # of saved timeouts */ + stats_tmouts, /* stats: # of saved timeouts */ #endif fuzz_level, /* Number of fuzzing iterations */ - n_fuzz_entry; /* offset in n_fuzz */ + n_fuzz_entry; /* offset in n_fuzz */ u64 exec_us, /* Execution time (us) */ handicap, /* Number of queue cycles behind */ @@ -402,7 +401,7 @@ typedef struct afl_env_vars { afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts, afl_no_startup_calibration, afl_no_warn_instability, afl_post_process_keep_original, afl_crashing_seeds_as_new_crash, - afl_final_sync; + afl_final_sync, afl_ignore_seed_problems; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, diff --git a/include/envs.h b/include/envs.h index 3f5a9e1c35..4259d6ddd5 100644 --- a/include/envs.h +++ b/include/envs.h @@ -113,6 +113,7 @@ static char *afl_environment_variables[] = { "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IGNORE_PROBLEMS", "AFL_IGNORE_PROBLEMS_COVERAGE", + "AFL_IGNORE_SEED_PROBLEMS", "AFL_IGNORE_TIMEOUTS", "AFL_IGNORE_UNKNOWN_ENVS", "AFL_IMPORT_FIRST", diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 4c09fab790..9fc0cc5738 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -951,19 +951,47 @@ void perform_dry_run(afl_state_t *afl) { } else { - SAYF("\n" cLRD "[-] " cRST - "The program took more than %u ms to process one of the initial " - "test cases.\n" - " This is bad news; raising the limit with the -t option is " - "possible, but\n" - " will probably make the fuzzing process extremely slow.\n\n" + static int say_once = 0; + + if (!say_once) { + + SAYF( + "\n" cLRD "[-] " cRST + "The program took more than %u ms to process one of the " + "initial " + "test cases.\n" + " This is bad news; raising the limit with the -t option is " + "possible, but\n" + " will probably make the fuzzing process extremely slow.\n\n" + + " If this test case is just a fluke, the other option is to " + "just avoid it\n" + " altogether, and find one that is less of a CPU hog.\n", + afl->fsrv.exec_tmout); + + if (!afl->afl_env.afl_ignore_seed_problems) { + + FATAL("Test case '%s' results in a timeout", fn); + + } + + say_once = 1; + + } + + if (!q->was_fuzzed) { - " If this test case is just a fluke, the other option is to " - "just avoid it\n" - " altogether, and find one that is less of a CPU hog.\n", - afl->fsrv.exec_tmout); + q->was_fuzzed = 1; + --afl->pending_not_fuzzed; + --afl->active_items; - FATAL("Test case '%s' results in a timeout", fn); + } + + q->disabled = 1; + q->perf_score = 0; + + WARNF("Test case '%s' results in a timeout, skipping", fn); + break; } @@ -2270,7 +2298,8 @@ void check_crash_handling(void) { reporting the awful way. */ #if !TARGET_OS_IPHONE - if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash\\>'")) return; + if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash\\>'")) + return; SAYF( "\n" cLRD "[-] " cRST diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 97e00415ad..db82536dcd 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -316,6 +316,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_ignore_problems = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_IGNORE_SEED_PROBLEMS", + + afl_environment_variable_len)) { + + afl->afl_env.afl_ignore_seed_problems = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_IGNORE_TIMEOUTS", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 43834172b7..08960ac6c1 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -275,6 +275,8 @@ static void usage(u8 *argv0, int more_help) { "AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected\n" "AFL_IGNORE_PROBLEMS_COVERAGE: if set in addition to AFL_IGNORE_PROBLEMS - also\n" " ignore those libs for coverage\n" + "AFL_IGNORE_SEED_PROBLEMS: skip over crashes and timeouts in the seeds instead of\n" + " exiting\n" "AFL_IGNORE_TIMEOUTS: do not process or save any timeouts\n" "AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n" "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n" From 82c875ef8a8523d699bfc999769680fddc51380a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 23 Aug 2023 18:06:44 +0200 Subject: [PATCH 124/357] fix --- afl-whatsup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl-whatsup b/afl-whatsup index 093cda81eb..d28c46fef2 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -185,7 +185,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) RUN_HRS=$(((RUN_UNIX / 60 / 60) % 24)) COVERAGE=$(echo $bitmap_cvg|tr -d %) - if [ -n "$TOTAL_COVERAGE" -a -n "$COVERAGE" ]; then + if [ -n "$TOTAL_COVERAGE" -a -n "$COVERAGE" -a -n "$BC" ]; then if [ "$(echo "$TOTAL_COVERAGE < $COVERAGE" | bc)" -eq 1 ]; then TOTAL_COVERAGE=$COVERAGE fi From 4a7e35b29c6711b68d3d579716685c3752ff62a8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 24 Aug 2023 09:26:54 +0200 Subject: [PATCH 125/357] add missing envs --- src/afl-fuzz.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 08960ac6c1..8b9c1e5074 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -265,6 +265,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" "AFL_EXIT_ON_TIME: exit when no new coverage is found within the specified time\n" + "AFL_EXIT_ON_SEED_ISSUES: exit on any kind of seed issues\n" "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60\n" " minutes and a cycle without finds)\n" "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n" @@ -331,6 +332,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_STATSD_TAGS_FLAVOR: set statsd tags format (default: disable tags)\n" " suported formats: dogstatsd, librato, signalfx, influxdb\n" "AFL_SYNC_TIME: sync time between fuzzing instances (in minutes)\n" + "AFL_FINAL_SYNC: sync a final time when exiting (will delay the exit!)\n" "AFL_NO_CRASH_README: do not create a README in the crashes directory\n" "AFL_TESTCACHE_SIZE: use a cache for testcases, improves performance (in MB)\n" "AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n" From 2b53b4af5c4cdab4e5e12aaced79aa87dda31464 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 28 Aug 2023 13:58:55 +0200 Subject: [PATCH 126/357] better afl startup detection in afl-whatsup --- afl-whatsup | 355 +++++++++++++++++++++++++++------------------------- 1 file changed, 186 insertions(+), 169 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index d28c46fef2..b83be5b3ae 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -46,7 +46,7 @@ unset RESET if [ -z "$TERM" ]; then export TERM=vt220; fi while [ "$1" = "-d" -o "$1" = "-m" -o "$1" = "-n" -o "$1" = "-s" ]; do - + if [ "$1" = "-d" ]; then PROCESS_DEAD=1 fi @@ -62,15 +62,15 @@ while [ "$1" = "-d" -o "$1" = "-m" -o "$1" = "-n" -o "$1" = "-s" ]; do if [ "$1" = "-s" ]; then SUMMARY_ONLY=1 fi - + shift - + done DIR="$1" if [ "$DIR" = "" -o "$DIR" = "-h" -o "$DIR" = "--help" ]; then - + echo "$0 status check tool for afl-fuzz by Michal Zalewski" 1>&2 echo 1>&2 echo "Usage: $0 [-d] [-m] [-n] [-s] afl_output_directory" 1>&2 @@ -82,7 +82,7 @@ if [ "$DIR" = "" -o "$DIR" = "-h" -o "$DIR" = "--help" ]; then echo " -s - skip details and output summary results only" 1>&2 echo 1>&2 exit 1 - + fi if [ -z "$MINIMAL_ONLY" ]; then @@ -93,10 +93,10 @@ fi cd "$DIR" || exit 1 if [ -d queue ]; then - + echo "[-] Error: parameter is an individual output directory, not a sync dir." 1>&2 exit 1 - + fi BC=`which bc 2>/dev/null` @@ -135,11 +135,11 @@ FMT_CRASH="none seen yet" FMT_HANG="none seen yet" if [ "$SUMMARY_ONLY" = "" ]; then - + echo "Individual fuzzers" echo "==================" echo - + fi fmt_duration() @@ -148,22 +148,22 @@ fmt_duration() if [ $1 -le 0 ]; then return 1 fi - + local duration=$((CUR_TIME - $1)) local days=$((duration / 60 / 60 / 24)) local hours=$(((duration / 60 / 60) % 24)) local minutes=$(((duration / 60) % 60)) local seconds=$((duration % 60)) - + if [ $duration -le 0 ]; then DUR_STRING="0 seconds" - elif [ $duration -eq 1 ]; then + elif [ $duration -eq 1 ]; then DUR_STRING="1 second" - elif [ $days -gt 0 ]; then + elif [ $days -gt 0 ]; then DUR_STRING="$days days, $hours hours" - elif [ $hours -gt 0 ]; then + elif [ $hours -gt 0 ]; then DUR_STRING="$hours hours, $minutes minutes" - elif [ $minutes -gt 0 ]; then + elif [ $minutes -gt 0 ]; then DUR_STRING="$minutes minutes, $seconds seconds" else DUR_STRING="$seconds seconds" @@ -174,168 +174,185 @@ FIRST=true TOTAL_WCOP= TOTAL_LAST_FIND=0 -for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do - - sed 's/^command_line.*$/_skip:1/;s/[ ]*:[ ]*/="/;s/$/"/' "$i" >"$TMP" - . "$TMP" - DIR=$(dirname "$i") - DIRECTORY=$DIR - DIR=${DIR##*/} - RUN_UNIX=$run_time - RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) - RUN_HRS=$(((RUN_UNIX / 60 / 60) % 24)) - COVERAGE=$(echo $bitmap_cvg|tr -d %) - if [ -n "$TOTAL_COVERAGE" -a -n "$COVERAGE" -a -n "$BC" ]; then - if [ "$(echo "$TOTAL_COVERAGE < $COVERAGE" | bc)" -eq 1 ]; then - TOTAL_COVERAGE=$COVERAGE - fi - fi - if [ -z "$TOTAL_COVERAGE" ]; then TOTAL_COVERAGE=$COVERAGE ; fi - - test -n "$cycles_wo_finds" && { - test -z "$FIRST" && TOTAL_WCOP="${TOTAL_WCOP}/" - TOTAL_WCOP="${TOTAL_WCOP}${cycles_wo_finds}" - FIRST= - } - - if [ "$SUMMARY_ONLY" = "" ]; then - - echo ">>> $afl_banner instance: $DIR ($RUN_DAYS days, $RUN_HRS hrs) fuzzer PID: $fuzzer_pid <<<" - echo - - fi - - if ! kill -0 "$fuzzer_pid" 2>/dev/null; then - - IS_STARTING= - IS_DEAD= - - if [ -e "$i" ] && [ -e "$DIRECTORY/fuzzer_setup" ] && [ -n "$FUSER" ]; then - - if [ "$i" -ot "$DIRECTORY/fuzzer_setup" ]; then - - # fuzzer_setup is newer than fuzzer_stats, maybe the instance is starting? - TMP_PID=`fuser -v "$DIRECTORY" 2>&1 | grep afl-fuzz` - - if [ -n "$TMP_PID" ]; then - - if [ "$SUMMARY_ONLY" = "" ]; then - - echo " Instance is still starting up, skipping." - echo - - fi - - START_CNT=$((START_CNT + 1)) - last_find=0 - IS_STARTING=1 - - if [ "$PROCESS_DEAD" = "" ]; then - - continue - - fi - - fi - +for j in `find . -maxdepth 2 -iname fuzzer_setup | sort`; do + + DIR=$(dirname "$j") + i=$DIR/fuzzer_stats + + if [ -f "$i" ]; then + + sed 's/^command_line.*$/_skip:1/;s/[ ]*:[ ]*/="/;s/$/"/' "$i" >"$TMP" + . "$TMP" + DIRECTORY=$DIR + DIR=${DIR##*/} + RUN_UNIX=$run_time + RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) + RUN_HRS=$(((RUN_UNIX / 60 / 60) % 24)) + COVERAGE=$(echo $bitmap_cvg|tr -d %) + if [ -n "$TOTAL_COVERAGE" -a -n "$COVERAGE" -a -n "$BC" ]; then + if [ "$(echo "$TOTAL_COVERAGE < $COVERAGE" | bc)" -eq 1 ]; then + TOTAL_COVERAGE=$COVERAGE fi - fi - - if [ -z "$IS_STARTING" ]; then - - if [ "$SUMMARY_ONLY" = "" ]; then - - echo " Instance is dead or running remotely, skipping." - echo - + if [ -z "$TOTAL_COVERAGE" ]; then TOTAL_COVERAGE=$COVERAGE ; fi + + test -n "$cycles_wo_finds" && { + test -z "$FIRST" && TOTAL_WCOP="${TOTAL_WCOP}/" + TOTAL_WCOP="${TOTAL_WCOP}${cycles_wo_finds}" + FIRST= + } + + if [ "$SUMMARY_ONLY" = "" ]; then + + echo ">>> $afl_banner instance: $DIR ($RUN_DAYS days, $RUN_HRS hrs) fuzzer PID: $fuzzer_pid <<<" + echo + + fi + + if ! kill -0 "$fuzzer_pid" 2>/dev/null; then + + IS_STARTING= + IS_DEAD= + + if [ -e "$i" ] && [ -e "$j" ] && [ -n "$FUSER" ]; then + + if [ "$i" -ot "$j" ]; then + + # fuzzer_setup is newer than fuzzer_stats, maybe the instance is starting? + TMP_PID=`fuser -v "$DIRECTORY" 2>&1 | grep afl-fuzz` + + if [ -n "$TMP_PID" ]; then + + if [ "$SUMMARY_ONLY" = "" ]; then + + echo " Instance is still starting up, skipping." + echo + + fi + + START_CNT=$((START_CNT + 1)) + last_find=0 + IS_STARTING=1 + + if [ "$PROCESS_DEAD" = "" ]; then + + continue + + fi + + fi + + fi + fi - - DEAD_CNT=$((DEAD_CNT + 1)) - IS_DEAD=1 - last_find=0 - - if [ "$PROCESS_DEAD" = "" ]; then - - continue - + + if [ -z "$IS_STARTING" ]; then + + if [ "$SUMMARY_ONLY" = "" ]; then + + echo " Instance is dead or running remotely, skipping." + echo + + fi + + DEAD_CNT=$((DEAD_CNT + 1)) + IS_DEAD=1 + last_find=0 + + if [ "$PROCESS_DEAD" = "" ]; then + + continue + + fi + fi - + fi - - fi - - ALIVE_CNT=$((ALIVE_CNT + 1)) - - EXEC_SEC=0 - test -z "$RUN_UNIX" -o "$RUN_UNIX" = 0 || EXEC_SEC=$((execs_done / RUN_UNIX)) - PATH_PERC=$((cur_item * 100 / corpus_count)) - - TOTAL_TIME=$((TOTAL_TIME + RUN_UNIX)) - TOTAL_EPS=$((TOTAL_EPS + EXEC_SEC)) - TOTAL_EXECS=$((TOTAL_EXECS + execs_done)) - TOTAL_CRASHES=$((TOTAL_CRASHES + saved_crashes)) - TOTAL_HANGS=$((TOTAL_HANGS + saved_hangs)) - TOTAL_PENDING=$((TOTAL_PENDING + pending_total)) - TOTAL_PFAV=$((TOTAL_PFAV + pending_favs)) - - if [ "$last_find" -gt "$TOTAL_LAST_FIND" ]; then - TOTAL_LAST_FIND=$last_find - fi - - if [ "$SUMMARY_ONLY" = "" ]; then - - # Warnings in red - TIMEOUT_PERC=$((exec_timeout * 100 / execs_done)) - if [ $TIMEOUT_PERC -ge 10 ]; then - echo " ${RED}timeout_ratio $TIMEOUT_PERC%${NC}" + + ALIVE_CNT=$((ALIVE_CNT + 1)) + + EXEC_SEC=0 + test -z "$RUN_UNIX" -o "$RUN_UNIX" = 0 || EXEC_SEC=$((execs_done / RUN_UNIX)) + PATH_PERC=$((cur_item * 100 / corpus_count)) + + TOTAL_TIME=$((TOTAL_TIME + RUN_UNIX)) + TOTAL_EPS=$((TOTAL_EPS + EXEC_SEC)) + TOTAL_EXECS=$((TOTAL_EXECS + execs_done)) + TOTAL_CRASHES=$((TOTAL_CRASHES + saved_crashes)) + TOTAL_HANGS=$((TOTAL_HANGS + saved_hangs)) + TOTAL_PENDING=$((TOTAL_PENDING + pending_total)) + TOTAL_PFAV=$((TOTAL_PFAV + pending_favs)) + + if [ "$last_find" -gt "$TOTAL_LAST_FIND" ]; then + TOTAL_LAST_FIND=$last_find fi - - if [ $EXEC_SEC -eq 0 ]; then - echo " ${YELLOW}no data yet, 0 execs/sec${NC}" - elif [ $EXEC_SEC -lt 100 ]; then - echo " ${RED}slow execution, $EXEC_SEC execs/sec${NC}" - fi - - fmt_duration $last_find && FMT_FIND=$DUR_STRING - fmt_duration $last_crash && FMT_CRASH=$DUR_STRING - fmt_duration $last_hang && FMT_HANG=$DUR_STRING - FMT_CWOP="not available" - test -n "$cycles_wo_finds" && { - test "$cycles_wo_finds" = 0 && FMT_CWOP="$cycles_wo_finds" - test "$cycles_wo_finds" -gt 10 && FMT_CWOP="${YELLOW}$cycles_wo_finds${NC}" - test "$cycles_wo_finds" -gt 50 && FMT_CWOP="${RED}$cycles_wo_finds${NC}" - } - - echo " last_find : $FMT_FIND" - echo " last_crash : $FMT_CRASH" - if [ -z "$MINIMAL_ONLY" ]; then - echo " last_hang : $FMT_HANG" - echo " cycles_wo_finds : $FMT_CWOP" + + if [ "$SUMMARY_ONLY" = "" ]; then + + # Warnings in red + TIMEOUT_PERC=$((exec_timeout * 100 / execs_done)) + if [ $TIMEOUT_PERC -ge 10 ]; then + echo " ${RED}timeout_ratio $TIMEOUT_PERC%${NC}" + fi + + if [ $EXEC_SEC -eq 0 ]; then + echo " ${YELLOW}no data yet, 0 execs/sec${NC}" + elif [ $EXEC_SEC -lt 100 ]; then + echo " ${RED}slow execution, $EXEC_SEC execs/sec${NC}" + fi + + fmt_duration $last_find && FMT_FIND=$DUR_STRING + fmt_duration $last_crash && FMT_CRASH=$DUR_STRING + fmt_duration $last_hang && FMT_HANG=$DUR_STRING + FMT_CWOP="not available" + test -n "$cycles_wo_finds" && { + test "$cycles_wo_finds" = 0 && FMT_CWOP="$cycles_wo_finds" + test "$cycles_wo_finds" -gt 10 && FMT_CWOP="${YELLOW}$cycles_wo_finds${NC}" + test "$cycles_wo_finds" -gt 50 && FMT_CWOP="${RED}$cycles_wo_finds${NC}" + } + + echo " last_find : $FMT_FIND" + echo " last_crash : $FMT_CRASH" + if [ -z "$MINIMAL_ONLY" ]; then + echo " last_hang : $FMT_HANG" + echo " cycles_wo_finds : $FMT_CWOP" + fi + echo " coverage : $COVERAGE%" + + if [ -z "$MINIMAL_ONLY" ]; then + + CPU_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $3}') + MEM_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $4}') + + echo " cpu usage $CPU_USAGE%, memory usage $MEM_USAGE%" + + fi + + echo " cycles $((cycles_done + 1)), lifetime speed $EXEC_SEC execs/sec, items $cur_item/$corpus_count (${PATH_PERC}%)" + + if [ "$saved_crashes" = "0" ]; then + echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, no crashes yet" + else + echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, crashes saved $saved_crashes (!)" + fi + + echo + fi - echo " coverage : $COVERAGE%" - - if [ -z "$MINIMAL_ONLY" ]; then - - CPU_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $3}') - MEM_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $4}') - echo " cpu usage $CPU_USAGE%, memory usage $MEM_USAGE%" - - fi + else - echo " cycles $((cycles_done + 1)), lifetime speed $EXEC_SEC execs/sec, items $cur_item/$corpus_count (${PATH_PERC}%)" + if [ ! -e "$i" -a -e "$j" ]; then - if [ "$saved_crashes" = "0" ]; then - echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, no crashes yet" - else - echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, crashes saved $saved_crashes (!)" + ALIVE_CNT=$((ALIVE_CNT + 1)) + START_CNT=$((START_CNT + 1)) + last_find=0 + IS_STARTING=1 + fi - echo - fi - + done # Formatting for total time, time since last find, crash, and hang @@ -346,7 +363,7 @@ EXECS_MILLION=$((TOTAL_EXECS / 1000 / 1000)) EXECS_THOUSAND=$((TOTAL_EXECS / 1000 % 1000)) if [ $EXECS_MILLION -gt 9 ]; then FMT_EXECS="$EXECS_MILLION millions" -elif [ $EXECS_MILLION -gt 0 ]; then + elif [ $EXECS_MILLION -gt 0 ]; then FMT_EXECS="$EXECS_MILLION millions, $EXECS_THOUSAND thousands" else FMT_EXECS="$EXECS_THOUSAND thousands" @@ -363,14 +380,14 @@ fmt_duration $TOTAL_LAST_FIND && TOTAL_LAST_FIND=$DUR_STRING test "$TOTAL_TIME" = "0" && TOTAL_TIME=1 if [ "$PROCESS_DEAD" = "" ]; then - + TXT="excluded from stats" - + else - + TXT="included in stats" ALIVE_CNT=$(($ALIVE_CNT - $DEAD_CNT - $START_CNT)) - + fi echo "Summary stats" From 51f2cef682f9902263e261e2e78da6106da96a91 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 28 Aug 2023 14:04:31 +0200 Subject: [PATCH 127/357] fix --- afl-whatsup | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/afl-whatsup b/afl-whatsup index b83be5b3ae..fad4c3d32f 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -344,7 +344,9 @@ for j in `find . -maxdepth 2 -iname fuzzer_setup | sort`; do if [ ! -e "$i" -a -e "$j" ]; then - ALIVE_CNT=$((ALIVE_CNT + 1)) + if [ '!' "$PROCESS_DEAD" = "" ]; then + ALIVE_CNT=$((ALIVE_CNT + 1)) + fi START_CNT=$((START_CNT + 1)) last_find=0 IS_STARTING=1 From c60431247e971881bc159a84e5505dfec7adcf6d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 29 Aug 2023 16:38:31 +0200 Subject: [PATCH 128/357] update docs --- docs/fuzzing_in_depth.md | 4 ++-- src/afl-fuzz.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index f75ca5dca0..5a5acbb236 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -616,7 +616,7 @@ For every secondary fuzzer there should be a variation, e.g.: be one of them! (Although this is not really recommended.) All other secondaries should be used like this: -* a quarter to a third with the MOpt mutator enabled: `-L 0` +* 10-20% with the MOpt mutator enabled: `-L 0` * run with a different power schedule, recommended are: `fast` (default), `explore`, `coe`, `lin`, `quad`, `exploit`, and `rare` which you can set with the `-p` option, e.g., `-p explore`. See the @@ -940,7 +940,7 @@ too long for your overall available fuzz run time. * 65% for `AFL_DISABLE_TRIM` * 50% for `AFL_KEEP_TIMEOUTS` * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE` + `AFL_LLVM_DICT2FILE_NO_MAIN=1` - * 40% use MOpt (`-L 0`) + * 10% use MOpt (`-L 0`) * 40% for `AFL_EXPAND_HAVOC_NOW` * 20% for old queue processing (`-Z`) * for CMPLOG targets, 70% for `-l 2`, 10% for `-l 3`, 20% for `-l 2AT` diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8b9c1e5074..90c255e3dd 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -176,6 +176,7 @@ static void usage(u8 *argv0, int more_help) { " pacemaker mode (minutes of no new finds). 0 = " "immediately,\n" " -1 = immediately and together with normal mutation.\n" + " Note: this option is usually not very effective\n" " -c program - enable CmpLog by specifying a binary compiled for " "it.\n" " if using QEMU/FRIDA or the fuzzing target is " From d6e7740ad6bab0f5a0d34a96561d80ccbafd6073 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 30 Aug 2023 17:17:55 +0100 Subject: [PATCH 129/357] Don't corrupt instruction if map offset is too large --- frida_mode/src/instrument/instrument_arm64.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 2256f941a9..a0c66697c0 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -402,6 +402,18 @@ bool instrument_write_inline(GumArm64Writer *cw, GumAddress code_addr, } + /* + * The mov instruction supports up to a 16-bit offset. If our offset is out of + * range, then it can end up clobbering the op-code portion of the instruction + * rather than just the operands. So return false and fall back to the + * alternative instrumentation. + */ + if (area_offset > UINT16_MAX) { + + return false; + + } + code.code.mov_x0_curr_loc |= area_offset << 5; if (!instrument_patch_ardp( From 1fe27eb9cd7dc108b5c66bec0ac14c541973b55b Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 30 Aug 2023 17:17:55 +0100 Subject: [PATCH 130/357] Fix path to zlib --- frida_mode/test/png/GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 408b7dcbd4..eccc66f6ae 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -8,7 +8,7 @@ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ PNGTEST_BUILD_DIR:=$(BUILD_DIR)pngtest/ LIBZ_FILE:=$(LIBZ_BUILD_DIR)zlib-1.2.13.tar.gz -LIBZ_URL:=http://www.zlib.net/zlib-1.2.13.tar.gz +LIBZ_URL:=http://www.zlib.net/fossils/zlib-1.2.13.tar.gz LIBZ_DIR:=$(LIBZ_BUILD_DIR)zlib-1.2.13/ LIBZ_PC:=$(LIBZ_DIR)zlib.pc LIBZ_LIB:=$(LIBZ_DIR)libz.a From e4b408932d50c278f3dcd1612a44647512218a6f Mon Sep 17 00:00:00 2001 From: Your Date: Wed, 30 Aug 2023 17:17:55 +0100 Subject: [PATCH 131/357] Fix detection of DSO --- frida_mode/util/frida_get_symbol_addr.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/frida_mode/util/frida_get_symbol_addr.sh b/frida_mode/util/frida_get_symbol_addr.sh index fb0002b787..2e682255f1 100755 --- a/frida_mode/util/frida_get_symbol_addr.sh +++ b/frida_mode/util/frida_get_symbol_addr.sh @@ -31,12 +31,13 @@ file=$(file $target|sed 's/.*: //') arch=$(echo $file|awk -F, '{print$2}'|tr -d ' ') bits=$(echo $file|sed 's/-bit .*//'|sed 's/.* //') pie=$(echo $file|grep -wqi pie && echo pie) +dso=$(echo $file|grep -wqi "shared object" && echo dso) test $(uname -s) = "Darwin" && symbol=_"$symbol" tmp_addr=$(nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F) test -z "$tmp_addr" && { echo Error: function $symbol not found 1>&2; exit 1; } -test -z "$pie" && { echo 0x$tmp_addr; exit 0; } +test -z "$pie" && test -z "$dso" && { echo 0x$tmp_addr; exit 0; } test -z "$base" && { test "$bits" = 32 -o "$bits" = 64 || { echo "Error: could not identify arch (bits=$bits)" 1>&2 ; exit 1; } From 78848f863767cee6543166bd52d67e0051641360 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 31 Aug 2023 09:25:41 +0200 Subject: [PATCH 132/357] pendfav --- src/afl-fuzz.c | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 90c255e3dd..c8cc7da64f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2707,22 +2707,42 @@ int main(int argc, char **argv_orig, char **envp) { if (likely(!afl->old_seed_selection)) { - if (unlikely(prev_queued_items < afl->queued_items || - afl->reinit_table)) { + if (likely(afl->pending_favored)) { - // we have new queue entries since the last run, recreate alias table - prev_queued_items = afl->queued_items; - create_alias_table(afl); + for (u32 iter = 0; iter < afl->queued_items; ++iter) { - } + if (unlikely(afl->queue_buf[iter]->favored && + !afl->queue_buf[iter]->was_fuzzed)) { - do { + afl->current_entry = iter; + afl->queue_cur = afl->queue_buf[afl->current_entry]; + break; - afl->current_entry = select_next_queue_entry(afl); + } - } while (unlikely(afl->current_entry >= afl->queued_items)); + } - afl->queue_cur = afl->queue_buf[afl->current_entry]; + } else { + + if (unlikely(prev_queued_items < afl->queued_items || + afl->reinit_table)) { + + // we have new queue entries since the last run, recreate alias + // table + prev_queued_items = afl->queued_items; + create_alias_table(afl); + + } + + do { + + afl->current_entry = select_next_queue_entry(afl); + + } while (unlikely(afl->current_entry >= afl->queued_items)); + + afl->queue_cur = afl->queue_buf[afl->current_entry]; + + } } From 88ca5c75634d8edfa268005f2e1855a35a5b9e2e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 31 Aug 2023 14:42:08 +0200 Subject: [PATCH 133/357] nit --- src/afl-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 86b814599d..12707007f0 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -317,7 +317,7 @@ void parse_fsanitize(char *string) { char *p, *ptr = string + strlen("-fsanitize="); char *new = malloc(strlen(string) + 1); - char *tmp = malloc(strlen(ptr)); + char *tmp = malloc(strlen(ptr) + 1); u32 count = 0, len, ende = 0; if (!new || !tmp) { FATAL("could not acquire memory"); } From 1604351368c26a1dd91c43c054fb466b8093e86e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 31 Aug 2023 14:45:03 +0200 Subject: [PATCH 134/357] changelog --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 87c01f21bf..8d9a0aa87b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -14,6 +14,8 @@ - now also shows coverage reached - option -m shows only very relevant stats - option -n will not use color in the output + - frida_mode: + - fixes support for large map offsets - added benchmark/benchmark.sh if you want to see how good your fuzzing speed is in comparison to other setups. From 2c40fc4ae8fe59580b13fa1e7dffa04c65bd6ae4 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 2 Sep 2023 10:04:14 +0000 Subject: [PATCH 135/357] afl untracer haiku build fix. --- utils/afl_untracer/Makefile | 7 ++++++- utils/afl_untracer/afl-untracer.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/utils/afl_untracer/Makefile b/utils/afl_untracer/Makefile index 14a09b41c4..264aebe530 100644 --- a/utils/afl_untracer/Makefile +++ b/utils/afl_untracer/Makefile @@ -3,11 +3,16 @@ ifdef DEBUG else OPT=-O3 endif +SYS = $(shell uname -s) +DL = +ifeq "$(SYS)" "Linux" + DL = -ldl +endif all: afl-untracer libtestinstr.so afl-untracer: afl-untracer.c - $(CC) $(OPT) -I../../include -g -o afl-untracer afl-untracer.c -ldl + $(CC) $(OPT) -I../../include -g -o afl-untracer afl-untracer.c $(DL) libtestinstr.so: libtestinstr.c $(CC) -g -O0 -fPIC -o libtestinstr.so -shared libtestinstr.c diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index e103821261..5a67b99669 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -53,7 +53,9 @@ #include #include +#if !defined(__HAIKU__) #include +#endif #include #include @@ -66,6 +68,9 @@ #include #include #include +#elif defined(__HAIKU__) + #include + #include #else #error "Unsupported platform" #endif @@ -231,7 +236,28 @@ void read_library_information(void) { start += size; } +#elif defined(__HAIKU__) + image_info ii; + int32 c = 0; + + while (get_next_image_info(0, &c, &ii) == B_OK) { + + liblist[liblist_cnt].name = (u8 *)strdup(ii.name); + liblist[liblist_cnt].addr_start = (u64)ii.text; + liblist[liblist_cnt].addr_end = (u64)((char *)ii.text + ii.text_size); + + if (debug) { + fprintf(stderr, "%s:%lx (%lx-%lx)\n", liblist[liblist_cnt].name, + (unsigned long)(liblist[liblist_cnt].addr_end - + liblist[liblist_cnt].addr_start), + (unsigned long)liblist[liblist_cnt].addr_start, + (unsigned long)(liblist[liblist_cnt].addr_end - 1)); + + } + + liblist_cnt++; + } #endif } @@ -655,6 +681,9 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) { #elif defined(__FreeBSD__) && defined(__LP64__) ctx->uc_mcontext.mc_rip -= 1; addr = ctx->uc_mcontext.mc_rip; +#elif defined(__HAIKU__) && defined(__x86_64__) + ctx->uc_mcontext.rip -= 1; + addr = ctx->uc_mcontext.rip; #else #error "Unsupported platform" #endif From dad56abc8598aaeddaabe9c16da177cc934a3ac8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 2 Sep 2023 15:48:29 +0200 Subject: [PATCH 136/357] fix attempt for laf string compare transform --- instrumentation/compare-transform-pass.so.cc | 24 ++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 5dd705cf31..b0bbd39a4a 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -169,6 +169,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, DenseMap valueMap; std::vector calls; LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType *Int64Ty = IntegerType::getInt64Ty(C); @@ -229,7 +230,8 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, !FuncName.compare("xmlStrEqual") || !FuncName.compare("g_strcmp0") || !FuncName.compare("curl_strequal") || - !FuncName.compare("strcsequal")); + !FuncName.compare("strcsequal") || + !FuncName.compare("g_strcmp0")); isMemcmp &= (!FuncName.compare("memcmp") || !FuncName.compare("bcmp") || !FuncName.compare("CRYPTO_memcmp") || @@ -238,7 +240,8 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, !FuncName.compare("memcmpct")); isStrncmp &= (!FuncName.compare("strncmp") || !FuncName.compare("xmlStrncmp") || - !FuncName.compare("curl_strnequal")); + !FuncName.compare("curl_strnequal") || + !FuncName.compare("xmlStrncmp")); isStrcasecmp &= (!FuncName.compare("strcasecmp") || !FuncName.compare("stricmp") || !FuncName.compare("ap_cstr_casecmp") || @@ -457,6 +460,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, bool isSizedcmp = false; bool isCaseInsensitive = false; bool needs_null = false; + bool success_is_one = false; Function *Callee = callInst->getCalledFunction(); if (Callee) { @@ -503,6 +507,14 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, !Callee->getName().compare("g_strncasecmp")) isCaseInsensitive = true; + if (!Callee->getName().compare("xmlStrEqual") || + !Callee->getName().compare("g_strcmp0") || + !Callee->getName().compare("curl_strequal") || + !Callee->getName().compare("strcsequal") || + !Callee->getName().compare("xmlStrncmp") || + !Callee->getName().compare("curl_strnequal")) + success_is_one = true; + } if (!isSizedcmp) needs_null = true; @@ -667,6 +679,14 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, else isub = cur_cmp_IRB.CreateSub(load, ConstantInt::get(Int8Ty, c)); + if (success_is_one && i == unrollLen - 1) { + + Value *isubsub = cur_cmp_IRB.CreateTrunc(isub, Int1Ty); + isub = cur_cmp_IRB.CreateSelect(isubsub, ConstantInt::get(Int8Ty, 0), + ConstantInt::get(Int8Ty, 1)); + + } + Value *sext = cur_cmp_IRB.CreateSExt(isub, Int32Ty); PN->addIncoming(sext, cur_cmp_bb); From a809c3c50ce32fde390769b607b020dd68730474 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 3 Sep 2023 11:22:54 +0200 Subject: [PATCH 137/357] less impact --- frida_mode/src/instrument/instrument_arm64.c | 14 ++++------ include/afl-fuzz.h | 1 + src/afl-fuzz-one.c | 10 +++++-- src/afl-fuzz-queue.c | 13 ++++++++- src/afl-fuzz.c | 28 +++++++++++++------- 5 files changed, 45 insertions(+), 21 deletions(-) diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index a0c66697c0..1147275f91 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -402,17 +402,13 @@ bool instrument_write_inline(GumArm64Writer *cw, GumAddress code_addr, } - /* - * The mov instruction supports up to a 16-bit offset. If our offset is out of - * range, then it can end up clobbering the op-code portion of the instruction - * rather than just the operands. So return false and fall back to the + /* + * The mov instruction supports up to a 16-bit offset. If our offset is out of + * range, then it can end up clobbering the op-code portion of the instruction + * rather than just the operands. So return false and fall back to the * alternative instrumentation. */ - if (area_offset > UINT16_MAX) { - - return false; - - } + if (area_offset > UINT16_MAX) { return false; } code.code.mov_x0_curr_loc |= area_offset << 5; diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index d02e852ea1..217a720ad5 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -610,6 +610,7 @@ typedef struct afl_state { u32 stage_cur, stage_max; /* Stage progression */ s32 splicing_with; /* Splicing with which test case? */ + s64 smallest_favored; /* smallest queue id favored */ u32 main_node_id, main_node_max; /* Main instance job splitting */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 2ad4697edd..ae39abe87b 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -3442,7 +3442,12 @@ u8 fuzz_one_original(afl_state_t *afl) { --afl->pending_not_fuzzed; afl->queue_cur->was_fuzzed = 1; afl->reinit_table = 1; - if (afl->queue_cur->favored) { --afl->pending_favored; } + if (afl->queue_cur->favored) { + + --afl->pending_favored; + afl->smallest_favored = -1; + + } } @@ -5905,7 +5910,8 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { --afl->pending_not_fuzzed; afl->queue_cur->was_fuzzed = 1; - if (afl->queue_cur->favored) { --afl->pending_favored; } + if (afl->queue_cur->favored) { --afl->pending_favored; + afl->smallest_favored = -1; } } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 14ba1aceab..5f915c9a60 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -826,6 +826,8 @@ void cull_queue(afl_state_t *afl) { /* Let's see if anything in the bitmap isn't captured in temp_v. If yes, and if it has a afl->top_rated[] contender, let's use it. */ + afl->smallest_favored = -1; + for (i = 0; i < afl->fsrv.map_size; ++i) { if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) { @@ -849,7 +851,16 @@ void cull_queue(afl_state_t *afl) { afl->top_rated[i]->favored = 1; ++afl->queued_favored; - if (!afl->top_rated[i]->was_fuzzed) { ++afl->pending_favored; } + if (!afl->top_rated[i]->was_fuzzed) { + + ++afl->pending_favored; + if (unlikely(afl->smallest_favored > (s64)afl->top_rated[i]->id)) { + + afl->smallest_favored = (s64)afl->top_rated[i]->id; + + } + + } } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index c8cc7da64f..d34b52db60 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2707,20 +2707,30 @@ int main(int argc, char **argv_orig, char **envp) { if (likely(!afl->old_seed_selection)) { - if (likely(afl->pending_favored)) { + if (likely(afl->pending_favored && afl->smallest_favored >= 0)) { - for (u32 iter = 0; iter < afl->queued_items; ++iter) { + afl->current_entry = afl->smallest_favored; - if (unlikely(afl->queue_buf[iter]->favored && - !afl->queue_buf[iter]->was_fuzzed)) { + /* - afl->current_entry = iter; - afl->queue_cur = afl->queue_buf[afl->current_entry]; - break; + } else { - } + for (s32 iter = afl->queued_items - 1; iter >= 0; --iter) + { - } + if (unlikely(afl->queue_buf[iter]->favored && + !afl->queue_buf[iter]->was_fuzzed)) { + + afl->current_entry = iter; + break; + + } + + } + + */ + + afl->queue_cur = afl->queue_buf[afl->current_entry]; } else { From 3bae404733e27b3ec7769ad6d5d997dcd9ec6fa3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 3 Sep 2023 11:25:03 +0200 Subject: [PATCH 138/357] code format --- frida_mode/src/instrument/instrument_arm64.c | 14 ++++------ utils/afl_untracer/afl-untracer.c | 29 +++++++++++--------- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index a0c66697c0..1147275f91 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -402,17 +402,13 @@ bool instrument_write_inline(GumArm64Writer *cw, GumAddress code_addr, } - /* - * The mov instruction supports up to a 16-bit offset. If our offset is out of - * range, then it can end up clobbering the op-code portion of the instruction - * rather than just the operands. So return false and fall back to the + /* + * The mov instruction supports up to a 16-bit offset. If our offset is out of + * range, then it can end up clobbering the op-code portion of the instruction + * rather than just the operands. So return false and fall back to the * alternative instrumentation. */ - if (area_offset > UINT16_MAX) { - - return false; - - } + if (area_offset > UINT16_MAX) { return false; } code.code.mov_x0_curr_loc |= area_offset << 5; diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index 5a67b99669..0e3f8a454b 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -54,7 +54,7 @@ #include #if !defined(__HAIKU__) -#include + #include #endif #include #include @@ -236,28 +236,31 @@ void read_library_information(void) { start += size; } + #elif defined(__HAIKU__) image_info ii; - int32 c = 0; + int32 c = 0; while (get_next_image_info(0, &c, &ii) == B_OK) { - liblist[liblist_cnt].name = (u8 *)strdup(ii.name); - liblist[liblist_cnt].addr_start = (u64)ii.text; - liblist[liblist_cnt].addr_end = (u64)((char *)ii.text + ii.text_size); + liblist[liblist_cnt].name = (u8 *)strdup(ii.name); + liblist[liblist_cnt].addr_start = (u64)ii.text; + liblist[liblist_cnt].addr_end = (u64)((char *)ii.text + ii.text_size); - if (debug) { + if (debug) { - fprintf(stderr, "%s:%lx (%lx-%lx)\n", liblist[liblist_cnt].name, - (unsigned long)(liblist[liblist_cnt].addr_end - - liblist[liblist_cnt].addr_start), - (unsigned long)liblist[liblist_cnt].addr_start, - (unsigned long)(liblist[liblist_cnt].addr_end - 1)); + fprintf(stderr, "%s:%lx (%lx-%lx)\n", liblist[liblist_cnt].name, + (unsigned long)(liblist[liblist_cnt].addr_end - + liblist[liblist_cnt].addr_start), + (unsigned long)liblist[liblist_cnt].addr_start, + (unsigned long)(liblist[liblist_cnt].addr_end - 1)); - } + } + + liblist_cnt++; - liblist_cnt++; } + #endif } From d83edc6175b8a4aa9f1a89c118b0ecf93dcef31c Mon Sep 17 00:00:00 2001 From: chinggg <24590067+chinggg@users.noreply.github.com> Date: Sun, 3 Sep 2023 19:20:44 +0800 Subject: [PATCH 139/357] Skip calculating top_rated_fuzz_p2 with FAST schedule when FAST schedule is used, fuzz_p2 is already set to 0 so `fuzz_p2 > top_rated_fuzz_p2` never happens, just set top_rated_fuzz_p2 to 0 to reduce calculation --- src/afl-fuzz-queue.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 14ba1aceab..793bec90dc 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -737,7 +737,11 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { u64 top_rated_fav_factor; u64 top_rated_fuzz_p2; - if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { + if (likely(afl->schedule >= FAST && afl->schedule < RARE)) { + + top_rated_fuzz_p2 = 0; // Skip the fuzz_p2 comparison + + } else if (unlikely(afl->schedule == RARE)) { top_rated_fuzz_p2 = next_pow2(afl->n_fuzz[afl->top_rated[i]->n_fuzz_entry]); From cd6b89eb74cc501a67b1c14a4433a496b2053eec Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 3 Sep 2023 13:54:54 +0200 Subject: [PATCH 140/357] nit --- src/afl-fuzz-queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 5f915c9a60..2b10287934 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -854,7 +854,7 @@ void cull_queue(afl_state_t *afl) { if (!afl->top_rated[i]->was_fuzzed) { ++afl->pending_favored; - if (unlikely(afl->smallest_favored > (s64)afl->top_rated[i]->id)) { + if (unlikely(afl->smallest_favored < 0)) { afl->smallest_favored = (s64)afl->top_rated[i]->id; From 9307ef4b7caa96754d0449361d48b5a98ef73d8f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 4 Sep 2023 09:11:47 +0200 Subject: [PATCH 141/357] fix string transform laf --- docs/Changelog.md | 2 ++ instrumentation/compare-transform-pass.so.cc | 4 ---- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 8d9a0aa87b..bccc67484c 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -14,6 +14,8 @@ - now also shows coverage reached - option -m shows only very relevant stats - option -n will not use color in the output + - instrumentation: + - fix for a few string compare transform functions for LAF - frida_mode: - fixes support for large map offsets - added benchmark/benchmark.sh if you want to see how good your fuzzing diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index b0bbd39a4a..5a5415d74e 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -228,7 +228,6 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, isStrcmp &= (!FuncName.compare("strcmp") || !FuncName.compare("xmlStrcmp") || !FuncName.compare("xmlStrEqual") || - !FuncName.compare("g_strcmp0") || !FuncName.compare("curl_strequal") || !FuncName.compare("strcsequal") || !FuncName.compare("g_strcmp0")); @@ -239,7 +238,6 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, !FuncName.compare("memcmp_const_time") || !FuncName.compare("memcmpct")); isStrncmp &= (!FuncName.compare("strncmp") || - !FuncName.compare("xmlStrncmp") || !FuncName.compare("curl_strnequal") || !FuncName.compare("xmlStrncmp")); isStrcasecmp &= (!FuncName.compare("strcasecmp") || @@ -508,10 +506,8 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, isCaseInsensitive = true; if (!Callee->getName().compare("xmlStrEqual") || - !Callee->getName().compare("g_strcmp0") || !Callee->getName().compare("curl_strequal") || !Callee->getName().compare("strcsequal") || - !Callee->getName().compare("xmlStrncmp") || !Callee->getName().compare("curl_strnequal")) success_is_one = true; From 87b33740ea426bac276a9eb4bc5f201bd396b6dc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 4 Sep 2023 13:38:09 +0200 Subject: [PATCH 142/357] ensure table reinit, downgrade redundant --- src/afl-fuzz-init.c | 5 +++++ src/afl-fuzz-one.c | 1 + src/afl-fuzz-queue.c | 3 +++ src/afl-fuzz.c | 2 +- 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 9fc0cc5738..3593291353 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -942,6 +942,7 @@ void perform_dry_run(afl_state_t *afl) { if (!q->was_fuzzed) { q->was_fuzzed = 1; + afl->reinit_table = 1; --afl->pending_not_fuzzed; --afl->active_items; @@ -982,6 +983,7 @@ void perform_dry_run(afl_state_t *afl) { if (!q->was_fuzzed) { q->was_fuzzed = 1; + afl->reinit_table = 1; --afl->pending_not_fuzzed; --afl->active_items; @@ -1113,6 +1115,7 @@ void perform_dry_run(afl_state_t *afl) { if (!q->was_fuzzed) { q->was_fuzzed = 1; + afl->reinit_table = 1; --afl->pending_not_fuzzed; --afl->active_items; @@ -1291,6 +1294,7 @@ void perform_dry_run(afl_state_t *afl) { if (!p->was_fuzzed) { p->was_fuzzed = 1; + afl->reinit_table = 1; --afl->pending_not_fuzzed; --afl->active_items; @@ -1311,6 +1315,7 @@ void perform_dry_run(afl_state_t *afl) { if (!q->was_fuzzed) { q->was_fuzzed = 1; + afl->reinit_table = 1; --afl->pending_not_fuzzed; --afl->active_items; diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 2ad4697edd..c2b7e5833e 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -5905,6 +5905,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { --afl->pending_not_fuzzed; afl->queue_cur->was_fuzzed = 1; + afl->reinit_table = 1 if (afl->queue_cur->favored) { --afl->pending_favored; } } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 14ba1aceab..78c1d654b9 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -80,6 +80,7 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, if (unlikely(weight < 0.1)) { weight = 0.1; } if (unlikely(q->favored)) { weight *= 5; } if (unlikely(!q->was_fuzzed)) { weight *= 2; } + if (unlikely(q->fs_redundant)) { weight *= 0.2; } return weight; @@ -867,6 +868,8 @@ void cull_queue(afl_state_t *afl) { } + afl->reinit_table = 1; + } /* Calculate case desirability score to adjust the length of havoc fuzzing. diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 90c255e3dd..768a5bbdd1 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2369,7 +2369,7 @@ int main(int argc, char **argv_orig, char **envp) { } else { - ACTF("skipping initial seed calibration due option override"); + ACTF("skipping initial seed calibration due option override!"); usleep(1000); } From b679e155ca0ef898fc8f758b3714a2ab347c9685 Mon Sep 17 00:00:00 2001 From: Joey Jiao Date: Tue, 25 Jul 2023 15:24:34 +0800 Subject: [PATCH 143/357] frida_mode: fix oob when copying details Change-Id: I6a19792ee9e174720242602cec4a79134f6218de --- frida_mode/src/lib/lib.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index d563b69b1b..7fac755af1 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -44,8 +44,10 @@ static gboolean lib_find_exe(const GumModuleDetails *details, lib_details_t *lib_details = (lib_details_t *)user_data; - memcpy(lib_details->name, details->name, PATH_MAX); - memcpy(lib_details->path, details->path, PATH_MAX); + strncpy(lib_details->name, details->name, PATH_MAX); + strncpy(lib_details->path, details->path, PATH_MAX); + lib_details->name[PATH_MAX] = '\0'; + lib_details->path[PATH_MAX] = '\0'; lib_details->base_address = details->range->base_address; lib_details->size = details->range->size; return FALSE; From 9b0a35d843cb89cc433db9bdaa967489bf616250 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Tue, 29 Aug 2023 23:41:00 -0700 Subject: [PATCH 144/357] Pure Python (3.6) port of benchmark.sh as benchmark.py, no other changes --- benchmark/benchmark.py | 135 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 benchmark/benchmark.py diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py new file mode 100644 index 0000000000..cf9976f5a8 --- /dev/null +++ b/benchmark/benchmark.py @@ -0,0 +1,135 @@ +#!/usr/bin/env python3 +# Requires Python 3.6+. +# Author: Chris Ball +# Ported from Marc "van Hauser" Heuse's "benchmark.sh". +import os +import subprocess +import shutil +import re +import sys + +def colon_value_or_none(filename: str, searchKey: str) -> str | None: + with open(filename, "r") as fh: + for line in fh: + kv = line.split(": ", 1) + if kv and len(kv) == 2: + (key, value) = kv + key = key.strip() + value = value.strip() + if key == searchKey: + return value + return None + + +# Check if the necessary files exist and are executable +if not ( + os.access("../afl-fuzz", os.X_OK) + and os.access("../afl-cc", os.X_OK) + and os.path.exists("../SanitizerCoveragePCGUARD.so") +): + print( + "Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built." + ) + exit(1) + +print("Preparing environment") + +# Unset AFL_* environment variables +for e in list(os.environ.keys()): + if e.startswith("AFL_"): + os.environ.pop(e) + +AFL_PATH = os.path.abspath("../") +os.environ["PATH"] = AFL_PATH + ":" + os.environ["PATH"] + +# Compile test-instr.c +with open("afl.log", "w") as f: + process = subprocess.run( + ["../afl-cc", "-o", "test-instr", "../test-instr.c"], + stdout=f, + stderr=subprocess.STDOUT, + env={"AFL_INSTRUMENT": "PCGUARD"} + ) + if process.returncode != 0: + print("Error: afl-cc is unable to compile") + exit(1) + +# Create input directory and file +os.makedirs("in", exist_ok=True) +with open("in/in.txt", "wb") as f: + f.write(b"\x00" * 10240) + +print("Ready, starting benchmark - this will take approx 20-30 seconds ...") + +# Run afl-fuzz +env_vars = { + "AFL_DISABLE_TRIM": "1", + "AFL_NO_UI": "1", + "AFL_TRY_AFFINITY": "1", + "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", + "AFL_BENCH_JUST_ONE": "1", +} +with open("afl.log", "a") as f: + process = subprocess.run( + [ + "afl-fuzz", + "-i", + "in", + "-o", + "out", + "-s", + "123", + "-D", + "./test-instr", + ], + stdout=f, + stderr=subprocess.STDOUT, + env={**os.environ, **env_vars}, + ) + +print("Analysis:") + +# Extract CPUID from afl.log +with open("afl.log", "r") as f: + match = re.search(r".*try binding to.*#(\d+)", f.read()) + if not match: + sys.exit("Couldn't see which CPU# was used in afl.log", 1) + cpuid = match.group(1) + print(cpuid) + +# Print CPU model +model = colon_value_or_none("/proc/cpuinfo", "model name") +if model: + print(" CPU:", model) + +# Print CPU frequency +cpu_speed = None +with open("/proc/cpuinfo", "r") as fh: + current_cpu = None + for line in fh: + kv = line.split(": ", 1) + if kv and len(kv) == 2: + (key, value) = kv + key = key.strip() + value = value.strip() + if key == "processor": + current_cpu = value + elif key == "cpu MHz" and current_cpu == cpuid: + cpu_speed = value +if cpu_speed: + print(" Mhz:", cpu_speed) + +# Print execs_per_sec from fuzzer_stats +execs = colon_value_or_none("out/default/fuzzer_stats", "execs_per_sec") +if execs: + print(" execs/s:", execs) + +print("\nComparison: (note that values can change by 10-15% per run)") +with open("COMPARISON", "r") as f: + print(f.read()) + +# Clean up +shutil.rmtree("in") +shutil.rmtree("out") +os.remove("test-instr") +os.remove("afl.log") From bcaa3cb5914098455d70a6a02e898b45fbab510c Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Wed, 30 Aug 2023 01:46:02 -0700 Subject: [PATCH 145/357] Test standard and persistent modes separately --- benchmark/benchmark.py | 91 +++++++++++++++++++++++------------------- 1 file changed, 49 insertions(+), 42 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index cf9976f5a8..bbc166ea88 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -3,9 +3,9 @@ # Author: Chris Ball # Ported from Marc "van Hauser" Heuse's "benchmark.sh". import os -import subprocess -import shutil import re +import shutil +import subprocess import sys def colon_value_or_none(filename: str, searchKey: str) -> str | None: @@ -20,6 +20,16 @@ def colon_value_or_none(filename: str, searchKey: str) -> str | None: return value return None +def compile_target(source: str, binary: str) -> None: + with open("afl.log", "w") as f: + process = subprocess.run( + ["afl-cc", "-o", binary, source], + stdout=f, + stderr=subprocess.STDOUT, + env={"AFL_INSTRUMENT": "PCGUARD", "PATH": os.environ["PATH"]} + ) + if process.returncode != 0: + sys.exit("Error: afl-cc is unable to compile") # Check if the necessary files exist and are executable if not ( @@ -27,13 +37,15 @@ def colon_value_or_none(filename: str, searchKey: str) -> str | None: and os.access("../afl-cc", os.X_OK) and os.path.exists("../SanitizerCoveragePCGUARD.so") ): - print( - "Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built." - ) - exit(1) + sys.exit("Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.") print("Preparing environment") +targets = [ + {"source": "../test-instr.c", "binary": "test-instr"}, + {"source": "../utils/persistent_mode/test-instr.c", "binary": "test-instr-persistent"} +] + # Unset AFL_* environment variables for e in list(os.environ.keys()): if e.startswith("AFL_"): @@ -42,17 +54,8 @@ def colon_value_or_none(filename: str, searchKey: str) -> str | None: AFL_PATH = os.path.abspath("../") os.environ["PATH"] = AFL_PATH + ":" + os.environ["PATH"] -# Compile test-instr.c -with open("afl.log", "w") as f: - process = subprocess.run( - ["../afl-cc", "-o", "test-instr", "../test-instr.c"], - stdout=f, - stderr=subprocess.STDOUT, - env={"AFL_INSTRUMENT": "PCGUARD"} - ) - if process.returncode != 0: - print("Error: afl-cc is unable to compile") - exit(1) +for target in targets: + compile_target(target["source"], target["binary"]) # Create input directory and file os.makedirs("in", exist_ok=True) @@ -69,33 +72,34 @@ def colon_value_or_none(filename: str, searchKey: str) -> str | None: "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", "AFL_BENCH_JUST_ONE": "1", } -with open("afl.log", "a") as f: - process = subprocess.run( - [ - "afl-fuzz", - "-i", - "in", - "-o", - "out", - "-s", - "123", - "-D", - "./test-instr", - ], - stdout=f, - stderr=subprocess.STDOUT, - env={**os.environ, **env_vars}, - ) + +for target in targets: + with open(f"afl-{target['binary']}.log", "a") as f: + process = subprocess.run( + [ + "afl-fuzz", + "-i", + "in", + "-o", + f"out-{target['binary']}", + "-s", + "123", + "-D", + f"./{target['binary']}", + ], + stdout=f, + stderr=subprocess.STDOUT, + env={**os.environ, **env_vars}, + ) print("Analysis:") # Extract CPUID from afl.log -with open("afl.log", "r") as f: +with open(f"afl-test-instr.log", "r") as f: match = re.search(r".*try binding to.*#(\d+)", f.read()) if not match: sys.exit("Couldn't see which CPU# was used in afl.log", 1) cpuid = match.group(1) - print(cpuid) # Print CPU model model = colon_value_or_none("/proc/cpuinfo", "model name") @@ -120,16 +124,19 @@ def colon_value_or_none(filename: str, searchKey: str) -> str | None: print(" Mhz:", cpu_speed) # Print execs_per_sec from fuzzer_stats -execs = colon_value_or_none("out/default/fuzzer_stats", "execs_per_sec") -if execs: - print(" execs/s:", execs) +for target in targets: + execs = colon_value_or_none(f"out-{target['binary']}/default/fuzzer_stats", "execs_per_sec") + if execs: + print(f" {target['binary']} single-core execs/s:", execs) print("\nComparison: (note that values can change by 10-15% per run)") with open("COMPARISON", "r") as f: print(f.read()) # Clean up -shutil.rmtree("in") -shutil.rmtree("out") -os.remove("test-instr") os.remove("afl.log") +shutil.rmtree("in") +for target in targets: + shutil.rmtree(f"out-{target['binary']}") + os.remove(target["binary"]) + From 0091afc7618f68a04d89ea163a40ec64793f6d50 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Fri, 1 Sep 2023 02:26:58 -0700 Subject: [PATCH 146/357] Add support for multi-core benchmarking --- benchmark/benchmark.py | 240 ++++++++++++++++++++--------------------- 1 file changed, 117 insertions(+), 123 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index bbc166ea88..16057bfc4a 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -2,13 +2,89 @@ # Requires Python 3.6+. # Author: Chris Ball # Ported from Marc "van Hauser" Heuse's "benchmark.sh". +import asyncio +import glob +import json +import multiprocessing import os -import re import shutil -import subprocess import sys +from decimal import Decimal -def colon_value_or_none(filename: str, searchKey: str) -> str | None: +debug = False + +targets = [ + {"source": "../test-instr.c", "binary": "test-instr"}, + {"source": "../utils/persistent_mode/test-instr.c", "binary": "test-instr-persistent-shmem"}, +] +modes = ["single-core", "multi-core"] +results = {} + +colors = { + "blue": "\033[1;94m", + "gray": "\033[1;90m", + "green": "\033[0;32m", + "red": "\033[0;31m", + "reset": "\033[0m", +} + +async def clean_up() -> None: + """Remove temporary files.""" + shutil.rmtree("in") + for target in targets: + # os.remove(target["binary"]) + for mode in modes: + for outdir in glob.glob(f"/tmp/out-{mode}-{target['binary']}*"): + shutil.rmtree(outdir) + +async def check_deps() -> None: + """Check if the necessary files exist and are executable.""" + if not (os.access("../afl-fuzz", os.X_OK) and os.access("../afl-cc", os.X_OK) and os.path.exists("../SanitizerCoveragePCGUARD.so")): + sys.exit(f"{colors['red']}Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.{colors['reset']}") + +async def prep_env() -> dict: + # Unset AFL_* environment variables + for e in list(os.environ.keys()): + if e.startswith("AFL_"): + os.environ.pop(e) + # Create input directory and file + os.makedirs("in", exist_ok=True) + with open("in/in.txt", "wb") as f: + f.write(b"\x00" * 10240) + # Rest of env + AFL_PATH = os.path.abspath("../") + os.environ["PATH"] = AFL_PATH + ":" + os.environ["PATH"] + return { + "AFL_BENCH_JUST_ONE": "1", + "AFL_DISABLE_TRIM": "1", + "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", + "AFL_NO_UI": "1", + "AFL_TRY_AFFINITY": "1", + "PATH": f"{AFL_PATH}:{os.environ['PATH']}", + } + +async def compile_target(source: str, binary: str) -> None: + (returncode, stdout, stderr) = await run_command( + ["afl-cc", "-o", binary, source], + env={"AFL_INSTRUMENT": "PCGUARD", "PATH": os.environ["PATH"]}, + ) + if returncode != 0: + sys.exit(f"{colors['red']} [*] Error: afl-cc is unable to compile: {stderr} {stdout}{colors['reset']}") + +async def cool_down() -> None: + """Avoid the next test run's results being contaminated by e.g. thermal limits hit on this one.""" + print(f"{colors['blue']}Taking a five second break to stay cool.{colors['reset']}") + await asyncio.sleep(10) + +async def run_command(args, env) -> (int | None, bytes, bytes): + if debug: + print(f"\n{colors['blue']}Launching command: {args} with env {env}{colors['reset']}") + p = await asyncio.create_subprocess_exec(*args, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env) + stdout, stderr = await p.communicate() + return (p.returncode, stdout, stderr) + +async def colon_value_or_none(filename: str, searchKey: str) -> str | None: + """Read a value (e.g. 'cpu MHz : 4976.109') given its filename and key.""" with open(filename, "r") as fh: for line in fh: kv = line.split(": ", 1) @@ -20,123 +96,41 @@ def colon_value_or_none(filename: str, searchKey: str) -> str | None: return value return None -def compile_target(source: str, binary: str) -> None: - with open("afl.log", "w") as f: - process = subprocess.run( - ["afl-cc", "-o", binary, source], - stdout=f, - stderr=subprocess.STDOUT, - env={"AFL_INSTRUMENT": "PCGUARD", "PATH": os.environ["PATH"]} - ) - if process.returncode != 0: - sys.exit("Error: afl-cc is unable to compile") - -# Check if the necessary files exist and are executable -if not ( - os.access("../afl-fuzz", os.X_OK) - and os.access("../afl-cc", os.X_OK) - and os.path.exists("../SanitizerCoveragePCGUARD.so") -): - sys.exit("Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.") - -print("Preparing environment") - -targets = [ - {"source": "../test-instr.c", "binary": "test-instr"}, - {"source": "../utils/persistent_mode/test-instr.c", "binary": "test-instr-persistent"} -] - -# Unset AFL_* environment variables -for e in list(os.environ.keys()): - if e.startswith("AFL_"): - os.environ.pop(e) - -AFL_PATH = os.path.abspath("../") -os.environ["PATH"] = AFL_PATH + ":" + os.environ["PATH"] - -for target in targets: - compile_target(target["source"], target["binary"]) - -# Create input directory and file -os.makedirs("in", exist_ok=True) -with open("in/in.txt", "wb") as f: - f.write(b"\x00" * 10240) - -print("Ready, starting benchmark - this will take approx 20-30 seconds ...") - -# Run afl-fuzz -env_vars = { - "AFL_DISABLE_TRIM": "1", - "AFL_NO_UI": "1", - "AFL_TRY_AFFINITY": "1", - "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", - "AFL_BENCH_JUST_ONE": "1", -} - -for target in targets: - with open(f"afl-{target['binary']}.log", "a") as f: - process = subprocess.run( - [ - "afl-fuzz", - "-i", - "in", - "-o", - f"out-{target['binary']}", - "-s", - "123", - "-D", - f"./{target['binary']}", - ], - stdout=f, - stderr=subprocess.STDOUT, - env={**os.environ, **env_vars}, - ) - -print("Analysis:") - -# Extract CPUID from afl.log -with open(f"afl-test-instr.log", "r") as f: - match = re.search(r".*try binding to.*#(\d+)", f.read()) - if not match: - sys.exit("Couldn't see which CPU# was used in afl.log", 1) - cpuid = match.group(1) - -# Print CPU model -model = colon_value_or_none("/proc/cpuinfo", "model name") -if model: - print(" CPU:", model) - -# Print CPU frequency -cpu_speed = None -with open("/proc/cpuinfo", "r") as fh: - current_cpu = None - for line in fh: - kv = line.split(": ", 1) - if kv and len(kv) == 2: - (key, value) = kv - key = key.strip() - value = value.strip() - if key == "processor": - current_cpu = value - elif key == "cpu MHz" and current_cpu == cpuid: - cpu_speed = value -if cpu_speed: - print(" Mhz:", cpu_speed) - -# Print execs_per_sec from fuzzer_stats -for target in targets: - execs = colon_value_or_none(f"out-{target['binary']}/default/fuzzer_stats", "execs_per_sec") - if execs: - print(f" {target['binary']} single-core execs/s:", execs) - -print("\nComparison: (note that values can change by 10-15% per run)") -with open("COMPARISON", "r") as f: - print(f.read()) - -# Clean up -os.remove("afl.log") -shutil.rmtree("in") -for target in targets: - shutil.rmtree(f"out-{target['binary']}") - os.remove(target["binary"]) - +async def main() -> None: + # Remove stale files, if necessary. + try: + await clean_up() + except FileNotFoundError: + pass + + await check_deps() + env_vars = await prep_env() + cpu_count = multiprocessing.cpu_count() + print(f"{colors['gray']} [*] Preparing environment{colors['reset']}") + print(f"{colors['gray']} [*] Ready, starting benchmark - this will take approx 1-2 minutes...{colors['reset']}") + for target in targets: + await compile_target(target["source"], target["binary"]) + for mode in modes: + await cool_down() + print(f" [*] {mode} {target['binary']} benchmark starting, execs/s: ", end="", flush=True) + if mode == "single-core": + cpus = [0] + elif mode == "multi-core": + cpus = range(0, cpu_count) + basedir = f"/tmp/out-{mode}-{target['binary']}-" + args = [["afl-fuzz", "-i", "in", "-o", f"{basedir}{cpu}", "-M", f"{cpu}", "-s", "123", "-D", f"./{target['binary']}"] for cpu in cpus] + tasks = [run_command(args[cpu], env_vars) for cpu in cpus] + output = await asyncio.gather(*tasks) + if debug: + for _, (_, stdout, stderr) in enumerate(output): + print(f"{colors['blue']}Output: {stdout} {stderr}{colors['reset']}") + execs = sum([Decimal(await colon_value_or_none(f"{basedir}{cpu}/{cpu}/fuzzer_stats", "execs_per_sec")) for cpu in cpus]) + print(f"{colors['green']}{execs}{colors['reset']}") + + print("\nComparison: (note that values can change by 10-20% per run)") + with open("COMPARISON", "r") as f: + print(f.read()) + await clean_up() + +if __name__ == "__main__": + asyncio.run(main()) \ No newline at end of file From 8e8acd0a04b1bd15cee6d934e026cc414a719881 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sat, 2 Sep 2023 04:45:18 -0700 Subject: [PATCH 147/357] Save the results to a json file --- benchmark/benchmark.py | 82 +++++++++++++++++++++++++++--------------- 1 file changed, 54 insertions(+), 28 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 16057bfc4a..c3f4ecee12 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -2,6 +2,7 @@ # Requires Python 3.6+. # Author: Chris Ball # Ported from Marc "van Hauser" Heuse's "benchmark.sh". +import argparse import asyncio import glob import json @@ -9,30 +10,32 @@ import os import shutil import sys +from collections import defaultdict from decimal import Decimal -debug = False +reset = "\033[0m" +blue = lambda text: f"\033[1;94m{text}{reset}" +gray = lambda text: f"\033[1;90m{text}{reset}" +green = lambda text: f"\033[0;32m{text}{reset}" +red = lambda text: f"\033[0;31m{text}{reset}" targets = [ {"source": "../test-instr.c", "binary": "test-instr"}, {"source": "../utils/persistent_mode/test-instr.c", "binary": "test-instr-persistent-shmem"}, ] modes = ["single-core", "multi-core"] -results = {} - -colors = { - "blue": "\033[1;94m", - "gray": "\033[1;90m", - "green": "\033[0;32m", - "red": "\033[0;31m", - "reset": "\033[0m", -} +tree = lambda: defaultdict(tree) # recursive (arbitrary-depth) defaultdict! +results = tree() +between_tests = False +parser = argparse.ArgumentParser() +parser.add_argument("-d", "--debug", action="store_true") +args = parser.parse_args() async def clean_up() -> None: """Remove temporary files.""" shutil.rmtree("in") for target in targets: - # os.remove(target["binary"]) + os.remove(target["binary"]) for mode in modes: for outdir in glob.glob(f"/tmp/out-{mode}-{target['binary']}*"): shutil.rmtree(outdir) @@ -40,7 +43,7 @@ async def clean_up() -> None: async def check_deps() -> None: """Check if the necessary files exist and are executable.""" if not (os.access("../afl-fuzz", os.X_OK) and os.access("../afl-cc", os.X_OK) and os.path.exists("../SanitizerCoveragePCGUARD.so")): - sys.exit(f"{colors['red']}Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.{colors['reset']}") + sys.exit(f'{red(" [*] Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.")}') async def prep_env() -> dict: # Unset AFL_* environment variables @@ -69,17 +72,21 @@ async def compile_target(source: str, binary: str) -> None: env={"AFL_INSTRUMENT": "PCGUARD", "PATH": os.environ["PATH"]}, ) if returncode != 0: - sys.exit(f"{colors['red']} [*] Error: afl-cc is unable to compile: {stderr} {stdout}{colors['reset']}") + sys.exit(f'{red(f" [*] Error: afl-cc is unable to compile: {stderr} {stdout}")}') async def cool_down() -> None: """Avoid the next test run's results being contaminated by e.g. thermal limits hit on this one.""" - print(f"{colors['blue']}Taking a five second break to stay cool.{colors['reset']}") - await asyncio.sleep(10) + global between_tests + if between_tests: + print(f'{blue("Taking a five second break to stay cool between tests.")}') + await asyncio.sleep(10) + else: + between_tests = True -async def run_command(args, env) -> (int | None, bytes, bytes): - if debug: - print(f"\n{colors['blue']}Launching command: {args} with env {env}{colors['reset']}") - p = await asyncio.create_subprocess_exec(*args, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env) +async def run_command(cmd, env) -> (int | None, bytes, bytes): + if args.debug: + print(blue(f"Launching command: {cmd} with env {env}")) + p = await asyncio.create_subprocess_exec(*cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env) stdout, stderr = await p.communicate() return (p.returncode, stdout, stderr) @@ -96,18 +103,31 @@ async def colon_value_or_none(filename: str, searchKey: str) -> str | None: return value return None +async def save_benchmark_results() -> None: + """We want a consistent JSON file, so read in the existing one, append, and replace.""" + with open("benchmark-results.json", "r+") as jsonfile: + current_benchmarks = json.load(jsonfile) + current_benchmarks.append(results) + jsonfile.seek(0) + jsonfile.write(json.dumps(current_benchmarks, indent=2)) + jsonfile.truncate() + print(json.dumps(results, indent=2)) + + async def main() -> None: + print(f'{gray(" [*] Preparing environment")}') # Remove stale files, if necessary. try: await clean_up() except FileNotFoundError: pass - await check_deps() env_vars = await prep_env() cpu_count = multiprocessing.cpu_count() - print(f"{colors['gray']} [*] Preparing environment{colors['reset']}") - print(f"{colors['gray']} [*] Ready, starting benchmark - this will take approx 1-2 minutes...{colors['reset']}") + results["cpu_model"] = await colon_value_or_none("/proc/cpuinfo", "model name") + results["cpu_mhz"] = await colon_value_or_none("/proc/cpuinfo", "cpu MHz") + + print(f'{gray(" [*] Ready, starting benchmark - this will take approx 1-2 minutes...")}') for target in targets: await compile_target(target["source"], target["binary"]) for mode in modes: @@ -118,19 +138,25 @@ async def main() -> None: elif mode == "multi-core": cpus = range(0, cpu_count) basedir = f"/tmp/out-{mode}-{target['binary']}-" - args = [["afl-fuzz", "-i", "in", "-o", f"{basedir}{cpu}", "-M", f"{cpu}", "-s", "123", "-D", f"./{target['binary']}"] for cpu in cpus] - tasks = [run_command(args[cpu], env_vars) for cpu in cpus] + cmd = [["afl-fuzz", "-i", "in", "-o", f"{basedir}{cpu}", "-M", f"{cpu}", "-s", "123", "-D", f"./{target['binary']}"] for cpu in cpus] + + # Here's where we schedule the tasks, and then block waiting for them to finish. + tasks = [run_command(cmd[cpu], env_vars) for cpu in cpus] output = await asyncio.gather(*tasks) - if debug: - for _, (_, stdout, stderr) in enumerate(output): - print(f"{colors['blue']}Output: {stdout} {stderr}{colors['reset']}") + + if args.debug: + for (_, stdout, stderr) in output: + print(blue(f"Output: {stdout.decode()} {stderr.decode()}")) execs = sum([Decimal(await colon_value_or_none(f"{basedir}{cpu}/{cpu}/fuzzer_stats", "execs_per_sec")) for cpu in cpus]) - print(f"{colors['green']}{execs}{colors['reset']}") + print(green(execs)) + results["targets"][target["binary"]][mode]["execs_per_second"] = str(execs) + results["targets"][target["binary"]][mode]["cores_used"] = len(cpus) print("\nComparison: (note that values can change by 10-20% per run)") with open("COMPARISON", "r") as f: print(f.read()) await clean_up() + await save_benchmark_results() if __name__ == "__main__": asyncio.run(main()) \ No newline at end of file From 91938d2dfc70b782d6cc40c031b3a18f63d4a6e5 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 3 Sep 2023 06:14:16 -0700 Subject: [PATCH 148/357] Allow config of all experiment params, average across runs --- benchmark/benchmark.py | 270 +++++++++++++++++++++++------------------ 1 file changed, 153 insertions(+), 117 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index c3f4ecee12..e6082855bd 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -1,161 +1,197 @@ #!/usr/bin/env python3 -# Requires Python 3.6+. -# Author: Chris Ball -# Ported from Marc "van Hauser" Heuse's "benchmark.sh". +# Part of the aflpluslpus project, requires Python 3.7+. +# Author: Chris Ball , ported from Marc "van Hauser" Heuse's "benchmark.sh". import argparse import asyncio -import glob import json import multiprocessing import os +import platform import shutil import sys -from collections import defaultdict +import time +from dataclasses import dataclass from decimal import Decimal - -reset = "\033[0m" -blue = lambda text: f"\033[1;94m{text}{reset}" -gray = lambda text: f"\033[1;90m{text}{reset}" -green = lambda text: f"\033[0;32m{text}{reset}" -red = lambda text: f"\033[0;31m{text}{reset}" - -targets = [ - {"source": "../test-instr.c", "binary": "test-instr"}, - {"source": "../utils/persistent_mode/test-instr.c", "binary": "test-instr-persistent-shmem"}, +from enum import Enum, auto +from pathlib import Path + +blue = lambda text: f"\033[1;94m{text}\033[0m"; gray = lambda text: f"\033[1;90m{text}\033[0m" +green = lambda text: f"\033[0;32m{text}\033[0m"; red = lambda text: f"\033[0;31m{text}\033[0m" +yellow = lambda text: f"\033[0;33m{text}\033[0m" + +class Mode(Enum): + multicore = auto() + singlecore = auto() + +@dataclass +class Target: + source: Path + binary: str + +all_modes = [Mode.singlecore, Mode.multicore] +all_targets = [ + Target(source=Path("../utils/persistent_mode/test-instr.c").resolve(), binary="test-instr-persist-shmem"), + Target(source=Path("../test-instr.c").resolve(), binary="test-instr") ] -modes = ["single-core", "multi-core"] -tree = lambda: defaultdict(tree) # recursive (arbitrary-depth) defaultdict! -results = tree() -between_tests = False -parser = argparse.ArgumentParser() -parser.add_argument("-d", "--debug", action="store_true") +mode_names = [mode.name for mode in all_modes] +target_names = [target.binary for target in all_targets] +cpu_count = multiprocessing.cpu_count() + +parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) +parser.add_argument("-b", "--basedir", help="directory to use for temp files", type=str, default="/tmp/aflpp-benchmark") +parser.add_argument("-d", "--debug", help="show verbose debugging output", action="store_true") +parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=5) +parser.add_argument("-f", "--fuzzers", help="how many afl-fuzz workers to use", type=int, default=cpu_count) +parser.add_argument("-m", "--mode", help="pick modes", action="append", default=["multicore"], choices=mode_names) +parser.add_argument( + "-t", "--target", help="pick targets", action="append", default=["test-instr-persist-shmem"], choices=target_names +) args = parser.parse_args() -async def clean_up() -> None: - """Remove temporary files.""" - shutil.rmtree("in") +# Really unsatisfying argparse behavior: we want a default and to allow multiple choices, but if there's a manual choice +# it should override the default. Seems like we have to remove the default to get that and have correct help text? +if len(args.target) > 1: args.target = args.target[1:] +if len(args.mode) > 1: args.mode = args.mode[1:] + +targets = [target for target in all_targets if target.binary in args.target] +modes = [mode for mode in all_modes if mode.name in args.mode] +results = {"config": {}, "hardware": {}, "targets": {t.binary: {m.name: {} for m in modes} for t in targets}} +debug = lambda text: args.debug and print(blue(text)) +if Mode.multicore in modes: + print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") + print(blue("(use --fuzzers to override)" if args.fuzzers == cpu_count else f"(the default is {cpu_count})")) + +async def clean_up_tempfiles() -> None: + shutil.rmtree(f"{args.basedir}/in") for target in targets: - os.remove(target["binary"]) + Path(target.binary).unlink() for mode in modes: - for outdir in glob.glob(f"/tmp/out-{mode}-{target['binary']}*"): - shutil.rmtree(outdir) + shutil.rmtree(f"{args.basedir}/out-{mode.name}-{target.binary}") + +async def check_afl_persistent() -> bool: + with open("/proc/cmdline", "r") as cpuinfo: + return "mitigations=off" in cpuinfo.read().split(" ") + +async def check_afl_system() -> bool: + sysctl = next((s for s in ["sysctl", "/sbin/sysctl"] if shutil.which(s)), None) + if sysctl: + (returncode, stdout, _) = await run_command([sysctl, "kernel.randomize_va_space"], None) + return returncode == 0 and stdout.decode().rstrip().split(" = ")[1] == "0" + return False async def check_deps() -> None: - """Check if the necessary files exist and are executable.""" - if not (os.access("../afl-fuzz", os.X_OK) and os.access("../afl-cc", os.X_OK) and os.path.exists("../SanitizerCoveragePCGUARD.so")): - sys.exit(f'{red(" [*] Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.")}') + """Checks for dependencies, platform, performance.""" + plat = platform.system() + if not plat == "Linux": sys.exit(red(f" [*] Error: Your platform '{plat}' is not supported by this script yet.")) + if not os.access(Path("../afl-fuzz").resolve(), os.X_OK) and os.access(Path("../afl-cc").resolve(), os.X_OK) and ( + os.path.exists(Path("../SanitizerCoveragePCGUARD.so").resolve() + )): + sys.exit(red(" [*] Compile AFL++: we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.")) + + # Pick some sample settings from afl-{persistent,system}-config to try to see whether they were run. + cmd_checks = {"afl-persistent-config": check_afl_persistent, "afl-system-config": check_afl_system} + for cmd, checker in cmd_checks.items(): + results["config"][cmd] = await checker() + if not results["config"][cmd]: + print(yellow(f" [*] {cmd} was not run. You can run it to improve performance (and decrease security).")) async def prep_env() -> dict: - # Unset AFL_* environment variables - for e in list(os.environ.keys()): - if e.startswith("AFL_"): - os.environ.pop(e) - # Create input directory and file - os.makedirs("in", exist_ok=True) - with open("in/in.txt", "wb") as f: - f.write(b"\x00" * 10240) - # Rest of env - AFL_PATH = os.path.abspath("../") - os.environ["PATH"] = AFL_PATH + ":" + os.environ["PATH"] + """Unset AFL_* environment variables, create corpus dir and file, provide env vars for fuzzing.""" + Path(args.basedir).mkdir(exist_ok=True) + Path(f"{args.basedir}/in").mkdir(exist_ok=True) + with open(f"{args.basedir}/in/in.txt", "wb") as seed: seed.write(b"\x00" * 10240) return { - "AFL_BENCH_JUST_ONE": "1", - "AFL_DISABLE_TRIM": "1", - "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", - "AFL_NO_UI": "1", - "AFL_TRY_AFFINITY": "1", - "PATH": f"{AFL_PATH}:{os.environ['PATH']}", + "AFL_BENCH_JUST_ONE": "1", "AFL_DISABLE_TRIM": "1", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", + "AFL_NO_UI": "1", "AFL_TRY_AFFINITY": "1", "PATH": str(Path("../").resolve()), } async def compile_target(source: str, binary: str) -> None: (returncode, stdout, stderr) = await run_command( - ["afl-cc", "-o", binary, source], - env={"AFL_INSTRUMENT": "PCGUARD", "PATH": os.environ["PATH"]}, + [Path("../afl-cc").resolve(), "-o", binary, source], env={"AFL_INSTRUMENT": "PCGUARD"} + ) + if returncode != 0: sys.exit(red(f" [*] Error: afl-cc is unable to compile: {stderr} {stdout}")) + +async def run_command(cmd: str, env: dict) -> (int | None, bytes, bytes): + debug(f"Launching command: {cmd} with env {env}") + p = await asyncio.create_subprocess_exec( + *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env ) - if returncode != 0: - sys.exit(f'{red(f" [*] Error: afl-cc is unable to compile: {stderr} {stdout}")}') - -async def cool_down() -> None: - """Avoid the next test run's results being contaminated by e.g. thermal limits hit on this one.""" - global between_tests - if between_tests: - print(f'{blue("Taking a five second break to stay cool between tests.")}') - await asyncio.sleep(10) - else: - between_tests = True - -async def run_command(cmd, env) -> (int | None, bytes, bytes): - if args.debug: - print(blue(f"Launching command: {cmd} with env {env}")) - p = await asyncio.create_subprocess_exec(*cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env) stdout, stderr = await p.communicate() + debug(f"Output: {stdout.decode()} {stderr.decode()}") return (p.returncode, stdout, stderr) async def colon_value_or_none(filename: str, searchKey: str) -> str | None: - """Read a value (e.g. 'cpu MHz : 4976.109') given its filename and key.""" + """Return a colon-separated value given a key in a file, e.g. 'cpu MHz : 4976.109')""" with open(filename, "r") as fh: - for line in fh: - kv = line.split(": ", 1) - if kv and len(kv) == 2: - (key, value) = kv - key = key.strip() - value = value.strip() - if key == searchKey: - return value - return None + kv_pairs = (line.split(": ", 1) for line in fh if ": " in line) + return next((v.rstrip() for k, v in kv_pairs if k.rstrip() == searchKey), None) async def save_benchmark_results() -> None: - """We want a consistent JSON file, so read in the existing one, append, and replace.""" - with open("benchmark-results.json", "r+") as jsonfile: - current_benchmarks = json.load(jsonfile) - current_benchmarks.append(results) - jsonfile.seek(0) - jsonfile.write(json.dumps(current_benchmarks, indent=2)) - jsonfile.truncate() - print(json.dumps(results, indent=2)) + """Append a single row to the benchmark results in JSON Lines format (simple to write and to diff).""" + with open("benchmark-results.jsonl", "a") as jsonfile: + json.dump(results, jsonfile, sort_keys=True) + jsonfile.write("\n") + print(blue(f" [*] Results have been written to {jsonfile.name}")) async def main() -> None: - print(f'{gray(" [*] Preparing environment")}') - # Remove stale files, if necessary. + print(" [*] Preparing environment") try: - await clean_up() + await clean_up_tempfiles() except FileNotFoundError: pass await check_deps() + # Only record the first core's speed for now, even though it can vary between cores. + results["hardware"]["cpu_mhz"] = float(await colon_value_or_none("/proc/cpuinfo", "cpu MHz")) + results["hardware"]["cpu_model"] = await colon_value_or_none("/proc/cpuinfo", "model name") + results["hardware"]["cpu_threads"] = cpu_count env_vars = await prep_env() - cpu_count = multiprocessing.cpu_count() - results["cpu_model"] = await colon_value_or_none("/proc/cpuinfo", "model name") - results["cpu_mhz"] = await colon_value_or_none("/proc/cpuinfo", "cpu MHz") - - print(f'{gray(" [*] Ready, starting benchmark - this will take approx 1-2 minutes...")}') + print(f" [*] Ready, starting benchmark...") for target in targets: - await compile_target(target["source"], target["binary"]) + (source, binary) = [target.source, target.binary] + await compile_target(source, binary) for mode in modes: - await cool_down() - print(f" [*] {mode} {target['binary']} benchmark starting, execs/s: ", end="", flush=True) - if mode == "single-core": - cpus = [0] - elif mode == "multi-core": - cpus = range(0, cpu_count) - basedir = f"/tmp/out-{mode}-{target['binary']}-" - cmd = [["afl-fuzz", "-i", "in", "-o", f"{basedir}{cpu}", "-M", f"{cpu}", "-s", "123", "-D", f"./{target['binary']}"] for cpu in cpus] - - # Here's where we schedule the tasks, and then block waiting for them to finish. - tasks = [run_command(cmd[cpu], env_vars) for cpu in cpus] - output = await asyncio.gather(*tasks) - - if args.debug: - for (_, stdout, stderr) in output: - print(blue(f"Output: {stdout.decode()} {stderr.decode()}")) - execs = sum([Decimal(await colon_value_or_none(f"{basedir}{cpu}/{cpu}/fuzzer_stats", "execs_per_sec")) for cpu in cpus]) - print(green(execs)) - results["targets"][target["binary"]][mode]["execs_per_second"] = str(execs) - results["targets"][target["binary"]][mode]["cores_used"] = len(cpus) - - print("\nComparison: (note that values can change by 10-20% per run)") - with open("COMPARISON", "r") as f: - print(f.read()) - await clean_up() + execs_per_sec, execs_total, run_time_total = ([] for _ in range(3)) + for run in range(0, args.runs): + print(gray(f" [*] {mode.name} {binary} run {run+1} of {args.runs}, execs/s: "), end="", flush=True) + fuzzers = range(0, args.fuzzers if mode == Mode.multicore else 1) + outdir = f"{args.basedir}/out-{mode.name}-{binary}" + cmds = [] + for (idx, afl) in enumerate(fuzzers): + name = ["-o", outdir, "-M" if idx == 0 else "-S", str(afl)] + cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "-D", f"./{binary}"]) + + # Prepare the afl-fuzz tasks, and then block here while waiting for them to finish. + tasks = [run_command(cmds[cpu], env_vars) for cpu in fuzzers] + start = time.time() + await asyncio.gather(*tasks) + end = time.time() + + # Our score is the sum of all execs_per_sec entries in fuzzer_stats files for the run. + tasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_per_sec") for afl in fuzzers] + all_execs_per_sec = await asyncio.gather(*tasks) + execs = sum([Decimal(count) for count in all_execs_per_sec if count is not None]) + print(green(execs)) + execs_per_sec.append(execs) + + # Also gather execs_total and total_run_time for this run. + tasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_done") for afl in fuzzers] + all_execs_total = await asyncio.gather(*tasks) + execs_total.append(sum([Decimal(count) for count in all_execs_total if count is not None])) + run_time_total.append(Decimal(end - start)) + + total_run_time = round(Decimal(sum(run_time_total)), 2) + avg_score = round(Decimal(sum(execs_per_sec) / len(execs_per_sec)), 2) + results["targets"][binary][mode.name] = { + "execs_per_second": float(avg_score), + "execs_total": int(sum([Decimal(execs) for execs in execs_total])), + "fuzzers_used": len(fuzzers), + "total_run_time": float(total_run_time), + } + print(f" [*] Average score for this test across all runs was: {green(avg_score)}") + if (((max(execs_per_sec) - min(execs_per_sec)) / avg_score) * 100) > 15: + print(yellow(" [*] The difference between your slowest and fastest runs was >15%, maybe try again?")) + await clean_up_tempfiles() await save_benchmark_results() if __name__ == "__main__": From f8ca83ff4a7bca5ef662bd6029a37ae73833aee7 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 3 Sep 2023 16:23:06 -0700 Subject: [PATCH 149/357] Add start_time_of_run and total_execs_per_sec, cleanup for PR --- benchmark/benchmark.py | 104 +++++++++++++++++++++-------------------- 1 file changed, 53 insertions(+), 51 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index e6082855bd..52de9dcde6 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -1,15 +1,15 @@ #!/usr/bin/env python3 -# Part of the aflpluslpus project, requires Python 3.7+. +# Part of the aflplusplus project, requires Python 3.9+. # Author: Chris Ball , ported from Marc "van Hauser" Heuse's "benchmark.sh". import argparse import asyncio +import datetime import json import multiprocessing import os import platform import shutil import sys -import time from dataclasses import dataclass from decimal import Decimal from enum import Enum, auto @@ -26,15 +26,15 @@ class Mode(Enum): @dataclass class Target: source: Path - binary: str + binary: Path all_modes = [Mode.singlecore, Mode.multicore] all_targets = [ - Target(source=Path("../utils/persistent_mode/test-instr.c").resolve(), binary="test-instr-persist-shmem"), - Target(source=Path("../test-instr.c").resolve(), binary="test-instr") + Target(source=Path("../utils/persistent_mode/test-instr.c").resolve(), binary=Path("test-instr-persist-shmem")), + Target(source=Path("../test-instr.c").resolve(), binary=Path("test-instr")) ] mode_names = [mode.name for mode in all_modes] -target_names = [target.binary for target in all_targets] +target_names = [str(target.binary) for target in all_targets] cpu_count = multiprocessing.cpu_count() parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) @@ -47,15 +47,16 @@ class Target: "-t", "--target", help="pick targets", action="append", default=["test-instr-persist-shmem"], choices=target_names ) args = parser.parse_args() - # Really unsatisfying argparse behavior: we want a default and to allow multiple choices, but if there's a manual choice # it should override the default. Seems like we have to remove the default to get that and have correct help text? if len(args.target) > 1: args.target = args.target[1:] if len(args.mode) > 1: args.mode = args.mode[1:] -targets = [target for target in all_targets if target.binary in args.target] +targets = [target for target in all_targets if str(target.binary) in args.target] modes = [mode for mode in all_modes if mode.name in args.mode] -results = {"config": {}, "hardware": {}, "targets": {t.binary: {m.name: {} for m in modes} for t in targets}} +results: dict[str, dict] = { + "config": {}, "hardware": {}, "targets": {str(t.binary): {m.name: {} for m in modes} for t in targets} +} debug = lambda text: args.debug and print(blue(text)) if Mode.multicore in modes: print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") @@ -64,9 +65,9 @@ class Target: async def clean_up_tempfiles() -> None: shutil.rmtree(f"{args.basedir}/in") for target in targets: - Path(target.binary).unlink() + target.binary.unlink() for mode in modes: - shutil.rmtree(f"{args.basedir}/out-{mode.name}-{target.binary}") + shutil.rmtree(f"{args.basedir}/out-{mode.name}-{str(target.binary)}") async def check_afl_persistent() -> bool: with open("/proc/cmdline", "r") as cpuinfo: @@ -80,12 +81,9 @@ async def check_afl_system() -> bool: return False async def check_deps() -> None: - """Checks for dependencies, platform, performance.""" - plat = platform.system() - if not plat == "Linux": sys.exit(red(f" [*] Error: Your platform '{plat}' is not supported by this script yet.")) + if not (plat := platform.system()) == "Linux": sys.exit(red(f" [*] {plat} is not supported by this script yet.")) if not os.access(Path("../afl-fuzz").resolve(), os.X_OK) and os.access(Path("../afl-cc").resolve(), os.X_OK) and ( - os.path.exists(Path("../SanitizerCoveragePCGUARD.so").resolve() - )): + os.path.exists(Path("../SanitizerCoveragePCGUARD.so").resolve())): sys.exit(red(" [*] Compile AFL++: we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.")) # Pick some sample settings from afl-{persistent,system}-config to try to see whether they were run. @@ -96,22 +94,22 @@ async def check_deps() -> None: print(yellow(f" [*] {cmd} was not run. You can run it to improve performance (and decrease security).")) async def prep_env() -> dict: - """Unset AFL_* environment variables, create corpus dir and file, provide env vars for fuzzing.""" - Path(args.basedir).mkdir(exist_ok=True) - Path(f"{args.basedir}/in").mkdir(exist_ok=True) + Path(f"{args.basedir}/in").mkdir(exist_ok=True, parents=True) with open(f"{args.basedir}/in/in.txt", "wb") as seed: seed.write(b"\x00" * 10240) return { "AFL_BENCH_JUST_ONE": "1", "AFL_DISABLE_TRIM": "1", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", "AFL_NO_UI": "1", "AFL_TRY_AFFINITY": "1", "PATH": str(Path("../").resolve()), } -async def compile_target(source: str, binary: str) -> None: +async def compile_target(source: Path, binary: Path) -> None: + print(f" [*] Compiling the {binary} fuzzing harness for the benchmark to use.") (returncode, stdout, stderr) = await run_command( - [Path("../afl-cc").resolve(), "-o", binary, source], env={"AFL_INSTRUMENT": "PCGUARD"} + [str(Path("../afl-cc").resolve()), "-o", str(Path(binary.resolve())), str(Path(source).resolve())], + env={"AFL_INSTRUMENT": "PCGUARD"}, ) - if returncode != 0: sys.exit(red(f" [*] Error: afl-cc is unable to compile: {stderr} {stdout}")) + if returncode != 0: sys.exit(red(f" [*] Error: afl-cc is unable to compile: {stderr.decode()} {stdout.decode()}")) -async def run_command(cmd: str, env: dict) -> (int | None, bytes, bytes): +async def run_command(cmd: list[str], env: dict | None) -> tuple[int | None, bytes, bytes]: debug(f"Launching command: {cmd} with env {env}") p = await asyncio.create_subprocess_exec( *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env @@ -127,7 +125,7 @@ async def colon_value_or_none(filename: str, searchKey: str) -> str | None: return next((v.rstrip() for k, v in kv_pairs if k.rstrip() == searchKey), None) async def save_benchmark_results() -> None: - """Append a single row to the benchmark results in JSON Lines format (simple to write and to diff).""" + """Append a single row to the benchmark results in JSON Lines format (which is simple to write and diff).""" with open("benchmark-results.jsonl", "a") as jsonfile: json.dump(results, jsonfile, sort_keys=True) jsonfile.write("\n") @@ -135,21 +133,21 @@ async def save_benchmark_results() -> None: async def main() -> None: - print(" [*] Preparing environment") try: await clean_up_tempfiles() except FileNotFoundError: pass await check_deps() - # Only record the first core's speed for now, even though it can vary between cores. - results["hardware"]["cpu_mhz"] = float(await colon_value_or_none("/proc/cpuinfo", "cpu MHz")) - results["hardware"]["cpu_model"] = await colon_value_or_none("/proc/cpuinfo", "model name") - results["hardware"]["cpu_threads"] = cpu_count + results["hardware"] = { # Only record the first core's speed for now, even though it can vary between cores. + "cpu_mhz": float(await colon_value_or_none("/proc/cpuinfo", "cpu MHz") or ""), + "cpu_model": await colon_value_or_none("/proc/cpuinfo", "model name") or "", + "cpu_threads": cpu_count + } env_vars = await prep_env() print(f" [*] Ready, starting benchmark...") for target in targets: - (source, binary) = [target.source, target.binary] - await compile_target(source, binary) + await compile_target(target.source, target.binary) + binary = str(target.binary) for mode in modes: execs_per_sec, execs_total, run_time_total = ([] for _ in range(3)) for run in range(0, args.runs): @@ -157,36 +155,39 @@ async def main() -> None: fuzzers = range(0, args.fuzzers if mode == Mode.multicore else 1) outdir = f"{args.basedir}/out-{mode.name}-{binary}" cmds = [] - for (idx, afl) in enumerate(fuzzers): + for idx, afl in enumerate(fuzzers): name = ["-o", outdir, "-M" if idx == 0 else "-S", str(afl)] cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "-D", f"./{binary}"]) - # Prepare the afl-fuzz tasks, and then block here while waiting for them to finish. - tasks = [run_command(cmds[cpu], env_vars) for cpu in fuzzers] - start = time.time() - await asyncio.gather(*tasks) - end = time.time() + # Prepare the afl-fuzz tasks, and then block while waiting for them to finish. + fuzztasks = [run_command(cmds[cpu], env_vars) for cpu in fuzzers] + start_time = datetime.datetime.now() + await asyncio.gather(*fuzztasks) + end_time = datetime.datetime.now() # Our score is the sum of all execs_per_sec entries in fuzzer_stats files for the run. - tasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_per_sec") for afl in fuzzers] - all_execs_per_sec = await asyncio.gather(*tasks) + sectasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_per_sec") for afl in fuzzers] + all_execs_per_sec = await asyncio.gather(*sectasks) execs = sum([Decimal(count) for count in all_execs_per_sec if count is not None]) print(green(execs)) execs_per_sec.append(execs) # Also gather execs_total and total_run_time for this run. - tasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_done") for afl in fuzzers] - all_execs_total = await asyncio.gather(*tasks) + exectasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_done") for afl in fuzzers] + all_execs_total = await asyncio.gather(*exectasks) execs_total.append(sum([Decimal(count) for count in all_execs_total if count is not None])) - run_time_total.append(Decimal(end - start)) - - total_run_time = round(Decimal(sum(run_time_total)), 2) - avg_score = round(Decimal(sum(execs_per_sec) / len(execs_per_sec)), 2) - results["targets"][binary][mode.name] = { - "execs_per_second": float(avg_score), - "execs_total": int(sum([Decimal(execs) for execs in execs_total])), - "fuzzers_used": len(fuzzers), - "total_run_time": float(total_run_time), + run_time_total.append((end_time - start_time).total_seconds()) + + avg_score = round(Decimal(sum(execs_per_sec) / len(execs_per_sec)), 2) + afl_execs_total = int(sum([Decimal(execs) for execs in execs_total])) + total_run_time = float(round(Decimal(sum(run_time_total)), 2)) + results["targets"][binary][mode.name] = { # (Using float() because Decimal() is not JSON-serializable.) + "afl_execs_per_second": float(avg_score), + "afl_execs_total": afl_execs_total, + "fuzzers_used": len(fuzzers), + "start_time_of_run": str(start_time), + "total_execs_per_sec": float(round(Decimal(afl_execs_total / total_run_time), 2)), + "total_run_time": total_run_time, } print(f" [*] Average score for this test across all runs was: {green(avg_score)}") if (((max(execs_per_sec) - min(execs_per_sec)) / avg_score) * 100) > 15: @@ -195,4 +196,5 @@ async def main() -> None: await save_benchmark_results() if __name__ == "__main__": - asyncio.run(main()) \ No newline at end of file + asyncio.run(main()) + From 5f6c76e192bcfde6abcf9d4156bfbb87d5480e23 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 8 Sep 2023 13:40:57 +0200 Subject: [PATCH 150/357] fix cmplog forkserver kill signal --- src/afl-forkserver.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 9da096f74b..07f5a1a94b 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -272,6 +272,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->uses_crash_exitcode = from->uses_crash_exitcode; fsrv_to->crash_exitcode = from->crash_exitcode; fsrv_to->child_kill_signal = from->child_kill_signal; + fsrv_to->fsrv_kill_signal = from->fsrv_kill_signal; fsrv_to->debug = from->debug; // These are forkserver specific. From 6c7c4b821adae1ed244973127426ef2e966f6350 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 11 Sep 2023 14:56:34 +0200 Subject: [PATCH 151/357] reweight redundant --- src/afl-fuzz-one.c | 3 +++ src/afl-fuzz-queue.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index db88f239d3..2003be1ffd 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -5912,9 +5912,12 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { afl->queue_cur->was_fuzzed = 1; afl->reinit_table = 1 if (afl->queue_cur->favored) { + --afl->pending_favored; afl->smallest_favored = -1; + } + } } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index ce9718b035..4b9627f7bb 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -80,7 +80,7 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, if (unlikely(weight < 0.1)) { weight = 0.1; } if (unlikely(q->favored)) { weight *= 5; } if (unlikely(!q->was_fuzzed)) { weight *= 2; } - if (unlikely(q->fs_redundant)) { weight *= 0.2; } + if (unlikely(q->fs_redundant)) { weight *= 0.8; } return weight; From 19c387a824d8e5c34b2babb20bab1e47fa152649 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 12 Sep 2023 09:54:05 +0200 Subject: [PATCH 152/357] update multicore recommendation --- docs/fuzzing_in_depth.md | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index 5a5acbb236..6a217641f9 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -599,32 +599,40 @@ during fuzzing) and their number, a value between 50-500MB is recommended. You can set the cache size (in MB) by setting the environment variable `AFL_TESTCACHE_SIZE`. -There should be one main fuzzer (`-M main-$HOSTNAME` option) and as many -secondary fuzzers (e.g., `-S variant1`) as you have cores that you use. Every -`-M`/`-S` entry needs a unique name (that can be whatever), however, the same -`-o` output directory location has to be used for all instances. +There should be one main fuzzer (`-M main-$HOSTNAME` option - set also +`AFL_FINAL_SYNC=1`) and as many secondary fuzzers (e.g., `-S variant1`) as you +have cores that you use. Every `-M`/`-S` entry needs a unique name (that can be +whatever), however, the same `-o` output directory location has to be used for +all instances. For every secondary fuzzer there should be a variation, e.g.: -* one should fuzz the target that was compiled differently: with sanitizers - activated (`export AFL_USE_ASAN=1 ; export AFL_USE_UBSAN=1 ; export - AFL_USE_CFISAN=1`) +* one should fuzz the target that was compiled with sanitizers activated + (`export AFL_USE_ASAN=1 ; export AFL_USE_UBSAN=1 ; export AFL_USE_CFISAN=1`) * one or two should fuzz the target with CMPLOG/redqueen (see above), at least - one cmplog instance should follow transformations (`-l AT`) + one cmplog instance should follow transformations (`-l 2AT`) * one to three fuzzers should fuzz a target compiled with laf-intel/COMPCOV (see above). Important note: If you run more than one laf-intel/COMPCOV fuzzer and you want them to share their intermediate results, the main fuzzer (`-M`) must - be one of them! (Although this is not really recommended.) - -All other secondaries should be used like this: -* 10-20% with the MOpt mutator enabled: `-L 0` -* run with a different power schedule, recommended are: `fast` (default), + be one of them (although this is not really recommended). + +The other secondaries should be run like this: +* 10% with the MOpt mutator enabled: `-L 0` +* 10% should use the old queue cycling with `-Z` +* 50-70% should run with `AFL_DISABLE_TRIM` +* 40% should run with `-P explore` and 20% with `-P exploit` +* If you use `-a` then set 30% of the instances to not use `-a`; if you did + not set `-a` (why??), then set 30% to `-a ascii` and 30% to `-a binary`. +* run each with a different power schedule, recommended are: `fast` (default), `explore`, `coe`, `lin`, `quad`, `exploit`, and `rare` which you can set with the `-p` option, e.g., `-p explore`. See the [FAQ](FAQ.md#what-are-power-schedules) for details. -* a few instances should use the old queue cycling with `-Z` + +It can be useful to set `AFL_IGNORE_SEED_PROBLEMS=1` to skip over seeds that +crash or timeout during startup. Also, it is recommended to set `export AFL_IMPORT_FIRST=1` to load test cases -from other fuzzers in the campaign first. +from other fuzzers in the campaign first. But note that can slow down the start +of the first fuzz by quite a lot of you have many fuzzers and/or many seeds. If you have a large corpus, a corpus from a previous run or are fuzzing in a CI, then also set `export AFL_CMPLOG_ONLY_NEW=1` and `export AFL_FAST_CAL=1`. From 4f4ce24690c682af500ee235c57055d87dfb9c9d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 12 Sep 2023 10:26:52 +0200 Subject: [PATCH 153/357] update todo --- TODO.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/TODO.md b/TODO.md index 7968452e9c..eb934e3f1a 100644 --- a/TODO.md +++ b/TODO.md @@ -2,8 +2,9 @@ ## Should + - afl-showmap -f support + - afl-fuzz multicore wrapper script - afl-crash-analysis - - test cmplog for less than 16bit - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values - Update afl->pending_not_fuzzed for MOpt From 3b835b7c8b2f73be6d5972951d049cef66c24abd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 12 Sep 2023 16:05:56 +0200 Subject: [PATCH 154/357] increase sync length --- docs/Changelog.md | 1 + src/afl-fuzz.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index bccc67484c..dfbadea3ec 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,7 @@ before terminating. - added AFL_IGNORE_SEED_PROBLEMS to skip over seeds that time out instead of exiting with an error message + - allow -S/-M naming up to 50 characters (from 24) - afl-whatsup: - detect instanced that are starting up and show them as such as not dead - now also shows coverage reached diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a3d5e30033..f659395e7e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1492,9 +1492,9 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->sync_id) { - if (strlen(afl->sync_id) > 24) { + if (strlen(afl->sync_id) > 50) { - FATAL("sync_id max length is 24 characters"); + FATAL("sync_id max length is 50 characters"); } From 98eed79f5701726d6fe566832707f32ab6d42e3e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 13 Sep 2023 09:39:06 +0200 Subject: [PATCH 155/357] -a default --- src/afl-fuzz.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index f659395e7e..cf57702fcf 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -536,6 +536,10 @@ int main(int argc, char **argv_orig, char **envp) { afl->input_mode = 2; + } else if (!stricmp(optarg, "def") || !stricmp(optarg, "default")) { + + afl->input_mode = 0; + } else { FATAL("-a input mode needs to be \"text\" or \"binary\"."); From 748d417f86d2d2a290c43428fd40ce616afcfc95 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 13 Sep 2023 10:24:44 +0200 Subject: [PATCH 156/357] afl-whatsup output fix --- afl-whatsup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index fad4c3d32f..5b7cbcd60f 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -321,8 +321,8 @@ for j in `find . -maxdepth 2 -iname fuzzer_setup | sort`; do if [ -z "$MINIMAL_ONLY" ]; then - CPU_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $3}') - MEM_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $4}') + CPU_USAGE=$(ps aux | grep -w $fuzzer_pid | grep -v grep | awk '{print $3}') + MEM_USAGE=$(ps aux | grep -w $fuzzer_pid | grep -v grep | awk '{print $4}') echo " cpu usage $CPU_USAGE%, memory usage $MEM_USAGE%" From 0b6e74eeb099ac045932e5d3603af899268b48d0 Mon Sep 17 00:00:00 2001 From: Thomas Rooijakkers Date: Wed, 13 Sep 2023 15:49:04 +0200 Subject: [PATCH 157/357] Add support for UTF-8 line rendering --- GNUmakefile | 5 +++ docs/INSTALL.md | 1 + include/debug.h | 81 +++++++++++++++++++++++++++++++------------------ 3 files changed, 57 insertions(+), 30 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 88816e8585..4a234c5113 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -45,6 +45,10 @@ ifdef NO_SPLICING override CFLAGS_OPT += -DNO_SPLICING endif +ifdef UTF + override CFLAGS_OPT += -DFANCY_BOXES_UTF +endif + ifdef ASAN_BUILD $(info Compiling ASAN version of binaries) override CFLAGS += $(ASAN_CFLAGS) @@ -391,6 +395,7 @@ help: @echo INTROSPECTION - compile afl-fuzz with mutation introspection @echo NO_PYTHON - disable python support @echo NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing + @echo UTF - use UTF-8 for line rendering in status screen @echo NO_NYX - disable building nyx mode dependencies @echo "NO_CORESIGHT - disable building coresight (arm64 only)" @echo NO_UNICORN_ARM64 - disable building unicorn on arm64 diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 9005a7eb9f..7c04d7d8c2 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -87,6 +87,7 @@ These build options exist: * INTROSPECTION - compile afl-fuzz with mutation introspection * NO_PYTHON - disable python support * NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing +* UTF - use UTF-8 for line rendering in status screen * NO_NYX - disable building nyx mode dependencies * NO_CORESIGHT - disable building coresight (arm64 only) * NO_UNICORN_ARM64 - disable building unicorn on arm64 diff --git a/include/debug.h b/include/debug.h index cd621a720c..a917932901 100644 --- a/include/debug.h +++ b/include/debug.h @@ -116,42 +116,63 @@ * Box drawing sequences * *************************/ -#ifdef FANCY_BOXES - - #define SET_G1 "\x1b)0" /* Set G1 for box drawing */ - #define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */ - #define bSTART "\x0e" /* Enter G1 drawing mode */ - #define bSTOP "\x0f" /* Leave G1 drawing mode */ - #define bH "q" /* Horizontal line */ - #define bV "x" /* Vertical line */ - #define bLT "l" /* Left top corner */ - #define bRT "k" /* Right top corner */ - #define bLB "m" /* Left bottom corner */ - #define bRB "j" /* Right bottom corner */ - #define bX "n" /* Cross */ - #define bVR "t" /* Vertical, branch right */ - #define bVL "u" /* Vertical, branch left */ - #define bHT "v" /* Horizontal, branch top */ - #define bHB "w" /* Horizontal, branch bottom */ - -#else +#ifdef FANCY_BOXES_UTF #define SET_G1 "" #define RESET_G1 "" #define bSTART "" #define bSTOP "" - #define bH "-" - #define bV "|" - #define bLT "+" - #define bRT "+" - #define bLB "+" - #define bRB "+" - #define bX "+" - #define bVR "+" - #define bVL "+" - #define bHT "+" - #define bHB "+" + #define bH "\u2500" /* Horizontal line */ + #define bV "\u2502" /* Vertical line */ + #define bLT "\u250c" /* Left top corner */ + #define bRT "\u2510" /* Right top corner */ + #define bLB "\u2514" /* Left bottom corner */ + #define bRB "\u2518" /* Right bottom corner */ + #define bX "\u253c" /* Cross */ + #define bVR "\u251c" /* Vertical, branch right */ + #define bVL "\u2524" /* Vertical, branch left */ + #define bHT "\u2534" /* Horizontal, branch top */ + #define bHB "\u252c" /* Horizontal, branch bottom */ + +#else + #ifdef FANCY_BOXES + + #define SET_G1 "\x1b)0" /* Set G1 for box drawing */ + #define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */ + #define bSTART "\x0e" /* Enter G1 drawing mode */ + #define bSTOP "\x0f" /* Leave G1 drawing mode */ + #define bH "q" /* Horizontal line */ + #define bV "x" /* Vertical line */ + #define bLT "l" /* Left top corner */ + #define bRT "k" /* Right top corner */ + #define bLB "m" /* Left bottom corner */ + #define bRB "j" /* Right bottom corner */ + #define bX "n" /* Cross */ + #define bVR "t" /* Vertical, branch right */ + #define bVL "u" /* Vertical, branch left */ + #define bHT "v" /* Horizontal, branch top */ + #define bHB "w" /* Horizontal, branch bottom */ + + #else + + #define SET_G1 "" + #define RESET_G1 "" + #define bSTART "" + #define bSTOP "" + #define bH "-" + #define bV "|" + #define bLT "+" + #define bRT "+" + #define bLB "+" + #define bRB "+" + #define bX "+" + #define bVR "+" + #define bVL "+" + #define bHT "+" + #define bHB "+" + + #endif #endif /* ^FANCY_BOXES */ /*********************** From 54f01481571ba3a7c05a5e37b9f5021c1304834e Mon Sep 17 00:00:00 2001 From: Thomas Rooijakkers Date: Tue, 19 Sep 2023 13:31:29 +0200 Subject: [PATCH 158/357] UTF-8 line rendering for status screen as default --- GNUmakefile | 6 ++--- docs/INSTALL.md | 2 +- include/debug.h | 64 ++++++++++++++++++++++++------------------------- 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 4a234c5113..fadf20bd32 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -45,8 +45,8 @@ ifdef NO_SPLICING override CFLAGS_OPT += -DNO_SPLICING endif -ifdef UTF - override CFLAGS_OPT += -DFANCY_BOXES_UTF +ifdef NO_UTF + override CFLAGS_OPT += -DFANCY_BOXES_NO_UTF endif ifdef ASAN_BUILD @@ -395,7 +395,7 @@ help: @echo INTROSPECTION - compile afl-fuzz with mutation introspection @echo NO_PYTHON - disable python support @echo NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing - @echo UTF - use UTF-8 for line rendering in status screen + @echo NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL) @echo NO_NYX - disable building nyx mode dependencies @echo "NO_CORESIGHT - disable building coresight (arm64 only)" @echo NO_UNICORN_ARM64 - disable building unicorn on arm64 diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 7c04d7d8c2..41f512ed8f 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -87,7 +87,7 @@ These build options exist: * INTROSPECTION - compile afl-fuzz with mutation introspection * NO_PYTHON - disable python support * NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing -* UTF - use UTF-8 for line rendering in status screen +* NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL) * NO_NYX - disable building nyx mode dependencies * NO_CORESIGHT - disable building coresight (arm64 only) * NO_UNICORN_ARM64 - disable building unicorn on arm64 diff --git a/include/debug.h b/include/debug.h index a917932901..234d8fc42f 100644 --- a/include/debug.h +++ b/include/debug.h @@ -116,43 +116,43 @@ * Box drawing sequences * *************************/ -#ifdef FANCY_BOXES_UTF - - #define SET_G1 "" - #define RESET_G1 "" - #define bSTART "" - #define bSTOP "" - #define bH "\u2500" /* Horizontal line */ - #define bV "\u2502" /* Vertical line */ - #define bLT "\u250c" /* Left top corner */ - #define bRT "\u2510" /* Right top corner */ - #define bLB "\u2514" /* Left bottom corner */ - #define bRB "\u2518" /* Right bottom corner */ - #define bX "\u253c" /* Cross */ - #define bVR "\u251c" /* Vertical, branch right */ - #define bVL "\u2524" /* Vertical, branch left */ - #define bHT "\u2534" /* Horizontal, branch top */ - #define bHB "\u252c" /* Horizontal, branch bottom */ +#ifdef FANCY_BOXES_NO_UTF + + #define SET_G1 "\x1b)0" /* Set G1 for box drawing */ + #define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */ + #define bSTART "\x0e" /* Enter G1 drawing mode */ + #define bSTOP "\x0f" /* Leave G1 drawing mode */ + #define bH "q" /* Horizontal line */ + #define bV "x" /* Vertical line */ + #define bLT "l" /* Left top corner */ + #define bRT "k" /* Right top corner */ + #define bLB "m" /* Left bottom corner */ + #define bRB "j" /* Right bottom corner */ + #define bX "n" /* Cross */ + #define bVR "t" /* Vertical, branch right */ + #define bVL "u" /* Vertical, branch left */ + #define bHT "v" /* Horizontal, branch top */ + #define bHB "w" /* Horizontal, branch bottom */ #else #ifdef FANCY_BOXES - #define SET_G1 "\x1b)0" /* Set G1 for box drawing */ - #define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */ - #define bSTART "\x0e" /* Enter G1 drawing mode */ - #define bSTOP "\x0f" /* Leave G1 drawing mode */ - #define bH "q" /* Horizontal line */ - #define bV "x" /* Vertical line */ - #define bLT "l" /* Left top corner */ - #define bRT "k" /* Right top corner */ - #define bLB "m" /* Left bottom corner */ - #define bRB "j" /* Right bottom corner */ - #define bX "n" /* Cross */ - #define bVR "t" /* Vertical, branch right */ - #define bVL "u" /* Vertical, branch left */ - #define bHT "v" /* Horizontal, branch top */ - #define bHB "w" /* Horizontal, branch bottom */ + #define SET_G1 "" + #define RESET_G1 "" + #define bSTART "" + #define bSTOP "" + #define bH "\u2500" /* Horizontal line */ + #define bV "\u2502" /* Vertical line */ + #define bLT "\u250c" /* Left top corner */ + #define bRT "\u2510" /* Right top corner */ + #define bLB "\u2514" /* Left bottom corner */ + #define bRB "\u2518" /* Right bottom corner */ + #define bX "\u253c" /* Cross */ + #define bVR "\u251c" /* Vertical, branch right */ + #define bVL "\u2524" /* Vertical, branch left */ + #define bHT "\u2534" /* Horizontal, branch top */ + #define bHB "\u252c" /* Horizontal, branch bottom */ #else From 6dc054be0faa2fe934ec24465f75fb8676798d13 Mon Sep 17 00:00:00 2001 From: Thomas Rooijakkers Date: Tue, 19 Sep 2023 13:42:53 +0200 Subject: [PATCH 159/357] Add usage compilation status print for NO_UTF --- src/afl-fuzz.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index cf57702fcf..9aaec2c753 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -381,6 +381,12 @@ static void usage(u8 *argv0, int more_help) { SAYF("Compiled with NO_SPLICING.\n"); #endif +#ifdef NO_UTF + SAYF("Compiled without UTF-8 support for line rendering in status screen.\n"); +#else + SAYF("Compiled with UTF-8 support for line rendering in status screen.\n"); +#endif + #ifdef PROFILING SAYF("Compiled with PROFILING.\n"); #endif From abbdf1c3ac61322e9fd55a78fbb3ad60c6e68971 Mon Sep 17 00:00:00 2001 From: Thomas Rooijakkers Date: Tue, 19 Sep 2023 13:52:36 +0200 Subject: [PATCH 160/357] Use proper ifdef, remove else in line with other compile options --- src/afl-fuzz.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9aaec2c753..86c0522399 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -381,10 +381,8 @@ static void usage(u8 *argv0, int more_help) { SAYF("Compiled with NO_SPLICING.\n"); #endif -#ifdef NO_UTF +#ifdef FANCY_BOXES_NO_UTF SAYF("Compiled without UTF-8 support for line rendering in status screen.\n"); -#else - SAYF("Compiled with UTF-8 support for line rendering in status screen.\n"); #endif #ifdef PROFILING From 5eb4c6eacdce06ef0313c389ce1616f52110dbb0 Mon Sep 17 00:00:00 2001 From: Nikolay Shaplov Date: Tue, 19 Sep 2023 21:55:40 +0300 Subject: [PATCH 161/357] Use shorter fuzzer name in stat header when user's banner is too big --- src/afl-fuzz-stats.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 3d0a9b9ae1..adf04420f6 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -778,10 +778,29 @@ void show_stats_normal(afl_state_t *afl) { if (unlikely(!banner[0])) { char *si = ""; + char *fuzzer_name; + if (afl->sync_id) { si = afl->sync_id; } memset(banner, 0, sizeof(banner)); - banner_len = (afl->crash_mode ? 20 : 18) + strlen(VERSION) + strlen(si) + - strlen(afl->power_name) + 4 + 6; + + banner_len = strlen(VERSION) + strlen(si) + strlen(afl->power_name) + 4 + 6; + + if (afl->crash_mode) { + + fuzzer_name = "peruvian were-rabbit"; + + } else { + + fuzzer_name = "american fuzzy lop"; + if (banner_len + strlen(fuzzer_name) + strlen(afl->use_banner) > 75) { + + fuzzer_name = "AFL"; + + } + + } + + banner_len += strlen(fuzzer_name); if (strlen(afl->use_banner) + banner_len > 75) { @@ -798,18 +817,16 @@ void show_stats_normal(afl_state_t *afl) { if (afl->fsrv.nyx_mode) { snprintf(banner + banner_pad, sizeof(banner) - banner_pad, - "%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s] - Nyx", - afl->crash_mode ? cPIN "peruvian were-rabbit" - : cYEL "american fuzzy lop", + "%s%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s] - Nyx", + afl->crash_mode ? cPIN : cYEL, fuzzer_name, si, afl->use_banner, afl->power_name); } else { #endif snprintf(banner + banner_pad, sizeof(banner) - banner_pad, - "%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s]", - afl->crash_mode ? cPIN "peruvian were-rabbit" - : cYEL "american fuzzy lop", + "%s%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s]", + afl->crash_mode ? cPIN : cYEL, fuzzer_name, si, afl->use_banner, afl->power_name); #ifdef __linux__ From a6b7da880852ab33e54c4c0eb55570eb5ee4aede Mon Sep 17 00:00:00 2001 From: Thomas Rooijakkers Date: Wed, 20 Sep 2023 09:41:49 +0200 Subject: [PATCH 162/357] Remove Android specifics --- include/config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/config.h b/include/config.h index 6a75737ffd..988e536eef 100644 --- a/include/config.h +++ b/include/config.h @@ -120,9 +120,9 @@ // #define _WANT_ORIGINAL_AFL_ALLOC -/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ +/* Comment out to disable fancy boxes and use poor man's 7-bit UI: */ -#ifndef ANDROID_DISABLE_FANCY // Fancy boxes are ugly from adb +#ifndef DISABLE_FANCY #define FANCY_BOXES #endif From 762fe0aad860c0c0fa3c9e19103c3df799498c72 Mon Sep 17 00:00:00 2001 From: Thomas Rooijakkers Date: Wed, 20 Sep 2023 11:00:17 +0200 Subject: [PATCH 163/357] forgot removal of compiler flag --- utils/qbdi_mode/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/qbdi_mode/build.sh b/utils/qbdi_mode/build.sh index 29fe0ee4d2..a92d81bd85 100755 --- a/utils/qbdi_mode/build.sh +++ b/utils/qbdi_mode/build.sh @@ -52,6 +52,6 @@ ${compiler_prefix}${CC} -shared -o libdemo.so demo-so.c -w -g echo "[+] Building afl-fuzz for Android" # build afl-fuzz cd ../.. -${compiler_prefix}${CC} -DANDROID_DISABLE_FANCY=1 -O3 -funroll-loops -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DDOC_PATH=\"/usr/local/share/doc/afl\" -Wno-unused-function src/afl-fuzz*.c src/afl-common.c src/afl-sharedmem.c src/afl-forkserver.c src/afl-performance.c -o utils/qbdi_mode/afl-fuzz -ldl -lm -w +${compiler_prefix}${CC} -O3 -funroll-loops -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DDOC_PATH=\"/usr/local/share/doc/afl\" -Wno-unused-function src/afl-fuzz*.c src/afl-common.c src/afl-sharedmem.c src/afl-forkserver.c src/afl-performance.c -o utils/qbdi_mode/afl-fuzz -ldl -lm -w echo "[+] All done. Enjoy!" From c762b6a3054b1a264101b66641681de974e4c806 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 22 Sep 2023 07:06:18 +0200 Subject: [PATCH 164/357] fix afl-persistent-config for Debian --- afl-persistent-config | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/afl-persistent-config b/afl-persistent-config index 6d96c19650..3abcb866a1 100755 --- a/afl-persistent-config +++ b/afl-persistent-config @@ -98,9 +98,9 @@ if [[ "$PLATFORM" = "Linux" ]] ; then echo "Checks passed." test -d /etc/sysctl.d || echo Error: /etc/sysctl.d directory not found, cannot install shmem config - test -d /etc/sysctl.d -a '!' -e /etc/sysctl.d/99-fuzzing && { - echo "Installing /etc/sysctl.d/99-fuzzing" - cat << EOF > /etc/sysctl.d/99-fuzzing + test -d /etc/sysctl.d -a '!' -e /etc/sysctl.d/99-fuzzing.conf && { + echo "Installing /etc/sysctl.d/99-fuzzing.conf" + cat << EOF > /etc/sysctl.d/99-fuzzing.conf kernel.core_uses_pid=0 kernel.core_pattern=core kernel.randomize_va_space=0 From bd90283d0f1f0888ec2673e7b19bd6689ba8f4a6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 22 Sep 2023 07:17:23 +0200 Subject: [PATCH 165/357] update todo --- TODO.md | 1 + 1 file changed, 1 insertion(+) diff --git a/TODO.md b/TODO.md index eb934e3f1a..ac24fe071b 100644 --- a/TODO.md +++ b/TODO.md @@ -4,6 +4,7 @@ - afl-showmap -f support - afl-fuzz multicore wrapper script + - add value_profile but only enable after 15 minutes without finds - afl-crash-analysis - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values From 5f7c3a1ee0d6f20e42a207a7e75e0f19e726a0f5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 27 Sep 2023 16:32:55 +0200 Subject: [PATCH 166/357] fix afl-cc help output --- src/afl-cc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 12707007f0..037a5c30cb 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2118,6 +2118,8 @@ int main(int argc, char **argv, char **envp) { " [LLVM] LLVM: %s%s\n" " PCGUARD %s yes yes module yes yes " "yes\n" + " NATIVE AVAILABLE no yes no no " + "part. yes\n" " CLASSIC %s no yes module yes yes " "yes\n" " - NORMAL\n" @@ -2137,10 +2139,10 @@ int main(int argc, char **argv, char **envp) { "no\n\n", have_llvm ? "AVAILABLE" : "unavailable!", compiler_mode == LLVM ? " [SELECTED]" : "", + have_llvm ? "AVAILABLE" : "unavailable!", + have_llvm ? "AVAILABLE" : "unavailable!", have_lto ? "AVAILABLE" : "unavailable!", compiler_mode == LTO ? " [SELECTED]" : "", - LLVM_MAJOR >= 7 ? "DEFAULT" : " ", - LLVM_MAJOR >= 7 ? " " : "DEFAULT", have_gcc_plugin ? "AVAILABLE" : "unavailable!", compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", have_gcc ? "AVAILABLE" : "unavailable!", From fd76d6a43304c671422854a062f40c21b0d3d7b1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 28 Sep 2023 15:35:41 +0200 Subject: [PATCH 167/357] fix exploit mode on startup --- src/afl-fuzz.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 86c0522399..8574b9b33f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2826,7 +2826,9 @@ int main(int argc, char **argv_orig, char **envp) { if (likely(afl->switch_fuzz_mode && afl->fuzz_mode == 0 && !afl->non_instrumented_mode) && - unlikely(cur_time > afl->last_find_time + afl->switch_fuzz_mode)) { + unlikely(cur_time > (likely(afl->last_find_time) ? afl->last_find_time + : afl->start_time) + + afl->switch_fuzz_mode)) { if (afl->afl_env.afl_no_ui) { From d6b6278cb466570aad7b6116786027582cd093d8 Mon Sep 17 00:00:00 2001 From: Grzegorz Wypych Date: Fri, 29 Sep 2023 23:34:22 +0200 Subject: [PATCH 168/357] Fixed script for pwndbg (#1876) Co-authored-by: grzegorz.wypych --- .../helper_scripts/unicorn_dumper_pwndbg.py | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/unicorn_mode/helper_scripts/unicorn_dumper_pwndbg.py b/unicorn_mode/helper_scripts/unicorn_dumper_pwndbg.py index eccbc8bf29..7e97f6a78d 100644 --- a/unicorn_mode/helper_scripts/unicorn_dumper_pwndbg.py +++ b/unicorn_mode/helper_scripts/unicorn_dumper_pwndbg.py @@ -40,10 +40,10 @@ pwndbg_loaded = False try: - import pwndbg.arch - import pwndbg.regs - import pwndbg.vmmap - import pwndbg.memory + import pwndbg.gdblib.arch + import pwndbg.gdblib.regs + import pwndbg.gdblib.vmmap + import pwndbg.gdblib.memory pwndbg_loaded = True @@ -64,7 +64,7 @@ def map_arch(): - arch = pwndbg.arch.current # from PWNDBG + arch = pwndbg.gdblib.arch.current # from PWNDBG if "x86_64" in arch or "x86-64" in arch: return "x64" elif "x86" in arch or "i386" in arch: @@ -74,9 +74,9 @@ def map_arch(): elif "aarch64_be" in arch: return "arm64be" elif "arm" in arch: - cpsr = pwndbg.regs["cpsr"] + cpsr = pwndbg.gdblib.regs["cpsr"] # check endianess - if pwndbg.arch.endian == "big": + if pwndbg.gdblib.arch.endian == "big": # check for THUMB mode if cpsr & (1 << 5): return "armbethumb" @@ -89,7 +89,7 @@ def map_arch(): else: return "armle" elif "mips" in arch: - if pwndbg.arch.endian == "little": + if pwndbg.gdblib.arch.endian == "little": return "mipsel" else: return "mips" @@ -109,8 +109,8 @@ def dump_arch_info(): def dump_regs(): reg_state = {} - for reg in pwndbg.regs.all: - reg_val = pwndbg.regs[reg] + for reg in pwndbg.gdblib.regs.all: + reg_val = pwndbg.gdblib.regs[reg] # current dumper script looks for register values to be hex strings # reg_str = "0x{:08x}".format(reg_val) # if "64" in get_arch(): @@ -125,7 +125,7 @@ def dump_process_memory(output_dir): final_segment_list = [] # PWNDBG: - vmmap = pwndbg.vmmap.get() + vmmap = pwndbg.gdblib.vmmap.get() # Pointer to end of last dumped memory segment segment_last_addr = 0x0 @@ -165,7 +165,7 @@ def dump_process_memory(output_dir): if entry.read and not "(deleted)" in entry.objfile: try: # Compress and dump the content to a file - seg_content = pwndbg.memory.read(start, end - start) + seg_content = pwndbg.gdblib.memory.read(start, end - start) if seg_content == None: print( "Segment empty: @0x{0:016x} (size:UNKNOWN) {1}".format( @@ -181,7 +181,7 @@ def dump_process_memory(output_dir): repr(seg_info["permissions"]), ) ) - compressed_seg_content = zlib.compress(str(seg_content)) + compressed_seg_content = zlib.compress(bytes(seg_content)) md5_sum = hashlib.md5(compressed_seg_content).hexdigest() + ".bin" seg_info["content_file"] = md5_sum From 6b73dee7da4e4e8bd227a9cb156c7a683d124682 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 30 Sep 2023 12:42:40 +0200 Subject: [PATCH 169/357] add afl-addseeds tool --- GNUmakefile | 2 +- afl-addseeds | 54 +++++++++++++++++++++++++++++++++++++++++++++++ docs/Changelog.md | 1 + src/afl-fuzz.c | 6 ++++++ 4 files changed, 62 insertions(+), 1 deletion(-) create mode 100755 afl-addseeds diff --git a/GNUmakefile b/GNUmakefile index fadf20bd32..5fd371479f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -32,7 +32,7 @@ VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f # PROGS intentionally omit afl-as, which gets installed elsewhere. PROGS = afl-fuzz afl-showmap afl-tmin afl-gotcpu afl-analyze -SH_PROGS = afl-plot afl-cmin afl-cmin.bash afl-whatsup afl-system-config afl-persistent-config afl-cc +SH_PROGS = afl-plot afl-cmin afl-cmin.bash afl-whatsup afl-addseeds afl-system-config afl-persistent-config afl-cc MANPAGES=$(foreach p, $(PROGS) $(SH_PROGS), $(p).8) afl-as.8 ASAN_OPTIONS=detect_leaks=0 diff --git a/afl-addseeds b/afl-addseeds new file mode 100755 index 0000000000..bb2843a832 --- /dev/null +++ b/afl-addseeds @@ -0,0 +1,54 @@ +#!/bin/sh + +test -z "$1" -o "$1" = "-h" -o "$1" = "--help" && { + echo Syntax: afl-addseeds -o afl-out-dir [-i seed_file_or_dir] seed_file_or_seed_dir seed_file_or_seed_dir ... + echo + echo Options: + echo " -o afl-out-dir the output directory being used in the fuzzing campaign" + echo " -i seed_file_or_dir file or directory of files to add" + echo + echo Adds new seeds to an existing AFL++ fuzzing campaign. + exit 0 +} + +for TOOL in find ls; do + X=`which $TOOL` + test -n "$X" || { echo "Error: required tool '$TOOL' not found."; exit 1; } +done + +TEST=`printf %06d 123 2>/dev/null` +test "$TEST" = "000123" || { echo "Error: required tool 'printf' not found."; exit 1; } + +OUT= +NEXT= +for i in $*; do + test -n "$NEXT" && { OUT=$i ; NEXT=""; } + test "$i" = "-o" && { NEXT=1; } +done + +test -d "$OUT" || { echo Error: $OUT is not an existing directory; exit 1; } +OK=`ls $OUT/*/fuzzer_stats 2>/dev/null` +test -n "$OK" || { echo "Error: $OUT is not an 'afl-fuzz -o ... ' output directory" ; exit 1; } + +OUTDIR=$OUT/addseeds/queue +mkdir -p "$OUTDIR" 2>/dev/null +test -d "$OUTDIR" || { echo Error: could not create $OUTDIR ; exit 1 ; } + +echo Adding seeds ... +NEXTID=0 +for i in $*; do + test -z "$i" -o "$i" = "$OUT" -o "$i" = "-i" -o "$i" = "-o" || { + find "$i" -type f | while read FILE; do + N=xxx + while [ -n "$N" ]; do + ID=$NEXTID + N=`ls "$OUTDIR/id:$(printf %06d $ID),"* 2>/dev/null` + NEXTID=$(($NEXTID + 1)) + done + FN=`echo "$FILE" | sed 's/.*\///'` + cp -v "$FILE" "$OUTDIR/id:$(printf %06d $ID),time:0,execs:0,orig:$FN" + done + } +done + +echo Done. diff --git a/docs/Changelog.md b/docs/Changelog.md index dfbadea3ec..101d380b76 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -19,6 +19,7 @@ - fix for a few string compare transform functions for LAF - frida_mode: - fixes support for large map offsets + - added new tool afl-addseeds that adds new seeds to a running campaign - added benchmark/benchmark.sh if you want to see how good your fuzzing speed is in comparison to other setups. diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8574b9b33f..0a6755d787 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1346,6 +1346,12 @@ int main(int argc, char **argv_orig, char **envp) { } + if (strcmp(afl->sync_id, "addseeds") == 0) { + + FATAL("-M/-S name 'addseeds' is a reserved name, choose something else"); + + } + if (afl->is_main_node == 1 && afl->schedule != FAST && afl->schedule != EXPLORE) { From efae28f27cfbdd2b38d2fe793f24baaa2211eb1d Mon Sep 17 00:00:00 2001 From: toka Date: Sun, 1 Oct 2023 18:20:50 +0200 Subject: [PATCH 170/357] typo --- instrumentation/afl-compiler-rt.o.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index dd9aae7741..723b946b10 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -2294,7 +2294,7 @@ void __cmplog_rtn_hook_strn(u8 *ptr1, u8 *ptr2, u64 len) { int len1 = strnlen(ptr1, len0); if (len1 < 31) len1 = area_is_valid(ptr1, len1 + 1); int len2 = strnlen(ptr2, len0); - if (len2 < 31) len2 = area_is_valid(ptr1, len2 + 1); + if (len2 < 31) len2 = area_is_valid(ptr2, len2 + 1); int l = MAX(len1, len2); if (l < 2) return; From 05bea40ea4b86d77777000d98d4af7d63149ad5c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 2 Oct 2023 09:09:37 +0200 Subject: [PATCH 171/357] update nyx-qemu --- nyx_mode/QEMU-Nyx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 874fa033d1..92ed7cefc1 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 874fa033d117a3e9931245cb9e82836a4abc0425 +Subproject commit 92ed7cefc1bd043a1230ca74b263b484825c2655 From 49a1d81191aea5c7d068ad0051f39fc579ebfa63 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Mon, 2 Oct 2023 03:11:51 -0700 Subject: [PATCH 172/357] benchmark: cleanup, add results, add a data exploration notebook --- benchmark/benchmark-results.jsonl | 548 ++++ benchmark/benchmark.ipynb | 4490 +++++++++++++++++++++++++++++ benchmark/benchmark.py | 167 +- 3 files changed, 5147 insertions(+), 58 deletions(-) create mode 100644 benchmark/benchmark-results.jsonl create mode 100644 benchmark/benchmark.ipynb diff --git a/benchmark/benchmark-results.jsonl b/benchmark/benchmark-results.jsonl new file mode 100644 index 0000000000..eef183846b --- /dev/null +++ b/benchmark/benchmark-results.jsonl @@ -0,0 +1,548 @@ +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.879, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 11025.88, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 01:18:19.516294", "run_start": "2023-09-24 01:17:55.982600", "total_execs_per_sec": 11019.3, "total_run_time": 47.16}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 134423.5, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 01:17:32.262373", "run_start": "2023-09-24 01:17:30.328037", "total_execs_per_sec": 133591.26, "total_run_time": 3.89}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.794, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 21139.64, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 01:19:15.060420", "run_start": "2023-09-24 01:18:50.438781", "total_execs_per_sec": 21111.92, "total_run_time": 49.23}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 258490.04, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 01:18:25.733140", "run_start": "2023-09-24 01:18:23.718094", "total_execs_per_sec": 255995.07, "total_run_time": 4.06}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.859, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30618.28, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 01:20:12.416984", "run_start": "2023-09-24 01:19:46.914403", "total_execs_per_sec": 30568.82, "total_run_time": 51.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 383777.45, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 01:19:21.318951", "run_start": "2023-09-24 01:19:19.272479", "total_execs_per_sec": 380246.34, "total_run_time": 4.1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.078, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 39125.92, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 01:21:12.260174", "run_start": "2023-09-24 01:20:45.582491", "total_execs_per_sec": 38963.07, "total_run_time": 53.35}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 496249.48, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 01:20:18.814456", "run_start": "2023-09-24 01:20:16.695833", "total_execs_per_sec": 490254.72, "total_run_time": 4.24}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.885, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 47861.04, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 01:22:13.343107", "run_start": "2023-09-24 01:21:46.122861", "total_execs_per_sec": 47693.65, "total_run_time": 54.48}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 613089.31, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 01:21:18.761554", "run_start": "2023-09-24 01:21:16.594119", "total_execs_per_sec": 598698.16, "total_run_time": 4.34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.858, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 56211.32, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 01:23:15.911108", "run_start": "2023-09-24 01:22:47.859974", "total_execs_per_sec": 55718.73, "total_run_time": 55.96}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 730366.19, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 01:22:19.852674", "run_start": "2023-09-24 01:22:17.681157", "total_execs_per_sec": 716786.21, "total_run_time": 4.35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.185, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 64693.0, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 01:24:19.277214", "run_start": "2023-09-24 01:23:50.907613", "total_execs_per_sec": 64156.79, "total_run_time": 56.7}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 844187.32, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 01:23:22.478441", "run_start": "2023-09-24 01:23:20.278066", "total_execs_per_sec": 824873.02, "total_run_time": 4.41}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.127, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 72891.1, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 01:25:23.549468", "run_start": "2023-09-24 01:24:54.669082", "total_execs_per_sec": 72176.39, "total_run_time": 57.6}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 962846.18, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 01:24:25.847447", "run_start": "2023-09-24 01:24:23.641287", "total_execs_per_sec": 942712.02, "total_run_time": 4.41}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.023, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 77010.42, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 01:26:48.746727", "run_start": "2023-09-24 01:26:10.482261", "total_execs_per_sec": 61257.76, "total_run_time": 76.35}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 997414.74, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 01:25:32.299204", "run_start": "2023-09-24 01:25:29.007738", "total_execs_per_sec": 709716.24, "total_run_time": 6.59}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.285, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 81236.44, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 01:28:14.663719", "run_start": "2023-09-24 01:27:36.151805", "total_execs_per_sec": 67507.14, "total_run_time": 76.98}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1034757.73, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 01:26:57.584679", "run_start": "2023-09-24 01:26:54.258615", "total_execs_per_sec": 779115.44, "total_run_time": 6.67}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.789, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84931.02, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 01:29:41.745595", "run_start": "2023-09-24 01:29:02.716653", "total_execs_per_sec": 73183.59, "total_run_time": 78.11}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1070703.42, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 01:28:23.536164", "run_start": "2023-09-24 01:28:20.182216", "total_execs_per_sec": 851918.03, "total_run_time": 6.71}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.141, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 88612.76, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 01:31:09.594139", "run_start": "2023-09-24 01:30:30.212264", "total_execs_per_sec": 79167.7, "total_run_time": 78.77}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1104249.08, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 01:29:50.724883", "run_start": "2023-09-24 01:29:47.322648", "total_execs_per_sec": 914375.37, "total_run_time": 6.82}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.578, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 92521.51, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 01:32:37.968941", "run_start": "2023-09-24 01:31:58.284180", "total_execs_per_sec": 85202.55, "total_run_time": 79.29}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1131176.88, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 01:31:18.581144", "run_start": "2023-09-24 01:31:15.171084", "total_execs_per_sec": 990573.31, "total_run_time": 6.82}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.439, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 96442.72, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 01:34:06.531013", "run_start": "2023-09-24 01:33:26.819041", "total_execs_per_sec": 91594.86, "total_run_time": 79.43}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1164076.48, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 01:32:46.996344", "run_start": "2023-09-24 01:32:43.559968", "total_execs_per_sec": 1060551.02, "total_run_time": 6.86}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.838, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100383.1, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 01:35:35.471145", "run_start": "2023-09-24 01:34:55.546637", "total_execs_per_sec": 97682.33, "total_run_time": 79.8}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1198824.47, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 01:34:15.568004", "run_start": "2023-09-24 01:34:12.146116", "total_execs_per_sec": 1134650.66, "total_run_time": 6.87}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5008.445, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104391.1, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 01:37:04.769018", "run_start": "2023-09-24 01:36:24.749874", "total_execs_per_sec": 103765.38, "total_run_time": 80.13}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1227578.7, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 01:35:44.538459", "run_start": "2023-09-24 01:35:41.081987", "total_execs_per_sec": 1203287.99, "total_run_time": 6.91}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.239, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105131.32, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 01:39:00.153699", "run_start": "2023-09-24 01:38:07.827496", "total_execs_per_sec": 84547.71, "total_run_time": 104.49}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1272311.96, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 01:37:15.568570", "run_start": "2023-09-24 01:37:11.294035", "total_execs_per_sec": 1022498.84, "total_run_time": 8.64}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.529, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105404.62, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 01:40:59.252233", "run_start": "2023-09-24 01:40:05.173822", "total_execs_per_sec": 86611.67, "total_run_time": 108.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1295688.8, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 01:39:11.155677", "run_start": "2023-09-24 01:39:06.734088", "total_execs_per_sec": 1058151.58, "total_run_time": 8.84}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.734, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105495.74, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 01:43:02.054797", "run_start": "2023-09-24 01:42:06.356850", "total_execs_per_sec": 88657.0, "total_run_time": 111.37}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1314398.6, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 01:41:10.587096", "run_start": "2023-09-24 01:41:06.022450", "total_execs_per_sec": 1076742.64, "total_run_time": 9.17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.126, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105396.9, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 01:45:09.145463", "run_start": "2023-09-24 01:44:11.454370", "total_execs_per_sec": 90134.42, "total_run_time": 115.31}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1328581.94, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 01:43:13.738510", "run_start": "2023-09-24 01:43:08.966636", "total_execs_per_sec": 1091743.7, "total_run_time": 9.52}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.033, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105119.1, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 01:47:21.557909", "run_start": "2023-09-24 01:46:21.705659", "total_execs_per_sec": 91033.28, "total_run_time": 119.88}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1342660.66, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 01:45:21.581031", "run_start": "2023-09-24 01:45:16.490130", "total_execs_per_sec": 1062616.36, "total_run_time": 10.27}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.77, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104539.28, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 01:49:39.155477", "run_start": "2023-09-24 01:48:36.363384", "total_execs_per_sec": 91637.86, "total_run_time": 124.76}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1363930.3, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 01:47:34.296346", "run_start": "2023-09-24 01:47:29.003538", "total_execs_per_sec": 1081621.57, "total_run_time": 10.57}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.238, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104801.64, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 01:52:00.846974", "run_start": "2023-09-24 01:50:56.269319", "total_execs_per_sec": 92747.81, "total_run_time": 128.87}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1377043.72, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 01:49:51.871338", "run_start": "2023-09-24 01:49:46.608903", "total_execs_per_sec": 1132929.86, "total_run_time": 10.55}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.689, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104626.64, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 01:54:27.929135", "run_start": "2023-09-24 01:53:21.188535", "total_execs_per_sec": 93207.38, "total_run_time": 133.81}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1375818.24, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 01:52:14.017269", "run_start": "2023-09-24 01:52:08.417103", "total_execs_per_sec": 1133825.45, "total_run_time": 11.0}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.865, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103625.52, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 01:57:01.590450", "run_start": "2023-09-24 01:55:50.477909", "total_execs_per_sec": 92970.87, "total_run_time": 139.74}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1361687.56, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 01:54:41.751749", "run_start": "2023-09-24 01:54:35.926527", "total_execs_per_sec": 1114215.27, "total_run_time": 11.66}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.436, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103642.56, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 01:59:39.385881", "run_start": "2023-09-24 01:58:27.977127", "total_execs_per_sec": 94162.8, "total_run_time": 143.49}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1369637.56, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 01:57:15.794016", "run_start": "2023-09-24 01:57:09.689134", "total_execs_per_sec": 1122210.96, "total_run_time": 12.04}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4987.506, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103267.76, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 02:02:22.952873", "run_start": "2023-09-24 02:01:09.290072", "total_execs_per_sec": 94237.96, "total_run_time": 148.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1375444.16, "afl_execs_total": 14031091, "fuzzers_used": 27, "run_end": "2023-09-24 01:59:53.958604", "run_start": "2023-09-24 01:59:47.723097", "total_execs_per_sec": 1130627.8, "total_run_time": 12.41}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.772, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100341.05, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 02:05:16.680364", "run_start": "2023-09-24 02:03:57.227193", "total_execs_per_sec": 91716.1, "total_run_time": 158.65}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1349599.77, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 02:02:37.927549", "run_start": "2023-09-24 02:02:31.519144", "total_execs_per_sec": 1135890.71, "total_run_time": 12.81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.485, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101984.94, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 02:08:12.395536", "run_start": "2023-09-24 02:06:54.079626", "total_execs_per_sec": 94072.6, "total_run_time": 160.2}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1321658.08, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 02:05:32.092036", "run_start": "2023-09-24 02:05:25.459594", "total_execs_per_sec": 1137390.94, "total_run_time": 13.25}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.626, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102878.83, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 02:11:11.308556", "run_start": "2023-09-24 02:09:49.657804", "total_execs_per_sec": 95644.79, "total_run_time": 163.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1301868.24, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 02:08:28.201574", "run_start": "2023-09-24 02:08:21.332394", "total_execs_per_sec": 1142969.21, "total_run_time": 13.64}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.223, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101535.66, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 02:14:17.385915", "run_start": "2023-09-24 02:12:51.690660", "total_execs_per_sec": 94880.56, "total_run_time": 169.79}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1276904.9, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 02:11:27.496096", "run_start": "2023-09-24 02:11:20.481581", "total_execs_per_sec": 1149056.35, "total_run_time": 14.02}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.503, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99851.02, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-24 02:17:32.145041", "run_start": "2023-09-24 02:16:02.721278", "total_execs_per_sec": 93460.57, "total_run_time": 177.93}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1243444.8, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-24 02:14:34.114993", "run_start": "2023-09-24 02:14:26.720106", "total_execs_per_sec": 1142131.87, "total_run_time": 14.56}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.595, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100240.3, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 02:20:51.659901", "run_start": "2023-09-24 02:19:21.822695", "total_execs_per_sec": 94194.83, "total_run_time": 182.06}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1243981.21, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 02:17:49.500735", "run_start": "2023-09-24 02:17:41.955747", "total_execs_per_sec": 1128973.67, "total_run_time": 15.19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.555, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99678.04, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-24 02:24:18.018494", "run_start": "2023-09-24 02:22:44.498513", "total_execs_per_sec": 93853.08, "total_run_time": 188.26}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1234425.98, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 02:21:09.653173", "run_start": "2023-09-24 02:21:01.732356", "total_execs_per_sec": 1116863.53, "total_run_time": 15.82}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.991, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100580.6, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 02:27:47.727570", "run_start": "2023-09-24 02:26:12.129398", "total_execs_per_sec": 95147.78, "total_run_time": 191.16}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1244349.38, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 02:24:36.460851", "run_start": "2023-09-24 02:24:28.308797", "total_execs_per_sec": 1117913.34, "total_run_time": 16.27}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.083, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 98288.94, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 02:31:28.450726", "run_start": "2023-09-24 02:29:44.771882", "total_execs_per_sec": 92697.06, "total_run_time": 201.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1250454.58, "afl_execs_total": 18708121, "fuzzers_used": 36, "run_end": "2023-09-24 02:28:06.530926", "run_start": "2023-09-24 02:27:58.260327", "total_execs_per_sec": 1124962.18, "total_run_time": 16.63}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.244, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 11044.13, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 10:54:15.650694", "run_start": "2023-09-24 10:53:52.087842", "total_execs_per_sec": 11038.96, "total_run_time": 117.69}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 136407.81, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 10:52:17.857749", "run_start": "2023-09-24 10:52:15.945914", "total_execs_per_sec": 135613.26, "total_run_time": 9.58}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.158, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 10811.77, "afl_execs_total": 1299176, "fuzzers_used": 1, "run_end": "2023-09-24 12:39:02.563664", "run_start": "2023-09-24 12:38:38.978965", "total_execs_per_sec": 10789.6, "total_run_time": 120.41}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 131406.35, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 12:37:02.043931", "run_start": "2023-09-24 12:36:59.987289", "total_execs_per_sec": 128631.19, "total_run_time": 10.1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.92, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 10715.76, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 12:42:40.908251", "run_start": "2023-09-24 12:42:16.845383", "total_execs_per_sec": 10710.43, "total_run_time": 48.52}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 132400.08, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 12:41:52.291246", "run_start": "2023-09-24 12:41:50.322641", "total_execs_per_sec": 131895.94, "total_run_time": 3.94}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.697, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 20854.64, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 12:43:37.534771", "run_start": "2023-09-24 12:43:12.121987", "total_execs_per_sec": 20716.36, "total_run_time": 50.17}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 251595.56, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 12:42:47.260558", "run_start": "2023-09-24 12:42:45.222077", "total_execs_per_sec": 248052.51, "total_run_time": 4.19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.851, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30031.44, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 12:44:36.154738", "run_start": "2023-09-24 12:44:10.164181", "total_execs_per_sec": 29929.16, "total_run_time": 52.09}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 370723.34, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 12:43:43.961935", "run_start": "2023-09-24 12:43:41.834942", "total_execs_per_sec": 365964.79, "total_run_time": 4.26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.162, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 38080.26, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 12:45:38.018614", "run_start": "2023-09-24 12:45:10.443814", "total_execs_per_sec": 37677.72, "total_run_time": 55.17}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 475374.16, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 12:44:42.745377", "run_start": "2023-09-24 12:44:40.528736", "total_execs_per_sec": 469227.99, "total_run_time": 4.43}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.31, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 47096.43, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 12:46:40.390657", "run_start": "2023-09-24 12:46:12.480330", "total_execs_per_sec": 46724.51, "total_run_time": 55.61}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 584304.0, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 12:45:44.683537", "run_start": "2023-09-24 12:45:42.438460", "total_execs_per_sec": 577411.11, "total_run_time": 4.5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.03, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 55400.56, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 12:47:44.319015", "run_start": "2023-09-24 12:47:15.727865", "total_execs_per_sec": 54606.3, "total_run_time": 57.1}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 694022.72, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 12:46:47.117653", "run_start": "2023-09-24 12:46:44.832536", "total_execs_per_sec": 682280.09, "total_run_time": 4.57}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.555, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 63245.39, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 12:48:50.125332", "run_start": "2023-09-24 12:48:20.556598", "total_execs_per_sec": 61676.67, "total_run_time": 58.98}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 814508.74, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 12:47:51.044268", "run_start": "2023-09-24 12:47:48.771695", "total_execs_per_sec": 797739.04, "total_run_time": 4.56}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.29, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 72432.56, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 12:49:55.920525", "run_start": "2023-09-24 12:49:26.361783", "total_execs_per_sec": 70631.33, "total_run_time": 58.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 917473.26, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 12:48:56.961868", "run_start": "2023-09-24 12:48:54.644354", "total_execs_per_sec": 890226.98, "total_run_time": 4.67}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.548, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 75949.66, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 12:51:22.635355", "run_start": "2023-09-24 12:50:43.830709", "total_execs_per_sec": 60154.73, "total_run_time": 77.75}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 965602.18, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 12:50:04.780935", "run_start": "2023-09-24 12:50:01.425000", "total_execs_per_sec": 698064.18, "total_run_time": 6.7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.483, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 80512.68, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 12:52:49.470915", "run_start": "2023-09-24 12:52:10.461416", "total_execs_per_sec": 66829.99, "total_run_time": 77.76}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 998986.98, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 12:51:31.612414", "run_start": "2023-09-24 12:51:28.213385", "total_execs_per_sec": 763098.38, "total_run_time": 6.81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.638, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84513.95, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 12:54:17.263514", "run_start": "2023-09-24 12:53:37.968299", "total_execs_per_sec": 72644.17, "total_run_time": 78.69}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1036432.21, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 12:52:58.474788", "run_start": "2023-09-24 12:52:55.052064", "total_execs_per_sec": 835726.61, "total_run_time": 6.84}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.188, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 88217.72, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 12:55:46.480694", "run_start": "2023-09-24 12:55:06.431631", "total_execs_per_sec": 77892.08, "total_run_time": 80.06}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1073911.72, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 12:54:26.321964", "run_start": "2023-09-24 12:54:22.896926", "total_execs_per_sec": 903773.91, "total_run_time": 6.9}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.062, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 91807.02, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 12:57:16.097045", "run_start": "2023-09-24 12:56:35.944410", "total_execs_per_sec": 84078.53, "total_run_time": 80.35}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1101237.59, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 12:55:55.649954", "run_start": "2023-09-24 12:55:52.173739", "total_execs_per_sec": 963724.68, "total_run_time": 7.01}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.019, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 94970.68, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 12:58:46.462924", "run_start": "2023-09-24 12:58:05.635410", "total_execs_per_sec": 89675.58, "total_run_time": 81.13}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1133610.48, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 12:57:25.232597", "run_start": "2023-09-24 12:57:21.760452", "total_execs_per_sec": 1043813.49, "total_run_time": 6.97}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.322, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99308.38, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 13:00:16.930581", "run_start": "2023-09-24 12:59:36.066381", "total_execs_per_sec": 96116.52, "total_run_time": 81.1}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1167081.18, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 12:58:55.730751", "run_start": "2023-09-24 12:58:52.152437", "total_execs_per_sec": 1097894.37, "total_run_time": 7.1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.921, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103080.0, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 13:01:47.864984", "run_start": "2023-09-24 13:01:07.145811", "total_execs_per_sec": 101796.28, "total_run_time": 81.68}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1209874.16, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 13:00:26.088554", "run_start": "2023-09-24 13:00:22.579660", "total_execs_per_sec": 1189516.45, "total_run_time": 6.99}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.795, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103854.9, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 13:03:46.020383", "run_start": "2023-09-24 13:02:52.112426", "total_execs_per_sec": 82333.55, "total_run_time": 107.3}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1235226.09, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 13:01:58.616651", "run_start": "2023-09-24 13:01:54.433216", "total_execs_per_sec": 1028450.52, "total_run_time": 8.59}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.638, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105360.02, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 13:05:48.865672", "run_start": "2023-09-24 13:04:53.468137", "total_execs_per_sec": 84270.81, "total_run_time": 111.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1266916.76, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 13:03:57.764376", "run_start": "2023-09-24 13:03:52.706784", "total_execs_per_sec": 976415.45, "total_run_time": 9.58}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.116, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105987.0, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 13:07:55.098077", "run_start": "2023-09-24 13:06:57.580749", "total_execs_per_sec": 86195.81, "total_run_time": 114.55}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1285985.22, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 13:06:00.448075", "run_start": "2023-09-24 13:05:55.743257", "total_execs_per_sec": 1048166.67, "total_run_time": 9.42}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.301, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 106091.02, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 13:10:06.069189", "run_start": "2023-09-24 13:09:06.393096", "total_execs_per_sec": 87390.9, "total_run_time": 118.93}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1310616.48, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 13:08:07.036494", "run_start": "2023-09-24 13:08:02.172093", "total_execs_per_sec": 1063807.57, "total_run_time": 9.77}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.599, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 106572.58, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 13:12:22.081686", "run_start": "2023-09-24 13:11:20.183467", "total_execs_per_sec": 88393.57, "total_run_time": 123.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1321193.68, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 13:10:18.524377", "run_start": "2023-09-24 13:10:13.368524", "total_execs_per_sec": 1060551.02, "total_run_time": 10.29}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.609, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 107012.52, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 13:14:42.490543", "run_start": "2023-09-24 13:13:38.952070", "total_execs_per_sec": 89710.77, "total_run_time": 127.44}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1331667.92, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 13:12:34.949424", "run_start": "2023-09-24 13:12:29.512010", "total_execs_per_sec": 1068480.37, "total_run_time": 10.7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.138, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105863.49, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 13:17:08.637002", "run_start": "2023-09-24 13:16:01.562446", "total_execs_per_sec": 89847.48, "total_run_time": 133.03}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1356435.79, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 13:14:55.502464", "run_start": "2023-09-24 13:14:49.931147", "total_execs_per_sec": 1102620.85, "total_run_time": 10.84}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.021, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105227.38, "afl_execs_total": 12472081, "fuzzers_used": 24, "run_end": "2023-09-24 13:19:40.073211", "run_start": "2023-09-24 13:18:30.690872", "total_execs_per_sec": 90416.71, "total_run_time": 137.94}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1346772.79, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 13:17:22.030596", "run_start": "2023-09-24 13:17:16.426597", "total_execs_per_sec": 1110603.74, "total_run_time": 11.23}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.883, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105680.56, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 13:22:15.108605", "run_start": "2023-09-24 13:21:04.865634", "total_execs_per_sec": 92369.36, "total_run_time": 140.65}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1355786.81, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 13:19:54.357956", "run_start": "2023-09-24 13:19:48.305636", "total_execs_per_sec": 1071926.57, "total_run_time": 12.12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.444, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103354.18, "afl_execs_total": 13511421, "fuzzers_used": 26, "run_end": "2023-09-24 13:24:57.512817", "run_start": "2023-09-24 13:23:44.393328", "total_execs_per_sec": 91342.76, "total_run_time": 147.92}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1354682.57, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 13:22:29.492810", "run_start": "2023-09-24 13:22:23.424990", "total_execs_per_sec": 1105680.85, "total_run_time": 12.22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.438, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104285.82, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 13:27:43.623633", "run_start": "2023-09-24 13:26:27.918860", "total_execs_per_sec": 92902.67, "total_run_time": 151.03}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1316458.32, "afl_execs_total": 14031091, "fuzzers_used": 27, "run_end": "2023-09-24 13:25:12.488434", "run_start": "2023-09-24 13:25:06.139573", "total_execs_per_sec": 1095323.26, "total_run_time": 12.81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5008.273, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104090.41, "afl_execs_total": 14550761, "fuzzers_used": 28, "run_end": "2023-09-24 13:30:33.958306", "run_start": "2023-09-24 13:29:16.731601", "total_execs_per_sec": 93875.88, "total_run_time": 155.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1323401.3, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 13:27:58.852477", "run_start": "2023-09-24 13:27:52.257993", "total_execs_per_sec": 1114147.01, "total_run_time": 13.06}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.279, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101994.78, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 13:33:32.648701", "run_start": "2023-09-24 13:32:09.634181", "total_execs_per_sec": 92479.32, "total_run_time": 162.96}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1309236.02, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 13:30:49.588354", "run_start": "2023-09-24 13:30:42.896575", "total_execs_per_sec": 1119645.62, "total_run_time": 13.46}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.622, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101283.95, "afl_execs_total": 15590101, "fuzzers_used": 30, "run_end": "2023-09-24 13:36:37.832127", "run_start": "2023-09-24 13:35:11.711375", "total_execs_per_sec": 92292.81, "total_run_time": 168.92}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1277234.79, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 13:33:48.810276", "run_start": "2023-09-24 13:33:41.803638", "total_execs_per_sec": 1114374.55, "total_run_time": 13.99}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.087, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101046.9, "afl_execs_total": 16109771, "fuzzers_used": 31, "run_end": "2023-09-24 13:39:48.663520", "run_start": "2023-09-24 13:38:20.709938", "total_execs_per_sec": 92526.4, "total_run_time": 174.11}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1235333.64, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 13:36:54.454347", "run_start": "2023-09-24 13:36:47.257005", "total_execs_per_sec": 1114862.98, "total_run_time": 14.45}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.923, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102543.52, "afl_execs_total": 16629441, "fuzzers_used": 32, "run_end": "2023-09-24 13:43:00.960955", "run_start": "2023-09-24 13:41:33.292124", "total_execs_per_sec": 95074.27, "total_run_time": 174.91}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1186041.1, "afl_execs_total": 16629442, "fuzzers_used": 32, "run_end": "2023-09-24 13:40:05.947882", "run_start": "2023-09-24 13:39:58.300616", "total_execs_per_sec": 1100558.7, "total_run_time": 15.11}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.565, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102999.74, "afl_execs_total": 17149120, "fuzzers_used": 33, "run_end": "2023-09-24 13:46:17.942325", "run_start": "2023-09-24 13:44:48.468888", "total_execs_per_sec": 95751.65, "total_run_time": 179.1}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1223191.72, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 13:43:18.738029", "run_start": "2023-09-24 13:43:10.876403", "total_execs_per_sec": 1098597.69, "total_run_time": 15.61}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.432, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102000.48, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 13:49:42.734611", "run_start": "2023-09-24 13:48:10.094332", "total_execs_per_sec": 94881.22, "total_run_time": 186.22}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1196807.88, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-24 13:46:36.411637", "run_start": "2023-09-24 13:46:28.239611", "total_execs_per_sec": 1083974.23, "total_run_time": 16.3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.597, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99951.33, "afl_execs_total": 18188451, "fuzzers_used": 35, "run_end": "2023-09-24 13:53:17.682487", "run_start": "2023-09-24 13:51:38.859002", "total_execs_per_sec": 92864.55, "total_run_time": 195.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1214388.43, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 13:50:01.714804", "run_start": "2023-09-24 13:49:53.242641", "total_execs_per_sec": 1082001.78, "total_run_time": 16.81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.358, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102171.02, "afl_execs_total": 18708123, "fuzzers_used": 36, "run_end": "2023-09-24 13:56:53.861448", "run_start": "2023-09-24 13:55:15.921954", "total_execs_per_sec": 95226.12, "total_run_time": 196.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1207888.68, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 13:53:37.291196", "run_start": "2023-09-24 13:53:28.567297", "total_execs_per_sec": 1072713.3, "total_run_time": 17.44}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4981.432, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 8207.72, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 14:06:58.196236", "run_start": "2023-09-24 14:06:26.452726", "total_execs_per_sec": 8196.69, "total_run_time": 158.5}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 91698.53, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 14:04:19.539520", "run_start": "2023-09-24 14:04:16.658881", "total_execs_per_sec": 90471.8, "total_run_time": 14.36}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.776, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 8267.09, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 14:08:26.635795", "run_start": "2023-09-24 14:07:54.639902", "total_execs_per_sec": 8261.84, "total_run_time": 62.9}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 91138.75, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 14:07:23.626034", "run_start": "2023-09-24 14:07:20.772774", "total_execs_per_sec": 90851.4, "total_run_time": 5.72}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.554, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 16279.06, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 14:09:39.323040", "run_start": "2023-09-24 14:09:07.824587", "total_execs_per_sec": 16113.8, "total_run_time": 64.5}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 177363.7, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 14:08:34.709089", "run_start": "2023-09-24 14:08:31.755267", "total_execs_per_sec": 176159.32, "total_run_time": 5.9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.008, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 23636.94, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 14:10:54.298651", "run_start": "2023-09-24 14:10:20.820810", "total_execs_per_sec": 23373.46, "total_run_time": 66.7}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 263123.58, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 14:09:47.490720", "run_start": "2023-09-24 14:09:44.492862", "total_execs_per_sec": 260268.78, "total_run_time": 5.99}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.462, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30604.66, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 14:12:12.572960", "run_start": "2023-09-24 14:11:37.495611", "total_execs_per_sec": 29776.25, "total_run_time": 69.81}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339927.76, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 14:11:02.653568", "run_start": "2023-09-24 14:10:59.562264", "total_execs_per_sec": 336355.99, "total_run_time": 6.18}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.648, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 37743.52, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 14:13:31.193378", "run_start": "2023-09-24 14:12:56.402157", "total_execs_per_sec": 37092.79, "total_run_time": 70.05}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 419480.4, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 14:12:21.034226", "run_start": "2023-09-24 14:12:17.889225", "total_execs_per_sec": 413750.0, "total_run_time": 6.28}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.285, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 44290.84, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 14:14:51.570814", "run_start": "2023-09-24 14:14:15.731813", "total_execs_per_sec": 43450.67, "total_run_time": 71.76}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 497907.76, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 14:13:39.701623", "run_start": "2023-09-24 14:13:36.530334", "total_execs_per_sec": 492578.2, "total_run_time": 6.33}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.9, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 50838.29, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 14:16:12.912735", "run_start": "2023-09-24 14:15:36.507378", "total_execs_per_sec": 50085.23, "total_run_time": 72.63}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 576473.46, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 14:15:00.172837", "run_start": "2023-09-24 14:14:56.953889", "total_execs_per_sec": 565737.17, "total_run_time": 6.43}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.619, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 58067.92, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 14:17:34.730514", "run_start": "2023-09-24 14:16:58.097475", "total_execs_per_sec": 56918.95, "total_run_time": 73.04}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 656570.84, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 14:16:21.578297", "run_start": "2023-09-24 14:16:18.328529", "total_execs_per_sec": 640579.35, "total_run_time": 6.49}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.332, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 61181.32, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 14:19:22.677343", "run_start": "2023-09-24 14:18:34.837058", "total_execs_per_sec": 48648.12, "total_run_time": 96.14}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 683958.84, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 14:17:46.424068", "run_start": "2023-09-24 14:17:41.649084", "total_execs_per_sec": 491284.66, "total_run_time": 9.52}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.671, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 64476.22, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 14:21:11.892596", "run_start": "2023-09-24 14:20:23.765134", "total_execs_per_sec": 53398.07, "total_run_time": 97.32}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 709710.3, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 14:19:34.467513", "run_start": "2023-09-24 14:19:29.670899", "total_execs_per_sec": 540759.63, "total_run_time": 9.61}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.58, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 67386.63, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 14:23:02.884065", "run_start": "2023-09-24 14:22:13.279871", "total_execs_per_sec": 57723.62, "total_run_time": 99.03}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 734038.8, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 14:21:23.742863", "run_start": "2023-09-24 14:21:18.898824", "total_execs_per_sec": 591144.78, "total_run_time": 9.67}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.4, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 70759.94, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 14:24:55.829859", "run_start": "2023-09-24 14:24:05.547665", "total_execs_per_sec": 61810.29, "total_run_time": 100.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 756391.75, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 14:23:14.823286", "run_start": "2023-09-24 14:23:09.941914", "total_execs_per_sec": 638938.52, "total_run_time": 9.76}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.827, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 73151.81, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 14:26:49.245824", "run_start": "2023-09-24 14:25:58.698042", "total_execs_per_sec": 66683.55, "total_run_time": 101.31}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 780070.94, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 14:25:07.823813", "run_start": "2023-09-24 14:25:02.912948", "total_execs_per_sec": 687954.18, "total_run_time": 9.82}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.001, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 76776.36, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 14:28:42.654596", "run_start": "2023-09-24 14:27:51.944677", "total_execs_per_sec": 71876.9, "total_run_time": 101.22}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 800594.19, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 14:27:01.319408", "run_start": "2023-09-24 14:26:56.373792", "total_execs_per_sec": 734886.87, "total_run_time": 9.9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.227, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 79831.5, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 14:30:36.609378", "run_start": "2023-09-24 14:29:45.800496", "total_execs_per_sec": 76624.89, "total_run_time": 101.73}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 825640.43, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 14:28:54.770164", "run_start": "2023-09-24 14:28:49.786776", "total_execs_per_sec": 784210.26, "total_run_time": 9.94}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.065, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82476.37, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 14:32:31.147834", "run_start": "2023-09-24 14:31:40.224168", "total_execs_per_sec": 81285.76, "total_run_time": 102.29}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 849990.94, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 14:30:48.746970", "run_start": "2023-09-24 14:30:43.747216", "total_execs_per_sec": 834811.24, "total_run_time": 9.96}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.723, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83521.3, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 14:34:58.142345", "run_start": "2023-09-24 14:33:52.388262", "total_execs_per_sec": 66760.3, "total_run_time": 132.33}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 875109.69, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 14:32:45.703318", "run_start": "2023-09-24 14:32:39.528061", "total_execs_per_sec": 714178.66, "total_run_time": 12.37}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5008.13, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84370.24, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 14:37:32.336869", "run_start": "2023-09-24 14:36:22.675577", "total_execs_per_sec": 67213.19, "total_run_time": 139.17}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 901736.22, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 14:35:13.056511", "run_start": "2023-09-24 14:35:06.650007", "total_execs_per_sec": 734804.4, "total_run_time": 12.73}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.961, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85071.12, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 14:40:10.473312", "run_start": "2023-09-24 14:38:59.002204", "total_execs_per_sec": 69284.47, "total_run_time": 142.51}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 911174.31, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 14:37:47.848085", "run_start": "2023-09-24 14:37:41.184824", "total_execs_per_sec": 740714.93, "total_run_time": 13.33}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.561, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85608.02, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 14:42:53.561970", "run_start": "2023-09-24 14:41:40.018675", "total_execs_per_sec": 70727.46, "total_run_time": 146.95}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 924870.54, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 14:40:26.503353", "run_start": "2023-09-24 14:40:19.607593", "total_execs_per_sec": 750425.99, "total_run_time": 13.85}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5009.349, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 86080.03, "afl_execs_total": 10913071, "fuzzers_used": 21, "run_end": "2023-09-24 14:45:43.177319", "run_start": "2023-09-24 14:44:26.594261", "total_execs_per_sec": 71411.27, "total_run_time": 152.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 933521.78, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 14:43:10.244946", "run_start": "2023-09-24 14:43:02.941291", "total_execs_per_sec": 752625.52, "total_run_time": 14.5}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.592, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85880.33, "afl_execs_total": 11432741, "fuzzers_used": 22, "run_end": "2023-09-24 14:48:38.124542", "run_start": "2023-09-24 14:47:18.712660", "total_execs_per_sec": 72533.57, "total_run_time": 157.62}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 934187.07, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 14:46:00.394403", "run_start": "2023-09-24 14:45:52.873136", "total_execs_per_sec": 760661.34, "total_run_time": 15.03}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.635, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 86447.28, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 14:51:38.640961", "run_start": "2023-09-24 14:50:17.299990", "total_execs_per_sec": 73571.4, "total_run_time": 162.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 943178.1, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 14:48:56.066068", "run_start": "2023-09-24 14:48:48.255861", "total_execs_per_sec": 758401.65, "total_run_time": 15.76}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.49, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 86324.32, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 14:54:44.675606", "run_start": "2023-09-24 14:53:21.373150", "total_execs_per_sec": 74460.18, "total_run_time": 167.5}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 946623.08, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 14:51:57.062837", "run_start": "2023-09-24 14:51:48.897777", "total_execs_per_sec": 767985.22, "total_run_time": 16.24}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.89, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85714.59, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 14:57:57.324175", "run_start": "2023-09-24 14:56:30.116296", "total_execs_per_sec": 74742.55, "total_run_time": 173.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960821.32, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 14:55:03.395867", "run_start": "2023-09-24 14:54:55.066621", "total_execs_per_sec": 785474.61, "total_run_time": 16.54}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.522, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85885.6, "afl_execs_total": 13511421, "fuzzers_used": 26, "run_end": "2023-09-24 15:01:14.197584", "run_start": "2023-09-24 14:59:45.583845", "total_execs_per_sec": 76137.84, "total_run_time": 177.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 955691.7, "afl_execs_total": 13511421, "fuzzers_used": 26, "run_end": "2023-09-24 14:58:16.621411", "run_start": "2023-09-24 14:58:07.968697", "total_execs_per_sec": 789679.78, "total_run_time": 17.11}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.167, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85243.1, "afl_execs_total": 14031091, "fuzzers_used": 27, "run_end": "2023-09-24 15:04:38.138681", "run_start": "2023-09-24 15:03:07.006169", "total_execs_per_sec": 76301.54, "total_run_time": 183.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 954671.54, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 15:01:34.132760", "run_start": "2023-09-24 15:01:25.285320", "total_execs_per_sec": 790483.94, "total_run_time": 17.75}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.431, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83902.7, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 15:08:10.670550", "run_start": "2023-09-24 15:06:34.841525", "total_execs_per_sec": 75785.21, "total_run_time": 192.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 935961.1, "afl_execs_total": 14550761, "fuzzers_used": 28, "run_end": "2023-09-24 15:04:58.552985", "run_start": "2023-09-24 15:04:49.457626", "total_execs_per_sec": 798176.69, "total_run_time": 18.23}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.393, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83783.56, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 15:11:49.886163", "run_start": "2023-09-24 15:10:10.149405", "total_execs_per_sec": 76151.74, "total_run_time": 197.9}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 920967.02, "afl_execs_total": 15070432, "fuzzers_used": 29, "run_end": "2023-09-24 15:08:31.869780", "run_start": "2023-09-24 15:08:22.393532", "total_execs_per_sec": 792763.39, "total_run_time": 19.01}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.901, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84406.94, "afl_execs_total": 15590117, "fuzzers_used": 30, "run_end": "2023-09-24 15:15:33.632811", "run_start": "2023-09-24 15:13:52.931926", "total_execs_per_sec": 77301.25, "total_run_time": 201.68}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 889656.56, "afl_execs_total": 15590101, "fuzzers_used": 30, "run_end": "2023-09-24 15:12:11.837155", "run_start": "2023-09-24 15:12:01.950769", "total_execs_per_sec": 788972.72, "total_run_time": 19.76}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.174, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83121.9, "afl_execs_total": 16109771, "fuzzers_used": 31, "run_end": "2023-09-24 15:19:27.203632", "run_start": "2023-09-24 15:17:41.168185", "total_execs_per_sec": 76400.32, "total_run_time": 210.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 877691.15, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 15:15:56.227310", "run_start": "2023-09-24 15:15:46.006690", "total_execs_per_sec": 789307.69, "total_run_time": 20.41}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.279, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84725.6, "afl_execs_total": 16629444, "fuzzers_used": 32, "run_end": "2023-09-24 15:23:22.336242", "run_start": "2023-09-24 15:21:36.722796", "total_execs_per_sec": 78648.52, "total_run_time": 211.44}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 838063.5, "afl_execs_total": 16629442, "fuzzers_used": 32, "run_end": "2023-09-24 15:19:50.780991", "run_start": "2023-09-24 15:19:40.193840", "total_execs_per_sec": 777440.02, "total_run_time": 21.39}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.017, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83374.03, "afl_execs_total": 17149117, "fuzzers_used": 33, "run_end": "2023-09-24 15:27:27.631358", "run_start": "2023-09-24 15:25:36.037185", "total_execs_per_sec": 77713.86, "total_run_time": 220.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 835098.26, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 15:23:46.846903", "run_start": "2023-09-24 15:23:35.611966", "total_execs_per_sec": 767985.22, "total_run_time": 22.33}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.486, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83537.64, "afl_execs_total": 17668784, "fuzzers_used": 34, "run_end": "2023-09-24 15:31:39.702567", "run_start": "2023-09-24 15:29:46.335712", "total_execs_per_sec": 77836.05, "total_run_time": 227.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 841212.97, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 15:27:52.587608", "run_start": "2023-09-24 15:27:41.195914", "total_execs_per_sec": 775967.55, "total_run_time": 22.77}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.515, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82926.92, "afl_execs_total": 18188453, "fuzzers_used": 35, "run_end": "2023-09-24 15:36:01.855573", "run_start": "2023-09-24 15:34:04.115728", "total_execs_per_sec": 77043.6, "total_run_time": 236.08}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 849724.02, "afl_execs_total": 18188452, "fuzzers_used": 35, "run_end": "2023-09-24 15:32:05.667331", "run_start": "2023-09-24 15:31:53.738804", "total_execs_per_sec": 764863.41, "total_run_time": 23.78}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.181, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83619.42, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 15:40:27.976488", "run_start": "2023-09-24 15:38:28.474524", "total_execs_per_sec": 78116.5, "total_run_time": 239.49}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 861755.56, "afl_execs_total": 18708121, "fuzzers_used": 36, "run_end": "2023-09-24 15:36:28.376556", "run_start": "2023-09-24 15:36:16.192411", "total_execs_per_sec": 768616.31, "total_run_time": 24.34}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.896, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 8344.63, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 15:54:04.769064", "run_start": "2023-09-24 15:53:33.612874", "total_execs_per_sec": 8341.41, "total_run_time": 62.3}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 91347.28, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 15:53:02.356341", "run_start": "2023-09-24 15:52:59.506960", "total_execs_per_sec": 90851.4, "total_run_time": 5.72}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.441, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 16305.42, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 15:55:16.838958", "run_start": "2023-09-24 15:54:45.015659", "total_execs_per_sec": 16277.84, "total_run_time": 63.85}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 176114.98, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 15:54:12.878194", "run_start": "2023-09-24 15:54:09.907781", "total_execs_per_sec": 174973.06, "total_run_time": 5.94}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.996, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 23968.87, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 15:56:30.348929", "run_start": "2023-09-24 15:55:57.762125", "total_execs_per_sec": 23907.53, "total_run_time": 65.21}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 262375.62, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 15:55:25.029732", "run_start": "2023-09-24 15:55:22.013495", "total_execs_per_sec": 258971.76, "total_run_time": 6.02}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.494, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30763.4, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 15:57:46.745474", "run_start": "2023-09-24 15:57:12.810864", "total_execs_per_sec": 30595.82, "total_run_time": 67.94}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339796.08, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 15:56:38.702088", "run_start": "2023-09-24 15:56:35.613645", "total_execs_per_sec": 336355.99, "total_run_time": 6.18}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.925, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 37814.19, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 15:59:04.507651", "run_start": "2023-09-24 15:58:29.893733", "total_execs_per_sec": 37521.3, "total_run_time": 69.25}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 421141.75, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 15:57:55.151823", "run_start": "2023-09-24 15:57:52.053088", "total_execs_per_sec": 417070.63, "total_run_time": 6.23}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.62, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 44660.22, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 16:00:23.800870", "run_start": "2023-09-24 15:59:48.452860", "total_execs_per_sec": 44139.58, "total_run_time": 70.64}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 497039.78, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 15:59:13.047422", "run_start": "2023-09-24 15:59:09.875230", "total_execs_per_sec": 489485.09, "total_run_time": 6.37}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5003.174, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 51658.38, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 16:01:43.368092", "run_start": "2023-09-24 16:01:07.872956", "total_execs_per_sec": 51314.57, "total_run_time": 70.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 577013.44, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 16:00:32.369325", "run_start": "2023-09-24 16:00:29.181925", "total_execs_per_sec": 568389.06, "total_run_time": 6.4}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.931, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 58680.74, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 16:03:03.479904", "run_start": "2023-09-24 16:02:27.758503", "total_execs_per_sec": 58210.03, "total_run_time": 71.42}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 659183.78, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 16:01:51.947049", "run_start": "2023-09-24 16:01:48.736648", "total_execs_per_sec": 649587.5, "total_run_time": 6.4}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.599, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 61849.66, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 16:04:51.912978", "run_start": "2023-09-24 16:04:03.557070", "total_execs_per_sec": 48381.4, "total_run_time": 96.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 686608.22, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 16:03:15.131301", "run_start": "2023-09-24 16:03:10.414608", "total_execs_per_sec": 493357.59, "total_run_time": 9.48}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.472, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 65243.13, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 16:06:40.674199", "run_start": "2023-09-24 16:05:52.284579", "total_execs_per_sec": 53640.59, "total_run_time": 96.88}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 711824.83, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 16:05:03.680850", "run_start": "2023-09-24 16:04:58.897273", "total_execs_per_sec": 541887.38, "total_run_time": 9.59}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.96, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 68227.46, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 16:08:30.465574", "run_start": "2023-09-24 16:07:41.544302", "total_execs_per_sec": 58443.62, "total_run_time": 97.81}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 737566.66, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 16:06:52.553535", "run_start": "2023-09-24 16:06:47.707666", "total_execs_per_sec": 589316.49, "total_run_time": 9.7}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.43, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 71167.86, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 16:10:21.393562", "run_start": "2023-09-24 16:09:31.938221", "total_execs_per_sec": 63053.99, "total_run_time": 98.9}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 760064.32, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 16:08:42.382975", "run_start": "2023-09-24 16:08:37.507158", "total_execs_per_sec": 640250.51, "total_run_time": 9.74}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.512, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 73977.92, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 16:12:13.344359", "run_start": "2023-09-24 16:11:23.431202", "total_execs_per_sec": 67651.81, "total_run_time": 99.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 782532.04, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 16:10:33.376482", "run_start": "2023-09-24 16:10:28.476264", "total_execs_per_sec": 688655.45, "total_run_time": 9.81}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.562, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 76895.64, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 16:14:05.718398", "run_start": "2023-09-24 16:13:15.697181", "total_execs_per_sec": 72615.83, "total_run_time": 100.19}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 802839.13, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 16:12:25.416316", "run_start": "2023-09-24 16:12:20.457283", "total_execs_per_sec": 734886.87, "total_run_time": 9.9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.617, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 79816.73, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 16:15:58.678205", "run_start": "2023-09-24 16:15:08.265699", "total_execs_per_sec": 77331.85, "total_run_time": 100.8}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 829536.34, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 16:14:17.774454", "run_start": "2023-09-24 16:14:12.844300", "total_execs_per_sec": 788972.67, "total_run_time": 9.88}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.004, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82757.2, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 16:17:52.198051", "run_start": "2023-09-24 16:17:01.582837", "total_execs_per_sec": 82088.26, "total_run_time": 101.29}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 850820.6, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 16:16:10.796609", "run_start": "2023-09-24 16:16:05.817431", "total_execs_per_sec": 836490.95, "total_run_time": 9.94}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.412, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84433.92, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 16:20:16.891756", "run_start": "2023-09-24 16:19:11.890527", "total_execs_per_sec": 67946.39, "total_run_time": 130.02}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 874087.04, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 16:18:06.758575", "run_start": "2023-09-24 16:18:00.524318", "total_execs_per_sec": 713601.78, "total_run_time": 12.38}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.439, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84968.4, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 16:22:47.442884", "run_start": "2023-09-24 16:21:39.684043", "total_execs_per_sec": 69028.56, "total_run_time": 135.51}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 897653.2, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 16:20:31.821620", "run_start": "2023-09-24 16:20:25.382817", "total_execs_per_sec": 733651.76, "total_run_time": 12.75}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.139, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85348.2, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 16:25:21.579802", "run_start": "2023-09-24 16:24:12.289293", "total_execs_per_sec": 71239.03, "total_run_time": 138.6}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 912736.78, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 16:23:02.870514", "run_start": "2023-09-24 16:22:56.262468", "total_execs_per_sec": 745187.17, "total_run_time": 13.25}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.557, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85486.58, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 16:28:00.528995", "run_start": "2023-09-24 16:26:49.168878", "total_execs_per_sec": 72788.01, "total_run_time": 142.79}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 929048.06, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 16:25:37.626104", "run_start": "2023-09-24 16:25:30.686367", "total_execs_per_sec": 749343.91, "total_run_time": 13.87}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.94, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85569.07, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 16:30:44.984529", "run_start": "2023-09-24 16:29:31.240724", "total_execs_per_sec": 73966.86, "total_run_time": 147.54}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 930340.88, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 16:28:17.337038", "run_start": "2023-09-24 16:28:09.980774", "total_execs_per_sec": 745937.8, "total_run_time": 14.63}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.406, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85331.66, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 16:33:35.091509", "run_start": "2023-09-24 16:32:18.653085", "total_execs_per_sec": 74885.31, "total_run_time": 152.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 951206.33, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 16:31:02.310053", "run_start": "2023-09-24 16:30:54.836982", "total_execs_per_sec": 755134.74, "total_run_time": 15.14}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5005.486, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85440.7, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 16:36:30.399241", "run_start": "2023-09-24 16:35:11.576104", "total_execs_per_sec": 75801.69, "total_run_time": 157.68}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 950651.91, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 16:33:52.610544", "run_start": "2023-09-24 16:33:44.870938", "total_execs_per_sec": 779166.23, "total_run_time": 15.34}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.359, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84699.08, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 16:39:32.848882", "run_start": "2023-09-24 16:38:09.886115", "total_execs_per_sec": 75831.95, "total_run_time": 164.47}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 967178.92, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 16:36:48.267903", "run_start": "2023-09-24 16:36:40.397038", "total_execs_per_sec": 794906.31, "total_run_time": 15.69}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.28, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85321.95, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 16:42:40.468679", "run_start": "2023-09-24 16:41:16.139963", "total_execs_per_sec": 77074.93, "total_run_time": 168.56}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 951489.66, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 16:39:51.795187", "run_start": "2023-09-24 16:39:43.493804", "total_execs_per_sec": 774701.85, "total_run_time": 16.77}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.021, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84838.27, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 16:45:54.357508", "run_start": "2023-09-24 16:44:26.961255", "total_execs_per_sec": 77367.27, "total_run_time": 174.64}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960006.17, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 16:42:59.608775", "run_start": "2023-09-24 16:42:51.114067", "total_execs_per_sec": 796663.92, "total_run_time": 16.96}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5004.233, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84775.88, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 16:49:14.438836", "run_start": "2023-09-24 16:47:44.307579", "total_execs_per_sec": 77885.6, "total_run_time": 180.15}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 951641.78, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 16:46:14.177658", "run_start": "2023-09-24 16:46:05.339754", "total_execs_per_sec": 795413.27, "total_run_time": 17.64}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.406, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84270.22, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 16:52:41.902416", "run_start": "2023-09-24 16:51:07.672987", "total_execs_per_sec": 77874.02, "total_run_time": 186.85}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 942547.06, "afl_execs_total": 14550761, "fuzzers_used": 28, "run_end": "2023-09-24 16:49:34.941484", "run_start": "2023-09-24 16:49:25.798090", "total_execs_per_sec": 794255.51, "total_run_time": 18.32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.364, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84210.82, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 16:56:15.463501", "run_start": "2023-09-24 16:54:39.353283", "total_execs_per_sec": 78381.6, "total_run_time": 192.27}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 931777.12, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 16:53:03.085166", "run_start": "2023-09-24 16:52:53.548366", "total_execs_per_sec": 793180.53, "total_run_time": 19.0}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.833, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83474.02, "afl_execs_total": 15590101, "fuzzers_used": 30, "run_end": "2023-09-24 16:59:57.179830", "run_start": "2023-09-24 16:58:18.011175", "total_execs_per_sec": 78036.34, "total_run_time": 199.78}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 904578.64, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 16:56:37.287359", "run_start": "2023-09-24 16:56:27.480580", "total_execs_per_sec": 793793.28, "total_run_time": 19.64}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.067, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83753.88, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 17:03:44.530794", "run_start": "2023-09-24 17:02:03.017448", "total_execs_per_sec": 78722.49, "total_run_time": 204.64}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 860768.7, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 17:00:19.784409", "run_start": "2023-09-24 17:00:09.599876", "total_execs_per_sec": 788921.16, "total_run_time": 20.42}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.331, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83407.92, "afl_execs_total": 16629441, "fuzzers_used": 32, "run_end": "2023-09-24 17:07:39.378291", "run_start": "2023-09-24 17:05:54.344321", "total_execs_per_sec": 78652.23, "total_run_time": 211.43}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 834314.67, "afl_execs_total": 16629441, "fuzzers_used": 32, "run_end": "2023-09-24 17:04:07.840571", "run_start": "2023-09-24 17:03:57.258412", "total_execs_per_sec": 787006.2, "total_run_time": 21.13}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.693, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83062.75, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 17:11:42.343153", "run_start": "2023-09-24 17:09:52.612804", "total_execs_per_sec": 78449.73, "total_run_time": 218.6}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 855717.74, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 17:08:03.634580", "run_start": "2023-09-24 17:07:52.624413", "total_execs_per_sec": 777032.62, "total_run_time": 22.07}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.462, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82323.54, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 17:15:54.292772", "run_start": "2023-09-24 17:14:00.388082", "total_execs_per_sec": 77897.81, "total_run_time": 226.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 853364.74, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 17:12:07.356738", "run_start": "2023-09-24 17:11:55.831474", "total_execs_per_sec": 773928.21, "total_run_time": 22.83}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.207, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82233.29, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 17:20:13.687173", "run_start": "2023-09-24 17:18:17.746089", "total_execs_per_sec": 77908.21, "total_run_time": 233.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 856149.98, "afl_execs_total": 18188451, "fuzzers_used": 35, "run_end": "2023-09-24 17:16:20.119782", "run_start": "2023-09-24 17:16:08.327944", "total_execs_per_sec": 769393.02, "total_run_time": 23.64}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.711, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83213.99, "afl_execs_total": 18708148, "fuzzers_used": 36, "run_end": "2023-09-24 17:24:36.894994", "run_start": "2023-09-24 17:22:38.634589", "total_execs_per_sec": 79047.4, "total_run_time": 236.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 859532.49, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 17:20:40.112104", "run_start": "2023-09-24 17:20:28.014910", "total_execs_per_sec": 771787.13, "total_run_time": 24.24}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.545, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 8285.54, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-25 13:50:09.111113", "run_start": "2023-09-25 13:49:37.761134", "total_execs_per_sec": 8281.33, "total_run_time": 156.88}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 91280.21, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-25 13:47:32.127167", "run_start": "2023-09-25 13:47:29.232406", "total_execs_per_sec": 90851.4, "total_run_time": 14.3}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.314, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 85586.47, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-30 07:42:00.479418", "run_start": "2023-09-30 07:41:57.396293", "total_execs_per_sec": 84636.81, "total_run_time": 6.14}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.425, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 171655.96, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-30 07:42:06.853436", "run_start": "2023-09-30 07:42:03.776562", "total_execs_per_sec": 168998.37, "total_run_time": 6.15}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.001, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 256521.42, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-30 07:42:13.270331", "run_start": "2023-09-30 07:42:10.166965", "total_execs_per_sec": 251859.45, "total_run_time": 6.19}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3327.666, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 344496.49, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-30 07:42:19.668698", "run_start": "2023-09-30 07:42:16.580126", "total_execs_per_sec": 336901.13, "total_run_time": 6.17}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.554, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 430553.78, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-30 07:42:26.076644", "run_start": "2023-09-30 07:42:22.989661", "total_execs_per_sec": 420444.98, "total_run_time": 6.18}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.151, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 517290.69, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-30 07:42:32.537905", "run_start": "2023-09-30 07:42:29.411608", "total_execs_per_sec": 500484.75, "total_run_time": 6.23}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3294.318, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 603429.02, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-30 07:42:39.059861", "run_start": "2023-09-30 07:42:35.931021", "total_execs_per_sec": 577411.11, "total_run_time": 6.3}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3448.74, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 685974.04, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-30 07:42:45.666900", "run_start": "2023-09-30 07:42:42.473287", "total_execs_per_sec": 651623.82, "total_run_time": 6.38}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.339, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 738669.0, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-30 07:42:52.784312", "run_start": "2023-09-30 07:42:49.379818", "total_execs_per_sec": 679800.87, "total_run_time": 6.88}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.018, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 810349.25, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-30 07:43:00.048425", "run_start": "2023-09-30 07:42:56.531062", "total_execs_per_sec": 739217.64, "total_run_time": 7.03}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3471.131, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 885402.32, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-30 07:43:07.364224", "run_start": "2023-09-30 07:43:03.835412", "total_execs_per_sec": 807396.89, "total_run_time": 7.08}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.582, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 961038.38, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-30 07:43:14.752012", "run_start": "2023-09-30 07:43:11.193261", "total_execs_per_sec": 872173.43, "total_run_time": 7.15}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.278, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037784.4, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-30 07:43:22.077638", "run_start": "2023-09-30 07:43:18.514879", "total_execs_per_sec": 952850.49, "total_run_time": 7.09}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3384.307, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1111727.18, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-30 07:43:29.585061", "run_start": "2023-09-30 07:43:25.974127", "total_execs_per_sec": 1000740.03, "total_run_time": 7.27}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3289.949, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1193878.8, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-30 07:43:37.079331", "run_start": "2023-09-30 07:43:33.458660", "total_execs_per_sec": 1073698.35, "total_run_time": 7.26}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.687, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1269475.91, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-30 07:43:44.640643", "run_start": "2023-09-30 07:43:40.963019", "total_execs_per_sec": 1135890.71, "total_run_time": 7.32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.718, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1320835.4, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-30 07:43:52.612057", "run_start": "2023-09-30 07:43:48.691217", "total_execs_per_sec": 1141394.06, "total_run_time": 7.74}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.321, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1368865.62, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-30 07:44:00.765909", "run_start": "2023-09-30 07:43:56.810637", "total_execs_per_sec": 1181068.18, "total_run_time": 7.92}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3404.893, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1411475.19, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-30 07:44:08.984608", "run_start": "2023-09-30 07:44:04.978786", "total_execs_per_sec": 1235760.95, "total_run_time": 7.99}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3430.179, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1371473.76, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-30 07:44:18.226668", "run_start": "2023-09-30 07:44:13.705320", "total_execs_per_sec": 1153540.51, "total_run_time": 9.01}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.686, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1332041.97, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-30 07:44:27.722824", "run_start": "2023-09-30 07:44:23.106522", "total_execs_per_sec": 1178517.28, "total_run_time": 9.26}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.012, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1243041.86, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-30 07:44:38.175082", "run_start": "2023-09-30 07:44:33.072680", "total_execs_per_sec": 1118663.41, "total_run_time": 10.22}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3318.148, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1220434.69, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-30 07:44:49.198444", "run_start": "2023-09-30 07:44:43.788482", "total_execs_per_sec": 1107730.31, "total_run_time": 10.79}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.066, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1196276.88, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-30 07:45:00.949860", "run_start": "2023-09-30 07:44:55.207944", "total_execs_per_sec": 1083586.45, "total_run_time": 11.51}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.615, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1025499.64, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-30 07:45:16.720942", "run_start": "2023-09-30 07:45:08.965602", "total_execs_per_sec": 836558.27, "total_run_time": 15.53}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.493, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1032642.26, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-30 07:45:32.582384", "run_start": "2023-09-30 07:45:24.771210", "total_execs_per_sec": 865007.68, "total_run_time": 15.62}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3291.311, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1031647.08, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-30 07:45:48.577446", "run_start": "2023-09-30 07:45:40.724916", "total_execs_per_sec": 890862.86, "total_run_time": 15.75}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.158, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1028311.91, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-30 07:46:04.948104", "run_start": "2023-09-30 07:45:56.896793", "total_execs_per_sec": 902092.99, "total_run_time": 16.13}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.339, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1036212.6, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-30 07:46:22.013910", "run_start": "2023-09-30 07:46:13.634483", "total_execs_per_sec": 895982.76, "total_run_time": 16.82}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.896, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1042322.69, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-30 07:46:39.832515", "run_start": "2023-09-30 07:46:31.041676", "total_execs_per_sec": 886808.87, "total_run_time": 17.58}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3375.202, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1047997.08, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-30 07:46:58.278047", "run_start": "2023-09-30 07:46:49.168725", "total_execs_per_sec": 884666.12, "total_run_time": 18.21}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.366, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1056984.49, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-30 07:47:16.969303", "run_start": "2023-09-30 07:47:07.713753", "total_execs_per_sec": 901324.66, "total_run_time": 18.45}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.405, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1036325.44, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-30 07:47:39.043252", "run_start": "2023-09-30 07:47:28.121713", "total_execs_per_sec": 785575.36, "total_run_time": 21.83}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3507.854, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1053026.98, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-30 07:48:01.352860", "run_start": "2023-09-30 07:47:50.307789", "total_execs_per_sec": 800579.07, "total_run_time": 22.07}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3485.859, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1072895.06, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-30 07:48:23.763319", "run_start": "2023-09-30 07:48:12.662817", "total_execs_per_sec": 820408.21, "total_run_time": 22.17}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.606, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1085027.92, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-30 07:48:46.251174", "run_start": "2023-09-30 07:48:35.157875", "total_execs_per_sec": 841192.45, "total_run_time": 22.24}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.157, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1094717.62, "afl_execs_total": 19227790, "fuzzers_used": 37, "run_end": "2023-09-30 07:49:09.195316", "run_start": "2023-09-30 07:48:57.896581", "total_execs_per_sec": 847039.21, "total_run_time": 22.7}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.948, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1103173.32, "afl_execs_total": 19747460, "fuzzers_used": 38, "run_end": "2023-09-30 07:49:32.557795", "run_start": "2023-09-30 07:49:21.048584", "total_execs_per_sec": 854128.89, "total_run_time": 23.12}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.547, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1108812.92, "afl_execs_total": 20267130, "fuzzers_used": 39, "run_end": "2023-09-30 07:49:56.462550", "run_start": "2023-09-30 07:49:44.629586", "total_execs_per_sec": 856598.9, "total_run_time": 23.66}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.557, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1123452.65, "afl_execs_total": 20786800, "fuzzers_used": 40, "run_end": "2023-09-30 07:50:20.901030", "run_start": "2023-09-30 07:50:08.795372", "total_execs_per_sec": 859313.77, "total_run_time": 24.19}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3483.028, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1101846.02, "afl_execs_total": 21306470, "fuzzers_used": 41, "run_end": "2023-09-30 07:50:48.480926", "run_start": "2023-09-30 07:50:34.835000", "total_execs_per_sec": 779314.92, "total_run_time": 27.34}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3586.158, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1114558.66, "afl_execs_total": 21826140, "fuzzers_used": 42, "run_end": "2023-09-30 07:51:15.760441", "run_start": "2023-09-30 07:51:02.262271", "total_execs_per_sec": 807179.73, "total_run_time": 27.04}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3583.002, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1131883.25, "afl_execs_total": 22345810, "fuzzers_used": 43, "run_end": "2023-09-30 07:51:43.056693", "run_start": "2023-09-30 07:51:29.534218", "total_execs_per_sec": 826092.79, "total_run_time": 27.05}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3260.438, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1142235.48, "afl_execs_total": 22865480, "fuzzers_used": 44, "run_end": "2023-09-30 07:52:10.570117", "run_start": "2023-09-30 07:51:56.932825", "total_execs_per_sec": 838484.78, "total_run_time": 27.27}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3583.173, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1156328.81, "afl_execs_total": 23385150, "fuzzers_used": 45, "run_end": "2023-09-30 07:52:38.356804", "run_start": "2023-09-30 07:52:24.552262", "total_execs_per_sec": 849133.99, "total_run_time": 27.54}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3273.24, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1165391.02, "afl_execs_total": 23904820, "fuzzers_used": 46, "run_end": "2023-09-30 07:53:06.789449", "run_start": "2023-09-30 07:52:52.645374", "total_execs_per_sec": 847989.36, "total_run_time": 28.19}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3482.575, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1174743.04, "afl_execs_total": 24424490, "fuzzers_used": 47, "run_end": "2023-09-30 07:53:35.397560", "run_start": "2023-09-30 07:53:21.192250", "total_execs_per_sec": 861230.25, "total_run_time": 28.36}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3347.054, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1185729.9, "afl_execs_total": 24944160, "fuzzers_used": 48, "run_end": "2023-09-30 07:54:04.383033", "run_start": "2023-09-30 07:53:49.986966", "total_execs_per_sec": 867924.84, "total_run_time": 28.74}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.361, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1169711.34, "afl_execs_total": 25463830, "fuzzers_used": 49, "run_end": "2023-09-30 07:54:34.587857", "run_start": "2023-09-30 07:54:19.631476", "total_execs_per_sec": 849927.57, "total_run_time": 29.96}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3482.474, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1177314.64, "afl_execs_total": 25983500, "fuzzers_used": 50, "run_end": "2023-09-30 07:55:05.521448", "run_start": "2023-09-30 07:54:50.164260", "total_execs_per_sec": 846919.82, "total_run_time": 30.68}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.345, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1186608.73, "afl_execs_total": 26503170, "fuzzers_used": 51, "run_end": "2023-09-30 07:55:37.277650", "run_start": "2023-09-30 07:55:21.521109", "total_execs_per_sec": 841103.46, "total_run_time": 31.51}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3436.247, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1194422.5, "afl_execs_total": 27022840, "fuzzers_used": 52, "run_end": "2023-09-30 07:56:09.743581", "run_start": "2023-09-30 07:55:53.622431", "total_execs_per_sec": 838697.7, "total_run_time": 32.22}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.568, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1196372.9, "afl_execs_total": 27542510, "fuzzers_used": 53, "run_end": "2023-09-30 07:56:43.089455", "run_start": "2023-09-30 07:56:26.549970", "total_execs_per_sec": 832100.0, "total_run_time": 33.1}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.116, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1175514.11, "afl_execs_total": 28062180, "fuzzers_used": 54, "run_end": "2023-09-30 07:57:17.691328", "run_start": "2023-09-30 07:57:00.498904", "total_execs_per_sec": 816948.47, "total_run_time": 34.35}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.584, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1155052.32, "afl_execs_total": 28581850, "fuzzers_used": 55, "run_end": "2023-09-30 07:57:53.454457", "run_start": "2023-09-30 07:57:35.704817", "total_execs_per_sec": 804669.2, "total_run_time": 35.52}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.372, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1123418.49, "afl_execs_total": 29101520, "fuzzers_used": 56, "run_end": "2023-09-30 07:58:30.658431", "run_start": "2023-09-30 07:58:12.196534", "total_execs_per_sec": 787591.88, "total_run_time": 36.95}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.404, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1129169.64, "afl_execs_total": 29621190, "fuzzers_used": 57, "run_end": "2023-09-30 07:59:08.704834", "run_start": "2023-09-30 07:58:49.772727", "total_execs_per_sec": 783836.73, "total_run_time": 37.79}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3397.422, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1148164.32, "afl_execs_total": 30140860, "fuzzers_used": 58, "run_end": "2023-09-30 07:59:47.277825", "run_start": "2023-09-30 07:59:28.121769", "total_execs_per_sec": 786556.89, "total_run_time": 38.32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.772, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1161777.14, "afl_execs_total": 30660530, "fuzzers_used": 59, "run_end": "2023-09-30 08:00:26.502901", "run_start": "2023-09-30 08:00:07.032225", "total_execs_per_sec": 786570.81, "total_run_time": 38.98}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.361, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1175533.02, "afl_execs_total": 31180200, "fuzzers_used": 60, "run_end": "2023-09-30 08:01:06.175622", "run_start": "2023-09-30 08:00:46.486423", "total_execs_per_sec": 790974.12, "total_run_time": 39.42}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3494.462, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1174935.53, "afl_execs_total": 31699870, "fuzzers_used": 61, "run_end": "2023-09-30 08:01:46.692859", "run_start": "2023-09-30 08:01:26.589025", "total_execs_per_sec": 787183.26, "total_run_time": 40.27}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3298.878, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1160942.61, "afl_execs_total": 32219540, "fuzzers_used": 62, "run_end": "2023-09-30 08:02:28.314405", "run_start": "2023-09-30 08:02:07.671002", "total_execs_per_sec": 778814.12, "total_run_time": 41.37}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.072, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1146150.48, "afl_execs_total": 32739210, "fuzzers_used": 63, "run_end": "2023-09-30 08:03:11.129083", "run_start": "2023-09-30 08:02:49.863712", "total_execs_per_sec": 769248.36, "total_run_time": 42.56}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.676, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1116830.46, "afl_execs_total": 33258880, "fuzzers_used": 64, "run_end": "2023-09-30 08:03:55.318238", "run_start": "2023-09-30 08:03:33.344369", "total_execs_per_sec": 756915.79, "total_run_time": 43.94}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.035, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1127001.77, "afl_execs_total": 33778550, "fuzzers_used": 65, "run_end": "2023-09-30 08:04:40.326651", "run_start": "2023-09-30 08:04:17.983785", "total_execs_per_sec": 754659.29, "total_run_time": 44.76}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.461, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1151098.78, "afl_execs_total": 34298220, "fuzzers_used": 66, "run_end": "2023-09-30 08:05:25.734193", "run_start": "2023-09-30 08:05:03.138414", "total_execs_per_sec": 759482.29, "total_run_time": 45.16}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3419.698, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1170464.47, "afl_execs_total": 34817890, "fuzzers_used": 67, "run_end": "2023-09-30 08:06:11.829638", "run_start": "2023-09-30 08:05:48.997654", "total_execs_per_sec": 759386.91, "total_run_time": 45.85}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3136.734, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1174994.2, "afl_execs_total": 35337560, "fuzzers_used": 68, "run_end": "2023-09-30 08:06:58.556269", "run_start": "2023-09-30 08:06:35.299237", "total_execs_per_sec": 760274.53, "total_run_time": 46.48}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.646, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1176095.72, "afl_execs_total": 35857230, "fuzzers_used": 69, "run_end": "2023-09-30 08:07:46.210785", "run_start": "2023-09-30 08:07:22.462358", "total_execs_per_sec": 756481.65, "total_run_time": 47.4}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3244.285, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1166014.8, "afl_execs_total": 36376900, "fuzzers_used": 70, "run_end": "2023-09-30 08:08:34.778952", "run_start": "2023-09-30 08:08:10.693109", "total_execs_per_sec": 752833.2, "total_run_time": 48.32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.273, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1142873.75, "afl_execs_total": 36896570, "fuzzers_used": 71, "run_end": "2023-09-30 08:09:24.786623", "run_start": "2023-09-30 08:08:59.916409", "total_execs_per_sec": 741639.6, "total_run_time": 49.75}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.447, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1108650.01, "afl_execs_total": 37416240, "fuzzers_used": 72, "run_end": "2023-09-30 08:10:16.275929", "run_start": "2023-09-30 08:09:50.685135", "total_execs_per_sec": 730357.99, "total_run_time": 51.23}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.076, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1114721.96, "afl_execs_total": 37935910, "fuzzers_used": 73, "run_end": "2023-09-30 08:11:08.771165", "run_start": "2023-09-30 08:10:42.681867", "total_execs_per_sec": 726185.11, "total_run_time": 52.24}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3311.198, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1135673.92, "afl_execs_total": 38455580, "fuzzers_used": 74, "run_end": "2023-09-30 08:12:01.839425", "run_start": "2023-09-30 08:11:35.385025", "total_execs_per_sec": 728187.46, "total_run_time": 52.81}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.365, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1149384.99, "afl_execs_total": 38975250, "fuzzers_used": 75, "run_end": "2023-09-30 08:12:55.629355", "run_start": "2023-09-30 08:12:28.874534", "total_execs_per_sec": 728101.06, "total_run_time": 53.53}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3338.382, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1148321.67, "afl_execs_total": 39494920, "fuzzers_used": 76, "run_end": "2023-09-30 08:13:50.498609", "run_start": "2023-09-30 08:13:23.117065", "total_execs_per_sec": 723217.73, "total_run_time": 54.61}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3440.273, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1149691.56, "afl_execs_total": 40014590, "fuzzers_used": 77, "run_end": "2023-09-30 08:14:46.302511", "run_start": "2023-09-30 08:14:18.523825", "total_execs_per_sec": 720464.35, "total_run_time": 55.54}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3458.227, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1131248.45, "afl_execs_total": 40534261, "fuzzers_used": 78, "run_end": "2023-09-30 08:15:43.563759", "run_start": "2023-09-30 08:15:15.076409", "total_execs_per_sec": 711002.65, "total_run_time": 57.01}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.926, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1109039.3, "afl_execs_total": 41053930, "fuzzers_used": 79, "run_end": "2023-09-30 08:16:42.369066", "run_start": "2023-09-30 08:16:13.140837", "total_execs_per_sec": 701177.28, "total_run_time": 58.55}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3191.361, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1080599.62, "afl_execs_total": 41573600, "fuzzers_used": 80, "run_end": "2023-09-30 08:17:42.677191", "run_start": "2023-09-30 08:17:12.727147", "total_execs_per_sec": 692201.13, "total_run_time": 60.06}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.022, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1087537.14, "afl_execs_total": 42093271, "fuzzers_used": 81, "run_end": "2023-09-30 08:18:44.004042", "run_start": "2023-09-30 08:18:13.499327", "total_execs_per_sec": 689262.67, "total_run_time": 61.07}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.572, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1103324.54, "afl_execs_total": 42612948, "fuzzers_used": 82, "run_end": "2023-09-30 08:19:46.209050", "run_start": "2023-09-30 08:19:15.276096", "total_execs_per_sec": 687971.39, "total_run_time": 61.94}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3466.789, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1117042.53, "afl_execs_total": 43132617, "fuzzers_used": 83, "run_end": "2023-09-30 08:20:49.384483", "run_start": "2023-09-30 08:20:17.917252", "total_execs_per_sec": 685515.21, "total_run_time": 62.92}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.234, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1125014.12, "afl_execs_total": 43652284, "fuzzers_used": 84, "run_end": "2023-09-30 08:21:53.320907", "run_start": "2023-09-30 08:21:21.448433", "total_execs_per_sec": 685494.41, "total_run_time": 63.68}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.96, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1116969.15, "afl_execs_total": 44171951, "fuzzers_used": 85, "run_end": "2023-09-30 08:22:58.378342", "run_start": "2023-09-30 08:22:25.970462", "total_execs_per_sec": 681665.91, "total_run_time": 64.8}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3467.782, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1097984.93, "afl_execs_total": 44691621, "fuzzers_used": 86, "run_end": "2023-09-30 08:24:05.075588", "run_start": "2023-09-30 08:23:31.908866", "total_execs_per_sec": 672661.36, "total_run_time": 66.44}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.665, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1078838.87, "afl_execs_total": 45211293, "fuzzers_used": 87, "run_end": "2023-09-30 08:25:13.164891", "run_start": "2023-09-30 08:24:39.305049", "total_execs_per_sec": 666538.3, "total_run_time": 67.83}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.332, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1042803.71, "afl_execs_total": 45730960, "fuzzers_used": 88, "run_end": "2023-09-30 08:26:22.957333", "run_start": "2023-09-30 08:25:48.212315", "total_execs_per_sec": 657715.52, "total_run_time": 69.53}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.928, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1046576.83, "afl_execs_total": 46250640, "fuzzers_used": 89, "run_end": "2023-09-30 08:27:33.938142", "run_start": "2023-09-30 08:26:58.577562", "total_execs_per_sec": 653996.61, "total_run_time": 70.72}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3522.561, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1068351.7, "afl_execs_total": 46770324, "fuzzers_used": 90, "run_end": "2023-09-30 08:28:45.597413", "run_start": "2023-09-30 08:28:09.939130", "total_execs_per_sec": 655046.55, "total_run_time": 71.4}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.089, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1080013.5, "afl_execs_total": 47289998, "fuzzers_used": 91, "run_end": "2023-09-30 08:29:58.294481", "run_start": "2023-09-30 08:29:22.096659", "total_execs_per_sec": 652906.23, "total_run_time": 72.43}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3269.827, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1081167.39, "afl_execs_total": 47809665, "fuzzers_used": 92, "run_end": "2023-09-30 08:31:11.684574", "run_start": "2023-09-30 08:30:35.095972", "total_execs_per_sec": 653852.09, "total_run_time": 73.12}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3447.482, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1070973.26, "afl_execs_total": 48329336, "fuzzers_used": 93, "run_end": "2023-09-30 08:32:26.267744", "run_start": "2023-09-30 08:31:49.142267", "total_execs_per_sec": 650287.08, "total_run_time": 74.32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3470.833, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1053030.28, "afl_execs_total": 48848999, "fuzzers_used": 94, "run_end": "2023-09-30 08:33:42.312925", "run_start": "2023-09-30 08:33:04.442262", "total_execs_per_sec": 644615.98, "total_run_time": 75.78}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1034504.5, "afl_execs_total": 49368674, "fuzzers_used": 95, "run_end": "2023-09-30 08:35:00.145805", "run_start": "2023-09-30 08:34:21.460276", "total_execs_per_sec": 636440.3, "total_run_time": 77.57}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3366.601, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1007683.3, "afl_execs_total": 49888346, "fuzzers_used": 96, "run_end": "2023-09-30 08:36:19.640445", "run_start": "2023-09-30 08:35:40.102098", "total_execs_per_sec": 629664.85, "total_run_time": 79.23}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.618, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 997018.04, "afl_execs_total": 50408018, "fuzzers_used": 97, "run_end": "2023-09-30 08:37:40.724155", "run_start": "2023-09-30 08:37:00.290624", "total_execs_per_sec": 623707.23, "total_run_time": 80.82}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3358.197, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 991342.84, "afl_execs_total": 50927689, "fuzzers_used": 98, "run_end": "2023-09-30 08:39:03.174335", "run_start": "2023-09-30 08:38:22.103029", "total_execs_per_sec": 619633.64, "total_run_time": 82.19}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3376.095, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 983069.24, "afl_execs_total": 51447361, "fuzzers_used": 99, "run_end": "2023-09-30 08:40:27.215545", "run_start": "2023-09-30 08:39:45.346987", "total_execs_per_sec": 614150.19, "total_run_time": 83.77}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3420.112, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 977406.74, "afl_execs_total": 51967032, "fuzzers_used": 100, "run_end": "2023-09-30 08:41:52.597386", "run_start": "2023-09-30 08:41:09.937149", "total_execs_per_sec": 610514.94, "total_run_time": 85.12}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.649, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 971727.88, "afl_execs_total": 52486701, "fuzzers_used": 101, "run_end": "2023-09-30 08:43:19.643290", "run_start": "2023-09-30 08:42:36.266413", "total_execs_per_sec": 604824.86, "total_run_time": 86.78}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3261.563, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 968460.76, "afl_execs_total": 53006376, "fuzzers_used": 102, "run_end": "2023-09-30 08:44:48.432617", "run_start": "2023-09-30 08:44:04.055751", "total_execs_per_sec": 598739.14, "total_run_time": 88.53}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3520.756, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 954469.58, "afl_execs_total": 53526047, "fuzzers_used": 103, "run_end": "2023-09-30 08:46:19.604517", "run_start": "2023-09-30 08:45:34.043549", "total_execs_per_sec": 588780.63, "total_run_time": 90.91}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.248, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 943024.3, "afl_execs_total": 54045717, "fuzzers_used": 104, "run_end": "2023-09-30 08:47:53.270334", "run_start": "2023-09-30 08:47:06.453929", "total_execs_per_sec": 578647.93, "total_run_time": 93.4}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.219, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 936316.68, "afl_execs_total": 54565393, "fuzzers_used": 105, "run_end": "2023-09-30 08:49:28.619236", "run_start": "2023-09-30 08:48:41.107925", "total_execs_per_sec": 573889.28, "total_run_time": 95.08}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.369, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 931754.86, "afl_execs_total": 55085050, "fuzzers_used": 106, "run_end": "2023-09-30 08:51:05.597415", "run_start": "2023-09-30 08:50:17.363328", "total_execs_per_sec": 569590.01, "total_run_time": 96.71}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.281, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 928478.76, "afl_execs_total": 55604720, "fuzzers_used": 107, "run_end": "2023-09-30 08:52:43.989153", "run_start": "2023-09-30 08:51:54.966602", "total_execs_per_sec": 566701.18, "total_run_time": 98.12}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.391, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 923691.78, "afl_execs_total": 56124404, "fuzzers_used": 108, "run_end": "2023-09-30 08:54:23.819224", "run_start": "2023-09-30 08:53:34.061518", "total_execs_per_sec": 563724.43, "total_run_time": 99.56}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.525, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 914882.34, "afl_execs_total": 56644070, "fuzzers_used": 109, "run_end": "2023-09-30 08:56:05.695328", "run_start": "2023-09-30 08:55:14.890641", "total_execs_per_sec": 557465.51, "total_run_time": 101.61}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.336, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 911923.46, "afl_execs_total": 57163749, "fuzzers_used": 110, "run_end": "2023-09-30 08:57:49.444640", "run_start": "2023-09-30 08:56:57.631549", "total_execs_per_sec": 552413.5, "total_run_time": 103.48}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3490.214, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 901729.55, "afl_execs_total": 57683414, "fuzzers_used": 111, "run_end": "2023-09-30 08:59:35.842064", "run_start": "2023-09-30 08:58:42.750875", "total_execs_per_sec": 543516.57, "total_run_time": 106.13}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3285.647, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 894015.0, "afl_execs_total": 58203073, "fuzzers_used": 112, "run_end": "2023-09-30 09:01:24.623111", "run_start": "2023-09-30 09:00:30.323945", "total_execs_per_sec": 536334.99, "total_run_time": 108.52}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.685, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 890563.82, "afl_execs_total": 58722735, "fuzzers_used": 113, "run_end": "2023-09-30 09:03:14.866468", "run_start": "2023-09-30 09:02:19.916191", "total_execs_per_sec": 533940.13, "total_run_time": 109.98}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.408, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 886390.78, "afl_execs_total": 59242401, "fuzzers_used": 114, "run_end": "2023-09-30 09:05:06.759276", "run_start": "2023-09-30 09:04:10.963339", "total_execs_per_sec": 530750.77, "total_run_time": 111.62}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3361.694, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 881563.32, "afl_execs_total": 59762077, "fuzzers_used": 115, "run_end": "2023-09-30 09:07:00.456133", "run_start": "2023-09-30 09:06:03.753481", "total_execs_per_sec": 526863.06, "total_run_time": 113.43}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3125.151, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 879299.68, "afl_execs_total": 60281743, "fuzzers_used": 116, "run_end": "2023-09-30 09:08:55.616474", "run_start": "2023-09-30 09:07:58.153008", "total_execs_per_sec": 524690.95, "total_run_time": 114.89}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.31, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 873340.51, "afl_execs_total": 60801413, "fuzzers_used": 117, "run_end": "2023-09-30 09:10:52.737105", "run_start": "2023-09-30 09:09:54.279802", "total_execs_per_sec": 520337.3, "total_run_time": 116.85}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.47, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 871261.33, "afl_execs_total": 61321088, "fuzzers_used": 118, "run_end": "2023-09-30 09:12:51.598087", "run_start": "2023-09-30 09:11:52.384580", "total_execs_per_sec": 517084.81, "total_run_time": 118.59}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3284.117, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 862698.42, "afl_execs_total": 61840752, "fuzzers_used": 119, "run_end": "2023-09-30 09:14:52.868426", "run_start": "2023-09-30 09:13:52.363777", "total_execs_per_sec": 511080.6, "total_run_time": 121.0}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3356.592, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 861926.52, "afl_execs_total": 62360421, "fuzzers_used": 120, "run_end": "2023-09-30 09:16:56.074463", "run_start": "2023-09-30 09:15:54.637201", "total_execs_per_sec": 507242.73, "total_run_time": 122.94}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.621, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 859897.54, "afl_execs_total": 62880078, "fuzzers_used": 121, "run_end": "2023-09-30 09:19:00.972269", "run_start": "2023-09-30 09:17:58.634785", "total_execs_per_sec": 504534.04, "total_run_time": 124.63}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.388, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 856561.02, "afl_execs_total": 63399742, "fuzzers_used": 122, "run_end": "2023-09-30 09:21:07.399148", "run_start": "2023-09-30 09:20:04.336577", "total_execs_per_sec": 502534.42, "total_run_time": 126.16}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3436.902, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 850903.17, "afl_execs_total": 63919412, "fuzzers_used": 123, "run_end": "2023-09-30 09:23:15.587700", "run_start": "2023-09-30 09:22:11.621078", "total_execs_per_sec": 499682.71, "total_run_time": 127.92}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3253.219, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 850346.15, "afl_execs_total": 64439082, "fuzzers_used": 124, "run_end": "2023-09-30 09:25:25.067423", "run_start": "2023-09-30 09:24:20.478344", "total_execs_per_sec": 498715.9, "total_run_time": 129.21}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3414.153, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 846672.06, "afl_execs_total": 64958753, "fuzzers_used": 125, "run_end": "2023-09-30 09:27:36.609671", "run_start": "2023-09-30 09:26:31.031010", "total_execs_per_sec": 494848.43, "total_run_time": 131.27}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3361.171, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 842352.56, "afl_execs_total": 65478422, "fuzzers_used": 126, "run_end": "2023-09-30 09:29:50.384235", "run_start": "2023-09-30 09:28:43.637795", "total_execs_per_sec": 490438.33, "total_run_time": 133.51}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.553, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 841389.58, "afl_execs_total": 65998096, "fuzzers_used": 127, "run_end": "2023-09-30 09:32:06.515931", "run_start": "2023-09-30 09:30:58.540071", "total_execs_per_sec": 485780.19, "total_run_time": 135.86}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.887, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 836905.42, "afl_execs_total": 66517765, "fuzzers_used": 128, "run_end": "2023-09-30 09:34:24.980686", "run_start": "2023-09-30 09:33:15.797293", "total_execs_per_sec": 481315.23, "total_run_time": 138.2}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.465, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 834743.9, "afl_execs_total": 67037434, "fuzzers_used": 129, "run_end": "2023-09-30 09:36:46.435200", "run_start": "2023-09-30 09:35:35.764007", "total_execs_per_sec": 474836.62, "total_run_time": 141.18}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.312, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 830905.96, "afl_execs_total": 67557108, "fuzzers_used": 130, "run_end": "2023-09-30 09:39:09.175069", "run_start": "2023-09-30 09:37:57.952748", "total_execs_per_sec": 474184.8, "total_run_time": 142.47}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.256, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 829125.23, "afl_execs_total": 68076777, "fuzzers_used": 131, "run_end": "2023-09-30 09:41:33.102326", "run_start": "2023-09-30 09:40:21.290465", "total_execs_per_sec": 473874.27, "total_run_time": 143.66}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.987, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 827119.83, "afl_execs_total": 68596445, "fuzzers_used": 132, "run_end": "2023-09-30 09:43:58.332276", "run_start": "2023-09-30 09:42:45.862863", "total_execs_per_sec": 473242.12, "total_run_time": 144.95}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.313, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 824512.38, "afl_execs_total": 69116119, "fuzzers_used": 133, "run_end": "2023-09-30 09:46:25.412623", "run_start": "2023-09-30 09:45:11.961025", "total_execs_per_sec": 470786.18, "total_run_time": 146.81}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3601.545, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 822633.13, "afl_execs_total": 69635789, "fuzzers_used": 134, "run_end": "2023-09-30 09:48:54.930720", "run_start": "2023-09-30 09:47:40.272277", "total_execs_per_sec": 466571.45, "total_run_time": 149.25}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.861, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 822762.5, "afl_execs_total": 70155458, "fuzzers_used": 135, "run_end": "2023-09-30 09:51:26.289563", "run_start": "2023-09-30 09:50:10.658195", "total_execs_per_sec": 464328.93, "total_run_time": 151.09}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.701, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 819249.23, "afl_execs_total": 70675127, "fuzzers_used": 136, "run_end": "2023-09-30 09:53:59.678505", "run_start": "2023-09-30 09:52:43.109615", "total_execs_per_sec": 461566.92, "total_run_time": 153.12}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.611, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 817302.54, "afl_execs_total": 71194798, "fuzzers_used": 137, "run_end": "2023-09-30 09:56:34.611434", "run_start": "2023-09-30 09:55:17.255797", "total_execs_per_sec": 460331.04, "total_run_time": 154.66}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3273.527, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 816863.92, "afl_execs_total": 71714472, "fuzzers_used": 138, "run_end": "2023-09-30 09:59:10.993943", "run_start": "2023-09-30 09:57:53.026005", "total_execs_per_sec": 459384.23, "total_run_time": 156.11}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3275.624, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 813984.08, "afl_execs_total": 72234141, "fuzzers_used": 139, "run_end": "2023-09-30 10:01:48.858927", "run_start": "2023-09-30 10:00:30.038969", "total_execs_per_sec": 458367.54, "total_run_time": 157.59}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.294, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 814541.2, "afl_execs_total": 72753811, "fuzzers_used": 140, "run_end": "2023-09-30 10:04:28.031191", "run_start": "2023-09-30 10:03:08.621431", "total_execs_per_sec": 457859.1, "total_run_time": 158.9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.971, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 810988.78, "afl_execs_total": 73273485, "fuzzers_used": 141, "run_end": "2023-09-30 10:07:09.005858", "run_start": "2023-09-30 10:05:48.622814", "total_execs_per_sec": 455964.44, "total_run_time": 160.7}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3308.444, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 810061.77, "afl_execs_total": 73793151, "fuzzers_used": 142, "run_end": "2023-09-30 10:09:51.125760", "run_start": "2023-09-30 10:08:30.176106", "total_execs_per_sec": 455935.44, "total_run_time": 161.85}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.07, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 809156.3, "afl_execs_total": 74312818, "fuzzers_used": 143, "run_end": "2023-09-30 10:12:35.031056", "run_start": "2023-09-30 10:11:13.100914", "total_execs_per_sec": 454179.31, "total_run_time": 163.62}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.348, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 805410.96, "afl_execs_total": 74832495, "fuzzers_used": 144, "run_end": "2023-09-30 10:15:20.827022", "run_start": "2023-09-30 10:13:57.994693", "total_execs_per_sec": 452105.46, "total_run_time": 165.52}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.621, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 800032.28, "afl_execs_total": 75352170, "fuzzers_used": 145, "run_end": "2023-09-30 10:18:09.037693", "run_start": "2023-09-30 10:16:44.981253", "total_execs_per_sec": 448711.78, "total_run_time": 167.93}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.84, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 790963.48, "afl_execs_total": 75871845, "fuzzers_used": 146, "run_end": "2023-09-30 10:20:59.881118", "run_start": "2023-09-30 10:19:34.510855", "total_execs_per_sec": 444813.54, "total_run_time": 170.57}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.834, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 781345.59, "afl_execs_total": 76391506, "fuzzers_used": 147, "run_end": "2023-09-30 10:23:53.423727", "run_start": "2023-09-30 10:22:26.766448", "total_execs_per_sec": 440906.76, "total_run_time": 173.26}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3410.167, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 775327.12, "afl_execs_total": 76911176, "fuzzers_used": 148, "run_end": "2023-09-30 10:26:49.498429", "run_start": "2023-09-30 10:25:21.525545", "total_execs_per_sec": 437492.47, "total_run_time": 175.8}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3206.588, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 761211.59, "afl_execs_total": 77430859, "fuzzers_used": 149, "run_end": "2023-09-30 10:29:49.778335", "run_start": "2023-09-30 10:28:19.704665", "total_execs_per_sec": 430171.44, "total_run_time": 180.0}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.526, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 746341.24, "afl_execs_total": 77950520, "fuzzers_used": 150, "run_end": "2023-09-30 10:32:54.980945", "run_start": "2023-09-30 10:31:22.480794", "total_execs_per_sec": 421536.45, "total_run_time": 184.92}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3318.45, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 732544.52, "afl_execs_total": 78470193, "fuzzers_used": 151, "run_end": "2023-09-30 10:36:04.848674", "run_start": "2023-09-30 10:34:30.030288", "total_execs_per_sec": 413894.16, "total_run_time": 189.59}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.203, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 716668.71, "afl_execs_total": 78989859, "fuzzers_used": 152, "run_end": "2023-09-30 10:39:20.378787", "run_start": "2023-09-30 10:37:42.681671", "total_execs_per_sec": 404557.54, "total_run_time": 195.25}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.599, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 711764.46, "afl_execs_total": 79509537, "fuzzers_used": 153, "run_end": "2023-09-30 10:42:38.512166", "run_start": "2023-09-30 10:40:59.546892", "total_execs_per_sec": 401867.76, "total_run_time": 197.85}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3398.079, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 705019.7, "afl_execs_total": 80029204, "fuzzers_used": 154, "run_end": "2023-09-30 10:45:59.339304", "run_start": "2023-09-30 10:44:19.127854", "total_execs_per_sec": 399068.53, "total_run_time": 200.54}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.279, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 699393.58, "afl_execs_total": 80548882, "fuzzers_used": 155, "run_end": "2023-09-30 10:49:22.803103", "run_start": "2023-09-30 10:47:41.186000", "total_execs_per_sec": 396441.0, "total_run_time": 203.18}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3594.454, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 695765.06, "afl_execs_total": 81068552, "fuzzers_used": 156, "run_end": "2023-09-30 10:52:48.613257", "run_start": "2023-09-30 10:51:05.825800", "total_execs_per_sec": 394436.59, "total_run_time": 205.53}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3564.62, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 684256.6, "afl_execs_total": 81588223, "fuzzers_used": 157, "run_end": "2023-09-30 10:56:18.728250", "run_start": "2023-09-30 10:54:33.718953", "total_execs_per_sec": 388811.59, "total_run_time": 209.84}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.622, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 670310.7, "afl_execs_total": 82107888, "fuzzers_used": 158, "run_end": "2023-09-30 10:59:53.586577", "run_start": "2023-09-30 10:58:06.300789", "total_execs_per_sec": 382644.65, "total_run_time": 214.58}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.231, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 662122.52, "afl_execs_total": 82627562, "fuzzers_used": 159, "run_end": "2023-09-30 11:03:32.597265", "run_start": "2023-09-30 11:01:43.188367", "total_execs_per_sec": 377760.54, "total_run_time": 218.73}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3145.96, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 647377.08, "afl_execs_total": 83147234, "fuzzers_used": 160, "run_end": "2023-09-30 11:07:17.127615", "run_start": "2023-09-30 11:05:24.903690", "total_execs_per_sec": 370779.19, "total_run_time": 224.25}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3362.788, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 643549.36, "afl_execs_total": 83666905, "fuzzers_used": 161, "run_end": "2023-09-30 11:11:04.351861", "run_start": "2023-09-30 11:09:10.831265", "total_execs_per_sec": 368674.12, "total_run_time": 226.94}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.202, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 636156.58, "afl_execs_total": 84186573, "fuzzers_used": 162, "run_end": "2023-09-30 11:14:54.503571", "run_start": "2023-09-30 11:12:59.508979", "total_execs_per_sec": 366235.58, "total_run_time": 229.87}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.736, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 628362.66, "afl_execs_total": 84706245, "fuzzers_used": 163, "run_end": "2023-09-30 11:18:47.774086", "run_start": "2023-09-30 11:16:51.217211", "total_execs_per_sec": 363561.72, "total_run_time": 232.99}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.06, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 624514.0, "afl_execs_total": 85225920, "fuzzers_used": 164, "run_end": "2023-09-30 11:22:43.395749", "run_start": "2023-09-30 11:20:45.667702", "total_execs_per_sec": 362139.54, "total_run_time": 235.34}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.6, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 613472.25, "afl_execs_total": 85745594, "fuzzers_used": 165, "run_end": "2023-09-30 11:26:43.417976", "run_start": "2023-09-30 11:24:43.470475", "total_execs_per_sec": 357660.77, "total_run_time": 239.74}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3195.125, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 600511.17, "afl_execs_total": 86265258, "fuzzers_used": 166, "run_end": "2023-09-30 11:30:48.288321", "run_start": "2023-09-30 11:28:45.936037", "total_execs_per_sec": 352693.32, "total_run_time": 244.59}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.147, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 589155.5, "afl_execs_total": 86784920, "fuzzers_used": 167, "run_end": "2023-09-30 11:34:57.997816", "run_start": "2023-09-30 11:32:53.179262", "total_execs_per_sec": 347932.97, "total_run_time": 249.43}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.233, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 573492.37, "afl_execs_total": 87304593, "fuzzers_used": 168, "run_end": "2023-09-30 11:39:13.948596", "run_start": "2023-09-30 11:37:06.077352", "total_execs_per_sec": 341473.75, "total_run_time": 255.67}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.017, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 565721.98, "afl_execs_total": 87824263, "fuzzers_used": 169, "run_end": "2023-09-30 11:43:32.944634", "run_start": "2023-09-30 11:41:23.519337", "total_execs_per_sec": 339469.92, "total_run_time": 258.71}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3385.57, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 555298.16, "afl_execs_total": 88343932, "fuzzers_used": 170, "run_end": "2023-09-30 11:47:55.581861", "run_start": "2023-09-30 11:45:44.323973", "total_execs_per_sec": 336740.74, "total_run_time": 262.35}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.642, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 545279.91, "afl_execs_total": 88863604, "fuzzers_used": 171, "run_end": "2023-09-30 11:52:21.793580", "run_start": "2023-09-30 11:50:08.736546", "total_execs_per_sec": 334174.2, "total_run_time": 265.92}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.36, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 540755.64, "afl_execs_total": 89383276, "fuzzers_used": 172, "run_end": "2023-09-30 11:56:50.885860", "run_start": "2023-09-30 11:54:36.352451", "total_execs_per_sec": 332514.7, "total_run_time": 268.81}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3327.926, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 525250.31, "afl_execs_total": 89902937, "fuzzers_used": 173, "run_end": "2023-09-30 12:01:25.609071", "run_start": "2023-09-30 11:59:08.281162", "total_execs_per_sec": 327586.86, "total_run_time": 274.44}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.35, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 510966.04, "afl_execs_total": 90422604, "fuzzers_used": 174, "run_end": "2023-09-30 12:06:06.195059", "run_start": "2023-09-30 12:03:46.024130", "total_execs_per_sec": 322592.24, "total_run_time": 280.3}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.625, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 499732.24, "afl_execs_total": 90942279, "fuzzers_used": 175, "run_end": "2023-09-30 12:10:52.387827", "run_start": "2023-09-30 12:08:29.338056", "total_execs_per_sec": 318080.09, "total_run_time": 285.91}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3410.072, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 484949.79, "afl_execs_total": 91461945, "fuzzers_used": 176, "run_end": "2023-09-30 12:15:44.879463", "run_start": "2023-09-30 12:13:18.664380", "total_execs_per_sec": 313000.74, "total_run_time": 292.21}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.954, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 474380.12, "afl_execs_total": 91981613, "fuzzers_used": 177, "run_end": "2023-09-30 12:20:40.703316", "run_start": "2023-09-30 12:18:12.953826", "total_execs_per_sec": 311232.36, "total_run_time": 295.54}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3354.443, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 462356.4, "afl_execs_total": 92501281, "fuzzers_used": 178, "run_end": "2023-09-30 12:25:40.362195", "run_start": "2023-09-30 12:23:10.582350", "total_execs_per_sec": 308986.47, "total_run_time": 299.37}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.767, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 452096.2, "afl_execs_total": 93020952, "fuzzers_used": 179, "run_end": "2023-09-30 12:30:43.681516", "run_start": "2023-09-30 12:28:12.170741", "total_execs_per_sec": 306959.32, "total_run_time": 303.04}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.296, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 447312.96, "afl_execs_total": 93540623, "fuzzers_used": 180, "run_end": "2023-09-30 12:35:50.105344", "run_start": "2023-09-30 12:33:16.986820", "total_execs_per_sec": 305548.52, "total_run_time": 306.14}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3345.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 432373.06, "afl_execs_total": 94060296, "fuzzers_used": 181, "run_end": "2023-09-30 12:41:02.298418", "run_start": "2023-09-30 12:38:26.249052", "total_execs_per_sec": 301571.97, "total_run_time": 311.9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.4, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 415162.5, "afl_execs_total": 94579958, "fuzzers_used": 182, "run_end": "2023-09-30 12:46:20.940868", "run_start": "2023-09-30 12:43:41.732112", "total_execs_per_sec": 297094.26, "total_run_time": 318.35}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.462, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 404641.36, "afl_execs_total": 95099627, "fuzzers_used": 183, "run_end": "2023-09-30 12:51:45.127309", "run_start": "2023-09-30 12:49:03.108772", "total_execs_per_sec": 293607.99, "total_run_time": 323.9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.402, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 386862.7, "afl_execs_total": 95619305, "fuzzers_used": 184, "run_end": "2023-09-30 12:57:16.947024", "run_start": "2023-09-30 12:54:31.189986", "total_execs_per_sec": 288418.26, "total_run_time": 331.53}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.747, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 383084.4, "afl_execs_total": 96138965, "fuzzers_used": 185, "run_end": "2023-09-30 13:02:51.781939", "run_start": "2023-09-30 13:00:04.541072", "total_execs_per_sec": 287368.0, "total_run_time": 334.55}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.117, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 377706.1, "afl_execs_total": 96658643, "fuzzers_used": 186, "run_end": "2023-09-30 13:08:30.207657", "run_start": "2023-09-30 13:05:41.145593", "total_execs_per_sec": 285853.92, "total_run_time": 338.14}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.081, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 371416.68, "afl_execs_total": 97178312, "fuzzers_used": 187, "run_end": "2023-09-30 13:14:12.257097", "run_start": "2023-09-30 13:11:21.263677", "total_execs_per_sec": 284346.65, "total_run_time": 341.76}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.976, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 368708.34, "afl_execs_total": 97697985, "fuzzers_used": 188, "run_end": "2023-09-30 13:19:57.606285", "run_start": "2023-09-30 13:17:05.006166", "total_execs_per_sec": 283141.53, "total_run_time": 345.05}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.902, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 359967.99, "afl_execs_total": 98217659, "fuzzers_used": 189, "run_end": "2023-09-30 13:25:48.697394", "run_start": "2023-09-30 13:22:53.296224", "total_execs_per_sec": 279981.92, "total_run_time": 350.8}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.575, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 347526.07, "afl_execs_total": 98737339, "fuzzers_used": 190, "run_end": "2023-09-30 13:31:45.896768", "run_start": "2023-09-30 13:28:47.350917", "total_execs_per_sec": 276644.92, "total_run_time": 356.91}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.408, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 338602.2, "afl_execs_total": 99256999, "fuzzers_used": 191, "run_end": "2023-09-30 13:37:49.247720", "run_start": "2023-09-30 13:34:47.689569", "total_execs_per_sec": 273390.07, "total_run_time": 363.06}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.228, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 326219.13, "afl_execs_total": 99776669, "fuzzers_used": 192, "run_end": "2023-09-30 13:44:00.218035", "run_start": "2023-09-30 13:40:54.931667", "total_execs_per_sec": 269171.98, "total_run_time": 370.68}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.629, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 325790.1, "afl_execs_total": 100296342, "fuzzers_used": 193, "run_end": "2023-09-30 13:50:13.580456", "run_start": "2023-09-30 13:47:07.068488", "total_execs_per_sec": 268840.54, "total_run_time": 373.07}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.402, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 325312.01, "afl_execs_total": 100816010, "fuzzers_used": 194, "run_end": "2023-09-30 13:56:29.550017", "run_start": "2023-09-30 13:53:21.762745", "total_execs_per_sec": 268356.07, "total_run_time": 375.68}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3407.125, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 324605.64, "afl_execs_total": 101335681, "fuzzers_used": 195, "run_end": "2023-09-30 14:02:48.207312", "run_start": "2023-09-30 13:59:39.186912", "total_execs_per_sec": 267821.66, "total_run_time": 378.37}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.322, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 322111.38, "afl_execs_total": 101855364, "fuzzers_used": 196, "run_end": "2023-09-30 14:09:10.506032", "run_start": "2023-09-30 14:05:58.934115", "total_execs_per_sec": 266630.1, "total_run_time": 382.01}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.383, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 322211.61, "afl_execs_total": 102375028, "fuzzers_used": 197, "run_end": "2023-09-30 14:15:35.121380", "run_start": "2023-09-30 14:12:22.331631", "total_execs_per_sec": 266379.65, "total_run_time": 384.32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3431.415, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 318591.15, "afl_execs_total": 102894698, "fuzzers_used": 198, "run_end": "2023-09-30 14:22:04.616743", "run_start": "2023-09-30 14:18:49.922710", "total_execs_per_sec": 264374.87, "total_run_time": 389.2}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.372, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 318754.13, "afl_execs_total": 103414368, "fuzzers_used": 199, "run_end": "2023-09-30 14:28:35.889700", "run_start": "2023-09-30 14:25:20.243692", "total_execs_per_sec": 264500.4, "total_run_time": 390.98}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.618, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 315160.68, "afl_execs_total": 103934040, "fuzzers_used": 200, "run_end": "2023-09-30 14:35:12.352989", "run_start": "2023-09-30 14:31:54.098330", "total_execs_per_sec": 262347.07, "total_run_time": 396.17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3267.656, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 107126.58, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-30 22:49:12.547219", "run_start": "2023-09-30 22:49:10.096555", "total_execs_per_sec": 105839.1, "total_run_time": 4.91}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3531.38, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 214213.66, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-30 22:49:17.694180", "run_start": "2023-09-30 22:49:15.237982", "total_execs_per_sec": 210819.47, "total_run_time": 4.93}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.314, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 322468.69, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-30 22:49:22.842681", "run_start": "2023-09-30 22:49:20.375718", "total_execs_per_sec": 316229.21, "total_run_time": 4.93}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.382, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 427406.37, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-30 22:49:28.091611", "run_start": "2023-09-30 22:49:25.564125", "total_execs_per_sec": 413256.46, "total_run_time": 5.03}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3221.769, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 535728.44, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-30 22:49:33.328021", "run_start": "2023-09-30 22:49:30.817882", "total_execs_per_sec": 518632.73, "total_run_time": 5.01}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.505, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 643227.5, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-30 22:49:38.581723", "run_start": "2023-09-30 22:49:36.062567", "total_execs_per_sec": 619884.69, "total_run_time": 5.03}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3221.915, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 746997.96, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-30 22:49:43.987994", "run_start": "2023-09-30 22:49:41.431718", "total_execs_per_sec": 702256.76, "total_run_time": 5.18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.678, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 852324.44, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-30 22:49:49.379965", "run_start": "2023-09-30 22:49:46.773943", "total_execs_per_sec": 804131.53, "total_run_time": 5.17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.274, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 898199.42, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-30 22:49:55.133483", "run_start": "2023-09-30 22:49:52.384368", "total_execs_per_sec": 847288.04, "total_run_time": 5.52}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3351.732, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 994921.42, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-30 22:50:00.874999", "run_start": "2023-09-30 22:49:58.098412", "total_execs_per_sec": 943139.75, "total_run_time": 5.51}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3486.535, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1086491.72, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-30 22:50:06.680198", "run_start": "2023-09-30 22:50:03.896582", "total_execs_per_sec": 1024439.07, "total_run_time": 5.58}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3368.357, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1188114.32, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-30 22:50:12.511798", "run_start": "2023-09-30 22:50:09.709245", "total_execs_per_sec": 1113578.57, "total_run_time": 5.6}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3419.592, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1275638.92, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-30 22:50:18.551634", "run_start": "2023-09-30 22:50:15.697220", "total_execs_per_sec": 1162772.81, "total_run_time": 5.81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3422.898, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1373504.32, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-30 22:50:24.528330", "run_start": "2023-09-30 22:50:21.655863", "total_execs_per_sec": 1265283.48, "total_run_time": 5.75}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.124, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1456611.99, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-30 22:50:30.552669", "run_start": "2023-09-30 22:50:27.646950", "total_execs_per_sec": 1346295.34, "total_run_time": 5.79}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3409.107, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1547050.37, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-30 22:50:36.633662", "run_start": "2023-09-30 22:50:33.711668", "total_execs_per_sec": 1421319.66, "total_run_time": 5.85}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.587, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1556304.25, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-30 22:50:43.228730", "run_start": "2023-09-30 22:50:40.078655", "total_execs_per_sec": 1389055.03, "total_run_time": 6.36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3222.039, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1498337.65, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-30 22:50:50.456797", "run_start": "2023-09-30 22:50:46.953750", "total_execs_per_sec": 1336294.29, "total_run_time": 7.0}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.285, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1480610.39, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-30 22:50:57.979779", "run_start": "2023-09-30 22:50:54.340048", "total_execs_per_sec": 1354421.12, "total_run_time": 7.29}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3312.738, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1442181.26, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-30 22:51:05.961693", "run_start": "2023-09-30 22:51:02.116378", "total_execs_per_sec": 1341083.87, "total_run_time": 7.75}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3518.757, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1380390.08, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-30 22:51:14.802876", "run_start": "2023-09-30 22:51:10.511741", "total_execs_per_sec": 1267487.8, "total_run_time": 8.61}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.613, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1315149.42, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-30 22:51:24.344470", "run_start": "2023-09-30 22:51:19.707252", "total_execs_per_sec": 1228006.44, "total_run_time": 9.31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.752, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1250840.52, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-30 22:51:34.839206", "run_start": "2023-09-30 22:51:29.711462", "total_execs_per_sec": 1164952.24, "total_run_time": 10.26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.786, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1198962.91, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-30 22:51:46.227739", "run_start": "2023-09-30 22:51:40.669862", "total_execs_per_sec": 1117569.89, "total_run_time": 11.16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.299, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1113901.96, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-30 22:51:59.107794", "run_start": "2023-09-30 22:51:52.782421", "total_execs_per_sec": 1027015.81, "total_run_time": 12.65}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3277.537, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1112866.02, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-30 22:52:12.696417", "run_start": "2023-09-30 22:52:06.031126", "total_execs_per_sec": 1011333.83, "total_run_time": 13.36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.26, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1109572.68, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-30 22:52:27.053466", "run_start": "2023-09-30 22:52:19.981077", "total_execs_per_sec": 993703.26, "total_run_time": 14.12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.68, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1112386.81, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-30 22:52:42.076893", "run_start": "2023-09-30 22:52:34.664171", "total_execs_per_sec": 983824.21, "total_run_time": 14.79}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.78, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1104839.85, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-30 22:52:57.848693", "run_start": "2023-09-30 22:52:50.086501", "total_execs_per_sec": 969783.14, "total_run_time": 15.54}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3453.527, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1088259.95, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-30 22:53:14.436574", "run_start": "2023-09-30 22:53:06.278331", "total_execs_per_sec": 953522.94, "total_run_time": 16.35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3308.084, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1072951.12, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-30 22:53:31.854020", "run_start": "2023-09-30 22:53:23.306562", "total_execs_per_sec": 937704.89, "total_run_time": 17.18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.573, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1038335.3, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-30 22:53:50.279439", "run_start": "2023-09-30 22:53:41.188124", "total_execs_per_sec": 914207.81, "total_run_time": 18.19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3474.482, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1039005.59, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-30 22:54:09.595224", "run_start": "2023-09-30 22:54:00.072293", "total_execs_per_sec": 898800.31, "total_run_time": 19.08}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.322, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1055683.11, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-30 22:54:29.545218", "run_start": "2023-09-30 22:54:19.706182", "total_execs_per_sec": 896437.34, "total_run_time": 19.71}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3291.169, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1074708.24, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-30 22:54:50.082101", "run_start": "2023-09-30 22:54:39.937590", "total_execs_per_sec": 895982.76, "total_run_time": 20.3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.43, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1088882.64, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-30 22:55:11.186984", "run_start": "2023-09-30 22:55:00.733124", "total_execs_per_sec": 896412.07, "total_run_time": 20.87}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3442.88, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1084369.02, "afl_execs_total": 19227790, "fuzzers_used": 37, "run_end": "2023-09-30 22:55:33.072167", "run_start": "2023-09-30 22:55:22.235388", "total_execs_per_sec": 888119.63, "total_run_time": 21.65}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.669, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1061476.09, "afl_execs_total": 19747460, "fuzzers_used": 38, "run_end": "2023-09-30 22:55:55.894149", "run_start": "2023-09-30 22:55:44.632310", "total_execs_per_sec": 874168.22, "total_run_time": 22.59}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.531, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037330.81, "afl_execs_total": 20267130, "fuzzers_used": 39, "run_end": "2023-09-30 22:56:19.751866", "run_start": "2023-09-30 22:56:07.942445", "total_execs_per_sec": 858049.53, "total_run_time": 23.62}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.639, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1001283.07, "afl_execs_total": 20786800, "fuzzers_used": 40, "run_end": "2023-09-30 22:56:44.739038", "run_start": "2023-09-30 22:56:32.356644", "total_execs_per_sec": 839870.71, "total_run_time": 24.75}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.67, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1011982.42, "afl_execs_total": 21306470, "fuzzers_used": 41, "run_end": "2023-09-30 22:57:10.631327", "run_start": "2023-09-30 22:56:57.820505", "total_execs_per_sec": 830337.88, "total_run_time": 25.66}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.596, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1039061.07, "afl_execs_total": 21826140, "fuzzers_used": 42, "run_end": "2023-09-30 22:57:37.053742", "run_start": "2023-09-30 22:57:23.987008", "total_execs_per_sec": 833695.19, "total_run_time": 26.18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3392.117, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1060191.68, "afl_execs_total": 22345810, "fuzzers_used": 43, "run_end": "2023-09-30 22:58:04.142943", "run_start": "2023-09-30 22:57:50.723112", "total_execs_per_sec": 832246.18, "total_run_time": 26.85}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.174, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1069379.92, "afl_execs_total": 22865480, "fuzzers_used": 44, "run_end": "2023-09-30 22:58:31.880464", "run_start": "2023-09-30 22:58:18.133970", "total_execs_per_sec": 831472.0, "total_run_time": 27.5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.3, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1051676.06, "afl_execs_total": 23385150, "fuzzers_used": 45, "run_end": "2023-09-30 22:59:00.604783", "run_start": "2023-09-30 22:58:46.390060", "total_execs_per_sec": 820819.59, "total_run_time": 28.49}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3369.949, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1025702.93, "afl_execs_total": 23904820, "fuzzers_used": 46, "run_end": "2023-09-30 22:59:30.381431", "run_start": "2023-09-30 22:59:15.618865", "total_execs_per_sec": 809235.61, "total_run_time": 29.54}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.338, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1000795.88, "afl_execs_total": 24424490, "fuzzers_used": 47, "run_end": "2023-09-30 23:00:01.304861", "run_start": "2023-09-30 22:59:45.966936", "total_execs_per_sec": 796104.63, "total_run_time": 30.68}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3433.874, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 959941.0, "afl_execs_total": 24944160, "fuzzers_used": 48, "run_end": "2023-09-30 23:00:33.534503", "run_start": "2023-09-30 23:00:17.543090", "total_execs_per_sec": 779748.67, "total_run_time": 31.99}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3383.414, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 928333.9, "afl_execs_total": 25463830, "fuzzers_used": 49, "run_end": "2023-09-30 23:01:12.831570", "run_start": "2023-09-30 23:00:53.314147", "total_execs_per_sec": 651915.77, "total_run_time": 39.06}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.658, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 936392.44, "afl_execs_total": 25983500, "fuzzers_used": 50, "run_end": "2023-09-30 23:01:52.539154", "run_start": "2023-09-30 23:01:32.797969", "total_execs_per_sec": 658310.11, "total_run_time": 39.47}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 947163.68, "afl_execs_total": 26503170, "fuzzers_used": 51, "run_end": "2023-09-30 23:02:32.645289", "run_start": "2023-09-30 23:02:12.725860", "total_execs_per_sec": 664906.42, "total_run_time": 39.86}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3288.211, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 958614.58, "afl_execs_total": 27022840, "fuzzers_used": 52, "run_end": "2023-09-30 23:03:13.161133", "run_start": "2023-09-30 23:02:53.030893", "total_execs_per_sec": 670874.88, "total_run_time": 40.28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3476.136, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 973982.54, "afl_execs_total": 27542510, "fuzzers_used": 53, "run_end": "2023-09-30 23:03:53.955349", "run_start": "2023-09-30 23:03:33.719867", "total_execs_per_sec": 679223.43, "total_run_time": 40.55}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.629, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 976113.12, "afl_execs_total": 28062180, "fuzzers_used": 54, "run_end": "2023-09-30 23:04:35.438777", "run_start": "2023-09-30 23:04:14.856099", "total_execs_per_sec": 680460.23, "total_run_time": 41.24}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.634, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 983432.87, "afl_execs_total": 28581850, "fuzzers_used": 55, "run_end": "2023-09-30 23:05:17.493381", "run_start": "2023-09-30 23:04:56.532515", "total_execs_per_sec": 683449.31, "total_run_time": 41.82}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3338.93, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 985159.38, "afl_execs_total": 29101520, "fuzzers_used": 56, "run_end": "2023-09-30 23:06:00.297515", "run_start": "2023-09-30 23:05:39.049512", "total_execs_per_sec": 683776.32, "total_run_time": 42.56}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.617, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 949664.42, "afl_execs_total": 29621190, "fuzzers_used": 57, "run_end": "2023-09-30 23:06:46.620220", "run_start": "2023-09-30 23:06:23.586780", "total_execs_per_sec": 642820.96, "total_run_time": 46.08}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.524, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960540.52, "afl_execs_total": 30140860, "fuzzers_used": 58, "run_end": "2023-09-30 23:07:32.789227", "run_start": "2023-09-30 23:07:09.795959", "total_execs_per_sec": 656234.7, "total_run_time": 45.93}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.344, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 971717.37, "afl_execs_total": 30660530, "fuzzers_used": 59, "run_end": "2023-09-30 23:08:19.205529", "run_start": "2023-09-30 23:07:56.118775", "total_execs_per_sec": 664079.06, "total_run_time": 46.17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.947, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 978223.94, "afl_execs_total": 31180200, "fuzzers_used": 60, "run_end": "2023-09-30 23:09:06.065892", "run_start": "2023-09-30 23:08:42.712355", "total_execs_per_sec": 668815.96, "total_run_time": 46.62}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.079, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 995090.76, "afl_execs_total": 31699870, "fuzzers_used": 61, "run_end": "2023-09-30 23:09:53.117908", "run_start": "2023-09-30 23:09:29.706522", "total_execs_per_sec": 677202.95, "total_run_time": 46.81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.347, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1000123.55, "afl_execs_total": 32219540, "fuzzers_used": 62, "run_end": "2023-09-30 23:10:40.588355", "run_start": "2023-09-30 23:10:16.955091", "total_execs_per_sec": 682183.78, "total_run_time": 47.23}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.342, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1006856.18, "afl_execs_total": 32739210, "fuzzers_used": 63, "run_end": "2023-09-30 23:11:28.431482", "run_start": "2023-09-30 23:11:04.649867", "total_execs_per_sec": 687798.53, "total_run_time": 47.6}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3289.276, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1013280.29, "afl_execs_total": 33258880, "fuzzers_used": 64, "run_end": "2023-09-30 23:12:16.529480", "run_start": "2023-09-30 23:11:52.576162", "total_execs_per_sec": 695065.41, "total_run_time": 47.85}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.751, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 977531.19, "afl_execs_total": 33778550, "fuzzers_used": 65, "run_end": "2023-09-30 23:13:08.431052", "run_start": "2023-09-30 23:12:42.607854", "total_execs_per_sec": 653862.76, "total_run_time": 51.66}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3521.846, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 988260.54, "afl_execs_total": 34298220, "fuzzers_used": 66, "run_end": "2023-09-30 23:14:00.457627", "run_start": "2023-09-30 23:13:34.609623", "total_execs_per_sec": 662255.65, "total_run_time": 51.79}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.104, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 996765.65, "afl_execs_total": 34817893, "fuzzers_used": 67, "run_end": "2023-09-30 23:14:52.887499", "run_start": "2023-09-30 23:14:26.922014", "total_execs_per_sec": 667137.25, "total_run_time": 52.19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.26, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1006933.0, "afl_execs_total": 35337567, "fuzzers_used": 68, "run_end": "2023-09-30 23:15:45.540474", "run_start": "2023-09-30 23:15:19.383508", "total_execs_per_sec": 674252.38, "total_run_time": 52.41}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.655, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1016151.03, "afl_execs_total": 35857239, "fuzzers_used": 69, "run_end": "2023-09-30 23:16:38.920224", "run_start": "2023-09-30 23:16:12.361121", "total_execs_per_sec": 674769.27, "total_run_time": 53.14}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.292, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1020419.88, "afl_execs_total": 36376912, "fuzzers_used": 70, "run_end": "2023-09-30 23:17:32.908230", "run_start": "2023-09-30 23:17:06.097232", "total_execs_per_sec": 676779.76, "total_run_time": 53.75}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.291, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1024544.66, "afl_execs_total": 36896574, "fuzzers_used": 71, "run_end": "2023-09-30 23:18:27.486955", "run_start": "2023-09-30 23:18:00.353160", "total_execs_per_sec": 678994.74, "total_run_time": 54.34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.053, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1027862.2, "afl_execs_total": 37416240, "fuzzers_used": 72, "run_end": "2023-09-30 23:19:22.939401", "run_start": "2023-09-30 23:18:55.292965", "total_execs_per_sec": 677707.66, "total_run_time": 55.21}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3256.623, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 989415.52, "afl_execs_total": 37935910, "fuzzers_used": 73, "run_end": "2023-09-30 23:20:22.128510", "run_start": "2023-09-30 23:19:52.680720", "total_execs_per_sec": 643636.07, "total_run_time": 58.94}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3175.582, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 999208.44, "afl_execs_total": 38455580, "fuzzers_used": 74, "run_end": "2023-09-30 23:21:21.994758", "run_start": "2023-09-30 23:20:52.109044", "total_execs_per_sec": 645011.41, "total_run_time": 59.62}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.431, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1009747.84, "afl_execs_total": 38975263, "fuzzers_used": 75, "run_end": "2023-09-30 23:22:22.400574", "run_start": "2023-09-30 23:21:52.308129", "total_execs_per_sec": 647860.09, "total_run_time": 60.16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3424.949, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1016122.1, "afl_execs_total": 39494936, "fuzzers_used": 76, "run_end": "2023-09-30 23:23:23.367166", "run_start": "2023-09-30 23:22:53.084871", "total_execs_per_sec": 650443.61, "total_run_time": 60.72}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.15, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1026766.44, "afl_execs_total": 40014610, "fuzzers_used": 77, "run_end": "2023-09-30 23:24:24.632834", "run_start": "2023-09-30 23:23:54.183517", "total_execs_per_sec": 655762.21, "total_run_time": 61.02}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3592.097, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1032416.84, "afl_execs_total": 40534285, "fuzzers_used": 78, "run_end": "2023-09-30 23:25:26.680597", "run_start": "2023-09-30 23:24:55.800125", "total_execs_per_sec": 655894.58, "total_run_time": 61.8}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.891, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037369.06, "afl_execs_total": 41053955, "fuzzers_used": 79, "run_end": "2023-09-30 23:26:29.188422", "run_start": "2023-09-30 23:25:58.057408", "total_execs_per_sec": 659395.36, "total_run_time": 62.26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3388.495, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037677.89, "afl_execs_total": 41573602, "fuzzers_used": 80, "run_end": "2023-09-30 23:27:32.371382", "run_start": "2023-09-30 23:27:00.950646", "total_execs_per_sec": 660632.48, "total_run_time": 62.93}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3586.326, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1001527.34, "afl_execs_total": 42093277, "fuzzers_used": 81, "run_end": "2023-09-30 23:28:38.739977", "run_start": "2023-09-30 23:28:05.654779", "total_execs_per_sec": 636619.43, "total_run_time": 66.12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3463.049, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1008569.78, "afl_execs_total": 42612950, "fuzzers_used": 82, "run_end": "2023-09-30 23:29:45.918973", "run_start": "2023-09-30 23:29:12.428362", "total_execs_per_sec": 636679.37, "total_run_time": 66.93}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3392.247, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1024112.93, "afl_execs_total": 43132623, "fuzzers_used": 83, "run_end": "2023-09-30 23:30:53.449181", "run_start": "2023-09-30 23:30:19.814374", "total_execs_per_sec": 641091.3, "total_run_time": 67.28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3404.469, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1033177.84, "afl_execs_total": 43652299, "fuzzers_used": 84, "run_end": "2023-09-30 23:32:01.675241", "run_start": "2023-09-30 23:31:27.738537", "total_execs_per_sec": 642134.44, "total_run_time": 67.98}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.579, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1035389.26, "afl_execs_total": 44171974, "fuzzers_used": 85, "run_end": "2023-09-30 23:33:10.497096", "run_start": "2023-09-30 23:32:36.251098", "total_execs_per_sec": 644188.04, "total_run_time": 68.57}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3584.426, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1040484.52, "afl_execs_total": 44691647, "fuzzers_used": 86, "run_end": "2023-09-30 23:34:19.962598", "run_start": "2023-09-30 23:33:45.308419", "total_execs_per_sec": 645646.45, "total_run_time": 69.22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.376, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1047416.67, "afl_execs_total": 45211316, "fuzzers_used": 87, "run_end": "2023-09-30 23:35:29.960796", "run_start": "2023-09-30 23:34:55.107828", "total_execs_per_sec": 648190.91, "total_run_time": 69.75}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.768, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1043614.54, "afl_execs_total": 45730993, "fuzzers_used": 88, "run_end": "2023-09-30 23:36:41.094109", "run_start": "2023-09-30 23:36:05.629742", "total_execs_per_sec": 645188.95, "total_run_time": 70.88}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.133, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1014160.19, "afl_execs_total": 46250683, "fuzzers_used": 89, "run_end": "2023-09-30 23:37:55.516863", "run_start": "2023-09-30 23:37:18.491584", "total_execs_per_sec": 623576.69, "total_run_time": 74.17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3374.57, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1019409.94, "afl_execs_total": 46770379, "fuzzers_used": 90, "run_end": "2023-09-30 23:39:10.778063", "run_start": "2023-09-30 23:38:33.294208", "total_execs_per_sec": 623521.92, "total_run_time": 75.01}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3411.736, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1033667.5, "afl_execs_total": 47290036, "fuzzers_used": 91, "run_end": "2023-09-30 23:40:26.422137", "run_start": "2023-09-30 23:39:48.679717", "total_execs_per_sec": 627188.81, "total_run_time": 75.4}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.108, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1040422.32, "afl_execs_total": 47809728, "fuzzers_used": 92, "run_end": "2023-09-30 23:41:42.356121", "run_start": "2023-09-30 23:41:04.496375", "total_execs_per_sec": 631735.31, "total_run_time": 75.68}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3592.853, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1045409.98, "afl_execs_total": 48329396, "fuzzers_used": 93, "run_end": "2023-09-30 23:42:59.057925", "run_start": "2023-09-30 23:42:20.833029", "total_execs_per_sec": 632169.99, "total_run_time": 76.45}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.471, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1048162.62, "afl_execs_total": 48849073, "fuzzers_used": 94, "run_end": "2023-09-30 23:44:16.590083", "run_start": "2023-09-30 23:43:38.042805", "total_execs_per_sec": 632104.98, "total_run_time": 77.28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.809, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1050384.15, "afl_execs_total": 49368750, "fuzzers_used": 95, "run_end": "2023-09-30 23:45:34.408553", "run_start": "2023-09-30 23:44:55.753132", "total_execs_per_sec": 636441.28, "total_run_time": 77.57}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.421, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1050304.88, "afl_execs_total": 49888422, "fuzzers_used": 96, "run_end": "2023-09-30 23:46:53.074378", "run_start": "2023-09-30 23:46:13.842719", "total_execs_per_sec": 636413.09, "total_run_time": 78.39}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3460.622, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037251.1, "afl_execs_total": 50408093, "fuzzers_used": 97, "run_end": "2023-09-30 23:48:13.624856", "run_start": "2023-09-30 23:47:33.555637", "total_execs_per_sec": 627747.11, "total_run_time": 80.3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3422.534, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1023279.61, "afl_execs_total": 50927766, "fuzzers_used": 98, "run_end": "2023-09-30 23:49:36.206307", "run_start": "2023-09-30 23:48:55.043259", "total_execs_per_sec": 618580.91, "total_run_time": 82.33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.706, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1009889.86, "afl_execs_total": 51447436, "fuzzers_used": 99, "run_end": "2023-09-30 23:51:00.769989", "run_start": "2023-09-30 23:50:18.655201", "total_execs_per_sec": 610289.87, "total_run_time": 84.3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.659, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 996157.16, "afl_execs_total": 51967100, "fuzzers_used": 100, "run_end": "2023-09-30 23:52:27.268848", "run_start": "2023-09-30 23:51:44.273073", "total_execs_per_sec": 602517.1, "total_run_time": 86.25}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.698, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 973425.48, "afl_execs_total": 52486780, "fuzzers_used": 101, "run_end": "2023-09-30 23:53:56.895303", "run_start": "2023-09-30 23:53:12.201049", "total_execs_per_sec": 587297.53, "total_run_time": 89.37}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3483.595, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960922.5, "afl_execs_total": 53006447, "fuzzers_used": 102, "run_end": "2023-09-30 23:55:29.361853", "run_start": "2023-09-30 23:54:43.291757", "total_execs_per_sec": 574782.55, "total_run_time": 92.22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3410.047, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 941705.52, "afl_execs_total": 53526110, "fuzzers_used": 103, "run_end": "2023-09-30 23:57:05.299380", "run_start": "2023-09-30 23:56:17.519295", "total_execs_per_sec": 559428.41, "total_run_time": 95.68}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.635, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 927206.03, "afl_execs_total": 54045772, "fuzzers_used": 104, "run_end": "2023-09-30 23:58:44.910131", "run_start": "2023-09-30 23:57:55.290255", "total_execs_per_sec": 543938.93, "total_run_time": 99.36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.142, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 919716.12, "afl_execs_total": 54565450, "fuzzers_used": 105, "run_end": "2023-10-01 00:00:26.567448", "run_start": "2023-09-30 23:59:35.913562", "total_execs_per_sec": 538120.81, "total_run_time": 101.4}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.628, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 907116.8, "afl_execs_total": 55085116, "fuzzers_used": 106, "run_end": "2023-10-01 00:02:10.450695", "run_start": "2023-10-01 00:01:18.697664", "total_execs_per_sec": 531555.69, "total_run_time": 103.63}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3334.306, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 898444.05, "afl_execs_total": 55604777, "fuzzers_used": 107, "run_end": "2023-10-01 00:03:56.377235", "run_start": "2023-10-01 00:03:03.600706", "total_execs_per_sec": 526211.57, "total_run_time": 105.67}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.076, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 889678.68, "afl_execs_total": 56124461, "fuzzers_used": 108, "run_end": "2023-10-01 00:05:44.193223", "run_start": "2023-10-01 00:04:50.491661", "total_execs_per_sec": 521796.77, "total_run_time": 107.56}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3405.282, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 871535.65, "afl_execs_total": 56644120, "fuzzers_used": 109, "run_end": "2023-10-01 00:07:35.315927", "run_start": "2023-10-01 00:06:39.971352", "total_execs_per_sec": 510905.75, "total_run_time": 110.87}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.359, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 858369.28, "afl_execs_total": 57163803, "fuzzers_used": 110, "run_end": "2023-10-01 00:09:29.476232", "run_start": "2023-10-01 00:08:32.660720", "total_execs_per_sec": 501877.11, "total_run_time": 113.9}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.695, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 839357.6, "afl_execs_total": 57683458, "fuzzers_used": 111, "run_end": "2023-10-01 00:11:27.304043", "run_start": "2023-10-01 00:10:28.607394", "total_execs_per_sec": 490630.76, "total_run_time": 117.57}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3324.22, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 828077.49, "afl_execs_total": 58203126, "fuzzers_used": 112, "run_end": "2023-10-01 00:13:28.858815", "run_start": "2023-10-01 00:12:28.271715", "total_execs_per_sec": 479788.36, "total_run_time": 121.31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3571.382, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 817619.99, "afl_execs_total": 58722802, "fuzzers_used": 113, "run_end": "2023-10-01 00:15:32.648757", "run_start": "2023-10-01 00:14:30.925085", "total_execs_per_sec": 475372.8, "total_run_time": 123.53}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.08, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 806563.34, "afl_execs_total": 59242469, "fuzzers_used": 114, "run_end": "2023-10-01 00:17:38.748743", "run_start": "2023-10-01 00:16:35.893215", "total_execs_per_sec": 470776.14, "total_run_time": 125.84}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.311, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 795820.84, "afl_execs_total": 59762134, "fuzzers_used": 115, "run_end": "2023-10-01 00:19:47.207746", "run_start": "2023-10-01 00:18:43.168299", "total_execs_per_sec": 466163.29, "total_run_time": 128.2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.741, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 789602.32, "afl_execs_total": 60281817, "fuzzers_used": 116, "run_end": "2023-10-01 00:21:57.545651", "run_start": "2023-10-01 00:20:52.587366", "total_execs_per_sec": 463421.1, "total_run_time": 130.08}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.898, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 769744.98, "afl_execs_total": 60801473, "fuzzers_used": 117, "run_end": "2023-10-01 00:24:11.570391", "run_start": "2023-10-01 00:23:04.770309", "total_execs_per_sec": 454522.49, "total_run_time": 133.77}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3528.728, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 754704.16, "afl_execs_total": 61321140, "fuzzers_used": 118, "run_end": "2023-10-01 00:26:29.133904", "run_start": "2023-10-01 00:25:20.633522", "total_execs_per_sec": 446589.03, "total_run_time": 137.31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.663, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 739965.24, "afl_execs_total": 61840807, "fuzzers_used": 119, "run_end": "2023-10-01 00:28:50.375098", "run_start": "2023-10-01 00:27:39.889685", "total_execs_per_sec": 438649.5, "total_run_time": 140.98}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.298, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 721357.74, "afl_execs_total": 62360479, "fuzzers_used": 120, "run_end": "2023-10-01 00:31:16.004270", "run_start": "2023-10-01 00:30:03.324005", "total_execs_per_sec": 428977.64, "total_run_time": 145.37}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.799, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 705584.89, "afl_execs_total": 62880143, "fuzzers_used": 121, "run_end": "2023-10-01 00:33:44.457380", "run_start": "2023-10-01 00:32:30.384615", "total_execs_per_sec": 424292.46, "total_run_time": 148.2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.942, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 689179.3, "afl_execs_total": 63399821, "fuzzers_used": 122, "run_end": "2023-10-01 00:36:16.074412", "run_start": "2023-10-01 00:35:00.480705", "total_execs_per_sec": 418867.74, "total_run_time": 151.36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.711, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 674153.86, "afl_execs_total": 63919484, "fuzzers_used": 123, "run_end": "2023-10-01 00:38:50.357234", "run_start": "2023-10-01 00:37:33.341036", "total_execs_per_sec": 414980.74, "total_run_time": 154.03}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3277.002, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 668264.05, "afl_execs_total": 64439155, "fuzzers_used": 124, "run_end": "2023-10-01 00:41:26.881253", "run_start": "2023-10-01 00:40:08.743365", "total_execs_per_sec": 412384.2, "total_run_time": 156.26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.587, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 648129.94, "afl_execs_total": 64958824, "fuzzers_used": 125, "run_end": "2023-10-01 00:44:07.838710", "run_start": "2023-10-01 00:42:47.507566", "total_execs_per_sec": 404224.17, "total_run_time": 160.7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3435.316, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 630733.08, "afl_execs_total": 65478494, "fuzzers_used": 126, "run_end": "2023-10-01 00:46:53.319424", "run_start": "2023-10-01 00:45:30.720783", "total_execs_per_sec": 396310.94, "total_run_time": 165.22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3529.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 614518.38, "afl_execs_total": 65998164, "fuzzers_used": 127, "run_end": "2023-10-01 00:49:43.065457", "run_start": "2023-10-01 00:48:18.407561", "total_execs_per_sec": 389392.67, "total_run_time": 169.49}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.368, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 598284.67, "afl_execs_total": 66517829, "fuzzers_used": 128, "run_end": "2023-10-01 00:52:37.587547", "run_start": "2023-10-01 00:51:10.457560", "total_execs_per_sec": 381715.99, "total_run_time": 174.26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.404, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 580642.38, "afl_execs_total": 67037506, "fuzzers_used": 129, "run_end": "2023-10-01 00:55:35.274207", "run_start": "2023-10-01 00:54:06.552078", "total_execs_per_sec": 377825.09, "total_run_time": 177.43}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.247, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 562735.32, "afl_execs_total": 67557175, "fuzzers_used": 130, "run_end": "2023-10-01 00:58:36.064323", "run_start": "2023-10-01 00:57:05.772110", "total_execs_per_sec": 374215.78, "total_run_time": 180.53}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.272, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 547668.6, "afl_execs_total": 68076845, "fuzzers_used": 131, "run_end": "2023-10-01 01:01:39.967232", "run_start": "2023-10-01 01:00:08.173611", "total_execs_per_sec": 370708.15, "total_run_time": 183.64}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3582.186, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 540727.65, "afl_execs_total": 68596512, "fuzzers_used": 132, "run_end": "2023-10-01 01:04:46.423044", "run_start": "2023-10-01 01:03:13.262003", "total_execs_per_sec": 368402.32, "total_run_time": 186.2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.113, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 519637.0, "afl_execs_total": 69116187, "fuzzers_used": 133, "run_end": "2023-10-01 01:07:57.647789", "run_start": "2023-10-01 01:06:22.230683", "total_execs_per_sec": 361940.65, "total_run_time": 190.96}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3395.817, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 499189.04, "afl_execs_total": 69635850, "fuzzers_used": 134, "run_end": "2023-10-01 01:11:13.787072", "run_start": "2023-10-01 01:09:36.015503", "total_execs_per_sec": 355502.6, "total_run_time": 195.88}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3518.708, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 482457.86, "afl_execs_total": 70155523, "fuzzers_used": 135, "run_end": "2023-10-01 01:14:34.734203", "run_start": "2023-10-01 01:12:54.428580", "total_execs_per_sec": 349589.01, "total_run_time": 200.68}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.411, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 458655.34, "afl_execs_total": 70675189, "fuzzers_used": 136, "run_end": "2023-10-01 01:18:01.346354", "run_start": "2023-10-01 01:16:18.205160", "total_execs_per_sec": 342501.52, "total_run_time": 206.35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3450.23, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 453087.56, "afl_execs_total": 71194856, "fuzzers_used": 137, "run_end": "2023-10-01 01:21:31.070560", "run_start": "2023-10-01 01:19:46.328707", "total_execs_per_sec": 339897.15, "total_run_time": 209.46}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.302, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 445650.76, "afl_execs_total": 71714529, "fuzzers_used": 138, "run_end": "2023-10-01 01:25:03.543001", "run_start": "2023-10-01 01:23:17.438499", "total_execs_per_sec": 337989.11, "total_run_time": 212.18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.375, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 438779.54, "afl_execs_total": 72234208, "fuzzers_used": 139, "run_end": "2023-10-01 01:28:38.966326", "run_start": "2023-10-01 01:26:51.446036", "total_execs_per_sec": 335723.22, "total_run_time": 215.16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3474.59, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 434421.26, "afl_execs_total": 72753874, "fuzzers_used": 140, "run_end": "2023-10-01 01:32:17.031421", "run_start": "2023-10-01 01:30:28.143712", "total_execs_per_sec": 334039.83, "total_run_time": 217.8}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.222, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 422130.0, "afl_execs_total": 73273553, "fuzzers_used": 141, "run_end": "2023-10-01 01:35:59.924651", "run_start": "2023-10-01 01:34:08.658037", "total_execs_per_sec": 329127.04, "total_run_time": 222.63}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.022, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 403403.62, "afl_execs_total": 73793218, "fuzzers_used": 142, "run_end": "2023-10-01 01:39:48.590697", "run_start": "2023-10-01 01:37:54.409507", "total_execs_per_sec": 323073.5, "total_run_time": 228.41}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.413, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 391528.74, "afl_execs_total": 74312883, "fuzzers_used": 143, "run_end": "2023-10-01 01:43:42.069365", "run_start": "2023-10-01 01:41:45.382606", "total_execs_per_sec": 318652.21, "total_run_time": 233.21}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.866, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 374715.06, "afl_execs_total": 74832562, "fuzzers_used": 144, "run_end": "2023-10-01 01:47:41.260283", "run_start": "2023-10-01 01:45:41.775594", "total_execs_per_sec": 313198.69, "total_run_time": 238.93}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3357.232, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 372678.44, "afl_execs_total": 75352223, "fuzzers_used": 145, "run_end": "2023-10-01 01:51:43.356207", "run_start": "2023-10-01 01:49:42.472312", "total_execs_per_sec": 311591.71, "total_run_time": 241.83}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.107, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 371466.33, "afl_execs_total": 75871897, "fuzzers_used": 146, "run_end": "2023-10-01 01:55:47.958820", "run_start": "2023-10-01 01:53:45.928408", "total_execs_per_sec": 310530.42, "total_run_time": 244.33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.599, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 369815.4, "afl_execs_total": 76391573, "fuzzers_used": 147, "run_end": "2023-10-01 01:59:55.130584", "run_start": "2023-10-01 01:57:51.745568", "total_execs_per_sec": 309390.36, "total_run_time": 246.91}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.671, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 367734.06, "afl_execs_total": 76911235, "fuzzers_used": 148, "run_end": "2023-10-01 02:04:05.131837", "run_start": "2023-10-01 02:02:00.313458", "total_execs_per_sec": 307977.56, "total_run_time": 249.73}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3294.05, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 366332.54, "afl_execs_total": 77430918, "fuzzers_used": 149, "run_end": "2023-10-01 02:08:17.978729", "run_start": "2023-10-01 02:06:11.617727", "total_execs_per_sec": 306559.97, "total_run_time": 252.58}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.556, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 365256.89, "afl_execs_total": 77950581, "fuzzers_used": 150, "run_end": "2023-10-01 02:12:33.764599", "run_start": "2023-10-01 02:10:26.004100", "total_execs_per_sec": 305066.46, "total_run_time": 255.52}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3348.309, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 362078.84, "afl_execs_total": 78470247, "fuzzers_used": 151, "run_end": "2023-10-01 02:16:53.731876", "run_start": "2023-10-01 02:14:43.903389", "total_execs_per_sec": 302157.29, "total_run_time": 259.7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.192, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 361083.46, "afl_execs_total": 78989923, "fuzzers_used": 152, "run_end": "2023-10-01 02:21:16.337686", "run_start": "2023-10-01 02:19:05.372350", "total_execs_per_sec": 301097.52, "total_run_time": 262.34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.034, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 359994.43, "afl_execs_total": 79509587, "fuzzers_used": 153, "run_end": "2023-10-01 02:25:41.511107", "run_start": "2023-10-01 02:23:29.060001", "total_execs_per_sec": 300138.11, "total_run_time": 264.91}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3520.806, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 359950.89, "afl_execs_total": 80029258, "fuzzers_used": 154, "run_end": "2023-10-01 02:30:08.696139", "run_start": "2023-10-01 02:27:55.269294", "total_execs_per_sec": 299824.88, "total_run_time": 266.92}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.647, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 357498.64, "afl_execs_total": 80548933, "fuzzers_used": 155, "run_end": "2023-10-01 02:34:39.145101", "run_start": "2023-10-01 02:32:24.091985", "total_execs_per_sec": 298130.63, "total_run_time": 270.18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.421, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 357285.14, "afl_execs_total": 81068600, "fuzzers_used": 156, "run_end": "2023-10-01 02:39:11.604977", "run_start": "2023-10-01 02:36:55.542385", "total_execs_per_sec": 297838.27, "total_run_time": 272.19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.298, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 355405.08, "afl_execs_total": 81588281, "fuzzers_used": 157, "run_end": "2023-10-01 02:43:47.334188", "run_start": "2023-10-01 02:41:29.662280", "total_execs_per_sec": 296189.21, "total_run_time": 275.46}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3528.873, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 354127.44, "afl_execs_total": 82107951, "fuzzers_used": 158, "run_end": "2023-10-01 02:48:26.223001", "run_start": "2023-10-01 02:46:06.801058", "total_execs_per_sec": 294695.11, "total_run_time": 278.62}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.709, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 351793.59, "afl_execs_total": 82627619, "fuzzers_used": 159, "run_end": "2023-10-01 02:53:08.961221", "run_start": "2023-10-01 02:50:47.665420", "total_execs_per_sec": 292518.21, "total_run_time": 282.47}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.784, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 350348.0, "afl_execs_total": 83147295, "fuzzers_used": 160, "run_end": "2023-10-01 02:57:54.928358", "run_start": "2023-10-01 02:55:32.035459", "total_execs_per_sec": 291030.08, "total_run_time": 285.7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3326.109, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 349438.44, "afl_execs_total": 83666929, "fuzzers_used": 161, "run_end": "2023-10-01 03:02:43.496769", "run_start": "2023-10-01 03:00:19.361939", "total_execs_per_sec": 290207.87, "total_run_time": 288.3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.045, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 349188.38, "afl_execs_total": 84186602, "fuzzers_used": 162, "run_end": "2023-10-01 03:07:34.244149", "run_start": "2023-10-01 03:05:09.171410", "total_execs_per_sec": 289828.9, "total_run_time": 290.47}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.336, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 348377.38, "afl_execs_total": 84706275, "fuzzers_used": 163, "run_end": "2023-10-01 03:12:27.363035", "run_start": "2023-10-01 03:10:00.998309", "total_execs_per_sec": 289247.99, "total_run_time": 292.85}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.188, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 347124.06, "afl_execs_total": 85225940, "fuzzers_used": 164, "run_end": "2023-10-01 03:17:23.255256", "run_start": "2023-10-01 03:14:55.247687", "total_execs_per_sec": 288295.58, "total_run_time": 295.62}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.234, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 346480.82, "afl_execs_total": 85745613, "fuzzers_used": 165, "run_end": "2023-10-01 03:22:21.826668", "run_start": "2023-10-01 03:19:52.678006", "total_execs_per_sec": 287447.58, "total_run_time": 298.3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.62, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 345660.61, "afl_execs_total": 86265280, "fuzzers_used": 166, "run_end": "2023-10-01 03:27:23.304636", "run_start": "2023-10-01 03:24:52.670302", "total_execs_per_sec": 286405.31, "total_run_time": 301.2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.434, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 344352.86, "afl_execs_total": 86784956, "fuzzers_used": 167, "run_end": "2023-10-01 03:32:28.347850", "run_start": "2023-10-01 03:29:56.101960", "total_execs_per_sec": 284755.57, "total_run_time": 304.77}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3320.621, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 343903.25, "afl_execs_total": 87304620, "fuzzers_used": 168, "run_end": "2023-10-01 03:37:35.985037", "run_start": "2023-10-01 03:35:02.350396", "total_execs_per_sec": 284046.79, "total_run_time": 307.36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3477.517, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 342402.74, "afl_execs_total": 87824287, "fuzzers_used": 169, "run_end": "2023-10-01 03:42:46.403090", "run_start": "2023-10-01 03:40:11.272913", "total_execs_per_sec": 283176.27, "total_run_time": 310.14}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.115, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 342935.7, "afl_execs_total": 88343943, "fuzzers_used": 170, "run_end": "2023-10-01 03:47:58.790757", "run_start": "2023-10-01 03:45:22.971446", "total_execs_per_sec": 283053.87, "total_run_time": 312.11}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.952, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 342089.26, "afl_execs_total": 88863610, "fuzzers_used": 171, "run_end": "2023-10-01 03:53:13.982010", "run_start": "2023-10-01 03:50:36.576836", "total_execs_per_sec": 282178.36, "total_run_time": 314.92}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3600.078, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 341369.47, "afl_execs_total": 89383283, "fuzzers_used": 172, "run_end": "2023-10-01 03:58:31.757722", "run_start": "2023-10-01 03:55:52.882761", "total_execs_per_sec": 281522.15, "total_run_time": 317.5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3548.438, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 340166.19, "afl_execs_total": 89902960, "fuzzers_used": 173, "run_end": "2023-10-01 04:03:52.679983", "run_start": "2023-10-01 04:01:12.489362", "total_execs_per_sec": 280377.23, "total_run_time": 320.65}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3507.999, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339692.96, "afl_execs_total": 90422626, "fuzzers_used": 174, "run_end": "2023-10-01 04:09:16.022890", "run_start": "2023-10-01 04:06:34.373466", "total_execs_per_sec": 279885.55, "total_run_time": 323.07}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.34, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339204.8, "afl_execs_total": 90942302, "fuzzers_used": 175, "run_end": "2023-10-01 04:14:42.500004", "run_start": "2023-10-01 04:11:59.519266", "total_execs_per_sec": 278793.08, "total_run_time": 326.2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.35, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 338925.12, "afl_execs_total": 91461973, "fuzzers_used": 176, "run_end": "2023-10-01 04:20:11.867354", "run_start": "2023-10-01 04:17:27.309554", "total_execs_per_sec": 277923.89, "total_run_time": 329.09}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3334.831, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 337700.46, "afl_execs_total": 91981627, "fuzzers_used": 177, "run_end": "2023-10-01 04:25:44.119595", "run_start": "2023-10-01 04:22:58.066484", "total_execs_per_sec": 277069.78, "total_run_time": 331.98}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3497.336, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 338203.76, "afl_execs_total": 92501299, "fuzzers_used": 178, "run_end": "2023-10-01 04:31:18.189721", "run_start": "2023-10-01 04:28:31.286314", "total_execs_per_sec": 277124.24, "total_run_time": 333.79}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3431.628, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 337556.9, "afl_execs_total": 93020971, "fuzzers_used": 179, "run_end": "2023-10-01 04:36:54.792996", "run_start": "2023-10-01 04:34:06.793088", "total_execs_per_sec": 276576.49, "total_run_time": 336.33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3593.626, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336873.92, "afl_execs_total": 93540633, "fuzzers_used": 180, "run_end": "2023-10-01 04:42:33.966085", "run_start": "2023-10-01 04:39:44.518309", "total_execs_per_sec": 276020.64, "total_run_time": 338.89}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.309, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336399.84, "afl_execs_total": 94060303, "fuzzers_used": 181, "run_end": "2023-10-01 04:48:15.868413", "run_start": "2023-10-01 04:45:24.990090", "total_execs_per_sec": 275328.0, "total_run_time": 341.63}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3478.376, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336455.79, "afl_execs_total": 94579979, "fuzzers_used": 182, "run_end": "2023-10-01 04:54:00.031431", "run_start": "2023-10-01 04:51:08.184063", "total_execs_per_sec": 275029.74, "total_run_time": 343.89}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.357, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335823.56, "afl_execs_total": 95099645, "fuzzers_used": 183, "run_end": "2023-10-01 04:59:47.340839", "run_start": "2023-10-01 04:56:53.855437", "total_execs_per_sec": 274030.79, "total_run_time": 347.04}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.33, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335587.52, "afl_execs_total": 95619319, "fuzzers_used": 184, "run_end": "2023-10-01 05:05:37.094804", "run_start": "2023-10-01 05:02:42.459088", "total_execs_per_sec": 273612.38, "total_run_time": 349.47}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.749, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335620.09, "afl_execs_total": 96138976, "fuzzers_used": 185, "run_end": "2023-10-01 05:11:29.166451", "run_start": "2023-10-01 05:08:33.245194", "total_execs_per_sec": 273285.13, "total_run_time": 351.79}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.284, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334996.68, "afl_execs_total": 96658653, "fuzzers_used": 186, "run_end": "2023-10-01 05:17:23.465686", "run_start": "2023-10-01 05:14:26.488946", "total_execs_per_sec": 273039.33, "total_run_time": 354.01}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3473.897, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334980.98, "afl_execs_total": 97178332, "fuzzers_used": 187, "run_end": "2023-10-01 05:23:19.945356", "run_start": "2023-10-01 05:20:21.813464", "total_execs_per_sec": 272819.57, "total_run_time": 356.2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3345.704, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335404.84, "afl_execs_total": 97697995, "fuzzers_used": 188, "run_end": "2023-10-01 05:29:18.144996", "run_start": "2023-10-01 05:26:19.134225", "total_execs_per_sec": 272960.42, "total_run_time": 357.92}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.3, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335051.8, "afl_execs_total": 98217668, "fuzzers_used": 189, "run_end": "2023-10-01 05:35:18.993110", "run_start": "2023-10-01 05:32:18.847641", "total_execs_per_sec": 272388.01, "total_run_time": 360.58}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3188.526, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334887.42, "afl_execs_total": 98737339, "fuzzers_used": 190, "run_end": "2023-10-01 05:41:21.860222", "run_start": "2023-10-01 05:38:20.496147", "total_execs_per_sec": 272311.26, "total_run_time": 362.59}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.191, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335150.96, "afl_execs_total": 99257022, "fuzzers_used": 191, "run_end": "2023-10-01 05:47:26.904358", "run_start": "2023-10-01 05:44:24.481817", "total_execs_per_sec": 272115.97, "total_run_time": 364.76}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.007, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334773.71, "afl_execs_total": 99776692, "fuzzers_used": 192, "run_end": "2023-10-01 05:53:33.938237", "run_start": "2023-10-01 05:50:30.580786", "total_execs_per_sec": 272056.42, "total_run_time": 366.75}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.52, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335035.28, "afl_execs_total": 100296389, "fuzzers_used": 193, "run_end": "2023-10-01 05:59:43.187657", "run_start": "2023-10-01 05:56:38.967074", "total_execs_per_sec": 271835.4, "total_run_time": 368.96}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3181.989, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334596.91, "afl_execs_total": 100816076, "fuzzers_used": 194, "run_end": "2023-10-01 06:05:54.950356", "run_start": "2023-10-01 06:02:49.325019", "total_execs_per_sec": 271397.63, "total_run_time": 371.47}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.021, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336065.8, "afl_execs_total": 101335780, "fuzzers_used": 195, "run_end": "2023-10-01 06:12:07.984389", "run_start": "2023-10-01 06:09:01.587358", "total_execs_per_sec": 271867.2, "total_run_time": 372.74}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.015, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335034.33, "afl_execs_total": 101855465, "fuzzers_used": 196, "run_end": "2023-10-01 06:18:24.032065", "run_start": "2023-10-01 06:15:16.159292", "total_execs_per_sec": 271065.21, "total_run_time": 375.76}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.612, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334931.36, "afl_execs_total": 102375169, "fuzzers_used": 197, "run_end": "2023-10-01 06:24:42.372973", "run_start": "2023-10-01 06:21:33.212336", "total_execs_per_sec": 270797.96, "total_run_time": 378.05}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.413, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334191.98, "afl_execs_total": 102894843, "fuzzers_used": 198, "run_end": "2023-10-01 06:31:03.545925", "run_start": "2023-10-01 06:27:53.127882", "total_execs_per_sec": 270150.29, "total_run_time": 380.88}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.521, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 332929.11, "afl_execs_total": 103414536, "fuzzers_used": 199, "run_end": "2023-10-01 06:37:27.645981", "run_start": "2023-10-01 06:34:15.843433", "total_execs_per_sec": 269442.01, "total_run_time": 383.81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3339.7, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 331957.22, "afl_execs_total": 103934201, "fuzzers_used": 200, "run_end": "2023-10-01 06:43:54.782368", "run_start": "2023-10-01 06:40:41.553700", "total_execs_per_sec": 268674.91, "total_run_time": 386.84}}}} diff --git a/benchmark/benchmark.ipynb b/benchmark/benchmark.ipynb new file mode 100644 index 0000000000..b1ef6b0f5f --- /dev/null +++ b/benchmark/benchmark.ipynb @@ -0,0 +1,4490 @@ +{ + "cells": [ + { + "cell_type": "code", + "execution_count": 502, + "metadata": {}, + "outputs": [], + "source": [ + "# benchmark.ipynb\n", + "# Part of the aflplusplus project, requires an ipynb (Jupyter) editor or viewer.\n", + "# Author: Chris Ball \n", + "import json\n", + "import pandas as pd\n", + "with open(\"benchmark-results.jsonl\") as f:\n", + " lines = f.read().splitlines()\n", + "json_lines = [json.loads(line) for line in lines]\n" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Translate the JSON Lines entries into a single pandas DataFrame.\n", + "\n", + "We have JSON Lines in [benchmark-results.jsonl](benchmark-results.jsonl) that look like this:" + ] + }, + { + "cell_type": "code", + "execution_count": 503, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "{\n", + " \"config\": {\n", + " \"afl_persistent_config\": true,\n", + " \"afl_system_config\": true,\n", + " \"afl_version\": \"++4.09a\",\n", + " \"comment\": \"i9-9900k, 16GB DDR4-3000, Arch Linux\",\n", + " \"compiler\": \"clang version 15.0.7\",\n", + " \"target_arch\": \"x86_64-pc-linux-gnu\"\n", + " },\n", + " \"hardware\": {\n", + " \"cpu_fastest_core_mhz\": 4999.879,\n", + " \"cpu_model\": \"Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz\",\n", + " \"cpu_threads\": 16\n", + " },\n", + " \"targets\": {\n", + " \"test-instr\": {\n", + " \"multicore\": {\n", + " \"afl_execs_per_sec\": 11025.88,\n", + " \"afl_execs_total\": 519670,\n", + " \"fuzzers_used\": 1,\n", + " \"run_end\": \"2023-09-24 01:18:19.516294\",\n", + " \"run_start\": \"2023-09-24 01:17:55.982600\",\n", + " \"total_execs_per_sec\": 11019.3,\n", + " \"total_run_time\": 47.16\n", + " }\n", + " },\n", + " \"test-instr-persist-shmem\": {\n", + " \"multicore\": {\n", + " \"afl_execs_per_sec\": 134423.5,\n", + " \"afl_execs_total\": 519670,\n", + " \"fuzzers_used\": 1,\n", + " \"run_end\": \"2023-09-24 01:17:32.262373\",\n", + " \"run_start\": \"2023-09-24 01:17:30.328037\",\n", + " \"total_execs_per_sec\": 133591.26,\n", + " \"total_run_time\": 3.89\n", + " }\n", + " }\n", + " }\n", + "}\n" + ] + } + ], + "source": [ + "print(json.dumps(json.loads(lines[0]), indent=2))" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "The [pd.json_normalize()](https://pandas.pydata.org/docs/reference/api/pandas.json_normalize.html]) method translates this into a flat table that we can perform queries against:" + ] + }, + { + "cell_type": "code", + "execution_count": 504, + "metadata": {}, + "outputs": [ + { + "data": { + "text/html": [ + "
\n", + "\n", + "\n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + "
config.afl_persistent_configconfig.afl_system_configconfig.afl_versionconfig.commentconfig.compilerconfig.target_archhardware.cpu_fastest_core_mhzhardware.cpu_modelhardware.cpu_threadstargets.test-instr.multicore.afl_execs_per_sec...targets.test-instr.singlecore.run_starttargets.test-instr.singlecore.total_execs_per_sectargets.test-instr.singlecore.total_run_timetargets.test-instr-persist-shmem.singlecore.afl_execs_per_sectargets.test-instr-persist-shmem.singlecore.afl_execs_totaltargets.test-instr-persist-shmem.singlecore.fuzzers_usedtargets.test-instr-persist-shmem.singlecore.run_endtargets.test-instr-persist-shmem.singlecore.run_starttargets.test-instr-persist-shmem.singlecore.total_execs_per_sectargets.test-instr-persist-shmem.singlecore.total_run_time
0TrueTrue++4.09ai9-9900k, 16GB DDR4-3000, Arch Linuxclang version 15.0.7x86_64-pc-linux-gnu4999.879Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz1611025.88...NaNNaNNaNNaNNaNNaNNaNNaNNaNNaN
1TrueTrue++4.09ai9-9900k, 16GB DDR4-3000, Arch Linuxclang version 15.0.7x86_64-pc-linux-gnu4998.794Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz1621139.64...NaNNaNNaNNaNNaNNaNNaNNaNNaNNaN
2TrueTrue++4.09ai9-9900k, 16GB DDR4-3000, Arch Linuxclang version 15.0.7x86_64-pc-linux-gnu4998.859Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz1630618.28...NaNNaNNaNNaNNaNNaNNaNNaNNaNNaN
3TrueTrue++4.09ai9-9900k, 16GB DDR4-3000, Arch Linuxclang version 15.0.7x86_64-pc-linux-gnu5000.078Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz1639125.92...NaNNaNNaNNaNNaNNaNNaNNaNNaNNaN
4TrueTrue++4.09ai9-9900k, 16GB DDR4-3000, Arch Linuxclang version 15.0.7x86_64-pc-linux-gnu4996.885Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz1647861.04...NaNNaNNaNNaNNaNNaNNaNNaNNaNNaN
\n", + "

5 rows × 37 columns

\n", + "
" + ], + "text/plain": [ + " config.afl_persistent_config config.afl_system_config config.afl_version \\\n", + "0 True True ++4.09a \n", + "1 True True ++4.09a \n", + "2 True True ++4.09a \n", + "3 True True ++4.09a \n", + "4 True True ++4.09a \n", + "\n", + " config.comment config.compiler \\\n", + "0 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", + "1 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", + "2 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", + "3 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", + "4 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", + "\n", + " config.target_arch hardware.cpu_fastest_core_mhz \\\n", + "0 x86_64-pc-linux-gnu 4999.879 \n", + "1 x86_64-pc-linux-gnu 4998.794 \n", + "2 x86_64-pc-linux-gnu 4998.859 \n", + "3 x86_64-pc-linux-gnu 5000.078 \n", + "4 x86_64-pc-linux-gnu 4996.885 \n", + "\n", + " hardware.cpu_model hardware.cpu_threads \\\n", + "0 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", + "1 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", + "2 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", + "3 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", + "4 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", + "\n", + " targets.test-instr.multicore.afl_execs_per_sec ... \\\n", + "0 11025.88 ... \n", + "1 21139.64 ... \n", + "2 30618.28 ... \n", + "3 39125.92 ... \n", + "4 47861.04 ... \n", + "\n", + " targets.test-instr.singlecore.run_start \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr.singlecore.total_execs_per_sec \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr.singlecore.total_run_time \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr-persist-shmem.singlecore.afl_execs_per_sec \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr-persist-shmem.singlecore.afl_execs_total \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr-persist-shmem.singlecore.fuzzers_used \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr-persist-shmem.singlecore.run_end \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr-persist-shmem.singlecore.run_start \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr-persist-shmem.singlecore.total_execs_per_sec \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr-persist-shmem.singlecore.total_run_time \n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + "[5 rows x 37 columns]" + ] + }, + "execution_count": 504, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "\n", + "df = pd.json_normalize(json_lines)\n", + "df.head()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Graph prep\n", + "\n", + "We're looking for a line graph showing lines for the following cases:\n", + "\n", + "* For each mode:\n", + " * For each target:\n", + " * persistent off, system off\n", + " * persistent on, system off\n", + " * persistent off, system on\n", + " * persistent on, system on\n", + "\n", + "where the x-axis is number of cores, and the y-axis is either afl_execs_per_sec or total_execs_per_sec (I'm not yet sure which is a better metric to use).\n", + "\n", + "But first, a mini test harness by checking that the number of rows matched what we'd intuitively expect:" + ] + }, + { + "cell_type": "code", + "execution_count": 505, + "metadata": {}, + "outputs": [], + "source": [ + "i7 = df.query(\"`config.comment` == 'i9-9900k, 16GB DDR4-3000, Arch Linux'\")\n", + "assert len(i7) == 148\n", + "multicore = i7.query(\"`targets.test-instr-persist-shmem.multicore.total_execs_per_sec` > 0 or `targets.test-instr.multicore.total_execs_per_sec` > 0\")\n", + "assert len(multicore) == 144 # 36 cores * 4 states * 1 run (containing two targets)\n", + "singlecore = i7.query(\"`targets.test-instr-persist-shmem.singlecore.total_execs_per_sec` > 0 or `targets.test-instr.singlecore.total_execs_per_sec` > 0\")\n", + "assert len(singlecore) == 4 # 1 core * 4 states * 1 run (containing two targets)" + ] + }, + { + "cell_type": "code", + "execution_count": 506, + "metadata": {}, + "outputs": [ + { + "data": { + "text/html": [ + "
\n", + "\n", + "\n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + "
execs_per_secparallel_fuzzersafl_persistent_configafl_system_configlabel
108135613.261.0TrueTrueSinglecore: Persistent mode/shared memory + ke...
117135613.2610.0TrueTrueSinglecore: Persistent mode/shared memory + ke...
\n", + "
" + ], + "text/plain": [ + " execs_per_sec parallel_fuzzers afl_persistent_config \\\n", + "108 135613.26 1.0 True \n", + "117 135613.26 10.0 True \n", + "\n", + " afl_system_config label \n", + "108 True Singlecore: Persistent mode/shared memory + ke... \n", + "117 True Singlecore: Persistent mode/shared memory + ke... " + ] + }, + "execution_count": 506, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "def build_graphdf_from_query(query: pd.DataFrame):\n", + " \"\"\"Build a table suitable for graphing from a subset of the dataframe.\"\"\"\n", + " graphdata = []\n", + " max_fuzzers = int(query[[\"targets.test-instr-persist-shmem.multicore.fuzzers_used\", \"targets.test-instr.multicore.fuzzers_used\"]].max(axis=1).max(axis=0))\n", + " for _, row in query.iterrows():\n", + " if row[\"targets.test-instr-persist-shmem.multicore.total_execs_per_sec\"] > 0:\n", + " execs_per_sec = row[\"targets.test-instr-persist-shmem.multicore.total_execs_per_sec\"]\n", + " afl_execs_per_sec = row[\"targets.test-instr-persist-shmem.multicore.afl_execs_per_sec\"]\n", + " parallel_fuzzers = row[\"targets.test-instr-persist-shmem.multicore.fuzzers_used\"]\n", + " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", + " afl_system_config = row[\"config.afl_system_config\"]\n", + " label = \"shmem-multicore\"\n", + " if afl_persistent_config:\n", + " label += \"+persist-conf\"\n", + " if afl_system_config:\n", + " label += \"+system-conf\"\n", + " if label == \"shmem-multicore+persist-conf+system-conf\":\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory + kernel config\"})\n", + " graphdata.append({\"execs_per_sec\": afl_execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: afl_execs: Persistent mode/shared memory + kernel config\"})\n", + " if label == \"shmem-multicore\":\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory without kernel config\"})\n", + " if row[\"targets.test-instr.multicore.total_execs_per_sec\"] > 0:\n", + " execs_per_sec = row[\"targets.test-instr.multicore.total_execs_per_sec\"]\n", + " parallel_fuzzers = row[\"targets.test-instr.multicore.fuzzers_used\"]\n", + " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", + " afl_system_config = row[\"config.afl_system_config\"]\n", + " label = \"base-multicore\"\n", + " if afl_persistent_config:\n", + " label += \"+persist-conf\"\n", + " if afl_system_config:\n", + " label += \"+system-conf\"\n", + " if label == \"base-multicore+persist-conf+system-conf\":\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Non-persistent mode + kernel config\"}) \n", + " if row[\"targets.test-instr-persist-shmem.singlecore.total_execs_per_sec\"] > 0:\n", + " execs_per_sec = row[\"targets.test-instr-persist-shmem.singlecore.total_execs_per_sec\"]\n", + " parallel_fuzzers = row[\"targets.test-instr-persist-shmem.singlecore.fuzzers_used\"]\n", + " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", + " afl_system_config = row[\"config.afl_system_config\"]\n", + " label = \"shmem-singlecore\"\n", + " if afl_persistent_config:\n", + " label += \"+persist-conf\"\n", + " if afl_system_config:\n", + " label += \"+system-conf\"\n", + " if label == \"shmem-singlecore+persist-conf+system-conf\":\n", + " for i in range(1, max_fuzzers + 1):\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": float(i), \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Singlecore: Persistent mode/shared memory + kernel config\"})\n", + " if row[\"targets.test-instr.singlecore.total_execs_per_sec\"] > 0:\n", + " execs_per_sec = row[\"targets.test-instr.singlecore.total_execs_per_sec\"]\n", + " parallel_fuzzers = row[\"targets.test-instr.singlecore.fuzzers_used\"]\n", + " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", + " afl_system_config = row[\"config.afl_system_config\"]\n", + " label = \"base-singlecore\"\n", + " if afl_persistent_config:\n", + " label += \"+persist-conf\"\n", + " if afl_system_config:\n", + " label += \"+system-conf\"\n", + " if label == \"base-singlecore+persist-conf+system-conf\":\n", + " for i in range(1, max_fuzzers + 1):\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": float(i), \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Singlecore: Non-persistent mode + kernel config\"})\n", + "\n", + " return pd.DataFrame.from_records(graphdata).sort_values(\"label\", ascending=False)\n", + "\n", + "graphdf = build_graphdf_from_query(i7)\n", + "graphdf.head(2)" + ] + }, + { + "cell_type": "code", + "execution_count": 507, + "metadata": {}, + "outputs": [ + { + "data": { + "application/vnd.plotly.v1+json": { + "config": { + "plotlyServerURL": "https://plot.ly" + }, + "data": [ + { + "hovertemplate": "Configuration=Multicore: Non-persistent mode + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Multicore: Non-persistent mode + kernel config", + "line": { + "color": "#636efa", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Multicore: Non-persistent mode + kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36 + ], + "xaxis": "x", + "y": [ + 11019.3, + 21111.92, + 30568.82, + 38963.07, + 47693.65, + 55718.73, + 64156.79, + 72176.39, + 61257.76, + 67507.14, + 73183.59, + 79167.7, + 85202.55, + 91594.86, + 97682.33, + 103765.38, + 84547.71, + 86611.67, + 88657, + 90134.42, + 91033.28, + 91637.86, + 92747.81, + 93207.38, + 92970.87, + 94162.8, + 94237.96, + 91716.1, + 94072.6, + 95644.79, + 94880.56, + 93460.57, + 94194.83, + 93853.08, + 95147.78, + 92697.06 + ], + "yaxis": "y" + }, + { + "hovertemplate": "Configuration=Multicore: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Multicore: Persistent mode/shared memory + kernel config", + "line": { + "color": "#EF553B", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Multicore: Persistent mode/shared memory + kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36 + ], + "xaxis": "x", + "y": [ + 133591.26, + 255995.07, + 380246.34, + 490254.72, + 598698.16, + 716786.21, + 824873.02, + 942712.02, + 709716.24, + 779115.44, + 851918.03, + 914375.37, + 990573.31, + 1060551.02, + 1134650.66, + 1203287.99, + 1022498.84, + 1058151.58, + 1076742.64, + 1091743.7, + 1062616.36, + 1081621.57, + 1132929.86, + 1133825.45, + 1114215.27, + 1122210.96, + 1130627.8, + 1135890.71, + 1137390.94, + 1142969.21, + 1149056.35, + 1142131.87, + 1128973.67, + 1116863.53, + 1117913.34, + 1124962.18 + ], + "yaxis": "y" + }, + { + "hovertemplate": "Configuration=Multicore: Persistent mode/shared memory without kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Multicore: Persistent mode/shared memory without kernel config", + "line": { + "color": "#00cc96", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Multicore: Persistent mode/shared memory without kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36 + ], + "xaxis": "x", + "y": [ + 90851.4, + 176159.32, + 260268.78, + 336355.99, + 413750, + 492578.2, + 565737.17, + 640579.35, + 491284.66, + 540759.63, + 591144.78, + 638938.52, + 687954.18, + 734886.87, + 784210.26, + 834811.24, + 714178.66, + 734804.4, + 740714.93, + 750425.99, + 752625.52, + 760661.34, + 758401.65, + 767985.22, + 785474.61, + 789679.78, + 790483.94, + 798176.69, + 792763.39, + 788972.72, + 789307.69, + 777440.02, + 767985.22, + 775967.55, + 764863.41, + 768616.31 + ], + "yaxis": "y" + }, + { + "hovertemplate": "Configuration=Multicore: afl_execs: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", + "line": { + "color": "#ab63fa", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36 + ], + "xaxis": "x", + "y": [ + 134423.5, + 258490.04, + 383777.45, + 496249.48, + 613089.31, + 730366.19, + 844187.32, + 962846.18, + 997414.74, + 1034757.73, + 1070703.42, + 1104249.08, + 1131176.88, + 1164076.48, + 1198824.47, + 1227578.7, + 1272311.96, + 1295688.8, + 1314398.6, + 1328581.94, + 1342660.66, + 1363930.3, + 1377043.72, + 1375818.24, + 1361687.56, + 1369637.56, + 1375444.16, + 1349599.77, + 1321658.08, + 1301868.24, + 1276904.9, + 1243444.8, + 1243981.21, + 1234425.98, + 1244349.38, + 1250454.58 + ], + "yaxis": "y" + }, + { + "hovertemplate": "Configuration=Singlecore: Non-persistent mode + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Singlecore: Non-persistent mode + kernel config", + "line": { + "color": "#FFA15A", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Singlecore: Non-persistent mode + kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36 + ], + "xaxis": "x", + "y": [ + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96, + 11038.96 + ], + "yaxis": "y" + }, + { + "hovertemplate": "Configuration=Singlecore: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Singlecore: Persistent mode/shared memory + kernel config", + "line": { + "color": "#19d3f3", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Singlecore: Persistent mode/shared memory + kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36 + ], + "xaxis": "x", + "y": [ + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26, + 135613.26 + ], + "yaxis": "y" + } + ], + "layout": { + "height": 400, + "legend": { + "title": { + "text": "Configuration" + }, + "tracegroupgap": 0 + }, + "template": { + "data": { + "bar": [ + { + "error_x": { + "color": "#2a3f5f" + }, + "error_y": { + "color": "#2a3f5f" + }, + "marker": { + "line": { + "color": "#E5ECF6", + "width": 0.5 + }, + "pattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + } + }, + "type": "bar" + } + ], + "barpolar": [ + { + "marker": { + "line": { + "color": "#E5ECF6", + "width": 0.5 + }, + "pattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + } + }, + "type": "barpolar" + } + ], + "carpet": [ + { + "aaxis": { + "endlinecolor": "#2a3f5f", + "gridcolor": "white", + "linecolor": "white", + "minorgridcolor": "white", + "startlinecolor": "#2a3f5f" + }, + "baxis": { + "endlinecolor": "#2a3f5f", + "gridcolor": "white", + "linecolor": "white", + "minorgridcolor": "white", + "startlinecolor": "#2a3f5f" + }, + "type": "carpet" + } + ], + "choropleth": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "type": "choropleth" + } + ], + "contour": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "contour" + } + ], + "contourcarpet": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "type": "contourcarpet" + } + ], + "heatmap": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "heatmap" + } + ], + "heatmapgl": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "heatmapgl" + } + ], + "histogram": [ + { + "marker": { + "pattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + } + }, + "type": "histogram" + } + ], + "histogram2d": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "histogram2d" + } + ], + "histogram2dcontour": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "histogram2dcontour" + } + ], + "mesh3d": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "type": "mesh3d" + } + ], + "parcoords": [ + { + "line": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "parcoords" + } + ], + "pie": [ + { + "automargin": true, + "type": "pie" + } + ], + "scatter": [ + { + "fillpattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + }, + "type": "scatter" + } + ], + "scatter3d": [ + { + "line": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatter3d" + } + ], + "scattercarpet": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattercarpet" + } + ], + "scattergeo": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattergeo" + } + ], + "scattergl": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattergl" + } + ], + "scattermapbox": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattermapbox" + } + ], + "scatterpolar": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatterpolar" + } + ], + "scatterpolargl": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatterpolargl" + } + ], + "scatterternary": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatterternary" + } + ], + "surface": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "surface" + } + ], + "table": [ + { + "cells": { + "fill": { + "color": "#EBF0F8" + }, + "line": { + "color": "white" + } + }, + "header": { + "fill": { + "color": "#C8D4E3" + }, + "line": { + "color": "white" + } + }, + "type": "table" + } + ] + }, + "layout": { + "annotationdefaults": { + "arrowcolor": "#2a3f5f", + "arrowhead": 0, + "arrowwidth": 1 + }, + "autotypenumbers": "strict", + "coloraxis": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "colorscale": { + "diverging": [ + [ + 0, + "#8e0152" + ], + [ + 0.1, + "#c51b7d" + ], + [ + 0.2, + "#de77ae" + ], + [ + 0.3, + "#f1b6da" + ], + [ + 0.4, + "#fde0ef" + ], + [ + 0.5, + "#f7f7f7" + ], + [ + 0.6, + "#e6f5d0" + ], + [ + 0.7, + "#b8e186" + ], + [ + 0.8, + "#7fbc41" + ], + [ + 0.9, + "#4d9221" + ], + [ + 1, + "#276419" + ] + ], + "sequential": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "sequentialminus": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ] + }, + "colorway": [ + "#636efa", + "#EF553B", + "#00cc96", + "#ab63fa", + "#FFA15A", + "#19d3f3", + "#FF6692", + "#B6E880", + "#FF97FF", + "#FECB52" + ], + "font": { + "color": "#2a3f5f" + }, + "geo": { + "bgcolor": "white", + "lakecolor": "white", + "landcolor": "#E5ECF6", + "showlakes": true, + "showland": true, + "subunitcolor": "white" + }, + "hoverlabel": { + "align": "left" + }, + "hovermode": "closest", + "mapbox": { + "style": "light" + }, + "paper_bgcolor": "white", + "plot_bgcolor": "#E5ECF6", + "polar": { + "angularaxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + }, + "bgcolor": "#E5ECF6", + "radialaxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + } + }, + "scene": { + "xaxis": { + "backgroundcolor": "#E5ECF6", + "gridcolor": "white", + "gridwidth": 2, + "linecolor": "white", + "showbackground": true, + "ticks": "", + "zerolinecolor": "white" + }, + "yaxis": { + "backgroundcolor": "#E5ECF6", + "gridcolor": "white", + "gridwidth": 2, + "linecolor": "white", + "showbackground": true, + "ticks": "", + "zerolinecolor": "white" + }, + "zaxis": { + "backgroundcolor": "#E5ECF6", + "gridcolor": "white", + "gridwidth": 2, + "linecolor": "white", + "showbackground": true, + "ticks": "", + "zerolinecolor": "white" + } + }, + "shapedefaults": { + "line": { + "color": "#2a3f5f" + } + }, + "ternary": { + "aaxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + }, + "baxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + }, + "bgcolor": "#E5ECF6", + "caxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + } + }, + "title": { + "x": 0.05 + }, + "xaxis": { + "automargin": true, + "gridcolor": "white", + "linecolor": "white", + "ticks": "", + "title": { + "standoff": 15 + }, + "zerolinecolor": "white", + "zerolinewidth": 2 + }, + "yaxis": { + "automargin": true, + "gridcolor": "white", + "linecolor": "white", + "ticks": "", + "title": { + "standoff": 15 + }, + "zerolinecolor": "white", + "zerolinewidth": 2 + } + } + }, + "title": { + "text": "Fuzzer performance" + }, + "width": 1200, + "xaxis": { + "anchor": "y", + "domain": [ + 0, + 1 + ], + "tickvals": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36 + ], + "title": { + "text": "Number of parallel fuzzers" + } + }, + "yaxis": { + "anchor": "x", + "domain": [ + 0, + 1 + ], + "ticktext": [ + "1x", + "26x", + "51x", + "75x", + "100x", + "125x" + ], + "tickvals": [ + 11019.3, + 284224.18399999995, + 557429.068, + 830633.9519999999, + 1103838.836, + 1377043.72 + ], + "title": { + "text": "Fuzz target executions per second" + } + } + } + }, + "text/html": [ + "
" + ] + }, + "metadata": {}, + "output_type": "display_data" + } + ], + "source": [ + "\n", + "import numpy as np\n", + "pd.options.plotting.backend = \"plotly\"\n", + "\n", + "# Right now our table has absolute values of execs per sec, but it's more useful\n", + "# to show relative perf (vs 1.0x baseline)\n", + "pivotdf = graphdf.pivot(index=\"parallel_fuzzers\", columns=\"label\", values=\"execs_per_sec\")\n", + "fig = pivotdf.plot(\n", + " title=\"Fuzzer performance\",\n", + " labels={\n", + " \"label\": \"Configuration\",\n", + " \"parallel_fuzzers\": \"Number of parallel fuzzers\",\n", + " \"value\": \"Fuzz target executions per second\"\n", + " }\n", + ")\n", + "\n", + "# Compute tick values and their labels for the primary Y-axis\n", + "tickvals = np.linspace(graphdf['execs_per_sec'].min(), graphdf['execs_per_sec'].max(), 6)\n", + "ticktext = [f\"{val:.0f}x\" for val in tickvals / graphdf['execs_per_sec'].min()]\n", + "# Update the primary Y-axis with custom tick labels\n", + "fig.update_yaxes(tickvals=tickvals, ticktext=ticktext)\n", + "fig.update_xaxes(tickvals=list(range(1,36+1)))\n", + "fig.update_layout(width=1200, height=400)\n" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "Here's what the table that produced this graph looks like:" + ] + }, + { + "cell_type": "code", + "execution_count": 508, + "metadata": {}, + "outputs": [ + { + "data": { + "text/html": [ + "
\n", + "\n", + "\n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + "
labelMulticore: Non-persistent mode + kernel configMulticore: Persistent mode/shared memory + kernel configMulticore: Persistent mode/shared memory without kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configSinglecore: Non-persistent mode + kernel configSinglecore: Persistent mode/shared memory + kernel config
parallel_fuzzers
1.011019.30133591.2690851.40134423.5011038.96135613.26
2.021111.92255995.07176159.32258490.0411038.96135613.26
3.030568.82380246.34260268.78383777.4511038.96135613.26
4.038963.07490254.72336355.99496249.4811038.96135613.26
5.047693.65598698.16413750.00613089.3111038.96135613.26
\n", + "
" + ], + "text/plain": [ + "label Multicore: Non-persistent mode + kernel config \\\n", + "parallel_fuzzers \n", + "1.0 11019.30 \n", + "2.0 21111.92 \n", + "3.0 30568.82 \n", + "4.0 38963.07 \n", + "5.0 47693.65 \n", + "\n", + "label Multicore: Persistent mode/shared memory + kernel config \\\n", + "parallel_fuzzers \n", + "1.0 133591.26 \n", + "2.0 255995.07 \n", + "3.0 380246.34 \n", + "4.0 490254.72 \n", + "5.0 598698.16 \n", + "\n", + "label Multicore: Persistent mode/shared memory without kernel config \\\n", + "parallel_fuzzers \n", + "1.0 90851.40 \n", + "2.0 176159.32 \n", + "3.0 260268.78 \n", + "4.0 336355.99 \n", + "5.0 413750.00 \n", + "\n", + "label Multicore: afl_execs: Persistent mode/shared memory + kernel config \\\n", + "parallel_fuzzers \n", + "1.0 134423.50 \n", + "2.0 258490.04 \n", + "3.0 383777.45 \n", + "4.0 496249.48 \n", + "5.0 613089.31 \n", + "\n", + "label Singlecore: Non-persistent mode + kernel config \\\n", + "parallel_fuzzers \n", + "1.0 11038.96 \n", + "2.0 11038.96 \n", + "3.0 11038.96 \n", + "4.0 11038.96 \n", + "5.0 11038.96 \n", + "\n", + "label Singlecore: Persistent mode/shared memory + kernel config \n", + "parallel_fuzzers \n", + "1.0 135613.26 \n", + "2.0 135613.26 \n", + "3.0 135613.26 \n", + "4.0 135613.26 \n", + "5.0 135613.26 " + ] + }, + "execution_count": 508, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "pivotdf.head()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "You can totally ignore the code cell directly below (unless you're curious). It's just preparing Markdown for the block below it to render. Jupyter Notebooks aren't able to use code variables inside Markdown blocks, so I have to do this instead." + ] + }, + { + "cell_type": "code", + "execution_count": 509, + "metadata": {}, + "outputs": [ + { + "data": { + "text/markdown": [ + "\n", + "### Line graph analysis\n", + "Here are a few things that jump out from the graph above. Let's start at the bottom of the graph.\n", + "\n", + "#### test-instr vs. test-instr-persist-shmem\n", + "\n", + "This graph is scaled so that the single-core, non-persistent-mode performance (11038 execs per second) is\n", + "represented as 1.0x. If you build and run a fuzzer without creating a persistent mode harness for it, and without running fuzzers in parallel, this is the performance\n", + "you get on this machine.\n", + "\n", + "#### Multicore test-instr\n", + "\n", + "By running as many parallel fuzzers are there are CPU threads, we can reach 103765 execs per second, which is 9.4x that base speed.\n", + "\n", + "#### Persistent mode + shared memory\n", + "\n", + "By modifying the harness to use persistent mode as described [here](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md#4-persistent-mode),\n", + "we end up with 12.3x base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", + "the harness to use persistent mode, it is better (at least on this machine) to use persistent mode on a single core, than to use non-persistent mode on every core.\n", + "\n", + "#### Kernel config\n", + "\n", + "By \"kernel config\", I'm referring to booting the Linux kernel with `mitigations=off`, which is a meta-parameter for disabling *all* hardware vulnerability meltdowns (such as Spectre,\n", + "Meltdown, Retbleed, etc) introduced in Linux v5.2. Disabling these results in a `total_execs_per_sec` increase of 368476 execs -- the difference between\n", + "109.0x (mitigations off) and 75.6x (mitigations on) base speed. Turning on mitigations\n", + "reduced the overall performance by 31%!\n", + "\n", + "One way to think about this is that the mitigations turn this 16-thread CPU into a 7-thread CPU, since the number of execs reached with 16 threads and mitigations on is around the same\n", + "number of execs reached with 7 threads and mitigations off.\n", + "\n", + "Or if we want to think in terms of cores, then the average number of execs gained per core in the initial eight is 115588 execs per sec, but the loss due to\n", + "mitigations is 368476 execs per sec, which is the averaged performance of 3.2 cores.\n", + "\n", + "#### afl_execs_per_sec vs. total_execs_per_sec\n", + "\n", + "* The purple line at the top is measuring `afl_execs_per_sec`. This is afl's own measurement of the speed of each fuzzer process, from the `out/fuzzer/fuzzer_stats` file.\n", + " * It peaks at 23 fuzzers running in parallel, on this 8-core (16-thread) CPU.\n", + " * In contrast, `total_execs_per_sec` shows large drops in performance as we pass 8 (cores) and 16 (threads) fuzzers.\n", + " * I'm inclined to trust `total_execs_per_sec` `(total_execs / (end time - start time))` more, so we'll use that from now on.\n", + "\n", + "#### How many parallel fuzzers should we use on this machine?\n", + "\n", + "* The drops in performance after 8/16 fuzzers are profound.\n", + " * Using 9-12 fuzzers is *worse* than using 8 fuzzers on this 8C/16T system, but using 13-16 is better than 8.\n", + " * And using >16 is worse than using 16. Makes sense.\n", + " * We should use the number of CPUs in /proc/cpuinfo (threads) to get the best performance. But if we did halve the number of\n", + " fuzzers, we would surprisingly only lose 21%\n", + " of performance. This could be a good tradeoff in terms of cost.\n" + ], + "text/plain": [ + "" + ] + }, + "execution_count": 509, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "# (Ignore this code cell.)\n", + "from IPython.display import Markdown as md\n", + "singlecore_base_execs = pivotdf.iloc[0][\"Singlecore: Non-persistent mode + kernel config\"]\n", + "singlecore_persist_execs = pivotdf.iloc[0][\"Singlecore: Persistent mode/shared memory + kernel config\"]\n", + "multicore_fuzzers_with_afl_max_execs = int(pivotdf[\"Multicore: afl_execs: Persistent mode/shared memory + kernel config\"].idxmax())\n", + "multicore_fuzzers_with_total_max_execs = int(pivotdf[\"Multicore: Persistent mode/shared memory + kernel config\"].idxmax())\n", + "multicore_base_max_execs = pivotdf[\"Multicore: Non-persistent mode + kernel config\"].max()\n", + "factor_for_execs = lambda execs: round(execs / singlecore_base_execs, 1)\n", + "\n", + "multicore_persistent_without_mitigations_label = \"Multicore: Persistent mode/shared memory + kernel config\"\n", + "multicore_max_execs_mitigations_off = pivotdf[multicore_persistent_without_mitigations_label].max()\n", + "multicore_max_execs_mitigations_off_only_cores = pivotdf.loc[multicore_fuzzers_with_total_max_execs / 2][multicore_persistent_without_mitigations_label]\n", + "multicore_max_execs_mitigations_on = pivotdf[\"Multicore: Persistent mode/shared memory without kernel config\"].max()\n", + "multicore_avg_gain_per_core = pivotdf.loc[pivotdf.index <= 8][\"Multicore: Persistent mode/shared memory + kernel config\"].diff().dropna().mean()\n", + "mitigations_off_increase = int(multicore_max_execs_mitigations_off - multicore_max_execs_mitigations_on)\n", + "\n", + "md(f\"\"\"\n", + "### Line graph analysis\n", + "Here are a few things that jump out from the graph above. Let's start at the bottom of the graph.\n", + "\n", + "#### test-instr vs. test-instr-persist-shmem\n", + "\n", + "This graph is scaled so that the single-core, non-persistent-mode performance ({int(singlecore_base_execs)} execs per second) is\n", + "represented as 1.0x. If you build and run a fuzzer without creating a persistent mode harness for it, and without running fuzzers in parallel, this is the performance\n", + "you get on this machine.\n", + "\n", + "#### Multicore test-instr\n", + "\n", + "By running as many parallel fuzzers are there are CPU threads, we can reach {int(multicore_base_max_execs)} execs per second, which is {factor_for_execs(multicore_base_max_execs)}x that base speed.\n", + "\n", + "#### Persistent mode + shared memory\n", + "\n", + "By modifying the harness to use persistent mode as described [here](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md#4-persistent-mode),\n", + "we end up with {factor_for_execs(singlecore_persist_execs)}x base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", + "the harness to use persistent mode, it is better (at least on this machine) to use persistent mode on a single core, than to use non-persistent mode on every core.\n", + "\n", + "#### Kernel config\n", + "\n", + "By \"kernel config\", I'm referring to booting the Linux kernel with `mitigations=off`, which is a meta-parameter for disabling *all* hardware vulnerability meltdowns (such as Spectre,\n", + "Meltdown, Retbleed, etc) introduced in Linux v5.2. Disabling these results in a `total_execs_per_sec` increase of {mitigations_off_increase} execs -- the difference between\n", + "{factor_for_execs(multicore_max_execs_mitigations_off)}x (mitigations off) and {factor_for_execs(multicore_max_execs_mitigations_on)}x (mitigations on) base speed. Turning on mitigations\n", + "reduced the overall performance by {abs(round(((multicore_max_execs_mitigations_on - multicore_max_execs_mitigations_off) / multicore_max_execs_mitigations_off) * 100))}%!\n", + "\n", + "One way to think about this is that the mitigations turn this 16-thread CPU into a 7-thread CPU, since the number of execs reached with 16 threads and mitigations on is around the same\n", + "number of execs reached with 7 threads and mitigations off.\n", + "\n", + "Or if we want to think in terms of cores, then the average number of execs gained per core in the initial eight is {int(multicore_avg_gain_per_core)} execs per sec, but the loss due to\n", + "mitigations is {mitigations_off_increase} execs per sec, which is the averaged performance of {round(mitigations_off_increase / multicore_avg_gain_per_core, 1)} cores.\n", + "\n", + "#### afl_execs_per_sec vs. total_execs_per_sec\n", + "\n", + "* The purple line at the top is measuring `afl_execs_per_sec`. This is afl's own measurement of the speed of each fuzzer process, from the `out/fuzzer/fuzzer_stats` file.\n", + " * It peaks at {multicore_fuzzers_with_afl_max_execs} fuzzers running in parallel, on this 8-core (16-thread) CPU.\n", + " * In contrast, `total_execs_per_sec` shows large drops in performance as we pass 8 (cores) and 16 (threads) fuzzers.\n", + " * I'm inclined to trust `total_execs_per_sec` `(total_execs / (end time - start time))` more, so we'll use that from now on.\n", + "\n", + "#### How many parallel fuzzers should we use on this machine?\n", + "\n", + "* The drops in performance after 8/16 fuzzers are profound.\n", + " * Using 9-12 fuzzers is *worse* than using 8 fuzzers on this 8C/16T system, but using 13-16 is better than 8.\n", + " * And using >16 is worse than using 16. Makes sense.\n", + " * We should use the number of CPUs in /proc/cpuinfo (threads) to get the best performance. But if we did halve the number of\n", + " fuzzers, we would surprisingly only lose {abs(int(((multicore_max_execs_mitigations_off_only_cores - multicore_max_execs_mitigations_off) / multicore_max_execs_mitigations_off) * 100))}%\n", + " of performance. This could be a good tradeoff in terms of cost.\n", + "\"\"\")\n" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Example with more cores\n", + "\n", + "While there was some nuance here, the answer was pretty straightforward -- use the number of CPU threads you have access to. What if there were more threads? Here the experiment is repeated on an AWS EC2 \"r6a.48xlarge\" spot instance with 192 vCPUs, and the answer calls the conclusion we just made above into question:" + ] + }, + { + "cell_type": "code", + "execution_count": 521, + "metadata": {}, + "outputs": [ + { + "data": { + "text/html": [ + "
\n", + "\n", + "\n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + "
config.afl_persistent_configconfig.afl_system_configconfig.afl_versionconfig.commentconfig.compilerconfig.target_archhardware.cpu_fastest_core_mhzhardware.cpu_modelhardware.cpu_threadstargets.test-instr-persist-shmem.multicore.afl_execs_per_sectargets.test-instr-persist-shmem.multicore.afl_execs_totaltargets.test-instr-persist-shmem.multicore.fuzzers_usedtargets.test-instr-persist-shmem.multicore.run_endtargets.test-instr-persist-shmem.multicore.run_starttargets.test-instr-persist-shmem.multicore.total_execs_per_sectargets.test-instr-persist-shmem.multicore.total_run_time
148FalseTrue++4.09aAWS EC2 r6a.48xlarge spot instanceclang version 15.0.7 (Amazon Linux 15.0.7-3.am...x86_64-amazon-linux-gnu3599.314AMD EPYC 7R13 Processor19285586.47519670.01.02023-09-30 07:42:00.4794182023-09-30 07:41:57.39629384636.816.14
149FalseTrue++4.09aAWS EC2 r6a.48xlarge spot instanceclang version 15.0.7 (Amazon Linux 15.0.7-3.am...x86_64-amazon-linux-gnu3599.425AMD EPYC 7R13 Processor192171655.961039340.02.02023-09-30 07:42:06.8534362023-09-30 07:42:03.776562168998.376.15
\n", + "
" + ], + "text/plain": [ + " config.afl_persistent_config config.afl_system_config \\\n", + "148 False True \n", + "149 False True \n", + "\n", + " config.afl_version config.comment \\\n", + "148 ++4.09a AWS EC2 r6a.48xlarge spot instance \n", + "149 ++4.09a AWS EC2 r6a.48xlarge spot instance \n", + "\n", + " config.compiler \\\n", + "148 clang version 15.0.7 (Amazon Linux 15.0.7-3.am... \n", + "149 clang version 15.0.7 (Amazon Linux 15.0.7-3.am... \n", + "\n", + " config.target_arch hardware.cpu_fastest_core_mhz \\\n", + "148 x86_64-amazon-linux-gnu 3599.314 \n", + "149 x86_64-amazon-linux-gnu 3599.425 \n", + "\n", + " hardware.cpu_model hardware.cpu_threads \\\n", + "148 AMD EPYC 7R13 Processor 192 \n", + "149 AMD EPYC 7R13 Processor 192 \n", + "\n", + " targets.test-instr-persist-shmem.multicore.afl_execs_per_sec \\\n", + "148 85586.47 \n", + "149 171655.96 \n", + "\n", + " targets.test-instr-persist-shmem.multicore.afl_execs_total \\\n", + "148 519670.0 \n", + "149 1039340.0 \n", + "\n", + " targets.test-instr-persist-shmem.multicore.fuzzers_used \\\n", + "148 1.0 \n", + "149 2.0 \n", + "\n", + " targets.test-instr-persist-shmem.multicore.run_end \\\n", + "148 2023-09-30 07:42:00.479418 \n", + "149 2023-09-30 07:42:06.853436 \n", + "\n", + " targets.test-instr-persist-shmem.multicore.run_start \\\n", + "148 2023-09-30 07:41:57.396293 \n", + "149 2023-09-30 07:42:03.776562 \n", + "\n", + " targets.test-instr-persist-shmem.multicore.total_execs_per_sec \\\n", + "148 84636.81 \n", + "149 168998.37 \n", + "\n", + " targets.test-instr-persist-shmem.multicore.total_run_time \n", + "148 6.14 \n", + "149 6.15 " + ] + }, + "execution_count": 521, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "r6a = df.query(\"`config.comment` == 'AWS EC2 r6a.48xlarge spot instance'\")\n", + "r6a.head(2).dropna(axis=1)" + ] + }, + { + "cell_type": "code", + "execution_count": 516, + "metadata": {}, + "outputs": [ + { + "data": { + "text/html": [ + "
\n", + "\n", + "\n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + " \n", + "
execs_per_secparallel_fuzzersafl_persistent_configafl_system_configlabel
399331957.22200.0TrueTrueMulticore: afl_execs: Persistent mode/shared m...
1531026766.4477.0TrueTrueMulticore: afl_execs: Persistent mode/shared m...
\n", + "
" + ], + "text/plain": [ + " execs_per_sec parallel_fuzzers afl_persistent_config \\\n", + "399 331957.22 200.0 True \n", + "153 1026766.44 77.0 True \n", + "\n", + " afl_system_config label \n", + "399 True Multicore: afl_execs: Persistent mode/shared m... \n", + "153 True Multicore: afl_execs: Persistent mode/shared m... " + ] + }, + "execution_count": 516, + "metadata": {}, + "output_type": "execute_result" + } + ], + "source": [ + "r6a_graphdf = build_graphdf_from_query(r6a)\n", + "r6a_graphdf.head(2)" + ] + }, + { + "cell_type": "code", + "execution_count": 514, + "metadata": {}, + "outputs": [ + { + "data": { + "application/vnd.plotly.v1+json": { + "config": { + "plotlyServerURL": "https://plot.ly" + }, + "data": [ + { + "hovertemplate": "Configuration=Multicore: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Multicore: Persistent mode/shared memory + kernel config", + "line": { + "color": "#636efa", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Multicore: Persistent mode/shared memory + kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200 + ], + "xaxis": "x", + "y": [ + 105839.1, + 210819.47, + 316229.21, + 413256.46, + 518632.73, + 619884.69, + 702256.76, + 804131.53, + 847288.04, + 943139.75, + 1024439.07, + 1113578.57, + 1162772.81, + 1265283.48, + 1346295.34, + 1421319.66, + 1389055.03, + 1336294.29, + 1354421.12, + 1341083.87, + 1267487.8, + 1228006.44, + 1164952.24, + 1117569.89, + 1027015.81, + 1011333.83, + 993703.26, + 983824.21, + 969783.14, + 953522.94, + 937704.89, + 914207.81, + 898800.31, + 896437.34, + 895982.76, + 896412.07, + 888119.63, + 874168.22, + 858049.53, + 839870.71, + 830337.88, + 833695.19, + 832246.18, + 831472, + 820819.59, + 809235.61, + 796104.63, + 779748.67, + 651915.77, + 658310.11, + 664906.42, + 670874.88, + 679223.43, + 680460.23, + 683449.31, + 683776.32, + 642820.96, + 656234.7, + 664079.06, + 668815.96, + 677202.95, + 682183.78, + 687798.53, + 695065.41, + 653862.76, + 662255.65, + 667137.25, + 674252.38, + 674769.27, + 676779.76, + 678994.74, + 677707.66, + 643636.07, + 645011.41, + 647860.09, + 650443.61, + 655762.21, + 655894.58, + 659395.36, + 660632.48, + 636619.43, + 636679.37, + 641091.3, + 642134.44, + 644188.04, + 645646.45, + 648190.91, + 645188.95, + 623576.69, + 623521.92, + 627188.81, + 631735.31, + 632169.99, + 632104.98, + 636441.28, + 636413.09, + 627747.11, + 618580.91, + 610289.87, + 602517.1, + 587297.53, + 574782.55, + 559428.41, + 543938.93, + 538120.81, + 531555.69, + 526211.57, + 521796.77, + 510905.75, + 501877.11, + 490630.76, + 479788.36, + 475372.8, + 470776.14, + 466163.29, + 463421.1, + 454522.49, + 446589.03, + 438649.5, + 428977.64, + 424292.46, + 418867.74, + 414980.74, + 412384.2, + 404224.17, + 396310.94, + 389392.67, + 381715.99, + 377825.09, + 374215.78, + 370708.15, + 368402.32, + 361940.65, + 355502.6, + 349589.01, + 342501.52, + 339897.15, + 337989.11, + 335723.22, + 334039.83, + 329127.04, + 323073.5, + 318652.21, + 313198.69, + 311591.71, + 310530.42, + 309390.36, + 307977.56, + 306559.97, + 305066.46, + 302157.29, + 301097.52, + 300138.11, + 299824.88, + 298130.63, + 297838.27, + 296189.21, + 294695.11, + 292518.21, + 291030.08, + 290207.87, + 289828.9, + 289247.99, + 288295.58, + 287447.58, + 286405.31, + 284755.57, + 284046.79, + 283176.27, + 283053.87, + 282178.36, + 281522.15, + 280377.23, + 279885.55, + 278793.08, + 277923.89, + 277069.78, + 277124.24, + 276576.49, + 276020.64, + 275328, + 275029.74, + 274030.79, + 273612.38, + 273285.13, + 273039.33, + 272819.57, + 272960.42, + 272388.01, + 272311.26, + 272115.97, + 272056.42, + 271835.4, + 271397.63, + 271867.2, + 271065.21, + 270797.96, + 270150.29, + 269442.01, + 268674.91 + ], + "yaxis": "y" + }, + { + "hovertemplate": "Configuration=Multicore: afl_execs: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", + "legendgroup": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", + "line": { + "color": "#EF553B", + "dash": "solid" + }, + "marker": { + "symbol": "circle" + }, + "mode": "lines", + "name": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", + "orientation": "v", + "showlegend": true, + "type": "scatter", + "x": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97, + 98, + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135, + 136, + 137, + 138, + 139, + 140, + 141, + 142, + 143, + 144, + 145, + 146, + 147, + 148, + 149, + 150, + 151, + 152, + 153, + 154, + 155, + 156, + 157, + 158, + 159, + 160, + 161, + 162, + 163, + 164, + 165, + 166, + 167, + 168, + 169, + 170, + 171, + 172, + 173, + 174, + 175, + 176, + 177, + 178, + 179, + 180, + 181, + 182, + 183, + 184, + 185, + 186, + 187, + 188, + 189, + 190, + 191, + 192, + 193, + 194, + 195, + 196, + 197, + 198, + 199, + 200 + ], + "xaxis": "x", + "y": [ + 107126.58, + 214213.66, + 322468.69, + 427406.37, + 535728.44, + 643227.5, + 746997.96, + 852324.44, + 898199.42, + 994921.42, + 1086491.72, + 1188114.32, + 1275638.92, + 1373504.32, + 1456611.99, + 1547050.37, + 1556304.25, + 1498337.65, + 1480610.39, + 1442181.26, + 1380390.08, + 1315149.42, + 1250840.52, + 1198962.91, + 1113901.96, + 1112866.02, + 1109572.68, + 1112386.81, + 1104839.85, + 1088259.95, + 1072951.12, + 1038335.3, + 1039005.59, + 1055683.11, + 1074708.24, + 1088882.64, + 1084369.02, + 1061476.09, + 1037330.81, + 1001283.07, + 1011982.42, + 1039061.07, + 1060191.68, + 1069379.92, + 1051676.06, + 1025702.93, + 1000795.88, + 959941, + 928333.9, + 936392.44, + 947163.68, + 958614.58, + 973982.54, + 976113.12, + 983432.87, + 985159.38, + 949664.42, + 960540.52, + 971717.37, + 978223.94, + 995090.76, + 1000123.55, + 1006856.18, + 1013280.29, + 977531.19, + 988260.54, + 996765.65, + 1006933, + 1016151.03, + 1020419.88, + 1024544.66, + 1027862.2, + 989415.52, + 999208.44, + 1009747.84, + 1016122.1, + 1026766.44, + 1032416.84, + 1037369.06, + 1037677.89, + 1001527.34, + 1008569.78, + 1024112.93, + 1033177.84, + 1035389.26, + 1040484.52, + 1047416.67, + 1043614.54, + 1014160.19, + 1019409.94, + 1033667.5, + 1040422.32, + 1045409.98, + 1048162.62, + 1050384.15, + 1050304.88, + 1037251.1, + 1023279.61, + 1009889.86, + 996157.16, + 973425.48, + 960922.5, + 941705.52, + 927206.03, + 919716.12, + 907116.8, + 898444.05, + 889678.68, + 871535.65, + 858369.28, + 839357.6, + 828077.49, + 817619.99, + 806563.34, + 795820.84, + 789602.32, + 769744.98, + 754704.16, + 739965.24, + 721357.74, + 705584.89, + 689179.3, + 674153.86, + 668264.05, + 648129.94, + 630733.08, + 614518.38, + 598284.67, + 580642.38, + 562735.32, + 547668.6, + 540727.65, + 519637, + 499189.04, + 482457.86, + 458655.34, + 453087.56, + 445650.76, + 438779.54, + 434421.26, + 422130, + 403403.62, + 391528.74, + 374715.06, + 372678.44, + 371466.33, + 369815.4, + 367734.06, + 366332.54, + 365256.89, + 362078.84, + 361083.46, + 359994.43, + 359950.89, + 357498.64, + 357285.14, + 355405.08, + 354127.44, + 351793.59, + 350348, + 349438.44, + 349188.38, + 348377.38, + 347124.06, + 346480.82, + 345660.61, + 344352.86, + 343903.25, + 342402.74, + 342935.7, + 342089.26, + 341369.47, + 340166.19, + 339692.96, + 339204.8, + 338925.12, + 337700.46, + 338203.76, + 337556.9, + 336873.92, + 336399.84, + 336455.79, + 335823.56, + 335587.52, + 335620.09, + 334996.68, + 334980.98, + 335404.84, + 335051.8, + 334887.42, + 335150.96, + 334773.71, + 335035.28, + 334596.91, + 336065.8, + 335034.33, + 334931.36, + 334191.98, + 332929.11, + 331957.22 + ], + "yaxis": "y" + } + ], + "layout": { + "height": 400, + "legend": { + "title": { + "text": "Configuration" + }, + "tracegroupgap": 0 + }, + "template": { + "data": { + "bar": [ + { + "error_x": { + "color": "#2a3f5f" + }, + "error_y": { + "color": "#2a3f5f" + }, + "marker": { + "line": { + "color": "#E5ECF6", + "width": 0.5 + }, + "pattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + } + }, + "type": "bar" + } + ], + "barpolar": [ + { + "marker": { + "line": { + "color": "#E5ECF6", + "width": 0.5 + }, + "pattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + } + }, + "type": "barpolar" + } + ], + "carpet": [ + { + "aaxis": { + "endlinecolor": "#2a3f5f", + "gridcolor": "white", + "linecolor": "white", + "minorgridcolor": "white", + "startlinecolor": "#2a3f5f" + }, + "baxis": { + "endlinecolor": "#2a3f5f", + "gridcolor": "white", + "linecolor": "white", + "minorgridcolor": "white", + "startlinecolor": "#2a3f5f" + }, + "type": "carpet" + } + ], + "choropleth": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "type": "choropleth" + } + ], + "contour": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "contour" + } + ], + "contourcarpet": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "type": "contourcarpet" + } + ], + "heatmap": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "heatmap" + } + ], + "heatmapgl": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "heatmapgl" + } + ], + "histogram": [ + { + "marker": { + "pattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + } + }, + "type": "histogram" + } + ], + "histogram2d": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "histogram2d" + } + ], + "histogram2dcontour": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "histogram2dcontour" + } + ], + "mesh3d": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "type": "mesh3d" + } + ], + "parcoords": [ + { + "line": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "parcoords" + } + ], + "pie": [ + { + "automargin": true, + "type": "pie" + } + ], + "scatter": [ + { + "fillpattern": { + "fillmode": "overlay", + "size": 10, + "solidity": 0.2 + }, + "type": "scatter" + } + ], + "scatter3d": [ + { + "line": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatter3d" + } + ], + "scattercarpet": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattercarpet" + } + ], + "scattergeo": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattergeo" + } + ], + "scattergl": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattergl" + } + ], + "scattermapbox": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scattermapbox" + } + ], + "scatterpolar": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatterpolar" + } + ], + "scatterpolargl": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatterpolargl" + } + ], + "scatterternary": [ + { + "marker": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "type": "scatterternary" + } + ], + "surface": [ + { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + }, + "colorscale": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "type": "surface" + } + ], + "table": [ + { + "cells": { + "fill": { + "color": "#EBF0F8" + }, + "line": { + "color": "white" + } + }, + "header": { + "fill": { + "color": "#C8D4E3" + }, + "line": { + "color": "white" + } + }, + "type": "table" + } + ] + }, + "layout": { + "annotationdefaults": { + "arrowcolor": "#2a3f5f", + "arrowhead": 0, + "arrowwidth": 1 + }, + "autotypenumbers": "strict", + "coloraxis": { + "colorbar": { + "outlinewidth": 0, + "ticks": "" + } + }, + "colorscale": { + "diverging": [ + [ + 0, + "#8e0152" + ], + [ + 0.1, + "#c51b7d" + ], + [ + 0.2, + "#de77ae" + ], + [ + 0.3, + "#f1b6da" + ], + [ + 0.4, + "#fde0ef" + ], + [ + 0.5, + "#f7f7f7" + ], + [ + 0.6, + "#e6f5d0" + ], + [ + 0.7, + "#b8e186" + ], + [ + 0.8, + "#7fbc41" + ], + [ + 0.9, + "#4d9221" + ], + [ + 1, + "#276419" + ] + ], + "sequential": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ], + "sequentialminus": [ + [ + 0, + "#0d0887" + ], + [ + 0.1111111111111111, + "#46039f" + ], + [ + 0.2222222222222222, + "#7201a8" + ], + [ + 0.3333333333333333, + "#9c179e" + ], + [ + 0.4444444444444444, + "#bd3786" + ], + [ + 0.5555555555555556, + "#d8576b" + ], + [ + 0.6666666666666666, + "#ed7953" + ], + [ + 0.7777777777777778, + "#fb9f3a" + ], + [ + 0.8888888888888888, + "#fdca26" + ], + [ + 1, + "#f0f921" + ] + ] + }, + "colorway": [ + "#636efa", + "#EF553B", + "#00cc96", + "#ab63fa", + "#FFA15A", + "#19d3f3", + "#FF6692", + "#B6E880", + "#FF97FF", + "#FECB52" + ], + "font": { + "color": "#2a3f5f" + }, + "geo": { + "bgcolor": "white", + "lakecolor": "white", + "landcolor": "#E5ECF6", + "showlakes": true, + "showland": true, + "subunitcolor": "white" + }, + "hoverlabel": { + "align": "left" + }, + "hovermode": "closest", + "mapbox": { + "style": "light" + }, + "paper_bgcolor": "white", + "plot_bgcolor": "#E5ECF6", + "polar": { + "angularaxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + }, + "bgcolor": "#E5ECF6", + "radialaxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + } + }, + "scene": { + "xaxis": { + "backgroundcolor": "#E5ECF6", + "gridcolor": "white", + "gridwidth": 2, + "linecolor": "white", + "showbackground": true, + "ticks": "", + "zerolinecolor": "white" + }, + "yaxis": { + "backgroundcolor": "#E5ECF6", + "gridcolor": "white", + "gridwidth": 2, + "linecolor": "white", + "showbackground": true, + "ticks": "", + "zerolinecolor": "white" + }, + "zaxis": { + "backgroundcolor": "#E5ECF6", + "gridcolor": "white", + "gridwidth": 2, + "linecolor": "white", + "showbackground": true, + "ticks": "", + "zerolinecolor": "white" + } + }, + "shapedefaults": { + "line": { + "color": "#2a3f5f" + } + }, + "ternary": { + "aaxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + }, + "baxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + }, + "bgcolor": "#E5ECF6", + "caxis": { + "gridcolor": "white", + "linecolor": "white", + "ticks": "" + } + }, + "title": { + "x": 0.05 + }, + "xaxis": { + "automargin": true, + "gridcolor": "white", + "linecolor": "white", + "ticks": "", + "title": { + "standoff": 15 + }, + "zerolinecolor": "white", + "zerolinewidth": 2 + }, + "yaxis": { + "automargin": true, + "gridcolor": "white", + "linecolor": "white", + "ticks": "", + "title": { + "standoff": 15 + }, + "zerolinecolor": "white", + "zerolinewidth": 2 + } + } + }, + "title": { + "text": "Fuzzer performance" + }, + "width": 1200, + "xaxis": { + "anchor": "y", + "domain": [ + 0, + 1 + ], + "tickvals": [ + 0, + 5, + 10, + 15, + 20, + 25, + 30, + 35, + 40, + 45, + 50, + 55, + 60, + 65, + 70, + 75, + 80, + 85, + 90, + 95, + 100, + 105, + 110, + 115, + 120, + 125, + 130, + 135, + 140, + 145, + 150, + 155, + 160, + 165, + 170, + 175, + 180, + 185, + 190, + 195, + 200 + ], + "title": { + "text": "Number of parallel fuzzers" + } + }, + "yaxis": { + "anchor": "x", + "domain": [ + 0, + 1 + ], + "ticktext": [ + "10x", + "36x", + "62x", + "89x", + "115x", + "141x" + ], + "tickvals": [ + 105839.1, + 395932.13, + 686025.1599999999, + 976118.1899999998, + 1266211.22, + 1556304.25 + ], + "title": { + "text": "Fuzz target executions per second" + } + } + } + }, + "text/html": [ + "
" + ] + }, + "metadata": {}, + "output_type": "display_data" + } + ], + "source": [ + "r6a_pivotdf = r6a_graphdf.pivot(index=\"parallel_fuzzers\", columns=\"label\", values=\"execs_per_sec\")\n", + "r6a_fig = r6a_pivotdf.plot(\n", + " title=\"Fuzzer performance\",\n", + " labels={\n", + " \"label\": \"Configuration\",\n", + " \"parallel_fuzzers\": \"Number of parallel fuzzers\",\n", + " \"value\": \"Fuzz target executions per second\"\n", + " }\n", + ")\n", + "\n", + "# Compute tick values and their labels for the primary Y-axis\n", + "tickvals = np.linspace(r6a_graphdf['execs_per_sec'].min(), r6a_graphdf['execs_per_sec'].max(), 6)\n", + "ticktext = [f\"{val:.0f}x\" for val in tickvals / graphdf['execs_per_sec'].min()]\n", + "# Update the primary Y-axis with custom tick labels\n", + "r6a_fig.update_yaxes(tickvals=tickvals, ticktext=ticktext)\n", + "r6a_fig.update_xaxes(tickvals=list(range(0,200+1, 5)))\n", + "r6a_fig.update_layout(width=1200, height=400)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Line graph analysis\n", + "\n", + "This is a shocking result for a 192 vCPU machine -- whether you count `afl_execs` or `total_execs`, our optimal number of parallel fuzzers was 16!\n", + "\n", + "Does this mean that AFL++ is a bad fuzzer, or that AWS tricked us and gave us a 16-thread machine instead of a 192-thread one?\n", + "\n", + "No -- the most likely cause here (based on a tip from @eqv) is that we're actually saturating the Linux kernel's ability to service system calls. We could look to reduce these, but there's another option available to us, which is to try running more system-call-servicers (read: kernels) at once, on this machine. One way to do that is to use hardware virtualization with KVM,\n", + "and if it is true that this particular fuzzer setup bottlenecks around 16 fuzzers, then we might expect an optimal number of KVM\n", + "kernels running on this machine to be around 16/192 == 8, each with 16 fuzzers in parallel, and perhaps a shared (in-memory?)\n", + "filesystem for the fuzzing queue." + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Measuring system call saturation and experimenting with extra KVM hosts\n", + "\n", + "Coming soon!" + ] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.11.3" + }, + "orig_nbformat": 4 + }, + "nbformat": 4, + "nbformat_minor": 2 +} diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 52de9dcde6..da32167a69 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -1,19 +1,12 @@ #!/usr/bin/env python3 # Part of the aflplusplus project, requires Python 3.9+. # Author: Chris Ball , ported from Marc "van Hauser" Heuse's "benchmark.sh". -import argparse -import asyncio -import datetime -import json -import multiprocessing -import os -import platform -import shutil -import sys -from dataclasses import dataclass +import argparse, asyncio, datetime, json, multiprocessing, os, platform, re, shutil, sys +from dataclasses import asdict, dataclass from decimal import Decimal from enum import Enum, auto from pathlib import Path +from typing import Optional, Union blue = lambda text: f"\033[1;94m{text}\033[0m"; gray = lambda text: f"\033[1;90m{text}\033[0m" green = lambda text: f"\033[0;32m{text}\033[0m"; red = lambda text: f"\033[0;31m{text}\033[0m" @@ -28,6 +21,37 @@ class Target: source: Path binary: Path +@dataclass +class Run: + afl_execs_per_sec: float + afl_execs_total: float + fuzzers_used: int + run_end: str + run_start: str + total_execs_per_sec: float + total_run_time: float + +@dataclass +class Config: + afl_persistent_config: bool + afl_system_config: bool + afl_version: Optional[str] + comment: str + compiler: str + target_arch: str + +@dataclass +class Hardware: + cpu_fastest_core_mhz: Optional[float] + cpu_model: Optional[str] + cpu_threads: int + +@dataclass +class Results: + config: Optional[Config] + hardware: Optional[Hardware] + targets: dict[str, dict[str, Optional[Run]]] + all_modes = [Mode.singlecore, Mode.multicore] all_targets = [ Target(source=Path("../utils/persistent_mode/test-instr.c").resolve(), binary=Path("test-instr-persist-shmem")), @@ -43,6 +67,7 @@ class Target: parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=5) parser.add_argument("-f", "--fuzzers", help="how many afl-fuzz workers to use", type=int, default=cpu_count) parser.add_argument("-m", "--mode", help="pick modes", action="append", default=["multicore"], choices=mode_names) +parser.add_argument("-c", "--comment", help="add a comment about your setup", type=str, default="") parser.add_argument( "-t", "--target", help="pick targets", action="append", default=["test-instr-persist-shmem"], choices=target_names ) @@ -54,9 +79,7 @@ class Target: targets = [target for target in all_targets if str(target.binary) in args.target] modes = [mode for mode in all_modes if mode.name in args.mode] -results: dict[str, dict] = { - "config": {}, "hardware": {}, "targets": {str(t.binary): {m.name: {} for m in modes} for t in targets} -} +results = Results(config=None, hardware=None, targets={str(t.binary): {m.name: None for m in modes} for t in targets}) debug = lambda text: args.debug and print(blue(text)) if Mode.multicore in modes: print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") @@ -80,19 +103,6 @@ async def check_afl_system() -> bool: return returncode == 0 and stdout.decode().rstrip().split(" = ")[1] == "0" return False -async def check_deps() -> None: - if not (plat := platform.system()) == "Linux": sys.exit(red(f" [*] {plat} is not supported by this script yet.")) - if not os.access(Path("../afl-fuzz").resolve(), os.X_OK) and os.access(Path("../afl-cc").resolve(), os.X_OK) and ( - os.path.exists(Path("../SanitizerCoveragePCGUARD.so").resolve())): - sys.exit(red(" [*] Compile AFL++: we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.")) - - # Pick some sample settings from afl-{persistent,system}-config to try to see whether they were run. - cmd_checks = {"afl-persistent-config": check_afl_persistent, "afl-system-config": check_afl_system} - for cmd, checker in cmd_checks.items(): - results["config"][cmd] = await checker() - if not results["config"][cmd]: - print(yellow(f" [*] {cmd} was not run. You can run it to improve performance (and decrease security).")) - async def prep_env() -> dict: Path(f"{args.basedir}/in").mkdir(exist_ok=True, parents=True) with open(f"{args.basedir}/in/in.txt", "wb") as seed: seed.write(b"\x00" * 10240) @@ -103,13 +113,21 @@ async def prep_env() -> dict: async def compile_target(source: Path, binary: Path) -> None: print(f" [*] Compiling the {binary} fuzzing harness for the benchmark to use.") + (returncode, stdout, stderr) = await run_command( + [str(Path("../afl-clang-lto").resolve()), "-o", str(Path(binary.resolve())), str(Path(source).resolve())], + env={"AFL_LLVM_INSTRUMENT": "PCGUARD"}, + ) + if returncode != 0: + print(yellow(f" [*] afl-clang-lto was unable to compile; falling back to afl-cc.")) + (returncode, stdout, stderr) = await run_command( [str(Path("../afl-cc").resolve()), "-o", str(Path(binary.resolve())), str(Path(source).resolve())], - env={"AFL_INSTRUMENT": "PCGUARD"}, + env={"AFL_LLVM_INSTRUMENT": "PCGUARD"}, ) - if returncode != 0: sys.exit(red(f" [*] Error: afl-cc is unable to compile: {stderr.decode()} {stdout.decode()}")) + if returncode != 0: + sys.exit(red(f" [*] Error: afl-cc is unable to compile: {stderr.decode()} {stdout.decode()}")) -async def run_command(cmd: list[str], env: dict | None) -> tuple[int | None, bytes, bytes]: +async def run_command(cmd: list[str], env: Union[dict, None]) -> tuple[Union[int, None], bytes, bytes]: debug(f"Launching command: {cmd} with env {env}") p = await asyncio.create_subprocess_exec( *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env @@ -118,16 +136,45 @@ async def run_command(cmd: list[str], env: dict | None) -> tuple[int | None, byt debug(f"Output: {stdout.decode()} {stderr.decode()}") return (p.returncode, stdout, stderr) -async def colon_value_or_none(filename: str, searchKey: str) -> str | None: +async def check_deps() -> None: + if not (plat := platform.system()) == "Linux": sys.exit(red(f" [*] {plat} is not supported by this script yet.")) + if not os.access(Path("../afl-fuzz").resolve(), os.X_OK) and os.access(Path("../afl-cc").resolve(), os.X_OK) and ( + os.path.exists(Path("../SanitizerCoveragePCGUARD.so").resolve())): + sys.exit(red(" [*] Compile AFL++: we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.")) + + (returncode, stdout, stderr) = await run_command([str(Path("../afl-cc").resolve()), "-v"], env={}) + if returncode != 0: + sys.exit(red(f" [*] Error: afl-cc -v returned: {stderr.decode()} {stdout.decode()}")) + compiler = "" + target_arch = "" + for line in stderr.decode().split("\n"): + if m := re.match(r"^(clang version .*)", line): + compiler = m.group(1) + elif m := re.match(r"^Target: (.*)", line): + target_arch = m.group(1) + + # Pick some sample settings from afl-{persistent,system}-config to try to see whether they were run. + afl_pc = await check_afl_persistent() + afl_sc = await check_afl_system() + if not afl_pc: + print(yellow(f" [*] afl-persistent-config did not run; run it to improve performance (and decrease security).")) + if not afl_sc: + print(yellow(f" [*] afl-system-config did not run; run it to improve performance (and decrease security).")) + + results.config = Config(afl_persistent_config=afl_pc, afl_system_config=afl_sc, afl_version="", + comment=args.comment, compiler=compiler, target_arch=target_arch) + +async def colon_values(filename: str, searchKey: str) -> list[str]: """Return a colon-separated value given a key in a file, e.g. 'cpu MHz : 4976.109')""" with open(filename, "r") as fh: kv_pairs = (line.split(": ", 1) for line in fh if ": " in line) - return next((v.rstrip() for k, v in kv_pairs if k.rstrip() == searchKey), None) + v_list = [v.rstrip() for k, v in kv_pairs if k.rstrip() == searchKey] + return v_list async def save_benchmark_results() -> None: """Append a single row to the benchmark results in JSON Lines format (which is simple to write and diff).""" with open("benchmark-results.jsonl", "a") as jsonfile: - json.dump(results, jsonfile, sort_keys=True) + json.dump(asdict(results), jsonfile, sort_keys=True) jsonfile.write("\n") print(blue(f" [*] Results have been written to {jsonfile.name}")) @@ -138,25 +185,25 @@ async def main() -> None: except FileNotFoundError: pass await check_deps() - results["hardware"] = { # Only record the first core's speed for now, even though it can vary between cores. - "cpu_mhz": float(await colon_value_or_none("/proc/cpuinfo", "cpu MHz") or ""), - "cpu_model": await colon_value_or_none("/proc/cpuinfo", "model name") or "", - "cpu_threads": cpu_count - } + cpu_mhz_str = await colon_values("/proc/cpuinfo", "cpu MHz") + cpu_mhz = max([float(c) for c in cpu_mhz_str]) # use the fastest CPU MHz for now + cpu_model = await colon_values("/proc/cpuinfo", "model name") + # Only record the first core's speed for now, even though it can vary between cores. + results.hardware = Hardware(cpu_fastest_core_mhz=cpu_mhz, cpu_model=cpu_model[0], cpu_threads=cpu_count) env_vars = await prep_env() print(f" [*] Ready, starting benchmark...") for target in targets: await compile_target(target.source, target.binary) binary = str(target.binary) for mode in modes: - execs_per_sec, execs_total, run_time_total = ([] for _ in range(3)) - for run in range(0, args.runs): - print(gray(f" [*] {mode.name} {binary} run {run+1} of {args.runs}, execs/s: "), end="", flush=True) + afl_execs_per_sec, execs_total, run_time_total = ([] for _ in range(3)) + for run_idx in range(0, args.runs): + print(gray(f" [*] {mode.name} {binary} run {run_idx+1} of {args.runs}, execs/s: "), end="", flush=True) fuzzers = range(0, args.fuzzers if mode == Mode.multicore else 1) outdir = f"{args.basedir}/out-{mode.name}-{binary}" cmds = [] - for idx, afl in enumerate(fuzzers): - name = ["-o", outdir, "-M" if idx == 0 else "-S", str(afl)] + for fuzzer_idx, afl in enumerate(fuzzers): + name = ["-o", outdir, "-M" if fuzzer_idx == 0 else "-S", str(afl)] cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "-D", f"./{binary}"]) # Prepare the afl-fuzz tasks, and then block while waiting for them to finish. @@ -164,34 +211,38 @@ async def main() -> None: start_time = datetime.datetime.now() await asyncio.gather(*fuzztasks) end_time = datetime.datetime.now() + afl_versions = await colon_values(f"{outdir}/0/fuzzer_stats", "afl_version") + if results.config: + results.config.afl_version = afl_versions[0] # Our score is the sum of all execs_per_sec entries in fuzzer_stats files for the run. - sectasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_per_sec") for afl in fuzzers] + sectasks = [colon_values(f"{outdir}/{afl}/fuzzer_stats", "execs_per_sec") for afl in fuzzers] all_execs_per_sec = await asyncio.gather(*sectasks) - execs = sum([Decimal(count) for count in all_execs_per_sec if count is not None]) + execs = sum([Decimal(count[0]) for count in all_execs_per_sec]) print(green(execs)) - execs_per_sec.append(execs) + afl_execs_per_sec.append(execs) # Also gather execs_total and total_run_time for this run. - exectasks = [colon_value_or_none(f"{outdir}/{afl}/fuzzer_stats", "execs_done") for afl in fuzzers] + exectasks = [colon_values(f"{outdir}/{afl}/fuzzer_stats", "execs_done") for afl in fuzzers] all_execs_total = await asyncio.gather(*exectasks) - execs_total.append(sum([Decimal(count) for count in all_execs_total if count is not None])) + execs_total.append(sum([Decimal(count[0]) for count in all_execs_total])) run_time_total.append((end_time - start_time).total_seconds()) - avg_score = round(Decimal(sum(execs_per_sec) / len(execs_per_sec)), 2) + # (Using float() because Decimal() is not JSON-serializable.) + avg_afl_execs_per_sec = round(Decimal(sum(afl_execs_per_sec) / len(afl_execs_per_sec)), 2) afl_execs_total = int(sum([Decimal(execs) for execs in execs_total])) total_run_time = float(round(Decimal(sum(run_time_total)), 2)) - results["targets"][binary][mode.name] = { # (Using float() because Decimal() is not JSON-serializable.) - "afl_execs_per_second": float(avg_score), - "afl_execs_total": afl_execs_total, - "fuzzers_used": len(fuzzers), - "start_time_of_run": str(start_time), - "total_execs_per_sec": float(round(Decimal(afl_execs_total / total_run_time), 2)), - "total_run_time": total_run_time, - } - print(f" [*] Average score for this test across all runs was: {green(avg_score)}") - if (((max(execs_per_sec) - min(execs_per_sec)) / avg_score) * 100) > 15: + total_execs_per_sec = float(round(Decimal(afl_execs_total / total_run_time), 2)) + run = Run(afl_execs_per_sec=float(avg_afl_execs_per_sec), afl_execs_total=afl_execs_total, + fuzzers_used=len(fuzzers), run_end=str(end_time), run_start=str(start_time), + total_execs_per_sec=total_execs_per_sec, total_run_time=total_run_time) + results.targets[binary][mode.name] = run + + print(f" [*] Average AFL execs/sec for this test across all runs was: {green(avg_afl_execs_per_sec)}") + print(f" [*] Average total execs/sec for this test across all runs was: {green(total_execs_per_sec)}") + if (((max(afl_execs_per_sec) - min(afl_execs_per_sec)) / avg_afl_execs_per_sec) * 100) > 15: print(yellow(" [*] The difference between your slowest and fastest runs was >15%, maybe try again?")) + await clean_up_tempfiles() await save_benchmark_results() From b9db6b1254c9bf3a47c171bb96468628e9bd00f2 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Mon, 2 Oct 2023 03:23:09 -0700 Subject: [PATCH 173/357] benchmark: add a README, lower default runs from 5 to 3 --- benchmark/README.md | 46 + benchmark/benchmark.ipynb | 3502 +------------------------------------ benchmark/benchmark.py | 2 +- 3 files changed, 110 insertions(+), 3440 deletions(-) create mode 100644 benchmark/README.md diff --git a/benchmark/README.md b/benchmark/README.md new file mode 100644 index 0000000000..66f7f59e03 --- /dev/null +++ b/benchmark/README.md @@ -0,0 +1,46 @@ +# American Fuzzy Lop plus plus (AFL++) + +## benchmarking + +This directory contains benchmarking tools that allow you to compare one machine +with another in terms of raw ability to execute a fuzzing target repeatedly. + +To achieve this, we use a sample program ("test-instr.c") where each path is +equally likely, supply it a single seed, and tell AFL to exit after one run of +deterministic mutations against that seed. + +Usage: + +``` +cd aflplusplus/benchmark +python3 benchmark.py + [*] Using 16 fuzzers for multicore fuzzing (use --fuzzers to override) + [*] Ready, starting benchmark... + [*] Compiling the test-instr-persist-shmem fuzzing harness for the benchmark to use. + [*] multicore test-instr-persist-shmem run 1 of 3, execs/s: 846065.81 + [*] multicore test-instr-persist-shmem run 2 of 3, execs/s: 849694.03 + [*] multicore test-instr-persist-shmem run 3 of 3, execs/s: 850757.52 + [*] Average AFL execs/sec for this test across all runs was: 848839.12 + [*] Average total execs/sec for this test across all runs was: 833138.28 + [*] Results have been written to benchmark-results.jsonl +``` + +By default, the script will use a number of parallel fuzzers equal to your +available CPUs/threads (change with `--fuzzers`), and will perform each test +three times and average the result (change with `--runs`). + +The script will use multicore fuzzing instead of singlecore by default (change +with `--mode singlecore`) and use a persistent-mode shared memory harness for +optimal speed (change with `--target test-instr`). + +Each run writes results to [benchmark-results.jsonl](benchmark-results.jsonl) +in [JSON Lines](https://jsonlines.org/) format, ready to be pulled in to other +tools such as [jq -cs](https://jqlang.github.io/jq/) or +[pandas](https://pandas.pydata.org/) for analysis. + +## Data analysis + +There is sample data in [benchmark-results.jsonl](benchmark-results.jsonl), and +a Jupyter notebook for exploring the results and suggesting their meaning at +[benchmark.ipynb](benchmark.ipynb). + diff --git a/benchmark/benchmark.ipynb b/benchmark/benchmark.ipynb index b1ef6b0f5f..7ff90fcdfc 100644 --- a/benchmark/benchmark.ipynb +++ b/benchmark/benchmark.ipynb @@ -2,7 +2,7 @@ "cells": [ { "cell_type": "code", - "execution_count": 502, + "execution_count": 12, "metadata": {}, "outputs": [], "source": [ @@ -20,14 +20,14 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "### Translate the JSON Lines entries into a single pandas DataFrame.\n", + "### Translate the JSON Lines entries into a single pandas DataFrame\n", "\n", "We have JSON Lines in [benchmark-results.jsonl](benchmark-results.jsonl) that look like this:" ] }, { "cell_type": "code", - "execution_count": 503, + "execution_count": 13, "metadata": {}, "outputs": [ { @@ -89,7 +89,7 @@ }, { "cell_type": "code", - "execution_count": 504, + "execution_count": 14, "metadata": {}, "outputs": [ { @@ -371,7 +371,7 @@ "[5 rows x 37 columns]" ] }, - "execution_count": 504, + "execution_count": 14, "metadata": {}, "output_type": "execute_result" } @@ -404,7 +404,7 @@ }, { "cell_type": "code", - "execution_count": 505, + "execution_count": 15, "metadata": {}, "outputs": [], "source": [ @@ -418,1647 +418,65 @@ }, { "cell_type": "code", - "execution_count": 506, + "execution_count": 16, "metadata": {}, - "outputs": [ - { - "data": { - "text/html": [ - "
\n", - "\n", - "\n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - " \n", - "
execs_per_secparallel_fuzzersafl_persistent_configafl_system_configlabel
108135613.261.0TrueTrueSinglecore: Persistent mode/shared memory + ke...
117135613.2610.0TrueTrueSinglecore: Persistent mode/shared memory + ke...
\n", - "
" - ], - "text/plain": [ - " execs_per_sec parallel_fuzzers afl_persistent_config \\\n", - "108 135613.26 1.0 True \n", - "117 135613.26 10.0 True \n", - "\n", - " afl_system_config label \n", - "108 True Singlecore: Persistent mode/shared memory + ke... \n", - "117 True Singlecore: Persistent mode/shared memory + ke... " - ] - }, - "execution_count": 506, - "metadata": {}, - "output_type": "execute_result" - } - ], + "outputs": [], "source": [ "def build_graphdf_from_query(query: pd.DataFrame):\n", " \"\"\"Build a table suitable for graphing from a subset of the dataframe.\"\"\"\n", " graphdata = []\n", " max_fuzzers = int(query[[\"targets.test-instr-persist-shmem.multicore.fuzzers_used\", \"targets.test-instr.multicore.fuzzers_used\"]].max(axis=1).max(axis=0))\n", " for _, row in query.iterrows():\n", - " if row[\"targets.test-instr-persist-shmem.multicore.total_execs_per_sec\"] > 0:\n", - " execs_per_sec = row[\"targets.test-instr-persist-shmem.multicore.total_execs_per_sec\"]\n", - " afl_execs_per_sec = row[\"targets.test-instr-persist-shmem.multicore.afl_execs_per_sec\"]\n", - " parallel_fuzzers = row[\"targets.test-instr-persist-shmem.multicore.fuzzers_used\"]\n", - " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", - " afl_system_config = row[\"config.afl_system_config\"]\n", - " label = \"shmem-multicore\"\n", - " if afl_persistent_config:\n", - " label += \"+persist-conf\"\n", - " if afl_system_config:\n", - " label += \"+system-conf\"\n", - " if label == \"shmem-multicore+persist-conf+system-conf\":\n", - " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory + kernel config\"})\n", - " graphdata.append({\"execs_per_sec\": afl_execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: afl_execs: Persistent mode/shared memory + kernel config\"})\n", - " if label == \"shmem-multicore\":\n", - " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory without kernel config\"})\n", - " if row[\"targets.test-instr.multicore.total_execs_per_sec\"] > 0:\n", - " execs_per_sec = row[\"targets.test-instr.multicore.total_execs_per_sec\"]\n", - " parallel_fuzzers = row[\"targets.test-instr.multicore.fuzzers_used\"]\n", - " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", - " afl_system_config = row[\"config.afl_system_config\"]\n", - " label = \"base-multicore\"\n", - " if afl_persistent_config:\n", - " label += \"+persist-conf\"\n", - " if afl_system_config:\n", - " label += \"+system-conf\"\n", + " for target in [\"test-instr-persist-shmem\", \"test-instr\"]:\n", + " for mode in [\"multicore\", \"singlecore\"]:\n", + " label = \"\"\n", + " if not row[f\"targets.{target}.{mode}.total_execs_per_sec\"] > 0:\n", + " continue\n", + " execs_per_sec = row[f\"targets.{target}.{mode}.total_execs_per_sec\"]\n", + " afl_execs_per_sec = row[f\"targets.{target}.{mode}.afl_execs_per_sec\"]\n", + " parallel_fuzzers = row[f\"targets.{target}.{mode}.fuzzers_used\"]\n", + " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", + " afl_system_config = row[\"config.afl_system_config\"]\n", + " if target == \"test-instr-persist-shmem\":\n", + " label += \"shmem\"\n", + " else:\n", + " label += \"base\"\n", + " if mode == \"multicore\":\n", + " label += \"-multicore\"\n", + " else:\n", + " label += \"-singlecore\"\n", + " if afl_persistent_config:\n", + " label += \"+persist-conf\"\n", + " if afl_system_config:\n", + " label += \"+system-conf\"\n", + " \n", + " if label == \"shmem-multicore+persist-conf+system-conf\":\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory + kernel config\"})\n", + " graphdata.append({\"execs_per_sec\": afl_execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: afl_execs: Persistent mode/shared memory + kernel config\"})\n", + " if label == \"shmem-multicore\":\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory without kernel config\"})\n", " if label == \"base-multicore+persist-conf+system-conf\":\n", - " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Non-persistent mode + kernel config\"}) \n", - " if row[\"targets.test-instr-persist-shmem.singlecore.total_execs_per_sec\"] > 0:\n", - " execs_per_sec = row[\"targets.test-instr-persist-shmem.singlecore.total_execs_per_sec\"]\n", - " parallel_fuzzers = row[\"targets.test-instr-persist-shmem.singlecore.fuzzers_used\"]\n", - " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", - " afl_system_config = row[\"config.afl_system_config\"]\n", - " label = \"shmem-singlecore\"\n", - " if afl_persistent_config:\n", - " label += \"+persist-conf\"\n", - " if afl_system_config:\n", - " label += \"+system-conf\"\n", - " if label == \"shmem-singlecore+persist-conf+system-conf\":\n", - " for i in range(1, max_fuzzers + 1):\n", - " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": float(i), \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Singlecore: Persistent mode/shared memory + kernel config\"})\n", - " if row[\"targets.test-instr.singlecore.total_execs_per_sec\"] > 0:\n", - " execs_per_sec = row[\"targets.test-instr.singlecore.total_execs_per_sec\"]\n", - " parallel_fuzzers = row[\"targets.test-instr.singlecore.fuzzers_used\"]\n", - " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", - " afl_system_config = row[\"config.afl_system_config\"]\n", - " label = \"base-singlecore\"\n", - " if afl_persistent_config:\n", - " label += \"+persist-conf\"\n", - " if afl_system_config:\n", - " label += \"+system-conf\"\n", - " if label == \"base-singlecore+persist-conf+system-conf\":\n", - " for i in range(1, max_fuzzers + 1):\n", - " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": float(i), \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Singlecore: Non-persistent mode + kernel config\"})\n", - "\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Non-persistent mode + kernel config\"})\n", + " if label == \"shmem-singlecore+persist-conf+system-conf\":\n", + " for i in range(1, max_fuzzers + 1):\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": float(i), \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Singlecore: Persistent mode/shared memory + kernel config\"})\n", + " if label == \"base-singlecore+persist-conf+system-conf\":\n", + " for i in range(1, max_fuzzers + 1):\n", + " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": float(i), \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Singlecore: Non-persistent mode + kernel config\"})\n", " return pd.DataFrame.from_records(graphdata).sort_values(\"label\", ascending=False)\n", "\n", - "graphdf = build_graphdf_from_query(i7)\n", - "graphdf.head(2)" + "graphdf = build_graphdf_from_query(i7)" ] }, { "cell_type": "code", - "execution_count": 507, + "execution_count": 17, "metadata": {}, "outputs": [ { "data": { - "application/vnd.plotly.v1+json": { - "config": { - "plotlyServerURL": "https://plot.ly" - }, - "data": [ - { - "hovertemplate": "Configuration=Multicore: Non-persistent mode + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Multicore: Non-persistent mode + kernel config", - "line": { - "color": "#636efa", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Multicore: Non-persistent mode + kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36 - ], - "xaxis": "x", - "y": [ - 11019.3, - 21111.92, - 30568.82, - 38963.07, - 47693.65, - 55718.73, - 64156.79, - 72176.39, - 61257.76, - 67507.14, - 73183.59, - 79167.7, - 85202.55, - 91594.86, - 97682.33, - 103765.38, - 84547.71, - 86611.67, - 88657, - 90134.42, - 91033.28, - 91637.86, - 92747.81, - 93207.38, - 92970.87, - 94162.8, - 94237.96, - 91716.1, - 94072.6, - 95644.79, - 94880.56, - 93460.57, - 94194.83, - 93853.08, - 95147.78, - 92697.06 - ], - "yaxis": "y" - }, - { - "hovertemplate": "Configuration=Multicore: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Multicore: Persistent mode/shared memory + kernel config", - "line": { - "color": "#EF553B", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Multicore: Persistent mode/shared memory + kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36 - ], - "xaxis": "x", - "y": [ - 133591.26, - 255995.07, - 380246.34, - 490254.72, - 598698.16, - 716786.21, - 824873.02, - 942712.02, - 709716.24, - 779115.44, - 851918.03, - 914375.37, - 990573.31, - 1060551.02, - 1134650.66, - 1203287.99, - 1022498.84, - 1058151.58, - 1076742.64, - 1091743.7, - 1062616.36, - 1081621.57, - 1132929.86, - 1133825.45, - 1114215.27, - 1122210.96, - 1130627.8, - 1135890.71, - 1137390.94, - 1142969.21, - 1149056.35, - 1142131.87, - 1128973.67, - 1116863.53, - 1117913.34, - 1124962.18 - ], - "yaxis": "y" - }, - { - "hovertemplate": "Configuration=Multicore: Persistent mode/shared memory without kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Multicore: Persistent mode/shared memory without kernel config", - "line": { - "color": "#00cc96", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Multicore: Persistent mode/shared memory without kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36 - ], - "xaxis": "x", - "y": [ - 90851.4, - 176159.32, - 260268.78, - 336355.99, - 413750, - 492578.2, - 565737.17, - 640579.35, - 491284.66, - 540759.63, - 591144.78, - 638938.52, - 687954.18, - 734886.87, - 784210.26, - 834811.24, - 714178.66, - 734804.4, - 740714.93, - 750425.99, - 752625.52, - 760661.34, - 758401.65, - 767985.22, - 785474.61, - 789679.78, - 790483.94, - 798176.69, - 792763.39, - 788972.72, - 789307.69, - 777440.02, - 767985.22, - 775967.55, - 764863.41, - 768616.31 - ], - "yaxis": "y" - }, - { - "hovertemplate": "Configuration=Multicore: afl_execs: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", - "line": { - "color": "#ab63fa", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36 - ], - "xaxis": "x", - "y": [ - 134423.5, - 258490.04, - 383777.45, - 496249.48, - 613089.31, - 730366.19, - 844187.32, - 962846.18, - 997414.74, - 1034757.73, - 1070703.42, - 1104249.08, - 1131176.88, - 1164076.48, - 1198824.47, - 1227578.7, - 1272311.96, - 1295688.8, - 1314398.6, - 1328581.94, - 1342660.66, - 1363930.3, - 1377043.72, - 1375818.24, - 1361687.56, - 1369637.56, - 1375444.16, - 1349599.77, - 1321658.08, - 1301868.24, - 1276904.9, - 1243444.8, - 1243981.21, - 1234425.98, - 1244349.38, - 1250454.58 - ], - "yaxis": "y" - }, - { - "hovertemplate": "Configuration=Singlecore: Non-persistent mode + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Singlecore: Non-persistent mode + kernel config", - "line": { - "color": "#FFA15A", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Singlecore: Non-persistent mode + kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36 - ], - "xaxis": "x", - "y": [ - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96, - 11038.96 - ], - "yaxis": "y" - }, - { - "hovertemplate": "Configuration=Singlecore: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Singlecore: Persistent mode/shared memory + kernel config", - "line": { - "color": "#19d3f3", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Singlecore: Persistent mode/shared memory + kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36 - ], - "xaxis": "x", - "y": [ - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26, - 135613.26 - ], - "yaxis": "y" - } - ], - "layout": { - "height": 400, - "legend": { - "title": { - "text": "Configuration" - }, - "tracegroupgap": 0 - }, - "template": { - "data": { - "bar": [ - { - "error_x": { - "color": "#2a3f5f" - }, - "error_y": { - "color": "#2a3f5f" - }, - "marker": { - "line": { - "color": "#E5ECF6", - "width": 0.5 - }, - "pattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - } - }, - "type": "bar" - } - ], - "barpolar": [ - { - "marker": { - "line": { - "color": "#E5ECF6", - "width": 0.5 - }, - "pattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - } - }, - "type": "barpolar" - } - ], - "carpet": [ - { - "aaxis": { - "endlinecolor": "#2a3f5f", - "gridcolor": "white", - "linecolor": "white", - "minorgridcolor": "white", - "startlinecolor": "#2a3f5f" - }, - "baxis": { - "endlinecolor": "#2a3f5f", - "gridcolor": "white", - "linecolor": "white", - "minorgridcolor": "white", - "startlinecolor": "#2a3f5f" - }, - "type": "carpet" - } - ], - "choropleth": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "type": "choropleth" - } - ], - "contour": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "contour" - } - ], - "contourcarpet": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "type": "contourcarpet" - } - ], - "heatmap": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "heatmap" - } - ], - "heatmapgl": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "heatmapgl" - } - ], - "histogram": [ - { - "marker": { - "pattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - } - }, - "type": "histogram" - } - ], - "histogram2d": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "histogram2d" - } - ], - "histogram2dcontour": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "histogram2dcontour" - } - ], - "mesh3d": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "type": "mesh3d" - } - ], - "parcoords": [ - { - "line": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "parcoords" - } - ], - "pie": [ - { - "automargin": true, - "type": "pie" - } - ], - "scatter": [ - { - "fillpattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - }, - "type": "scatter" - } - ], - "scatter3d": [ - { - "line": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatter3d" - } - ], - "scattercarpet": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattercarpet" - } - ], - "scattergeo": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattergeo" - } - ], - "scattergl": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattergl" - } - ], - "scattermapbox": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattermapbox" - } - ], - "scatterpolar": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatterpolar" - } - ], - "scatterpolargl": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatterpolargl" - } - ], - "scatterternary": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatterternary" - } - ], - "surface": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "surface" - } - ], - "table": [ - { - "cells": { - "fill": { - "color": "#EBF0F8" - }, - "line": { - "color": "white" - } - }, - "header": { - "fill": { - "color": "#C8D4E3" - }, - "line": { - "color": "white" - } - }, - "type": "table" - } - ] - }, - "layout": { - "annotationdefaults": { - "arrowcolor": "#2a3f5f", - "arrowhead": 0, - "arrowwidth": 1 - }, - "autotypenumbers": "strict", - "coloraxis": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "colorscale": { - "diverging": [ - [ - 0, - "#8e0152" - ], - [ - 0.1, - "#c51b7d" - ], - [ - 0.2, - "#de77ae" - ], - [ - 0.3, - "#f1b6da" - ], - [ - 0.4, - "#fde0ef" - ], - [ - 0.5, - "#f7f7f7" - ], - [ - 0.6, - "#e6f5d0" - ], - [ - 0.7, - "#b8e186" - ], - [ - 0.8, - "#7fbc41" - ], - [ - 0.9, - "#4d9221" - ], - [ - 1, - "#276419" - ] - ], - "sequential": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "sequentialminus": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ] - }, - "colorway": [ - "#636efa", - "#EF553B", - "#00cc96", - "#ab63fa", - "#FFA15A", - "#19d3f3", - "#FF6692", - "#B6E880", - "#FF97FF", - "#FECB52" - ], - "font": { - "color": "#2a3f5f" - }, - "geo": { - "bgcolor": "white", - "lakecolor": "white", - "landcolor": "#E5ECF6", - "showlakes": true, - "showland": true, - "subunitcolor": "white" - }, - "hoverlabel": { - "align": "left" - }, - "hovermode": "closest", - "mapbox": { - "style": "light" - }, - "paper_bgcolor": "white", - "plot_bgcolor": "#E5ECF6", - "polar": { - "angularaxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - }, - "bgcolor": "#E5ECF6", - "radialaxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - } - }, - "scene": { - "xaxis": { - "backgroundcolor": "#E5ECF6", - "gridcolor": "white", - "gridwidth": 2, - "linecolor": "white", - "showbackground": true, - "ticks": "", - "zerolinecolor": "white" - }, - "yaxis": { - "backgroundcolor": "#E5ECF6", - "gridcolor": "white", - "gridwidth": 2, - "linecolor": "white", - "showbackground": true, - "ticks": "", - "zerolinecolor": "white" - }, - "zaxis": { - "backgroundcolor": "#E5ECF6", - "gridcolor": "white", - "gridwidth": 2, - "linecolor": "white", - "showbackground": true, - "ticks": "", - "zerolinecolor": "white" - } - }, - "shapedefaults": { - "line": { - "color": "#2a3f5f" - } - }, - "ternary": { - "aaxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - }, - "baxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - }, - "bgcolor": "#E5ECF6", - "caxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - } - }, - "title": { - "x": 0.05 - }, - "xaxis": { - "automargin": true, - "gridcolor": "white", - "linecolor": "white", - "ticks": "", - "title": { - "standoff": 15 - }, - "zerolinecolor": "white", - "zerolinewidth": 2 - }, - "yaxis": { - "automargin": true, - "gridcolor": "white", - "linecolor": "white", - "ticks": "", - "title": { - "standoff": 15 - }, - "zerolinecolor": "white", - "zerolinewidth": 2 - } - } - }, - "title": { - "text": "Fuzzer performance" - }, - "width": 1200, - "xaxis": { - "anchor": "y", - "domain": [ - 0, - 1 - ], - "tickvals": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36 - ], - "title": { - "text": "Number of parallel fuzzers" - } - }, - "yaxis": { - "anchor": "x", - "domain": [ - 0, - 1 - ], - "ticktext": [ - "1x", - "26x", - "51x", - "75x", - "100x", - "125x" - ], - "tickvals": [ - 11019.3, - 284224.18399999995, - 557429.068, - 830633.9519999999, - 1103838.836, - 1377043.72 - ], - "title": { - "text": "Fuzz target executions per second" - } - } - } - }, - "text/html": [ - "
" + "image/svg+xml": [ + "1234567891011121314151617181920212223242526272829303132333435361x26x51x75x100x125xConfigurationMulticore: Non-persistent mode + kernel configMulticore: Persistent mode/shared memory + kernel configMulticore: Persistent mode/shared memory without kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configSinglecore: Non-persistent mode + kernel configSinglecore: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" ] }, "metadata": {}, @@ -2066,7 +484,6 @@ } ], "source": [ - "\n", "import numpy as np\n", "pd.options.plotting.backend = \"plotly\"\n", "\n", @@ -2088,7 +505,8 @@ "# Update the primary Y-axis with custom tick labels\n", "fig.update_yaxes(tickvals=tickvals, ticktext=ticktext)\n", "fig.update_xaxes(tickvals=list(range(1,36+1)))\n", - "fig.update_layout(width=1200, height=400)\n" + "fig.update_layout(width=1200, height=400)\n", + "fig.show(\"svg\")\n" ] }, { @@ -2100,7 +518,7 @@ }, { "cell_type": "code", - "execution_count": 508, + "execution_count": 18, "metadata": {}, "outputs": [ { @@ -2241,7 +659,7 @@ "5.0 135613.26 " ] }, - "execution_count": 508, + "execution_count": 18, "metadata": {}, "output_type": "execute_result" } @@ -2259,7 +677,7 @@ }, { "cell_type": "code", - "execution_count": 509, + "execution_count": 19, "metadata": {}, "outputs": [ { @@ -2318,7 +736,7 @@ "" ] }, - "execution_count": 509, + "execution_count": 19, "metadata": {}, "output_type": "execute_result" } @@ -2402,7 +820,7 @@ }, { "cell_type": "code", - "execution_count": 521, + "execution_count": 20, "metadata": {}, "outputs": [ { @@ -2537,7 +955,7 @@ "149 6.15 " ] }, - "execution_count": 521, + "execution_count": 20, "metadata": {}, "output_type": "execute_result" } @@ -2549,7 +967,7 @@ }, { "cell_type": "code", - "execution_count": 516, + "execution_count": 21, "metadata": {}, "outputs": [ { @@ -2611,7 +1029,7 @@ "153 True Multicore: afl_execs: Persistent mode/shared m... " ] }, - "execution_count": 516, + "execution_count": 21, "metadata": {}, "output_type": "execute_result" } @@ -2623,1796 +1041,13 @@ }, { "cell_type": "code", - "execution_count": 514, + "execution_count": 22, "metadata": {}, "outputs": [ { "data": { - "application/vnd.plotly.v1+json": { - "config": { - "plotlyServerURL": "https://plot.ly" - }, - "data": [ - { - "hovertemplate": "Configuration=Multicore: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Multicore: Persistent mode/shared memory + kernel config", - "line": { - "color": "#636efa", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Multicore: Persistent mode/shared memory + kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45, - 46, - 47, - 48, - 49, - 50, - 51, - 52, - 53, - 54, - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64, - 65, - 66, - 67, - 68, - 69, - 70, - 71, - 72, - 73, - 74, - 75, - 76, - 77, - 78, - 79, - 80, - 81, - 82, - 83, - 84, - 85, - 86, - 87, - 88, - 89, - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139, - 140, - 141, - 142, - 143, - 144, - 145, - 146, - 147, - 148, - 149, - 150, - 151, - 152, - 153, - 154, - 155, - 156, - 157, - 158, - 159, - 160, - 161, - 162, - 163, - 164, - 165, - 166, - 167, - 168, - 169, - 170, - 171, - 172, - 173, - 174, - 175, - 176, - 177, - 178, - 179, - 180, - 181, - 182, - 183, - 184, - 185, - 186, - 187, - 188, - 189, - 190, - 191, - 192, - 193, - 194, - 195, - 196, - 197, - 198, - 199, - 200 - ], - "xaxis": "x", - "y": [ - 105839.1, - 210819.47, - 316229.21, - 413256.46, - 518632.73, - 619884.69, - 702256.76, - 804131.53, - 847288.04, - 943139.75, - 1024439.07, - 1113578.57, - 1162772.81, - 1265283.48, - 1346295.34, - 1421319.66, - 1389055.03, - 1336294.29, - 1354421.12, - 1341083.87, - 1267487.8, - 1228006.44, - 1164952.24, - 1117569.89, - 1027015.81, - 1011333.83, - 993703.26, - 983824.21, - 969783.14, - 953522.94, - 937704.89, - 914207.81, - 898800.31, - 896437.34, - 895982.76, - 896412.07, - 888119.63, - 874168.22, - 858049.53, - 839870.71, - 830337.88, - 833695.19, - 832246.18, - 831472, - 820819.59, - 809235.61, - 796104.63, - 779748.67, - 651915.77, - 658310.11, - 664906.42, - 670874.88, - 679223.43, - 680460.23, - 683449.31, - 683776.32, - 642820.96, - 656234.7, - 664079.06, - 668815.96, - 677202.95, - 682183.78, - 687798.53, - 695065.41, - 653862.76, - 662255.65, - 667137.25, - 674252.38, - 674769.27, - 676779.76, - 678994.74, - 677707.66, - 643636.07, - 645011.41, - 647860.09, - 650443.61, - 655762.21, - 655894.58, - 659395.36, - 660632.48, - 636619.43, - 636679.37, - 641091.3, - 642134.44, - 644188.04, - 645646.45, - 648190.91, - 645188.95, - 623576.69, - 623521.92, - 627188.81, - 631735.31, - 632169.99, - 632104.98, - 636441.28, - 636413.09, - 627747.11, - 618580.91, - 610289.87, - 602517.1, - 587297.53, - 574782.55, - 559428.41, - 543938.93, - 538120.81, - 531555.69, - 526211.57, - 521796.77, - 510905.75, - 501877.11, - 490630.76, - 479788.36, - 475372.8, - 470776.14, - 466163.29, - 463421.1, - 454522.49, - 446589.03, - 438649.5, - 428977.64, - 424292.46, - 418867.74, - 414980.74, - 412384.2, - 404224.17, - 396310.94, - 389392.67, - 381715.99, - 377825.09, - 374215.78, - 370708.15, - 368402.32, - 361940.65, - 355502.6, - 349589.01, - 342501.52, - 339897.15, - 337989.11, - 335723.22, - 334039.83, - 329127.04, - 323073.5, - 318652.21, - 313198.69, - 311591.71, - 310530.42, - 309390.36, - 307977.56, - 306559.97, - 305066.46, - 302157.29, - 301097.52, - 300138.11, - 299824.88, - 298130.63, - 297838.27, - 296189.21, - 294695.11, - 292518.21, - 291030.08, - 290207.87, - 289828.9, - 289247.99, - 288295.58, - 287447.58, - 286405.31, - 284755.57, - 284046.79, - 283176.27, - 283053.87, - 282178.36, - 281522.15, - 280377.23, - 279885.55, - 278793.08, - 277923.89, - 277069.78, - 277124.24, - 276576.49, - 276020.64, - 275328, - 275029.74, - 274030.79, - 273612.38, - 273285.13, - 273039.33, - 272819.57, - 272960.42, - 272388.01, - 272311.26, - 272115.97, - 272056.42, - 271835.4, - 271397.63, - 271867.2, - 271065.21, - 270797.96, - 270150.29, - 269442.01, - 268674.91 - ], - "yaxis": "y" - }, - { - "hovertemplate": "Configuration=Multicore: afl_execs: Persistent mode/shared memory + kernel config
Number of parallel fuzzers=%{x}
Fuzz target executions per second=%{y}", - "legendgroup": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", - "line": { - "color": "#EF553B", - "dash": "solid" - }, - "marker": { - "symbol": "circle" - }, - "mode": "lines", - "name": "Multicore: afl_execs: Persistent mode/shared memory + kernel config", - "orientation": "v", - "showlegend": true, - "type": "scatter", - "x": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20, - 21, - 22, - 23, - 24, - 25, - 26, - 27, - 28, - 29, - 30, - 31, - 32, - 33, - 34, - 35, - 36, - 37, - 38, - 39, - 40, - 41, - 42, - 43, - 44, - 45, - 46, - 47, - 48, - 49, - 50, - 51, - 52, - 53, - 54, - 55, - 56, - 57, - 58, - 59, - 60, - 61, - 62, - 63, - 64, - 65, - 66, - 67, - 68, - 69, - 70, - 71, - 72, - 73, - 74, - 75, - 76, - 77, - 78, - 79, - 80, - 81, - 82, - 83, - 84, - 85, - 86, - 87, - 88, - 89, - 90, - 91, - 92, - 93, - 94, - 95, - 96, - 97, - 98, - 99, - 100, - 101, - 102, - 103, - 104, - 105, - 106, - 107, - 108, - 109, - 110, - 111, - 112, - 113, - 114, - 115, - 116, - 117, - 118, - 119, - 120, - 121, - 122, - 123, - 124, - 125, - 126, - 127, - 128, - 129, - 130, - 131, - 132, - 133, - 134, - 135, - 136, - 137, - 138, - 139, - 140, - 141, - 142, - 143, - 144, - 145, - 146, - 147, - 148, - 149, - 150, - 151, - 152, - 153, - 154, - 155, - 156, - 157, - 158, - 159, - 160, - 161, - 162, - 163, - 164, - 165, - 166, - 167, - 168, - 169, - 170, - 171, - 172, - 173, - 174, - 175, - 176, - 177, - 178, - 179, - 180, - 181, - 182, - 183, - 184, - 185, - 186, - 187, - 188, - 189, - 190, - 191, - 192, - 193, - 194, - 195, - 196, - 197, - 198, - 199, - 200 - ], - "xaxis": "x", - "y": [ - 107126.58, - 214213.66, - 322468.69, - 427406.37, - 535728.44, - 643227.5, - 746997.96, - 852324.44, - 898199.42, - 994921.42, - 1086491.72, - 1188114.32, - 1275638.92, - 1373504.32, - 1456611.99, - 1547050.37, - 1556304.25, - 1498337.65, - 1480610.39, - 1442181.26, - 1380390.08, - 1315149.42, - 1250840.52, - 1198962.91, - 1113901.96, - 1112866.02, - 1109572.68, - 1112386.81, - 1104839.85, - 1088259.95, - 1072951.12, - 1038335.3, - 1039005.59, - 1055683.11, - 1074708.24, - 1088882.64, - 1084369.02, - 1061476.09, - 1037330.81, - 1001283.07, - 1011982.42, - 1039061.07, - 1060191.68, - 1069379.92, - 1051676.06, - 1025702.93, - 1000795.88, - 959941, - 928333.9, - 936392.44, - 947163.68, - 958614.58, - 973982.54, - 976113.12, - 983432.87, - 985159.38, - 949664.42, - 960540.52, - 971717.37, - 978223.94, - 995090.76, - 1000123.55, - 1006856.18, - 1013280.29, - 977531.19, - 988260.54, - 996765.65, - 1006933, - 1016151.03, - 1020419.88, - 1024544.66, - 1027862.2, - 989415.52, - 999208.44, - 1009747.84, - 1016122.1, - 1026766.44, - 1032416.84, - 1037369.06, - 1037677.89, - 1001527.34, - 1008569.78, - 1024112.93, - 1033177.84, - 1035389.26, - 1040484.52, - 1047416.67, - 1043614.54, - 1014160.19, - 1019409.94, - 1033667.5, - 1040422.32, - 1045409.98, - 1048162.62, - 1050384.15, - 1050304.88, - 1037251.1, - 1023279.61, - 1009889.86, - 996157.16, - 973425.48, - 960922.5, - 941705.52, - 927206.03, - 919716.12, - 907116.8, - 898444.05, - 889678.68, - 871535.65, - 858369.28, - 839357.6, - 828077.49, - 817619.99, - 806563.34, - 795820.84, - 789602.32, - 769744.98, - 754704.16, - 739965.24, - 721357.74, - 705584.89, - 689179.3, - 674153.86, - 668264.05, - 648129.94, - 630733.08, - 614518.38, - 598284.67, - 580642.38, - 562735.32, - 547668.6, - 540727.65, - 519637, - 499189.04, - 482457.86, - 458655.34, - 453087.56, - 445650.76, - 438779.54, - 434421.26, - 422130, - 403403.62, - 391528.74, - 374715.06, - 372678.44, - 371466.33, - 369815.4, - 367734.06, - 366332.54, - 365256.89, - 362078.84, - 361083.46, - 359994.43, - 359950.89, - 357498.64, - 357285.14, - 355405.08, - 354127.44, - 351793.59, - 350348, - 349438.44, - 349188.38, - 348377.38, - 347124.06, - 346480.82, - 345660.61, - 344352.86, - 343903.25, - 342402.74, - 342935.7, - 342089.26, - 341369.47, - 340166.19, - 339692.96, - 339204.8, - 338925.12, - 337700.46, - 338203.76, - 337556.9, - 336873.92, - 336399.84, - 336455.79, - 335823.56, - 335587.52, - 335620.09, - 334996.68, - 334980.98, - 335404.84, - 335051.8, - 334887.42, - 335150.96, - 334773.71, - 335035.28, - 334596.91, - 336065.8, - 335034.33, - 334931.36, - 334191.98, - 332929.11, - 331957.22 - ], - "yaxis": "y" - } - ], - "layout": { - "height": 400, - "legend": { - "title": { - "text": "Configuration" - }, - "tracegroupgap": 0 - }, - "template": { - "data": { - "bar": [ - { - "error_x": { - "color": "#2a3f5f" - }, - "error_y": { - "color": "#2a3f5f" - }, - "marker": { - "line": { - "color": "#E5ECF6", - "width": 0.5 - }, - "pattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - } - }, - "type": "bar" - } - ], - "barpolar": [ - { - "marker": { - "line": { - "color": "#E5ECF6", - "width": 0.5 - }, - "pattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - } - }, - "type": "barpolar" - } - ], - "carpet": [ - { - "aaxis": { - "endlinecolor": "#2a3f5f", - "gridcolor": "white", - "linecolor": "white", - "minorgridcolor": "white", - "startlinecolor": "#2a3f5f" - }, - "baxis": { - "endlinecolor": "#2a3f5f", - "gridcolor": "white", - "linecolor": "white", - "minorgridcolor": "white", - "startlinecolor": "#2a3f5f" - }, - "type": "carpet" - } - ], - "choropleth": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "type": "choropleth" - } - ], - "contour": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "contour" - } - ], - "contourcarpet": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "type": "contourcarpet" - } - ], - "heatmap": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "heatmap" - } - ], - "heatmapgl": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "heatmapgl" - } - ], - "histogram": [ - { - "marker": { - "pattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - } - }, - "type": "histogram" - } - ], - "histogram2d": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "histogram2d" - } - ], - "histogram2dcontour": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "histogram2dcontour" - } - ], - "mesh3d": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "type": "mesh3d" - } - ], - "parcoords": [ - { - "line": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "parcoords" - } - ], - "pie": [ - { - "automargin": true, - "type": "pie" - } - ], - "scatter": [ - { - "fillpattern": { - "fillmode": "overlay", - "size": 10, - "solidity": 0.2 - }, - "type": "scatter" - } - ], - "scatter3d": [ - { - "line": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatter3d" - } - ], - "scattercarpet": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattercarpet" - } - ], - "scattergeo": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattergeo" - } - ], - "scattergl": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattergl" - } - ], - "scattermapbox": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scattermapbox" - } - ], - "scatterpolar": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatterpolar" - } - ], - "scatterpolargl": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatterpolargl" - } - ], - "scatterternary": [ - { - "marker": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "type": "scatterternary" - } - ], - "surface": [ - { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - }, - "colorscale": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "type": "surface" - } - ], - "table": [ - { - "cells": { - "fill": { - "color": "#EBF0F8" - }, - "line": { - "color": "white" - } - }, - "header": { - "fill": { - "color": "#C8D4E3" - }, - "line": { - "color": "white" - } - }, - "type": "table" - } - ] - }, - "layout": { - "annotationdefaults": { - "arrowcolor": "#2a3f5f", - "arrowhead": 0, - "arrowwidth": 1 - }, - "autotypenumbers": "strict", - "coloraxis": { - "colorbar": { - "outlinewidth": 0, - "ticks": "" - } - }, - "colorscale": { - "diverging": [ - [ - 0, - "#8e0152" - ], - [ - 0.1, - "#c51b7d" - ], - [ - 0.2, - "#de77ae" - ], - [ - 0.3, - "#f1b6da" - ], - [ - 0.4, - "#fde0ef" - ], - [ - 0.5, - "#f7f7f7" - ], - [ - 0.6, - "#e6f5d0" - ], - [ - 0.7, - "#b8e186" - ], - [ - 0.8, - "#7fbc41" - ], - [ - 0.9, - "#4d9221" - ], - [ - 1, - "#276419" - ] - ], - "sequential": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ], - "sequentialminus": [ - [ - 0, - "#0d0887" - ], - [ - 0.1111111111111111, - "#46039f" - ], - [ - 0.2222222222222222, - "#7201a8" - ], - [ - 0.3333333333333333, - "#9c179e" - ], - [ - 0.4444444444444444, - "#bd3786" - ], - [ - 0.5555555555555556, - "#d8576b" - ], - [ - 0.6666666666666666, - "#ed7953" - ], - [ - 0.7777777777777778, - "#fb9f3a" - ], - [ - 0.8888888888888888, - "#fdca26" - ], - [ - 1, - "#f0f921" - ] - ] - }, - "colorway": [ - "#636efa", - "#EF553B", - "#00cc96", - "#ab63fa", - "#FFA15A", - "#19d3f3", - "#FF6692", - "#B6E880", - "#FF97FF", - "#FECB52" - ], - "font": { - "color": "#2a3f5f" - }, - "geo": { - "bgcolor": "white", - "lakecolor": "white", - "landcolor": "#E5ECF6", - "showlakes": true, - "showland": true, - "subunitcolor": "white" - }, - "hoverlabel": { - "align": "left" - }, - "hovermode": "closest", - "mapbox": { - "style": "light" - }, - "paper_bgcolor": "white", - "plot_bgcolor": "#E5ECF6", - "polar": { - "angularaxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - }, - "bgcolor": "#E5ECF6", - "radialaxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - } - }, - "scene": { - "xaxis": { - "backgroundcolor": "#E5ECF6", - "gridcolor": "white", - "gridwidth": 2, - "linecolor": "white", - "showbackground": true, - "ticks": "", - "zerolinecolor": "white" - }, - "yaxis": { - "backgroundcolor": "#E5ECF6", - "gridcolor": "white", - "gridwidth": 2, - "linecolor": "white", - "showbackground": true, - "ticks": "", - "zerolinecolor": "white" - }, - "zaxis": { - "backgroundcolor": "#E5ECF6", - "gridcolor": "white", - "gridwidth": 2, - "linecolor": "white", - "showbackground": true, - "ticks": "", - "zerolinecolor": "white" - } - }, - "shapedefaults": { - "line": { - "color": "#2a3f5f" - } - }, - "ternary": { - "aaxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - }, - "baxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - }, - "bgcolor": "#E5ECF6", - "caxis": { - "gridcolor": "white", - "linecolor": "white", - "ticks": "" - } - }, - "title": { - "x": 0.05 - }, - "xaxis": { - "automargin": true, - "gridcolor": "white", - "linecolor": "white", - "ticks": "", - "title": { - "standoff": 15 - }, - "zerolinecolor": "white", - "zerolinewidth": 2 - }, - "yaxis": { - "automargin": true, - "gridcolor": "white", - "linecolor": "white", - "ticks": "", - "title": { - "standoff": 15 - }, - "zerolinecolor": "white", - "zerolinewidth": 2 - } - } - }, - "title": { - "text": "Fuzzer performance" - }, - "width": 1200, - "xaxis": { - "anchor": "y", - "domain": [ - 0, - 1 - ], - "tickvals": [ - 0, - 5, - 10, - 15, - 20, - 25, - 30, - 35, - 40, - 45, - 50, - 55, - 60, - 65, - 70, - 75, - 80, - 85, - 90, - 95, - 100, - 105, - 110, - 115, - 120, - 125, - 130, - 135, - 140, - 145, - 150, - 155, - 160, - 165, - 170, - 175, - 180, - 185, - 190, - 195, - 200 - ], - "title": { - "text": "Number of parallel fuzzers" - } - }, - "yaxis": { - "anchor": "x", - "domain": [ - 0, - 1 - ], - "ticktext": [ - "10x", - "36x", - "62x", - "89x", - "115x", - "141x" - ], - "tickvals": [ - 105839.1, - 395932.13, - 686025.1599999999, - 976118.1899999998, - 1266211.22, - 1556304.25 - ], - "title": { - "text": "Fuzz target executions per second" - } - } - } - }, - "text/html": [ - "
" + "image/svg+xml": [ + "510152025303540455055606570758085909510010511011512012513013514014515015516016517017518018519019520010x36x62x89x115x141xConfigurationMulticore: Persistent mode/shared memory + kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" ] }, "metadata": {}, @@ -4436,7 +1071,8 @@ "# Update the primary Y-axis with custom tick labels\n", "r6a_fig.update_yaxes(tickvals=tickvals, ticktext=ticktext)\n", "r6a_fig.update_xaxes(tickvals=list(range(0,200+1, 5)))\n", - "r6a_fig.update_layout(width=1200, height=400)" + "r6a_fig.update_layout(width=1200, height=400)\n", + "r6a_fig.show(\"svg\")" ] }, { @@ -4449,19 +1085,7 @@ "\n", "Does this mean that AFL++ is a bad fuzzer, or that AWS tricked us and gave us a 16-thread machine instead of a 192-thread one?\n", "\n", - "No -- the most likely cause here (based on a tip from @eqv) is that we're actually saturating the Linux kernel's ability to service system calls. We could look to reduce these, but there's another option available to us, which is to try running more system-call-servicers (read: kernels) at once, on this machine. One way to do that is to use hardware virtualization with KVM,\n", - "and if it is true that this particular fuzzer setup bottlenecks around 16 fuzzers, then we might expect an optimal number of KVM\n", - "kernels running on this machine to be around 16/192 == 8, each with 16 fuzzers in parallel, and perhaps a shared (in-memory?)\n", - "filesystem for the fuzzing queue." - ] - }, - { - "cell_type": "markdown", - "metadata": {}, - "source": [ - "### Measuring system call saturation and experimenting with extra KVM hosts\n", - "\n", - "Coming soon!" + "No, probably not -- the most likely causes here are a problem with our Python harness, or potentially that we're already saturating the Linux kernel's ability to service system calls, although we're definitely hitting such a limit way earlier than expected. A good way to test this theory would be to run more system-call-servicers (read: kernels!) at once on this machine; one way to do that is to use hardware virtualization with KVM. " ] } ], diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index da32167a69..e0dea29913 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -64,7 +64,7 @@ class Results: parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) parser.add_argument("-b", "--basedir", help="directory to use for temp files", type=str, default="/tmp/aflpp-benchmark") parser.add_argument("-d", "--debug", help="show verbose debugging output", action="store_true") -parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=5) +parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=3) parser.add_argument("-f", "--fuzzers", help="how many afl-fuzz workers to use", type=int, default=cpu_count) parser.add_argument("-m", "--mode", help="pick modes", action="append", default=["multicore"], choices=mode_names) parser.add_argument("-c", "--comment", help="add a comment about your setup", type=str, default="") From 3bfd194d469c04da7c74a3964bf31ef40605a178 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Mon, 2 Oct 2023 04:33:16 -0700 Subject: [PATCH 174/357] benchmark: notebook wording tweaks --- benchmark/benchmark.ipynb | 87 ++++++++++++++++++++++----------------- 1 file changed, 49 insertions(+), 38 deletions(-) diff --git a/benchmark/benchmark.ipynb b/benchmark/benchmark.ipynb index 7ff90fcdfc..e4c29f2f82 100644 --- a/benchmark/benchmark.ipynb +++ b/benchmark/benchmark.ipynb @@ -2,7 +2,7 @@ "cells": [ { "cell_type": "code", - "execution_count": 12, + "execution_count": 40, "metadata": {}, "outputs": [], "source": [ @@ -27,7 +27,7 @@ }, { "cell_type": "code", - "execution_count": 13, + "execution_count": 41, "metadata": {}, "outputs": [ { @@ -89,7 +89,7 @@ }, { "cell_type": "code", - "execution_count": 14, + "execution_count": 42, "metadata": {}, "outputs": [ { @@ -371,7 +371,7 @@ "[5 rows x 37 columns]" ] }, - "execution_count": 14, + "execution_count": 42, "metadata": {}, "output_type": "execute_result" } @@ -388,23 +388,14 @@ "source": [ "### Graph prep\n", "\n", - "We're looking for a line graph showing lines for the following cases:\n", - "\n", - "* For each mode:\n", - " * For each target:\n", - " * persistent off, system off\n", - " * persistent on, system off\n", - " * persistent off, system on\n", - " * persistent on, system on\n", - "\n", - "where the x-axis is number of cores, and the y-axis is either afl_execs_per_sec or total_execs_per_sec (I'm not yet sure which is a better metric to use).\n", + "We're looking for a line graph showing lines for each fuzz target, in both singlecore and multicore modes, in each config setting -- where the x-axis is number of cores, and the y-axis is either afl_execs_per_sec or total_execs_per_sec (I'm not yet sure which is a better metric to use).\n", "\n", "But first, a mini test harness by checking that the number of rows matched what we'd intuitively expect:" ] }, { "cell_type": "code", - "execution_count": 15, + "execution_count": 43, "metadata": {}, "outputs": [], "source": [ @@ -418,7 +409,7 @@ }, { "cell_type": "code", - "execution_count": 16, + "execution_count": 44, "metadata": {}, "outputs": [], "source": [ @@ -470,13 +461,13 @@ }, { "cell_type": "code", - "execution_count": 17, + "execution_count": 45, "metadata": {}, "outputs": [ { "data": { "image/svg+xml": [ - "1234567891011121314151617181920212223242526272829303132333435361x26x51x75x100x125xConfigurationMulticore: Non-persistent mode + kernel configMulticore: Persistent mode/shared memory + kernel configMulticore: Persistent mode/shared memory without kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configSinglecore: Non-persistent mode + kernel configSinglecore: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" + "1234567891011121314151617181920212223242526272829303132333435361x26x51x75x100x125xConfigurationMulticore: Non-persistent mode + kernel configMulticore: Persistent mode/shared memory + kernel configMulticore: Persistent mode/shared memory without kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configSinglecore: Non-persistent mode + kernel configSinglecore: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" ] }, "metadata": {}, @@ -518,7 +509,7 @@ }, { "cell_type": "code", - "execution_count": 18, + "execution_count": 46, "metadata": {}, "outputs": [ { @@ -659,7 +650,7 @@ "5.0 135613.26 " ] }, - "execution_count": 18, + "execution_count": 46, "metadata": {}, "output_type": "execute_result" } @@ -677,7 +668,7 @@ }, { "cell_type": "code", - "execution_count": 19, + "execution_count": 47, "metadata": {}, "outputs": [ { @@ -690,18 +681,25 @@ "#### test-instr vs. test-instr-persist-shmem\n", "\n", "This graph is scaled so that the single-core, non-persistent-mode performance (11038 execs per second) is\n", - "represented as 1.0x. If you build and run a fuzzer without creating a persistent mode harness for it, and without running fuzzers in parallel, this is the performance\n", + "represented as **1.0x**. If you build and run a fuzzer without creating a persistent mode harness for it, and without running fuzzers in parallel, this is the performance\n", "you get on this machine.\n", "\n", "#### Multicore test-instr\n", "\n", - "By running as many parallel fuzzers are there are CPU threads, we can reach 103765 execs per second, which is 9.4x that base speed.\n", + "By running as many parallel fuzzers are there are CPU threads, we can reach 103765 execs per second, which is **9.4x** that base speed.\n", "\n", "#### Persistent mode + shared memory\n", "\n", - "By modifying the harness to use persistent mode as described [here](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md#4-persistent-mode),\n", - "we end up with 12.3x base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", - "the harness to use persistent mode, it is better (at least on this machine) to use persistent mode on a single core, than to use non-persistent mode on every core.\n", + "##### Singlecore\n", + "\n", + "By modifying the harness to use persistent mode with shared memory as described [here](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md#4-persistent-mode),\n", + "we end up with **12.3x** base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", + "the harness to use persistent mode on a single core, it is better (at least on this machine) to use persistent mode on a single core, than to use non-persistent mode on all cores.\n", + "\n", + "##### Multicore\n", + "\n", + "By scaling up that persistent mode with shared memory harness across cores, and with kernel mitigations still turned on (see next section), we get to\n", + "**75.6x** base speed.\n", "\n", "#### Kernel config\n", "\n", @@ -716,6 +714,9 @@ "Or if we want to think in terms of cores, then the average number of execs gained per core in the initial eight is 115588 execs per sec, but the loss due to\n", "mitigations is 368476 execs per sec, which is the averaged performance of 3.2 cores.\n", "\n", + "With kernel mitigations turned off, we reach our highest available total_execs_per_sec speed on this machine, which is **109.0x** higher\n", + "than where we started from.\n", + "\n", "#### afl_execs_per_sec vs. total_execs_per_sec\n", "\n", "* The purple line at the top is measuring `afl_execs_per_sec`. This is afl's own measurement of the speed of each fuzzer process, from the `out/fuzzer/fuzzer_stats` file.\n", @@ -736,7 +737,7 @@ "" ] }, - "execution_count": 19, + "execution_count": 47, "metadata": {}, "output_type": "execute_result" } @@ -765,18 +766,25 @@ "#### test-instr vs. test-instr-persist-shmem\n", "\n", "This graph is scaled so that the single-core, non-persistent-mode performance ({int(singlecore_base_execs)} execs per second) is\n", - "represented as 1.0x. If you build and run a fuzzer without creating a persistent mode harness for it, and without running fuzzers in parallel, this is the performance\n", + "represented as **1.0x**. If you build and run a fuzzer without creating a persistent mode harness for it, and without running fuzzers in parallel, this is the performance\n", "you get on this machine.\n", "\n", "#### Multicore test-instr\n", "\n", - "By running as many parallel fuzzers are there are CPU threads, we can reach {int(multicore_base_max_execs)} execs per second, which is {factor_for_execs(multicore_base_max_execs)}x that base speed.\n", + "By running as many parallel fuzzers are there are CPU threads, we can reach {int(multicore_base_max_execs)} execs per second, which is **{factor_for_execs(multicore_base_max_execs)}x** that base speed.\n", "\n", "#### Persistent mode + shared memory\n", "\n", - "By modifying the harness to use persistent mode as described [here](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md#4-persistent-mode),\n", - "we end up with {factor_for_execs(singlecore_persist_execs)}x base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", - "the harness to use persistent mode, it is better (at least on this machine) to use persistent mode on a single core, than to use non-persistent mode on every core.\n", + "##### Singlecore\n", + "\n", + "By modifying the harness to use persistent mode with shared memory as described [here](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md#4-persistent-mode),\n", + "we end up with **{factor_for_execs(singlecore_persist_execs)}x** base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", + "the harness to use persistent mode on a single core, it is better (at least on this machine) to use persistent mode on a single core, than to use non-persistent mode on all cores.\n", + "\n", + "##### Multicore\n", + "\n", + "By scaling up that persistent mode with shared memory harness across cores, and with kernel mitigations still turned on (see next section), we get to\n", + "**{factor_for_execs(multicore_max_execs_mitigations_on)}x** base speed.\n", "\n", "#### Kernel config\n", "\n", @@ -791,6 +799,9 @@ "Or if we want to think in terms of cores, then the average number of execs gained per core in the initial eight is {int(multicore_avg_gain_per_core)} execs per sec, but the loss due to\n", "mitigations is {mitigations_off_increase} execs per sec, which is the averaged performance of {round(mitigations_off_increase / multicore_avg_gain_per_core, 1)} cores.\n", "\n", + "With kernel mitigations turned off, we reach our highest available total_execs_per_sec speed on this machine, which is **{factor_for_execs(multicore_max_execs_mitigations_off)}x** higher\n", + "than where we started from.\n", + "\n", "#### afl_execs_per_sec vs. total_execs_per_sec\n", "\n", "* The purple line at the top is measuring `afl_execs_per_sec`. This is afl's own measurement of the speed of each fuzzer process, from the `out/fuzzer/fuzzer_stats` file.\n", @@ -820,7 +831,7 @@ }, { "cell_type": "code", - "execution_count": 20, + "execution_count": 48, "metadata": {}, "outputs": [ { @@ -955,7 +966,7 @@ "149 6.15 " ] }, - "execution_count": 20, + "execution_count": 48, "metadata": {}, "output_type": "execute_result" } @@ -967,7 +978,7 @@ }, { "cell_type": "code", - "execution_count": 21, + "execution_count": 49, "metadata": {}, "outputs": [ { @@ -1029,7 +1040,7 @@ "153 True Multicore: afl_execs: Persistent mode/shared m... " ] }, - "execution_count": 21, + "execution_count": 49, "metadata": {}, "output_type": "execute_result" } @@ -1041,13 +1052,13 @@ }, { "cell_type": "code", - "execution_count": 22, + "execution_count": 50, "metadata": {}, "outputs": [ { "data": { "image/svg+xml": [ - "510152025303540455055606570758085909510010511011512012513013514014515015516016517017518018519019520010x36x62x89x115x141xConfigurationMulticore: Persistent mode/shared memory + kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" + "510152025303540455055606570758085909510010511011512012513013514014515015516016517017518018519019520010x36x62x89x115x141xConfigurationMulticore: Persistent mode/shared memory + kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" ] }, "metadata": {}, From 9a9dbaff72b127cbb974afa4c1781cf8bc015d15 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 2 Oct 2023 14:41:47 +0200 Subject: [PATCH 175/357] remove old credits --- src/afl-performance.c | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/src/afl-performance.c b/src/afl-performance.c index 0450741051..07c1b5272e 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -1,24 +1,3 @@ -/* - Written in 2019 by David Blackman and Sebastiano Vigna (vigna@acm.org) - - To the extent possible under law, the author has dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - - See . - - This is xoshiro256++ 1.0, one of our all-purpose, rock-solid generators. - It has excellent (sub-ns) speed, a state (256 bits) that is large - enough for any parallel application, and it passes all tests we are - aware of. - - For generating just floating-point numbers, xoshiro256+ is even faster. - - The state must be seeded so that it is not everywhere zero. If you have - a 64-bit seed, we suggest to seed a splitmix64 generator and use its - output to fill s[]. -*/ - #include #include "afl-fuzz.h" #include "types.h" From d9462657a892311f818330c9df128af09e704ae2 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 2 Oct 2023 15:02:24 +0200 Subject: [PATCH 176/357] urandom --- instrumentation/afl-compiler-rt.o.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 723b946b10..85ee9f717d 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -666,8 +666,8 @@ static void __afl_map_shm(void) { } if (id_str) { - - if ((__afl_dummy_fd[1] = open("/dev/null", O_WRONLY)) < 0) { + // /dev/null doesn't work so we use /dev/urandom + if ((__afl_dummy_fd[1] = open("/dev/urandom", O_WRONLY)) < 0) { if (pipe(__afl_dummy_fd) < 0) { __afl_dummy_fd[1] = 1; } From 1f7f1eff4323720997079d468c9a55096ac2fc3e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 2 Oct 2023 15:52:11 +0200 Subject: [PATCH 177/357] fix addseeds test --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 0a6755d787..2538f4a4b6 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1346,7 +1346,7 @@ int main(int argc, char **argv_orig, char **envp) { } - if (strcmp(afl->sync_id, "addseeds") == 0) { + if (afl->sync_id && strcmp(afl->sync_id, "addseeds") == 0) { FATAL("-M/-S name 'addseeds' is a reserved name, choose something else"); From d97c7e42584e2c1e094a7c57fa469bf3b5b46b21 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 3 Oct 2023 11:14:59 +0200 Subject: [PATCH 178/357] nits --- GNUmakefile.llvm | 2 +- instrumentation/afl-compiler-rt.o.c | 1 + src/afl-fuzz-stats.c | 11 ++++++----- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 65786d8b0e..0845ae3a20 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -46,7 +46,7 @@ LLVMVER = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 ) -LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[7-9]' && echo 1 || echo 0 ) +LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[8-9]|^2[0-9]' && echo 1 || echo 0 ) LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9]\.|^1[012]\.' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_NEWER_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[6-9]' && echo 1 || echo 0 ) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 85ee9f717d..c3197c8a34 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -666,6 +666,7 @@ static void __afl_map_shm(void) { } if (id_str) { + // /dev/null doesn't work so we use /dev/urandom if ((__afl_dummy_fd[1] = open("/dev/urandom", O_WRONLY)) < 0) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index adf04420f6..81628a8625 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -817,17 +817,18 @@ void show_stats_normal(afl_state_t *afl) { if (afl->fsrv.nyx_mode) { snprintf(banner + banner_pad, sizeof(banner) - banner_pad, - "%s%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s] - Nyx", - afl->crash_mode ? cPIN : cYEL, fuzzer_name, - si, afl->use_banner, afl->power_name); + "%s%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN + "[%s] - Nyx", + afl->crash_mode ? cPIN : cYEL, fuzzer_name, si, afl->use_banner, + afl->power_name); } else { #endif snprintf(banner + banner_pad, sizeof(banner) - banner_pad, "%s%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s]", - afl->crash_mode ? cPIN : cYEL, fuzzer_name, - si, afl->use_banner, afl->power_name); + afl->crash_mode ? cPIN : cYEL, fuzzer_name, si, afl->use_banner, + afl->power_name); #ifdef __linux__ From 8eaa590c59e3694e1fdad0aca7bf3f809f8df727 Mon Sep 17 00:00:00 2001 From: Theodor Arsenij Date: Tue, 3 Oct 2023 13:54:19 +0300 Subject: [PATCH 179/357] Use sync_id instead of use_banner while building statsd metric messages --- src/afl-fuzz-statsd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-statsd.c b/src/afl-fuzz-statsd.c index e835c8ea2f..2e42ea9b7f 100644 --- a/src/afl-fuzz-statsd.c +++ b/src/afl-fuzz-statsd.c @@ -223,7 +223,7 @@ int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) { char tags[MAX_TAG_LEN * 2] = {0}; if (afl->statsd_tags_format) { - snprintf(tags, MAX_TAG_LEN * 2, afl->statsd_tags_format, afl->use_banner, + snprintf(tags, MAX_TAG_LEN * 2, afl->statsd_tags_format, afl->sync_id, VERSION); } From c622e4c5652b8a3dca8ad057d8c5c2130f735867 Mon Sep 17 00:00:00 2001 From: coco Date: Wed, 4 Oct 2023 12:29:41 -0700 Subject: [PATCH 180/357] Make fuzzer_stats update atomic This writes fuzzer_stats to a temp file and then atomically renames the temp file into fuzzer_stats so that any read on fuzzer_stats will always return a consistent view of the AFL state (otherwise there is a very low change of AFL's write and $tool's reads to race and yield inconsistent results). --- src/afl-fuzz-stats.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 81628a8625..66e32e78ed 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -250,11 +250,13 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, #endif u64 cur_time = get_cur_time(); - u8 fn[PATH_MAX]; + u8 fn_tmp[PATH_MAX]; + u8 fn_final[PATH_MAX]; FILE *f; - snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); - f = create_ffile(fn); + snprintf(fn_tmp, PATH_MAX, "%s/.fuzzer_stats_tmp", afl->out_dir); + snprintf(fn_final, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); + f = create_ffile(fn_tmp); /* Keep last values in case we're called from another context where exec/sec stats and such are not readily available. */ @@ -412,6 +414,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, } fclose(f); + rename(fn_tmp, fn_final); } From 48bff70cdd7fb7aa8333533e01a372205c670a4f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 6 Oct 2023 18:53:44 +0200 Subject: [PATCH 181/357] add AFL_NO_CFG_FUZZING to env list --- TODO.md | 1 + include/envs.h | 1 + 2 files changed, 2 insertions(+) diff --git a/TODO.md b/TODO.md index ac24fe071b..12da6026fe 100644 --- a/TODO.md +++ b/TODO.md @@ -2,6 +2,7 @@ ## Should + - cmplog rtn sanity check on fixed length - afl-showmap -f support - afl-fuzz multicore wrapper script - add value_profile but only enable after 15 minutes without finds diff --git a/include/envs.h b/include/envs.h index 4259d6ddd5..734b1707ae 100644 --- a/include/envs.h +++ b/include/envs.h @@ -179,6 +179,7 @@ static char *afl_environment_variables[] = { "AFL_NO_COLOUR", #endif "AFL_NO_CPU_RED", + "AFL_NO_CFG_FUZZING", // afl.rs rust crate option "AFL_NO_CRASH_README", "AFL_NO_FORKSRV", "AFL_NO_UI", From af18f2c7325551e8045a6156cb5b0ed2f4841dbf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 8 Oct 2023 09:39:10 +0200 Subject: [PATCH 182/357] update todos --- TODO.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/TODO.md b/TODO.md index 12da6026fe..aa43531781 100644 --- a/TODO.md +++ b/TODO.md @@ -1,15 +1,19 @@ # TODO list for AFL++ -## Should +## Must - - cmplog rtn sanity check on fixed length + - adapt MOpt to new mutation engine + - Update afl->pending_not_fuzzed for MOpt + - cmplog rtn sanity check on fixed length? - afl-showmap -f support - afl-fuzz multicore wrapper script - - add value_profile but only enable after 15 minutes without finds + +## Should + + - add value_profile but only enable after 15 minutes without finds? - afl-crash-analysis - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values - - Update afl->pending_not_fuzzed for MOpt - afl-plot to support multiple plot_data - parallel builds for source-only targets - get rid of check_binary, replace with more forkserver communication @@ -28,8 +32,7 @@ QEMU mode/FRIDA mode: - non colliding instrumentation - rename qemu specific envs to AFL_QEMU (AFL_ENTRYPOINT, AFL_CODE_START/END, AFL_COMPCOV_LEVEL?) - - add AFL_QEMU_EXITPOINT (maybe multiple?), maybe pointless as there is - persistent mode + - add AFL_QEMU_EXITPOINT (maybe multiple?) ## Ideas From 9db9cc80e39789a2b4fd11a4631576c9a0cbb0d8 Mon Sep 17 00:00:00 2001 From: toka Date: Sat, 14 Oct 2023 11:14:10 +0200 Subject: [PATCH 183/357] EarlyEPCallback for llvm16 --- instrumentation/SanitizerCoveragePCGUARD.so.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 98c5973cf9..4f81ac4fe6 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -214,7 +214,11 @@ llvmGetPassPluginInfo() { #if LLVM_VERSION_MAJOR == 13 using OptimizationLevel = typename PassBuilder::OptimizationLevel; #endif - PB.registerOptimizerLastEPCallback( +#if LLVM_VERSION_MAJOR >= 16 + PB.registerOptimizerEarlyEPCallback( +#else + PB.registerOptimizerLastEPCallback() +#endif [](ModulePassManager &MPM, OptimizationLevel OL) { MPM.addPass(ModuleSanitizerCoverageAFL()); From 943fa7eb7385376f96073421a1a5d7811dd613ec Mon Sep 17 00:00:00 2001 From: toka Date: Sat, 14 Oct 2023 12:48:58 +0200 Subject: [PATCH 184/357] bracket --- instrumentation/SanitizerCoveragePCGUARD.so.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 4f81ac4fe6..588eb95057 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -217,7 +217,7 @@ llvmGetPassPluginInfo() { #if LLVM_VERSION_MAJOR >= 16 PB.registerOptimizerEarlyEPCallback( #else - PB.registerOptimizerLastEPCallback() + PB.registerOptimizerLastEPCallback( #endif [](ModulePassManager &MPM, OptimizationLevel OL) { From 92ac2c228c66d71f0a6e4f3ece3397653d0027a9 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 16 Oct 2023 16:45:30 +0200 Subject: [PATCH 185/357] typo --- instrumentation/afl-llvm-pass.so.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index c59324fdfd..052488a9ab 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -552,7 +552,7 @@ bool AFLCoverage::runOnModule(Module &M) { #endif { - // load the context ID of the previous function and write to to a + // load the context ID of the previous function and write to a // local variable on the stack LoadInst *PrevCtxLoad = IRB.CreateLoad( #if LLVM_VERSION_MAJOR >= 14 @@ -634,7 +634,7 @@ bool AFLCoverage::runOnModule(Module &M) { /* There is a problem with Ubuntu 18.04 and llvm 6.0 (see issue #63). The inline function successors() is not inlined and also not found at runtime - :-( As I am unable to detect Ubuntu18.04 heree, the next best thing is to + :-( As I am unable to detect Ubuntu18.04 here, the next best thing is to disable this optional optimization for LLVM 6.0.0 and Linux */ #if !(LLVM_VERSION_MAJOR == 6 && LLVM_VERSION_MINOR == 0) || !defined __linux__ // only instrument if this basic block is the destination of a previous From bfb841d01383a4801a28b007c5f7039f2f28bef9 Mon Sep 17 00:00:00 2001 From: "Christian Holler (:decoder)" Date: Fri, 20 Oct 2023 00:07:35 +0200 Subject: [PATCH 186/357] Use proper AFL_NYX_AUX_SIZE for nyx_aux_string --- include/forkserver.h | 1 + src/afl-forkserver.c | 12 +++++++++--- src/afl-fuzz-bitmap.c | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/include/forkserver.h b/include/forkserver.h index 5e498c5635..f6230fe8c4 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -197,6 +197,7 @@ typedef struct afl_forkserver { u32 nyx_id; /* nyx runner id (0 -> master) */ u32 nyx_bind_cpu_id; /* nyx runner cpu id */ char *nyx_aux_string; + u32 nyx_aux_string_len; bool nyx_use_tmp_workdir; char *nyx_tmp_workdir_path; s32 nyx_log_fd; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 07f5a1a94b..9b710733ce 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -615,8 +615,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (getenv("AFL_NYX_AUX_SIZE") != NULL) { + fsrv->nyx_aux_string_len = atoi(getenv("AFL_NYX_AUX_SIZE")); + if (fsrv->nyx_handlers->nyx_config_set_aux_buffer_size( - nyx_config, atoi(getenv("AFL_NYX_AUX_SIZE"))) != 1) { + nyx_config, fsrv->nyx_aux_string_len) != 1) { NYX_PRE_FATAL(fsrv, "Invalid AFL_NYX_AUX_SIZE value set (must be a multiple " @@ -624,6 +626,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + fsrv->nyx_aux_string_len = 0x1000; + } if (getenv("AFL_NYX_REUSE_SNAPSHOT") != NULL) { @@ -697,8 +703,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0); fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner); - fsrv->nyx_aux_string = malloc(0x1000); - memset(fsrv->nyx_aux_string, 0, 0x1000); + fsrv->nyx_aux_string = malloc(fsrv->nyx_aux_string_len); + memset(fsrv->nyx_aux_string, 0, fsrv->nyx_aux_string_len); /* dry run */ fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4); diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 0429db34ed..d76158ced5 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -866,7 +866,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); } u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string( - afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000); + afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, afl->fsrv.nyx_aux_string_len); ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log); close(fd); From 389c88c0f3d33974e2efb79114ee2d16b8570102 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 21 Oct 2023 15:28:34 +0200 Subject: [PATCH 187/357] update unicorn --- TODO.md | 2 +- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/TODO.md b/TODO.md index aa43531781..9bdb2c5518 100644 --- a/TODO.md +++ b/TODO.md @@ -4,7 +4,7 @@ - adapt MOpt to new mutation engine - Update afl->pending_not_fuzzed for MOpt - - cmplog rtn sanity check on fixed length? + - cmplog rtn sanity check on fixed length? + no length 1 - afl-showmap -f support - afl-fuzz multicore wrapper script diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index 1c8e571fc0..51878a56f3 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -f2cede37 +f607118f diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index f2cede37a7..f607118fc1 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit f2cede37a75bbd4a9b9438f0277727b5d4620572 +Subproject commit f607118fc10e5225da751385075792e24133a130 From 4cdf7a1e3e351f10537683d49a08181b6c1576cc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 23 Oct 2023 18:03:59 +0200 Subject: [PATCH 188/357] add scale encode mode for cmplog --- include/afl-fuzz.h | 2 +- src/afl-fuzz-redqueen.c | 263 ++++++++++++++++++++++++++++++++++++---- src/afl-fuzz.c | 4 + 3 files changed, 244 insertions(+), 25 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 217a720ad5..8112d430e2 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -675,7 +675,7 @@ typedef struct afl_state { u32 cmplog_max_filesize; u32 cmplog_lvl; u32 colorize_success; - u8 cmplog_enable_arith, cmplog_enable_transform, + u8 cmplog_enable_arith, cmplog_enable_transform, cmplog_enable_scale, cmplog_enable_xtreme_transform, cmplog_random_colorization; struct afl_pass_stat *pass_stats; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index db4991dbf8..b6c54df27f 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -40,7 +40,7 @@ enum { IS_FP = 8, // is a floating point, not an integer /* --- below are internal settings, not from target cmplog */ IS_FP_MOD = 16, // arithemtic changed floating point - IS_INT_MOD = 32, // arithmetic changed interger + IS_INT_MOD = 32, // arithmetic changed integer IS_TRANSFORM = 64 // transformed integer }; @@ -775,6 +775,13 @@ static u32 to_base64(u8 *src, u8 *dst, u32 dst_len) { } +#ifdef WORD_SIZE_64 +static u8 cmp_extend_encodingN(afl_state_t *afl, struct cmp_header *h, + u128 pattern, u128 repl, u128 o_pattern, + u128 changed_val, u8 attr, u32 idx, + u32 taint_len, u8 *orig_buf, u8 *buf, u8 *cbuf, + u32 len, u8 do_reverse, u8 lvl, u8 *status); +#endif static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, u64 pattern, u64 repl, u64 o_pattern, u64 changed_val, u8 attr, u32 idx, u32 taint_len, @@ -807,6 +814,29 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, hshape, attr); */ + u8 bytes; + + switch (hshape) { + + case 0: + case 1: + bytes = 1; + break; + case 2: + bytes = 2; + break; + case 3: + case 4: + bytes = 4; + break; + default: + bytes = 8; + + } + + // necessary for preventing heap access overflow + bytes = MIN(bytes, len - idx); + // reverse atoi()/strnu?toll() is expensive, so we only to it in lvl 3 if (afl->cmplog_enable_transform && (lvl & LVL3)) { @@ -895,29 +925,6 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, if (pattern != o_pattern && repl == changed_val && attr <= IS_EQUAL) { u64 b_val, o_b_val, mask; - u8 bytes; - - switch (hshape) { - - case 0: - case 1: - bytes = 1; - break; - case 2: - bytes = 2; - break; - case 3: - case 4: - bytes = 4; - break; - default: - bytes = 8; - - } - - // necessary for preventing heap access overflow - bytes = MIN(bytes, len - idx); - switch (bytes) { case 0: // cannot happen @@ -1285,6 +1292,125 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } + // If 'S' is set for cmplog mode then we try a scale encoding of the value. + // Currently we can only handle bytes up to 1 << 55 + + if (attr < IS_FP && attr < 32 && (afl->cmplog_enable_scale || lvl >= LVL3)) { + + u8 do_call = 1; + u64 new_val = repl << 2; + u32 saved_hshape = hshape; + + if (changed_val <= 255) { + + // nothing + + } else if (new_val <= 65535) { + + new_val += 1; // two byte mode + hshape = 2; + + } else if (new_val <= 4294967295) { + + new_val += 2; // four byte mode + hshape = 4; + + } else { + +#ifndef WORD_SIZE_64 + if (repl <= 0x00ffffffffffffff { + + new_val = repl << 8; + u8 scale_len = 0; + u64 tmp_val = repl; + while (tmp_val) { + + tmp_val >>= 8; + ++scale_len; + + } // scale_len will be >= 4; + + if (scale_len >= 4) { + + scale_len -= 4; + + } else { + + scale_len = 0; + + }; + + new_val += (scale_len << 2) + 3; + hshape = 8; + + } else { + + do_call = 0; + + } + +#else + { + + u128 new_val = ((u128)repl) << 8; + u8 scale_len = 0; + u128 tmp_val = (u128)repl; + + while (tmp_val) { + + tmp_val >>= 8; + ++scale_len; + + } // scale_len will be >= 4; + + if (scale_len >= 4) { + + scale_len -= 4; + + } else { + + scale_len = 0; + + }; + + new_val += (scale_len << 2) + 3; + hshape = scale_len + 5; + + if (unlikely(cmp_extend_encodingN(afl, h, (u128)pattern, new_val, + (u128)o_pattern, (u128)changed_val, + 32, idx, taint_len, orig_buf, buf, + cbuf, len, 1, lvl, status))) { + + hshape = saved_hshape; + return 1; + + } + + do_call = 0; + + } + +#endif + + } + + if (do_call) { + + if (unlikely(cmp_extend_encoding( + afl, h, pattern, new_val, o_pattern, changed_val, 32, idx, + taint_len, orig_buf, buf, cbuf, len, 1, lvl, status))) { + + hshape = saved_hshape; + return 1; + + } + + } + + hshape = saved_hshape; + + } + // here we add and subract 1 from the value, but only if it is not an // == or != comparison // Bits: 1 = Equal, 2 = Greater, 4 = Lesser, 8 = Float @@ -1551,6 +1677,95 @@ static u8 cmp_extend_encodingN(afl_state_t *afl, struct cmp_header *h, } + if (attr < IS_FP && attr < 32 && + (afl->cmplog_enable_scale || lvl >= LVL3)) { + + u128 new_val = repl << 2; + u128 max_scale = (u128)1 << 120; + u32 saved_hshape = hshape; + + if (new_val <= 255) { + + hshape = 1; + if (unlikely(cmp_extend_encoding(afl, h, (u64)pattern, new_val, + (u64)o_pattern, (u64)changed_val, 32, + idx, taint_len, orig_buf, buf, cbuf, + len, 1, lvl, status))) { + + hshape = saved_hshape; + return 1; + + } + + } else if (new_val <= 65535) { + + new_val += 1; // two byte mode + hshape = 2; + if (unlikely(cmp_extend_encoding(afl, h, (u64)pattern, new_val, + (u64)o_pattern, (u64)changed_val, 32, + idx, taint_len, orig_buf, buf, cbuf, + len, 1, lvl, status))) { + + hshape = saved_hshape; + return 1; + + } + + } else if (new_val <= 4294967295) { + + new_val += 2; // four byte mode + hshape = 4; + if (unlikely(cmp_extend_encoding(afl, h, (u64)pattern, new_val, + (u64)o_pattern, (u64)changed_val, 32, + idx, taint_len, orig_buf, buf, cbuf, + len, 1, lvl, status))) { + + hshape = saved_hshape; + return 1; + + } + + } else if (repl < max_scale) { + + u128 new_val = (u128)repl << 8; + u8 scale_len = 0; + u128 tmp_val = (u128)repl; + while (tmp_val) { + + tmp_val >>= 8; + ++scale_len; + + } // scale_len will be >= 4; + + if (scale_len >= 4) { + + scale_len -= 4; + + } else { + + scale_len = 0; + + }; + + new_val += (scale_len << 2) + 3; + hshape = scale_len + 5; + + if (unlikely(cmp_extend_encodingN(afl, h, (u128)pattern, new_val, + (u128)o_pattern, (u128)changed_val, + 32, idx, taint_len, orig_buf, buf, + cbuf, len, 1, lvl, status))) { + + hshape = saved_hshape; + return 1; + + } + + } + + hshape = saved_hshape; + + } + } return 0; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 2538f4a4b6..9fdd219377 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1152,6 +1152,10 @@ int main(int argc, char **argv_orig, char **envp) { case 'A': afl->cmplog_enable_arith = 1; break; + case 's': + case 'S': + afl->cmplog_enable_scale = 1; + break; case 't': case 'T': afl->cmplog_enable_transform = 1; From cf458a7d25dc3448b94ffe08d3d89531fc8d4818 Mon Sep 17 00:00:00 2001 From: Jesse Schwartzentruber Date: Thu, 19 Oct 2023 17:14:31 -0400 Subject: [PATCH 189/357] Add an env to afl-clang-fast to disable setting rpath if LLVM path isn't recognized --- docs/env_variables.md | 6 ++++++ include/envs.h | 1 + src/afl-cc.c | 27 ++++++++++++++++----------- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index 3bb4e84470..a763651141 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -135,6 +135,12 @@ subset of the settings discussed in section 1, with the exception of: - `TMPDIR` and `AFL_KEEP_ASSEMBLY`, since no temporary assembly files are created. + - LLVM modes compiling C++ will normally set rpath in the binary if LLVM is + not in a usual location (/usr or /lib). Setting `AFL_LLVM_NO_RPATH=1` + disables this behaviour in case it isn't desired. For example, the compiling + toolchain might be in a custom location, but the target machine has LLVM + runtime libs in the search path. + Then there are a few specific features that are only available in instrumentation mode: diff --git a/include/envs.h b/include/envs.h index 734b1707ae..93e49e34c0 100644 --- a/include/envs.h +++ b/include/envs.h @@ -162,6 +162,7 @@ static char *afl_environment_variables[] = { "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE", + "AFL_LLVM_NO_RPATH", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_INSTRUMENT_FILE", "AFL_LLVM_THREADSAFE_INST", diff --git a/src/afl-cc.c b/src/afl-cc.c index 037a5c30cb..5f8f278f0d 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1144,19 +1144,22 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!have_pic) { cc_params[cc_par_cnt++] = "-fPIC"; } - // in case LLVM is installed not via a package manager or "make install" - // e.g. compiled download or compiled from github then its ./lib directory - // might not be in the search path. Add it if so. - u8 *libdir = strdup(LLVM_LIBDIR); - if (plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && - strncmp(libdir, "/lib", 4)) { + if (!getenv("AFL_LLVM_NO_RPATH")) { + // in case LLVM is installed not via a package manager or "make install" + // e.g. compiled download or compiled from github then its ./lib directory + // might not be in the search path. Add it if so. + u8 *libdir = strdup(LLVM_LIBDIR); + if (plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && + strncmp(libdir, "/lib", 4)) { - cc_params[cc_par_cnt++] = "-Wl,-rpath"; - cc_params[cc_par_cnt++] = libdir; + cc_params[cc_par_cnt++] = "-Wl,-rpath"; + cc_params[cc_par_cnt++] = libdir; - } else { + } else { - free(libdir); + free(libdir); + + } } @@ -2289,7 +2292,9 @@ int main(int argc, char **argv, char **envp) { " AFL_LLVM_CTX: use full context sensitive coverage (for " "CLASSIC)\n" " AFL_LLVM_NGRAM_SIZE: use ngram prev_loc count coverage (for " - "CLASSIC)\n"); + "CLASSIC)\n" + " AFL_LLVM_NO_RPATH: disable rpath setting for custom LLVM " + "locations\n"); #ifdef AFL_CLANG_FLTO if (have_lto) From 728401ee690d81a0a73bbb09e3aab271556a5c0a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 24 Oct 2023 11:48:38 +0200 Subject: [PATCH 190/357] dict2file to silently return if AFL_LLVM_DICT2FILE not defined --- instrumentation/afl-llvm-dict2file.so.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 8ee130107b..36d939d919 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -206,7 +206,9 @@ bool AFLdict2filePass::runOnModule(Module &M) { ptr = getenv("AFL_LLVM_DICT2FILE"); - if (!ptr || *ptr != '/') + if (!ptr) { return false; } + + if (*ptr != '/') FATAL("AFL_LLVM_DICT2FILE is not set to an absolute path: %s", ptr); of.open(ptr, std::ofstream::out | std::ofstream::app); From f7fab7915550196366e47204d882886671d5bbf9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 24 Oct 2023 11:52:02 +0200 Subject: [PATCH 191/357] code format --- src/afl-cc.c | 1 + src/afl-fuzz-bitmap.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 5f8f278f0d..c3c677b47c 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1145,6 +1145,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!have_pic) { cc_params[cc_par_cnt++] = "-fPIC"; } if (!getenv("AFL_LLVM_NO_RPATH")) { + // in case LLVM is installed not via a package manager or "make install" // e.g. compiled download or compiled from github then its ./lib directory // might not be in the search path. Add it if so. diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index d76158ced5..568c527442 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -866,7 +866,8 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); } u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string( - afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, afl->fsrv.nyx_aux_string_len); + afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, + afl->fsrv.nyx_aux_string_len); ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log); close(fd); From b22eef4736944bf1010172efa087ef94d1822802 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 24 Oct 2023 12:00:54 +0200 Subject: [PATCH 192/357] fix --- instrumentation/afl-llvm-dict2file.so.cc | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 36d939d919..59b16ca052 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -206,7 +206,16 @@ bool AFLdict2filePass::runOnModule(Module &M) { ptr = getenv("AFL_LLVM_DICT2FILE"); - if (!ptr) { return false; } + if (!ptr) { + +#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ + auto PA = PreservedAnalyses::all(); + return PA; +#else + return true; +#endif + + } if (*ptr != '/') FATAL("AFL_LLVM_DICT2FILE is not set to an absolute path: %s", ptr); From 7210a1c35972244325ceb0d4e357a78de2afb757 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 25 Oct 2023 10:58:05 +0200 Subject: [PATCH 193/357] fix scale --- src/afl-fuzz-redqueen.c | 126 +++++++++++++++++++--------------------- 1 file changed, 59 insertions(+), 67 deletions(-) diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index b6c54df27f..43b5c8bdbd 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -1293,27 +1293,30 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } // If 'S' is set for cmplog mode then we try a scale encoding of the value. - // Currently we can only handle bytes up to 1 << 55 + // Currently we can only handle bytes up to 1 << 55 on 32 bit and 1 << 119 + // on 64 bit systems. + // Caveat: This implementation here works only on little endian systems. - if (attr < IS_FP && attr < 32 && (afl->cmplog_enable_scale || lvl >= LVL3)) { + if (attr < IS_FP && (afl->cmplog_enable_scale || lvl >= LVL3) && + repl == changed_val) { u8 do_call = 1; u64 new_val = repl << 2; - u32 saved_hshape = hshape; + u32 ilen = 0; if (changed_val <= 255) { - // nothing + ilen = 1; } else if (new_val <= 65535) { new_val += 1; // two byte mode - hshape = 2; + ilen = 2; } else if (new_val <= 4294967295) { new_val += 2; // four byte mode - hshape = 4; + ilen = 4; } else { @@ -1341,7 +1344,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, }; new_val += (scale_len << 2) + 3; - hshape = 8; + ilen = scale_len + 5; } else { @@ -1352,7 +1355,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, #else { - u128 new_val = ((u128)repl) << 8; + u128 new_vall = ((u128)repl) << 8; u8 scale_len = 0; u128 tmp_val = (u128)repl; @@ -1373,18 +1376,22 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, }; - new_val += (scale_len << 2) + 3; - hshape = scale_len + 5; + new_vall += (scale_len << 2) + 3; + ilen = scale_len + 5; - if (unlikely(cmp_extend_encodingN(afl, h, (u128)pattern, new_val, - (u128)o_pattern, (u128)changed_val, - 32, idx, taint_len, orig_buf, buf, - cbuf, len, 1, lvl, status))) { + if (ilen <= its_len) { - hshape = saved_hshape; - return 1; + u8 tmpbuf[32]; + memcpy(tmpbuf, buf + idx, ilen); + memcpy(buf + idx, (char *)&new_vall, ilen); - } + if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } + #ifdef CMPLOG_COMBINE + if (*status == 1) { memcpy(cbuf + idx, (char *)&new_vall, ilen); } + #endif + memcpy(buf + idx, tmpbuf, ilen); + + }; do_call = 0; @@ -1396,18 +1403,21 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, if (do_call) { - if (unlikely(cmp_extend_encoding( - afl, h, pattern, new_val, o_pattern, changed_val, 32, idx, - taint_len, orig_buf, buf, cbuf, len, 1, lvl, status))) { + if (ilen <= its_len) { - hshape = saved_hshape; - return 1; + u8 tmpbuf[32]; + memcpy(tmpbuf, buf + idx, ilen); + memcpy(buf + idx, (char *)&new_val, ilen); - } + if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } +#ifdef CMPLOG_COMBINE + if (*status == 1) { memcpy(cbuf + idx, (char *)&new_val, ilen); } +#endif + memcpy(buf + idx, tmpbuf, ilen); - } + }; - hshape = saved_hshape; + } } @@ -1677,57 +1687,33 @@ static u8 cmp_extend_encodingN(afl_state_t *afl, struct cmp_header *h, } + // Scale encoding only works on little endian systems + if (attr < IS_FP && attr < 32 && (afl->cmplog_enable_scale || lvl >= LVL3)) { u128 new_val = repl << 2; u128 max_scale = (u128)1 << 120; - u32 saved_hshape = hshape; + u32 ilen = 0; + u8 do_call = 1; if (new_val <= 255) { - hshape = 1; - if (unlikely(cmp_extend_encoding(afl, h, (u64)pattern, new_val, - (u64)o_pattern, (u64)changed_val, 32, - idx, taint_len, orig_buf, buf, cbuf, - len, 1, lvl, status))) { - - hshape = saved_hshape; - return 1; - - } + ilen = 1; } else if (new_val <= 65535) { new_val += 1; // two byte mode - hshape = 2; - if (unlikely(cmp_extend_encoding(afl, h, (u64)pattern, new_val, - (u64)o_pattern, (u64)changed_val, 32, - idx, taint_len, orig_buf, buf, cbuf, - len, 1, lvl, status))) { - - hshape = saved_hshape; - return 1; - - } + ilen = 2; } else if (new_val <= 4294967295) { new_val += 2; // four byte mode - hshape = 4; - if (unlikely(cmp_extend_encoding(afl, h, (u64)pattern, new_val, - (u64)o_pattern, (u64)changed_val, 32, - idx, taint_len, orig_buf, buf, cbuf, - len, 1, lvl, status))) { - - hshape = saved_hshape; - return 1; - - } + ilen = 4; } else if (repl < max_scale) { - u128 new_val = (u128)repl << 8; + new_val = (u128)repl << 8; u8 scale_len = 0; u128 tmp_val = (u128)repl; while (tmp_val) { @@ -1748,21 +1734,27 @@ static u8 cmp_extend_encodingN(afl_state_t *afl, struct cmp_header *h, }; new_val += (scale_len << 2) + 3; - hshape = scale_len + 5; - - if (unlikely(cmp_extend_encodingN(afl, h, (u128)pattern, new_val, - (u128)o_pattern, (u128)changed_val, - 32, idx, taint_len, orig_buf, buf, - cbuf, len, 1, lvl, status))) { + ilen = scale_len + 5; - hshape = saved_hshape; - return 1; + } else { - } + do_call = 0; } - hshape = saved_hshape; + if (do_call && ilen <= its_len) { + + u8 tmpbuf[32]; + memcpy(tmpbuf, buf + idx, ilen); + memcpy(buf + idx, (char *)&new_val, ilen); + + if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } + #ifdef CMPLOG_COMBINE + if (*status == 1) { memcpy(cbuf + idx, (char *)&new_val, ilen); } + #endif + memcpy(buf + idx, tmpbuf, ilen); + + }; } From 7eafe22d6b31120055c5bf2ef0d3074538513c6c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 25 Oct 2023 16:55:58 +0200 Subject: [PATCH 194/357] add to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index c01750e131..f76a86fc00 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ .test .test2 .vscode +afl-addseeds.8 afl-analyze afl-analyze.8 afl-as From 2230f88887e3e8d1793fdb98f9cd12d3449ba791 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 3 Nov 2023 11:19:14 +0100 Subject: [PATCH 195/357] add --help/--version/... --- afl-persistent-config | 7 ++++++- afl-system-config | 6 +++++- docs/Changelog.md | 2 ++ instrumentation/afl-compiler-rt.o.c | 24 ++++++++++++++---------- src/afl-fuzz.c | 18 ++++++++++++++++-- 5 files changed, 43 insertions(+), 14 deletions(-) diff --git a/afl-persistent-config b/afl-persistent-config index 3abcb866a1..d78db2860a 100755 --- a/afl-persistent-config +++ b/afl-persistent-config @@ -2,7 +2,7 @@ # written by jhertz # -test "$1" = "-h" -o "$1" = "-hh" && { +test "$1" = "-h" -o "$1" = "-hh" -o "$1" = "--help" && { echo 'afl-persistent-config' echo echo $0 @@ -17,6 +17,11 @@ test "$1" = "-h" -o "$1" = "-hh" && { exit 0 } +if [ $# -ne 0 ]; then + echo "ERROR: Unknown option(s): $@" + exit 1 +fi + echo echo "WARNING: This scripts makes permanent configuration changes to the system to" echo " increase the performance for fuzzing. As a result, the system also" diff --git a/afl-system-config b/afl-system-config index e64857eb5c..c633e4e84b 100755 --- a/afl-system-config +++ b/afl-system-config @@ -1,5 +1,5 @@ #!/bin/sh -test "$1" = "-h" -o "$1" = "-hh" && { +test "$1" = "-h" -o "$1" = "-hh" -o "$1" = "--help" && { echo 'afl-system-config by Marc Heuse ' echo echo $0 @@ -13,6 +13,10 @@ test "$1" = "-h" -o "$1" = "-hh" && { echo configuration options. exit 0 } +if [ $# -ne 0 ]; then + echo "ERROR: Unknown option(s): $@" + exit 1 +fi DONE= PLATFORM=`uname -s` diff --git a/docs/Changelog.md b/docs/Changelog.md index 101d380b76..bf1a7d87e5 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,8 @@ - added AFL_IGNORE_SEED_PROBLEMS to skip over seeds that time out instead of exiting with an error message - allow -S/-M naming up to 50 characters (from 24) + - added scale support to CMPLOG (-l S) + - added --version and --help command line parameters - afl-whatsup: - detect instanced that are starting up and show them as such as not dead - now also shows coverage reached diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index c3197c8a34..d6b4d6b47e 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -872,7 +872,7 @@ static void __afl_start_snapshots(void) { if (__afl_debug) { - fprintf(stderr, "target forkserver recv: %08x\n", was_killed); + fprintf(stderr, "DEBUG: target forkserver recv: %08x\n", was_killed); } @@ -1139,7 +1139,7 @@ static void __afl_start_forkserver(void) { if (__afl_debug) { - fprintf(stderr, "target forkserver recv: %08x\n", was_killed); + fprintf(stderr, "DEBUG: target forkserver recv: %08x\n", was_killed); } @@ -1472,6 +1472,7 @@ __attribute__((constructor(1))) void __afl_auto_second(void) { __afl_debug = 1; fprintf(stderr, "DEBUG: debug enabled\n"); + fprintf(stderr, "DEBUG: AFL++ afl-compiler-rt" VERSION "\n"); } @@ -1700,11 +1701,12 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { if (__afl_debug) { - fprintf(stderr, - "Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges) " - "after_fs=%u\n", - start, stop, (unsigned long)(stop - start), - __afl_already_initialized_forkserver); + fprintf( + stderr, + "DEBUG: Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges) " + "after_fs=%u\n", + start, stop, (unsigned long)(stop - start), + __afl_already_initialized_forkserver); } @@ -1802,7 +1804,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { u8 ignore_dso_after_fs = !!getenv("AFL_IGNORE_PROBLEMS_COVERAGE"); if (__afl_debug && ignore_dso_after_fs) { - fprintf(stderr, "Ignoring coverage from dynamically loaded code\n"); + fprintf(stderr, + "DEBUG: Ignoring coverage from dynamically loaded code\n"); } @@ -1872,7 +1875,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { if (__afl_debug) { fprintf(stderr, - "Done __sanitizer_cov_trace_pc_guard_init: __afl_final_loc = %u\n", + "DEBUG: Done __sanitizer_cov_trace_pc_guard_init: __afl_final_loc " + "= %u\n", __afl_final_loc); } @@ -1883,7 +1887,7 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { if (__afl_debug) { - fprintf(stderr, "Reinit shm necessary (+%u)\n", + fprintf(stderr, "DEBUG: Reinit shm necessary (+%u)\n", __afl_final_loc - __afl_map_size); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 2538f4a4b6..6a8a6aae96 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -486,6 +486,22 @@ int main(int argc, char **argv_orig, char **envp) { struct timeval tv; struct timezone tz; + doc_path = access(DOC_PATH, F_OK) != 0 ? (u8 *)"docs" : (u8 *)DOC_PATH; + + if (argc > 1 && strcmp(argv_orig[1], "--version") == 0) { + + printf("afl-fuzz" VERSION "\n"); + exit(0); + + } + + if (argc > 1 && strcmp(argv_orig[1], "--help") == 0) { + + usage(argv_orig[0], 1); + exit(0); + + } + #if defined USE_COLOR && defined ALWAYS_COLORED if (getenv("AFL_NO_COLOR") || getenv("AFL_NO_COLOUR")) { @@ -515,8 +531,6 @@ int main(int argc, char **argv_orig, char **envp) { SAYF(cCYA "afl-fuzz" VERSION cRST " based on afl by Michal Zalewski and a large online community\n"); - doc_path = access(DOC_PATH, F_OK) != 0 ? (u8 *)"docs" : (u8 *)DOC_PATH; - gettimeofday(&tv, &tz); rand_set_seed(afl, tv.tv_sec ^ tv.tv_usec ^ getpid()); From 8338844284a2a1f340d859e7b0871878537a0729 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Sat, 4 Nov 2023 22:01:09 +0100 Subject: [PATCH 196/357] copy 'detect_leaks=0' from ASAN to LSAN fix for issue #1733, set "detect_leaks=0" when ASAN_OPTIONS contains it and LSAN_OPTIONS are not set. --- src/afl-common.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/afl-common.c b/src/afl-common.c index b4143a1b9e..9ba7116d8a 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -103,7 +103,12 @@ void set_sanitizer_defaults() { u8 buf[2048] = ""; if (!have_san_options) { strcpy(buf, default_options); } - strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:malloc_context_size=30:"); + if (have_san_options && NULL != strstr(have_asan_options, "detect_leaks=0")) { + strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=30:"); + } else { + strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:malloc_context_size=30:"); + } + setenv("LSAN_OPTIONS", buf, 1); } From 6ed3f4cfac52d2bef60321bccb236c7c5d215404 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 4 Nov 2023 22:48:27 +0100 Subject: [PATCH 197/357] fix of fix: make sure ASAN_OPTIONS and LSAN_OPTIONS agree on leak detection --- src/afl-common.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/afl-common.c b/src/afl-common.c index 9ba7116d8a..65932e261b 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -98,14 +98,16 @@ void set_sanitizer_defaults() { } /* LSAN does not support abort_on_error=1. (is this still true??) */ + u8 should_detect_leaks = 0; if (!have_lsan_options) { u8 buf[2048] = ""; if (!have_san_options) { strcpy(buf, default_options); } - if (have_san_options && NULL != strstr(have_asan_options, "detect_leaks=0")) { - strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=30:"); + if (have_asan_options && NULL != strstr(have_asan_options, "detect_leaks=0")) { + strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); } else { + should_detect_leaks = 1; strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:malloc_context_size=30:"); } @@ -117,7 +119,11 @@ void set_sanitizer_defaults() { if (!have_lsan_options) { - strcat(default_options, "detect_leaks=0:malloc_context_size=0:"); + if (should_detect_leaks) { + strcat(default_options, "detect_leaks=1:malloc_context_size=30:"); + } else { + strcat(default_options, "detect_leaks=0:malloc_context_size=0:"); + } } From 053334f35d0e8d6eace444781d52504585c69f76 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 6 Nov 2023 10:02:53 +0100 Subject: [PATCH 198/357] fix lsan fix --- src/afl-common.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/afl-common.c b/src/afl-common.c index 65932e261b..ba498b3b04 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -104,11 +104,19 @@ void set_sanitizer_defaults() { u8 buf[2048] = ""; if (!have_san_options) { strcpy(buf, default_options); } - if (have_asan_options && NULL != strstr(have_asan_options, "detect_leaks=0")) { - strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); - } else { - should_detect_leaks = 1; - strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:malloc_context_size=30:"); + if (have_asan_options) { + + if (NULL != strstr(have_asan_options, "detect_leaks=0")) { + + strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); + + } else { + + should_detect_leaks = 1; + strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:malloc_context_size=30:"); + + } + } setenv("LSAN_OPTIONS", buf, 1); @@ -120,9 +128,13 @@ void set_sanitizer_defaults() { if (!have_lsan_options) { if (should_detect_leaks) { + strcat(default_options, "detect_leaks=1:malloc_context_size=30:"); + } else { + strcat(default_options, "detect_leaks=0:malloc_context_size=0:"); + } } From f3d2127fd815bed2ec9dfab981123898d11cea65 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 6 Nov 2023 10:13:59 +0100 Subject: [PATCH 199/357] clang-format 16->17 --- .custom-format.py | 2 +- frida_mode/src/main.c | 8 ++--- include/afl-mutations.h | 2 +- include/xxhash.h | 30 ++++++++-------- instrumentation/cmplog-instructions-pass.cc | 2 +- instrumentation/cmplog-routines-pass.cc | 2 +- instrumentation/cmplog-switches-pass.cc | 2 +- instrumentation/split-switches-pass.so.cc | 2 +- qemu_mode/libqasan/dlmalloc.c | 38 ++++++++++----------- qemu_mode/libqasan/malloc.c | 4 +-- src/afl-fuzz-one.c | 30 ++++++++-------- src/afl-fuzz-redqueen.c | 2 +- utils/libtokencap/libtokencap.so.c | 6 ++-- 13 files changed, 65 insertions(+), 65 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index 3521c05d14..c8075acec7 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -24,7 +24,7 @@ # string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # TODO: for future use -CURRENT_LLVM = os.getenv('LLVM_VERSION', 16) +CURRENT_LLVM = os.getenv('LLVM_VERSION', 17) CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index f11c4b2586..bd7b1351d3 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -49,10 +49,10 @@ extern void __libc_init(void *raw_args, void (*onexit)(void) __unused, int (*slingshot)(int, char **, char **), structors_array_t const *const structors); #else -extern int __libc_start_main(int (*main)(int, char **, char **), int argc, - char **ubp_av, void (*init)(void), - void (*fini)(void), void (*rtld_fini)(void), - void(*stack_end)); +extern int __libc_start_main(int (*main)(int, char **, char **), int argc, + char **ubp_av, void (*init)(void), + void (*fini)(void), void (*rtld_fini)(void), + void(*stack_end)); #endif typedef int (*main_fn_t)(int argc, char **argv, char **envp); diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 98ba6fcf56..d709b90d05 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -1854,7 +1854,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, for (u32 step = 0; step < steps; ++step) { - retry_havoc_step : { + retry_havoc_step: { u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item; diff --git a/include/xxhash.h b/include/xxhash.h index 7bc0a14eec..a8bd6f2709 100644 --- a/include/xxhash.h +++ b/include/xxhash.h @@ -365,7 +365,7 @@ typedef uint32_t XXH32_hash_t; (defined(__cplusplus) || \ (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) /* C99 */)) #include -typedef uint32_t XXH32_hash_t; +typedef uint32_t XXH32_hash_t; #else #include @@ -1082,7 +1082,7 @@ struct XXH64_state_s { #include #define XXH_ALIGN(n) alignas(n) #elif defined(__cplusplus) && (__cplusplus >= 201103L) /* >= C++11 */ - /* In C++ alignas() is a keyword */ + /* In C++ alignas() is a keyword */ #define XXH_ALIGN(n) alignas(n) #elif defined(__GNUC__) #define XXH_ALIGN(n) __attribute__((aligned(n))) @@ -3031,8 +3031,8 @@ XXH64_hashFromCanonical(const XXH64_canonical_t *src) { __STDC_VERSION__ >= 199901L /* >= C99 */ #define XXH_RESTRICT restrict #else - /* Note: it might be useful to define __restrict or __restrict__ for - * some C++ compilers */ + /* Note: it might be useful to define __restrict or __restrict__ for + * some C++ compilers */ #define XXH_RESTRICT /* disable */ #endif @@ -3492,8 +3492,8 @@ XXH_FORCE_INLINE xxh_u64x2 XXH_vec_loadu(const void *ptr) { #define XXH_vec_mulo vec_mulo #define XXH_vec_mule vec_mule #elif defined(__clang__) && XXH_HAS_BUILTIN(__builtin_altivec_vmuleuw) - /* Clang has a better way to control this, we can just use the builtin - * which doesn't swap. */ + /* Clang has a better way to control this, we can just use the builtin + * which doesn't swap. */ #define XXH_vec_mulo __builtin_altivec_vmulouw #define XXH_vec_mule __builtin_altivec_vmuleuw #else @@ -3604,15 +3604,15 @@ XXH_FORCE_INLINE xxh_u64 XXH_mult32to64(xxh_u64 x, xxh_u64 y) { #include #define XXH_mult32to64(x, y) __emulu((unsigned)(x), (unsigned)(y)) #else - /* - * Downcast + upcast is usually better than masking on older compilers - * like GCC 4.2 (especially 32-bit ones), all without affecting newer - * compilers. - * - * The other method, (x & 0xFFFFFFFF) * (y & 0xFFFFFFFF), will AND both - * operands and perform a full 64x64 multiply -- entirely redundant on - * 32-bit. - */ + /* + * Downcast + upcast is usually better than masking on older compilers + * like GCC 4.2 (especially 32-bit ones), all without affecting newer + * compilers. + * + * The other method, (x & 0xFFFFFFFF) * (y & 0xFFFFFFFF), will AND both + * operands and perform a full 64x64 multiply -- entirely redundant on + * 32-bit. + */ #define XXH_mult32to64(x, y) \ ((xxh_u64)(xxh_u32)(x) * (xxh_u64)(xxh_u32)(y)) #endif diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index bca1f92785..9cd1dc59cf 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -90,7 +90,7 @@ class CmpLogInstructions : public ModulePass { #if LLVM_MAJOR >= 11 /* use new pass manager */ PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM); #else - bool runOnModule(Module &M) override; + bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR >= 4 StringRef getPassName() const override { diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index c3fbed8dfa..54e9ddf3ed 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -85,7 +85,7 @@ class CmpLogRoutines : public ModulePass { #if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM); #else - bool runOnModule(Module &M) override; + bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR >= 4 StringRef getPassName() const override { diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index 38de669d3e..01da6da7f6 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -85,7 +85,7 @@ class CmplogSwitches : public ModulePass { #if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM); #else - bool runOnModule(Module &M) override; + bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR < 4 const char *getPassName() const override { diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index dcd896529e..e3dfea0d0a 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -84,7 +84,7 @@ class SplitSwitchesTransform : public ModulePass { #if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM); #else - bool runOnModule(Module &M) override; + bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR >= 4 StringRef getPassName() const override { diff --git a/qemu_mode/libqasan/dlmalloc.c b/qemu_mode/libqasan/dlmalloc.c index b459eb7b35..1919ae26bf 100644 --- a/qemu_mode/libqasan/dlmalloc.c +++ b/qemu_mode/libqasan/dlmalloc.c @@ -771,8 +771,8 @@ MAX_RELEASE_CHECK_RATE default: 4095 unless not HAVE_MMAP #include "/usr/include/malloc.h" #else /* HAVE_USR_INCLUDE_MALLOC_H */ #ifndef STRUCT_MALLINFO_DECLARED - /* HP-UX (and others?) redefines mallinfo unless _STRUCT_MALLINFO is - * defined */ + /* HP-UX (and others?) redefines mallinfo unless _STRUCT_MALLINFO is + * defined */ #define _STRUCT_MALLINFO #define STRUCT_MALLINFO_DECLARED 1 struct mallinfo { @@ -1660,10 +1660,10 @@ extern size_t getpagesize(); #define is_aligned(A) (((size_t)((A)) & (CHUNK_ALIGN_MASK)) == 0) /* the number of bytes to offset an address to align it */ - #define align_offset(A) \ - ((((size_t)(A)&CHUNK_ALIGN_MASK) == 0) \ - ? 0 \ - : ((MALLOC_ALIGNMENT - ((size_t)(A)&CHUNK_ALIGN_MASK)) & \ + #define align_offset(A) \ + ((((size_t)(A) & CHUNK_ALIGN_MASK) == 0) \ + ? 0 \ + : ((MALLOC_ALIGNMENT - ((size_t)(A) & CHUNK_ALIGN_MASK)) & \ CHUNK_ALIGN_MASK)) /* -------------------------- MMAP preliminaries ------------------------- */ @@ -1715,10 +1715,10 @@ static FORCEINLINE int unixmunmap(void *ptr, size_t size) { #define MUNMAP_DEFAULT(a, s) unixmunmap((a), (s)) #else /* MAP_ANONYMOUS */ - /* - Nearly all versions of mmap support MAP_ANONYMOUS, so the following - is unlikely to be needed, but is supplied just in case. - */ + /* + Nearly all versions of mmap support MAP_ANONYMOUS, so the following + is unlikely to be needed, but is supplied just in case. + */ #define MMAP_FLAGS (MAP_PRIVATE) static int dev_zero_fd = -1; /* Cached file descriptor for /dev/zero. */ #define MMAP_DEFAULT(s) \ @@ -1965,7 +1965,7 @@ static FORCEINLINE void x86_clear_lock(int *sl) { #endif /* ... gcc spins locks ... */ - /* How to yield for a spin lock */ + /* How to yield for a spin lock */ #define SPINS_PER_YIELD 63 #if defined(_MSC_VER) #define SLEEP_EX_DURATION 50 /* delay for yield/sleep */ @@ -2008,11 +2008,11 @@ static MLOCK_T malloc_global_mutex = 0; #define CURRENT_THREAD GetCurrentThreadId() #define EQ_OWNER(X, Y) ((X) == (Y)) #else - /* - Note: the following assume that pthread_t is a type that can be - initialized to (casted) zero. If this is not the case, you will need - to somehow redefine these or not use spin locks. - */ + /* + Note: the following assume that pthread_t is a type that can be + initialized to (casted) zero. If this is not the case, you will need + to somehow redefine these or not use spin locks. + */ #define THREAD_ID_T pthread_t #define CURRENT_THREAD pthread_self() #define EQ_OWNER(X, Y) pthread_equal(X, Y) @@ -2169,7 +2169,7 @@ static int pthread_init_lock(MLOCK_T *lk) { #endif /* ... lock types ... */ - /* Common code for all lock types */ + /* Common code for all lock types */ #define USE_LOCK_BIT (2U) #ifndef ACQUIRE_MALLOC_GLOBAL_LOCK @@ -3077,7 +3077,7 @@ static size_t traverse_and_check(mstate m); /* The size of the smallest chunk held in bin with index i */ #define minsize_for_tree_index(i) \ ((SIZE_T_ONE << (((i) >> 1) + TREEBIN_SHIFT)) | \ - (((size_t)((i)&SIZE_T_ONE)) << (((i) >> 1) + TREEBIN_SHIFT - 1))) + (((size_t)((i) & SIZE_T_ONE)) << (((i) >> 1) + TREEBIN_SHIFT - 1))) /* ------------------------ Operations on bin maps ----------------------- */ @@ -3245,7 +3245,7 @@ static size_t traverse_and_check(mstate m); #else /* FOOTERS */ - /* Set foot of inuse chunk to be xor of mstate and seed */ + /* Set foot of inuse chunk to be xor of mstate and seed */ #define mark_inuse_foot(M, p, s) \ (((mchunkptr)((char *)(p) + (s)))->prev_foot = \ ((size_t)(M) ^ mparams.magic)) diff --git a/qemu_mode/libqasan/malloc.c b/qemu_mode/libqasan/malloc.c index d2db3856a8..4448f480c2 100644 --- a/qemu_mode/libqasan/malloc.c +++ b/qemu_mode/libqasan/malloc.c @@ -80,8 +80,8 @@ static unsigned char __tmp_alloc_zone[TMP_ZONE_SIZE]; #else // From dlmalloc.c -void *dlmalloc(size_t); -void dlfree(void *); +void *dlmalloc(size_t); +void dlfree(void *); #define backend_malloc dlmalloc #define backend_free dlfree diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 2003be1ffd..b230699683 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -577,13 +577,13 @@ u8 fuzz_one_original(afl_state_t *afl) { * SIMPLE BITFLIP (+dictionary construction) * *********************************************/ -#define FLIP_BIT(_ar, _b) \ - do { \ - \ - u8 *_arf = (u8 *)(_ar); \ - u32 _bf = (_b); \ - _arf[(_bf) >> 3] ^= (128 >> ((_bf)&7)); \ - \ +#define FLIP_BIT(_ar, _b) \ + do { \ + \ + u8 *_arf = (u8 *)(_ar); \ + u32 _bf = (_b); \ + _arf[(_bf) >> 3] ^= (128 >> ((_bf) & 7)); \ + \ } while (0) /* Single walking bit. */ @@ -2216,7 +2216,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - retry_havoc_step : { + retry_havoc_step: { u32 r = rand_below(afl, rand_max), item; @@ -3703,13 +3703,13 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { * SIMPLE BITFLIP (+dictionary construction) * *********************************************/ -#define FLIP_BIT(_ar, _b) \ - do { \ - \ - u8 *_arf = (u8 *)(_ar); \ - u32 _bf = (_b); \ - _arf[(_bf) >> 3] ^= (128 >> ((_bf)&7)); \ - \ +#define FLIP_BIT(_ar, _b) \ + do { \ + \ + u8 *_arf = (u8 *)(_ar); \ + u32 _bf = (_b); \ + _arf[(_bf) >> 3] ^= (128 >> ((_bf) & 7)); \ + \ } while (0) /* Single walking bit. */ diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 43b5c8bdbd..86e7f1cf16 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -1828,7 +1828,7 @@ static void try_to_add_to_dictN(afl_state_t *afl, u128 v, u8 size) { for (k = 0; k < size; ++k) { #else - u32 off = 16 - size; + u32 off = 16 - size; for (k = 16 - size; k < 16; ++k) { #endif diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index b21f30681d..f4024799c3 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -55,7 +55,7 @@ #elif defined __HAIKU__ #include #elif defined __sun - /* For map addresses the old struct is enough */ +/* For map addresses the old struct is enough */ #include #include #endif @@ -168,7 +168,7 @@ static void __tokencap_load_mappings(void) { #elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__ #if defined __FreeBSD__ - int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, __tokencap_pid}; + int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, __tokencap_pid}; #elif defined __OpenBSD__ int mib[] = {CTL_KERN, KERN_PROC_VMMAP, __tokencap_pid}; #elif defined __NetBSD__ @@ -209,7 +209,7 @@ static void __tokencap_load_mappings(void) { #if defined __FreeBSD__ || defined __NetBSD__ #if defined __FreeBSD__ - size_t size = region->kve_structsize; + size_t size = region->kve_structsize; if (size == 0) break; #elif defined __NetBSD__ From 8ad36af95d9bcfa172d217f0f8ca29c6b24ba78a Mon Sep 17 00:00:00 2001 From: Manuel Carrasco Date: Mon, 6 Nov 2023 17:50:15 +0000 Subject: [PATCH 200/357] Add missing initialisation for havoc_queued during the custom mutator's stage. --- src/afl-fuzz-one.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index b230699683..67dafda8d0 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1894,6 +1894,7 @@ u8 fuzz_one_original(afl_state_t *afl) { LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { if (el->afl_custom_fuzz) { + havoc_queued = afl->queued_items; afl->current_custom_fuzz = el; afl->stage_name = el->name_short; From ac0ad563480e3bf1fb69349e960b7957fffe75df Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 7 Nov 2023 10:31:09 +0100 Subject: [PATCH 201/357] fix dictionary and cmin --- afl-cmin | 32 ++++++++-------- afl-cmin.bash | 86 +++++++++++++++++++++++++------------------ docs/Changelog.md | 2 + src/afl-fuzz-extras.c | 5 ++- 4 files changed, 70 insertions(+), 55 deletions(-) diff --git a/afl-cmin b/afl-cmin index 23532b635a..566f157d92 100755 --- a/afl-cmin +++ b/afl-cmin @@ -259,22 +259,20 @@ BEGIN { # Do a sanity check to discourage the use of /tmp, since we can't really # handle this safely from an awk script. - #if (!ENVIRON["AFL_ALLOW_TMP"]) { - # dirlist[0] = in_dir - # dirlist[1] = target_bin - # dirlist[2] = out_dir - # dirlist[3] = stdin_file - # "pwd" | getline dirlist[4] # current directory - # for (dirind in dirlist) { - # dir = dirlist[dirind] - # - # if (dir ~ /^(\/var)?\/tmp/) { - # print "[-] Error: do not use this script in /tmp or /var/tmp." > "/dev/stderr" - # exit 1 - # } - # } - # delete dirlist - #} + if (!ENVIRON["AFL_ALLOW_TMP"]) { + dirlist[0] = in_dir + dirlist[1] = target_bin + dirlist[2] = out_dir + dirlist[3] = stdin_file + "pwd" | getline dirlist[4] # current directory + for (dirind in dirlist) { + dir = dirlist[dirind] + if (dir ~ /^(\/var)?\/tmp/) { + print "[-] Warning: do not use this script in /tmp or /var/tmp for security reasons." > "/dev/stderr" + } + } + delete dirlist + } if (threads && stdin_file) { print "[-] Error: -T and -f cannot be used together." > "/dev/stderr" @@ -430,7 +428,7 @@ BEGIN { } else { stat_format = "-f '%z %N'" # *BSD, MacOS } - cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r)" + cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r) | grep -Ev '^0'" #cmdline = "ls "in_dir" | (cd "in_dir" && xargs stat "stat_format" 2>/dev/null) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && stat "stat_format" *) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && ls | xargs stat "stat_format" ) | sort -k1n -k2r" diff --git a/afl-cmin.bash b/afl-cmin.bash index b326bee891..fda48fb4c1 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -167,29 +167,28 @@ fi # Do a sanity check to discourage the use of /tmp, since we can't really # handle this safely from a shell script. -#if [ "$AFL_ALLOW_TMP" = "" ]; then -# -# echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' -# T1="$?" -# -# echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' -# T2="$?" -# -# echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' -# T3="$?" -# -# echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' -# T4="$?" -# -# echo "$PWD" | grep -qE '^(/var)?/tmp/' -# T5="$?" -# -# if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then -# echo "[-] Error: do not use this script in /tmp or /var/tmp." 1>&2 -# exit 1 -# fi -# -#fi +if [ "$AFL_ALLOW_TMP" = "" ]; then + + echo "$IN_DIR" | grep -qE '^(/var)?/tmp/' + T1="$?" + + echo "$TARGET_BIN" | grep -qE '^(/var)?/tmp/' + T2="$?" + + echo "$OUT_DIR" | grep -qE '^(/var)?/tmp/' + T3="$?" + + echo "$STDIN_FILE" | grep -qE '^(/var)?/tmp/' + T4="$?" + + echo "$PWD" | grep -qE '^(/var)?/tmp/' + T5="$?" + + if [ "$T1" = "0" -o "$T2" = "0" -o "$T3" = "0" -o "$T4" = "0" -o "$T5" = "0" ]; then + echo "[-] Warning: do not use this script in /tmp or /var/tmp for security reasons." 1>&2 + fi + +fi # If @@ is specified, but there's no -f, let's come up with a temporary input # file name. @@ -423,10 +422,14 @@ if [ "$THREADS" = "" ]; then ls "$IN_DIR" | while read -r fn; do - CUR=$((CUR+1)) - printf "\\r Processing file $CUR/$IN_COUNT... " + if [ -s "$IN_DIR/$fn" ]; then - "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" + CUR=$((CUR+1)) + printf "\\r Processing file $CUR/$IN_COUNT... " + + "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -- "$@" <"$IN_DIR/$fn" + + fi done @@ -434,11 +437,15 @@ if [ "$THREADS" = "" ]; then ls "$IN_DIR" | while read -r fn; do - CUR=$((CUR+1)) - printf "\\r Processing file $CUR/$IN_COUNT... " + if [ -s "$IN_DIR/$fn" ]; then + + CUR=$((CUR+1)) + printf "\\r Processing file $CUR/$IN_COUNT... " + + cp "$IN_DIR/$fn" "$STDIN_FILE" + "$SHOWMAP" -m "$MEM_LIMIT" -t "$TIMEOUT" -o "$TRACE_DIR/$fn" -Z $EXTRA_PAR -H "$STDIN_FILE" -- "$@" extras = afl_realloc((void **)&afl->extras, (afl->extras_cnt + 1) * sizeof(struct extra_data)); + char *hexdigits = "0123456789abcdef"; + if (unlikely(!afl->extras)) { PFATAL("alloc"); } wptr = afl->extras[afl->extras_cnt].data = ck_alloc(rptr - lptr); @@ -184,13 +186,12 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len, while (*lptr) { - char *hexdigits = "0123456789abcdef"; - switch (*lptr) { case 1 ... 31: case 128 ... 255: WARNF("Non-printable characters in line %u.", cur_line); + ++lptr; continue; break; From cfbf1209b532fcaa7d6817d9aac0f161c6819849 Mon Sep 17 00:00:00 2001 From: Jasper Lievisse Adriaanse Date: Thu, 9 Nov 2023 10:08:38 +0000 Subject: [PATCH 202/357] Use direct call to write to OpenBSD The linker on OpenBSD emits a warning when linking this file: warning: syscall() may go away, please rewrite code to use direct calls --- instrumentation/afl-compiler-rt.o.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index c3197c8a34..4d7b1229f7 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -48,7 +48,7 @@ #include #include -#ifndef __HAIKU__ +#if !defined(__HAIKU__) && !defined(__OpenBSD__) #include #endif #ifndef USEMMAP @@ -2253,11 +2253,13 @@ static int area_is_valid(void *ptr, size_t len) { if (unlikely(!ptr || __asan_region_is_poisoned(ptr, len))) { return 0; } -#ifndef __HAIKU__ - long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); -#else +#ifdef __HAIKU__ long r = _kern_write(__afl_dummy_fd[1], -1, ptr, len); -#endif // HAIKU +#elif defined(__OpenBSD__) + long r = write(__afl_dummy_fd[1], ptr, len); +#else + long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); +#endif // HAIKU, OPENBSD if (r <= 0 || r > len) return 0; From 6f8696c3149a08d93c9b61db97f7b23cc6578274 Mon Sep 17 00:00:00 2001 From: Manuel Carrasco Date: Thu, 9 Nov 2023 13:46:41 +0000 Subject: [PATCH 203/357] Fix possible doc inconsistency for custom mutator's queue_get function. --- docs/custom_mutators.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index c5a64622dc..1c4ab2cf1f 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -125,8 +125,9 @@ def deinit(): # optional for Python - `queue_get` (optional): - This method determines whether the custom fuzzer should fuzz the current - queue entry or not + This method determines whether AFL++ should fuzz the current + queue entry or not: all defined custom mutators as well as + all AFL++'s mutators. - `fuzz_count` (optional): From 3fd2e161dbbc6ae91382b23296b590abf567eca9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 9 Nov 2023 15:55:40 +0100 Subject: [PATCH 204/357] update todos --- TODO.md | 8 ++++++++ nyx_mode/QEMU-Nyx | 2 +- unicorn_mode/unicornafl | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/TODO.md b/TODO.md index 9bdb2c5518..3f8855a04b 100644 --- a/TODO.md +++ b/TODO.md @@ -10,7 +10,15 @@ ## Should +<<<<<<< Updated upstream - add value_profile but only enable after 15 minutes without finds? +======= + - afl-showmap -f support + - afl-fuzz multicore wrapper script + - UI revamp + - hardened_usercopy=0 page_alloc.shuffle=0 + - add value_profile but only enable after 15 minutes without finds +>>>>>>> Stashed changes - afl-crash-analysis - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 92ed7cefc1..874fa033d1 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 92ed7cefc1bd043a1230ca74b263b484825c2655 +Subproject commit 874fa033d117a3e9931245cb9e82836a4abc0425 diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index f607118fc1..f2cede37a7 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit f607118fc10e5225da751385075792e24133a130 +Subproject commit f2cede37a75bbd4a9b9438f0277727b5d4620572 From 16993bba8fa359b093d44fe395044bfd392c19f3 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sat, 11 Nov 2023 01:45:13 +0000 Subject: [PATCH 205/357] benchmark: Add support for COMPARISON file --- benchmark/COMPARISON | 8 +- benchmark/benchmark-results.jsonl | 2 + benchmark/benchmark.py | 130 +++++++++++++++++++----------- 3 files changed, 91 insertions(+), 49 deletions(-) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index 55ab94b4d1..d8750e34cb 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -1,4 +1,4 @@ -CPU | Mz | exec/s | afl-*-config | -========================================|======|========|==============| -CPU 12th Gen Intel(R) Core(TM) i7-1270P | 4200 | 12750 | both | -AMD EPYC 7282 16-Core Processor | 3190 | 10060 | both | +CPU | MHz | singlecore | multicore | afl-*-config | +===============================|=======|============|===========|==============| +Apple Mac Studio M2 Ultra 2023 | 3500 | 174386 | 1112585 | both | +Intel(R) Core(TM) i9-9900K CPU | 4999 | 133706 | 1169989 | both | diff --git a/benchmark/benchmark-results.jsonl b/benchmark/benchmark-results.jsonl index eef183846b..1d52402d7d 100644 --- a/benchmark/benchmark-results.jsonl +++ b/benchmark/benchmark-results.jsonl @@ -546,3 +546,5 @@ {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.413, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334191.98, "afl_execs_total": 102894843, "fuzzers_used": 198, "run_end": "2023-10-01 06:31:03.545925", "run_start": "2023-10-01 06:27:53.127882", "total_execs_per_sec": 270150.29, "total_run_time": 380.88}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.521, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 332929.11, "afl_execs_total": 103414536, "fuzzers_used": 199, "run_end": "2023-10-01 06:37:27.645981", "run_start": "2023-10-01 06:34:15.843433", "total_execs_per_sec": 269442.01, "total_run_time": 383.81}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3339.7, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 331957.22, "afl_execs_total": 103934201, "fuzzers_used": 200, "run_end": "2023-10-01 06:43:54.782368", "run_start": "2023-10-01 06:40:41.553700", "total_execs_per_sec": 268674.91, "total_run_time": 386.84}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1172198.55, "afl_execs_total": 12472081, "fuzzers_used": 16, "run_end": "2023-11-11 02:20:21.969027", "run_start": "2023-11-11 02:20:18.282561", "total_execs_per_sec": 1128695.11, "total_run_time": 11.05}, "singlecore": {"afl_execs_per_sec": 172105.52, "afl_execs_total": 779505, "fuzzers_used": 1, "run_end": "2023-11-11 02:20:10.920659", "run_start": "2023-11-11 02:20:09.459765", "total_execs_per_sec": 170570.02, "total_run_time": 4.57}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.583, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1193793.35, "afl_execs_total": 12472080, "fuzzers_used": 16, "run_end": "2023-11-10 10:25:40.047364", "run_start": "2023-11-10 10:25:36.510399", "total_execs_per_sec": 1169988.74, "total_run_time": 10.66}, "singlecore": {"afl_execs_per_sec": 134426.26, "afl_execs_total": 779505, "fuzzers_used": 1, "run_end": "2023-11-10 10:25:29.381317", "run_start": "2023-11-10 10:25:27.420959", "total_execs_per_sec": 133705.83, "total_run_time": 5.83}}}} diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index e0dea29913..6fde621b8b 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -42,8 +42,8 @@ class Config: @dataclass class Hardware: - cpu_fastest_core_mhz: Optional[float] - cpu_model: Optional[str] + cpu_fastest_core_mhz: float + cpu_model: str cpu_threads: int @dataclass @@ -57,80 +57,85 @@ class Results: Target(source=Path("../utils/persistent_mode/test-instr.c").resolve(), binary=Path("test-instr-persist-shmem")), Target(source=Path("../test-instr.c").resolve(), binary=Path("test-instr")) ] -mode_names = [mode.name for mode in all_modes] -target_names = [str(target.binary) for target in all_targets] +modes = [mode.name for mode in all_modes] +targets = [str(target.binary) for target in all_targets] cpu_count = multiprocessing.cpu_count() +env_vars = { + "AFL_BENCH_JUST_ONE": "1", "AFL_DISABLE_TRIM": "1", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", + "AFL_NO_UI": "1", "AFL_TRY_AFFINITY": "1", "PATH": f'{str(Path("../").resolve())}:{os.environ["PATH"]}', +} parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) parser.add_argument("-b", "--basedir", help="directory to use for temp files", type=str, default="/tmp/aflpp-benchmark") parser.add_argument("-d", "--debug", help="show verbose debugging output", action="store_true") parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=3) parser.add_argument("-f", "--fuzzers", help="how many afl-fuzz workers to use", type=int, default=cpu_count) -parser.add_argument("-m", "--mode", help="pick modes", action="append", default=["multicore"], choices=mode_names) +parser.add_argument("-m", "--mode", help="pick modes", action="append", default=modes, choices=modes) parser.add_argument("-c", "--comment", help="add a comment about your setup", type=str, default="") +parser.add_argument("--cpu", help="override the detected CPU model name", type=str, default="") +parser.add_argument("--mhz", help="override the detected CPU MHz", type=str, default="") parser.add_argument( - "-t", "--target", help="pick targets", action="append", default=["test-instr-persist-shmem"], choices=target_names + "-t", "--target", help="pick targets", action="append", default=["test-instr-persist-shmem"], choices=targets ) args = parser.parse_args() # Really unsatisfying argparse behavior: we want a default and to allow multiple choices, but if there's a manual choice # it should override the default. Seems like we have to remove the default to get that and have correct help text? -if len(args.target) > 1: args.target = args.target[1:] -if len(args.mode) > 1: args.mode = args.mode[1:] - -targets = [target for target in all_targets if str(target.binary) in args.target] -modes = [mode for mode in all_modes if mode.name in args.mode] -results = Results(config=None, hardware=None, targets={str(t.binary): {m.name: None for m in modes} for t in targets}) +if len(args.target) > 1: + args.target = args.target[1:] +if len(args.mode) > 2: + args.mode = args.mode[2:] + +chosen_modes = [mode for mode in all_modes if mode.name in args.mode] +chosen_targets = [target for target in all_targets if str(target.binary) in args.target] +results = Results(config=None, hardware=None, targets={ + str(t.binary): {m.name: None for m in chosen_modes} for t in chosen_targets} +) debug = lambda text: args.debug and print(blue(text)) -if Mode.multicore in modes: +if Mode.multicore in chosen_modes: print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") print(blue("(use --fuzzers to override)" if args.fuzzers == cpu_count else f"(the default is {cpu_count})")) async def clean_up_tempfiles() -> None: shutil.rmtree(f"{args.basedir}/in") - for target in targets: + for target in chosen_targets: target.binary.unlink() - for mode in modes: + for mode in chosen_modes: shutil.rmtree(f"{args.basedir}/out-{mode.name}-{str(target.binary)}") async def check_afl_persistent() -> bool: - with open("/proc/cmdline", "r") as cpuinfo: - return "mitigations=off" in cpuinfo.read().split(" ") + with open("/proc/cmdline", "r") as cmdline: + return "mitigations=off" in cmdline.read().strip().split(" ") async def check_afl_system() -> bool: sysctl = next((s for s in ["sysctl", "/sbin/sysctl"] if shutil.which(s)), None) if sysctl: - (returncode, stdout, _) = await run_command([sysctl, "kernel.randomize_va_space"], None) + (returncode, stdout, _) = await run_command([sysctl, "kernel.randomize_va_space"]) return returncode == 0 and stdout.decode().rstrip().split(" = ")[1] == "0" return False -async def prep_env() -> dict: +async def prep_env() -> None: Path(f"{args.basedir}/in").mkdir(exist_ok=True, parents=True) - with open(f"{args.basedir}/in/in.txt", "wb") as seed: seed.write(b"\x00" * 10240) - return { - "AFL_BENCH_JUST_ONE": "1", "AFL_DISABLE_TRIM": "1", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", - "AFL_NO_UI": "1", "AFL_TRY_AFFINITY": "1", "PATH": str(Path("../").resolve()), - } + with open(f"{args.basedir}/in/in.txt", "wb") as seed: + seed.write(b"\x00" * 10240) async def compile_target(source: Path, binary: Path) -> None: print(f" [*] Compiling the {binary} fuzzing harness for the benchmark to use.") (returncode, stdout, stderr) = await run_command( - [str(Path("../afl-clang-lto").resolve()), "-o", str(Path(binary.resolve())), str(Path(source).resolve())], - env={"AFL_LLVM_INSTRUMENT": "PCGUARD"}, + [str(Path("../afl-clang-lto").resolve()), "-o", str(Path(binary.resolve())), str(Path(source).resolve())] ) - if returncode != 0: - print(yellow(f" [*] afl-clang-lto was unable to compile; falling back to afl-cc.")) - + if returncode == 0: + return + print(yellow(f" [*] afl-clang-lto was unable to compile; falling back to afl-cc.")) (returncode, stdout, stderr) = await run_command( - [str(Path("../afl-cc").resolve()), "-o", str(Path(binary.resolve())), str(Path(source).resolve())], - env={"AFL_LLVM_INSTRUMENT": "PCGUARD"}, + [str(Path("../afl-cc").resolve()), "-o", str(Path(binary.resolve())), str(Path(source).resolve())] ) if returncode != 0: sys.exit(red(f" [*] Error: afl-cc is unable to compile: {stderr.decode()} {stdout.decode()}")) -async def run_command(cmd: list[str], env: Union[dict, None]) -> tuple[Union[int, None], bytes, bytes]: - debug(f"Launching command: {cmd} with env {env}") +async def run_command(cmd: list[str]) -> tuple[Union[int, None], bytes, bytes]: + debug(f"Launching command: {cmd} with env {env_vars}") p = await asyncio.create_subprocess_exec( - *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env + *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env_vars ) stdout, stderr = await p.communicate() debug(f"Output: {stdout.decode()} {stderr.decode()}") @@ -142,13 +147,13 @@ async def check_deps() -> None: os.path.exists(Path("../SanitizerCoveragePCGUARD.so").resolve())): sys.exit(red(" [*] Compile AFL++: we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built.")) - (returncode, stdout, stderr) = await run_command([str(Path("../afl-cc").resolve()), "-v"], env={}) + (returncode, stdout, stderr) = await run_command([str(Path("../afl-cc").resolve()), "-v"]) if returncode != 0: sys.exit(red(f" [*] Error: afl-cc -v returned: {stderr.decode()} {stdout.decode()}")) compiler = "" target_arch = "" for line in stderr.decode().split("\n"): - if m := re.match(r"^(clang version .*)", line): + if m := re.match(r"(.* clang version .*?)\s", line): compiler = m.group(1) elif m := re.match(r"^Target: (.*)", line): target_arch = m.group(1) @@ -160,7 +165,6 @@ async def check_deps() -> None: print(yellow(f" [*] afl-persistent-config did not run; run it to improve performance (and decrease security).")) if not afl_sc: print(yellow(f" [*] afl-system-config did not run; run it to improve performance (and decrease security).")) - results.config = Config(afl_persistent_config=afl_pc, afl_system_config=afl_sc, afl_version="", comment=args.comment, compiler=compiler, target_arch=target_arch) @@ -171,12 +175,41 @@ async def colon_values(filename: str, searchKey: str) -> list[str]: v_list = [v.rstrip() for k, v in kv_pairs if k.rstrip() == searchKey] return v_list +async def describe_afl_config() -> str: + if results.config is None: + return "unknown" + elif results.config.afl_persistent_config and results.config.afl_system_config: + return "both" + elif results.config.afl_persistent_config: + return "persistent" + elif results.config.afl_system_config: + return "system" + else: + return "none" + async def save_benchmark_results() -> None: """Append a single row to the benchmark results in JSON Lines format (which is simple to write and diff).""" with open("benchmark-results.jsonl", "a") as jsonfile: json.dump(asdict(results), jsonfile, sort_keys=True) jsonfile.write("\n") print(blue(f" [*] Results have been written to {jsonfile.name}")) + with open("COMPARISON", "a") as comparisonfile: + described_config = await describe_afl_config() + if results.hardware is None: + return + cpu_model = results.hardware.cpu_model.ljust(42) + cpu_mhz = str(round(results.hardware.cpu_fastest_core_mhz)).ljust(5) + if "test-instr-persist-shmem" in results.targets and "multicore" in results.targets["test-instr-persist-shmem"]: + if results.targets["test-instr-persist-shmem"]["singlecore"] is None or \ + results.targets["test-instr-persist-shmem"]["multicore"] is None: + return + single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].total_execs_per_sec)).ljust(10) + multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].total_execs_per_sec)).ljust(9) + if len(cpu_model) > 30: + cpu_model = cpu_model[:30] + comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {single} | {multi} | {described_config.ljust(12)} |\n") + with open("COMPARISON", "r") as comparisonfile: + print(comparisonfile.read()) async def main() -> None: @@ -185,17 +218,24 @@ async def main() -> None: except FileNotFoundError: pass await check_deps() - cpu_mhz_str = await colon_values("/proc/cpuinfo", "cpu MHz") - cpu_mhz = max([float(c) for c in cpu_mhz_str]) # use the fastest CPU MHz for now - cpu_model = await colon_values("/proc/cpuinfo", "model name") - # Only record the first core's speed for now, even though it can vary between cores. + if args.mhz: + cpu_mhz = float(args.mhz) + else: + cpu_mhz_str = await colon_values("/proc/cpuinfo", "cpu MHz") + if len(cpu_mhz_str) == 0: + cpu_mhz_str.append("0") + cpu_mhz = max([float(c) for c in cpu_mhz_str]) # use the fastest CPU MHz for now + if args.cpu: + cpu_model = [args.cpu] + else: + cpu_model = await colon_values("/proc/cpuinfo", "model name") or [""] results.hardware = Hardware(cpu_fastest_core_mhz=cpu_mhz, cpu_model=cpu_model[0], cpu_threads=cpu_count) - env_vars = await prep_env() + await prep_env() print(f" [*] Ready, starting benchmark...") - for target in targets: + for target in chosen_targets: await compile_target(target.source, target.binary) binary = str(target.binary) - for mode in modes: + for mode in chosen_modes: afl_execs_per_sec, execs_total, run_time_total = ([] for _ in range(3)) for run_idx in range(0, args.runs): print(gray(f" [*] {mode.name} {binary} run {run_idx+1} of {args.runs}, execs/s: "), end="", flush=True) @@ -207,7 +247,7 @@ async def main() -> None: cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "-D", f"./{binary}"]) # Prepare the afl-fuzz tasks, and then block while waiting for them to finish. - fuzztasks = [run_command(cmds[cpu], env_vars) for cpu in fuzzers] + fuzztasks = [run_command(cmds[cpu]) for cpu in fuzzers] start_time = datetime.datetime.now() await asyncio.gather(*fuzztasks) end_time = datetime.datetime.now() From 8b79d9b4d5efdf4d0e30a323dd3a169f9a7801c5 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 12 Nov 2023 07:40:58 -0800 Subject: [PATCH 206/357] benchmark: show the number of cores used in COMPARISON --- benchmark/COMPARISON | 8 ++++---- benchmark/benchmark.py | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index d8750e34cb..03a197cd2b 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -1,4 +1,4 @@ -CPU | MHz | singlecore | multicore | afl-*-config | -===============================|=======|============|===========|==============| -Apple Mac Studio M2 Ultra 2023 | 3500 | 174386 | 1112585 | both | -Intel(R) Core(TM) i9-9900K CPU | 4999 | 133706 | 1169989 | both | +CPU | MHz | threads | singlecore | multicore | afl-*-config | +===============================|=======|=========|============|===========|==============| +Apple Mac Studio M2 Ultra 2023 | 3500 | 16 | 174386 | 1112585 | both | +Intel(R) Core(TM) i9-9900K CPU | 4995 | 16 | 133706 | 1169989 | both | diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 6fde621b8b..2601ef0d82 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -195,6 +195,7 @@ async def save_benchmark_results() -> None: print(blue(f" [*] Results have been written to {jsonfile.name}")) with open("COMPARISON", "a") as comparisonfile: described_config = await describe_afl_config() + aflconfig = described_config.ljust(12) if results.hardware is None: return cpu_model = results.hardware.cpu_model.ljust(42) @@ -205,9 +206,10 @@ async def save_benchmark_results() -> None: return single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].total_execs_per_sec)).ljust(10) multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].total_execs_per_sec)).ljust(9) + cores = str(args.fuzzers).ljust(7) if len(cpu_model) > 30: cpu_model = cpu_model[:30] - comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {single} | {multi} | {described_config.ljust(12)} |\n") + comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {cores} | {single} | {multi} | {aflconfig} |\n") with open("COMPARISON", "r") as comparisonfile: print(comparisonfile.read()) From df9f2c4205e98634e23b34eface59f32ba8b7cad Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 12 Nov 2023 08:17:18 -0800 Subject: [PATCH 207/357] benchmark: lower minimum Python version to 3.8 --- benchmark/benchmark.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 2601ef0d82..5b363e16e5 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -1,12 +1,12 @@ #!/usr/bin/env python3 -# Part of the aflplusplus project, requires Python 3.9+. +# Part of the aflplusplus project, requires Python 3.8+. # Author: Chris Ball , ported from Marc "van Hauser" Heuse's "benchmark.sh". import argparse, asyncio, datetime, json, multiprocessing, os, platform, re, shutil, sys from dataclasses import asdict, dataclass from decimal import Decimal from enum import Enum, auto from pathlib import Path -from typing import Optional, Union +from typing import Dict, List, Optional, Tuple blue = lambda text: f"\033[1;94m{text}\033[0m"; gray = lambda text: f"\033[1;90m{text}\033[0m" green = lambda text: f"\033[0;32m{text}\033[0m"; red = lambda text: f"\033[0;31m{text}\033[0m" @@ -50,7 +50,7 @@ class Hardware: class Results: config: Optional[Config] hardware: Optional[Hardware] - targets: dict[str, dict[str, Optional[Run]]] + targets: Dict[str, Dict[str, Optional[Run]]] all_modes = [Mode.singlecore, Mode.multicore] all_targets = [ @@ -132,7 +132,7 @@ async def compile_target(source: Path, binary: Path) -> None: if returncode != 0: sys.exit(red(f" [*] Error: afl-cc is unable to compile: {stderr.decode()} {stdout.decode()}")) -async def run_command(cmd: list[str]) -> tuple[Union[int, None], bytes, bytes]: +async def run_command(cmd: List[str]) -> Tuple[Optional[int], bytes, bytes]: debug(f"Launching command: {cmd} with env {env_vars}") p = await asyncio.create_subprocess_exec( *cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, env=env_vars @@ -168,7 +168,7 @@ async def check_deps() -> None: results.config = Config(afl_persistent_config=afl_pc, afl_system_config=afl_sc, afl_version="", comment=args.comment, compiler=compiler, target_arch=target_arch) -async def colon_values(filename: str, searchKey: str) -> list[str]: +async def colon_values(filename: str, searchKey: str) -> List[str]: """Return a colon-separated value given a key in a file, e.g. 'cpu MHz : 4976.109')""" with open(filename, "r") as fh: kv_pairs = (line.split(": ", 1) for line in fh if ": " in line) From 26045831a23ceef70834c7a7be4d17d436a4cf8e Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 12 Nov 2023 11:52:17 -0800 Subject: [PATCH 208/357] benchmark: use afl's execs/s; increase CPU model width --- benchmark/COMPARISON | 8 ++++---- benchmark/benchmark.py | 9 +++------ 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index 03a197cd2b..c26c6adb7a 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -1,4 +1,4 @@ -CPU | MHz | threads | singlecore | multicore | afl-*-config | -===============================|=======|=========|============|===========|==============| -Apple Mac Studio M2 Ultra 2023 | 3500 | 16 | 174386 | 1112585 | both | -Intel(R) Core(TM) i9-9900K CPU | 4995 | 16 | 133706 | 1169989 | both | +CPU | MHz | threads | singlecore | multicore | afl-*-config | +====================================================|=======|=========|============|===========|==============| +Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 174386 | 1112585 | both | +Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz | 4995 | 16 | 133706 | 1169989 | both | diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 5b363e16e5..1510acb6a9 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -198,17 +198,15 @@ async def save_benchmark_results() -> None: aflconfig = described_config.ljust(12) if results.hardware is None: return - cpu_model = results.hardware.cpu_model.ljust(42) + cpu_model = results.hardware.cpu_model.ljust(51) cpu_mhz = str(round(results.hardware.cpu_fastest_core_mhz)).ljust(5) if "test-instr-persist-shmem" in results.targets and "multicore" in results.targets["test-instr-persist-shmem"]: if results.targets["test-instr-persist-shmem"]["singlecore"] is None or \ results.targets["test-instr-persist-shmem"]["multicore"] is None: return - single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].total_execs_per_sec)).ljust(10) - multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].total_execs_per_sec)).ljust(9) + single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].afl_execs_per_sec)).ljust(10) + multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].afl_execs_per_sec)).ljust(9) cores = str(args.fuzzers).ljust(7) - if len(cpu_model) > 30: - cpu_model = cpu_model[:30] comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {cores} | {single} | {multi} | {aflconfig} |\n") with open("COMPARISON", "r") as comparisonfile: print(comparisonfile.read()) @@ -281,7 +279,6 @@ async def main() -> None: results.targets[binary][mode.name] = run print(f" [*] Average AFL execs/sec for this test across all runs was: {green(avg_afl_execs_per_sec)}") - print(f" [*] Average total execs/sec for this test across all runs was: {green(total_execs_per_sec)}") if (((max(afl_execs_per_sec) - min(afl_execs_per_sec)) / avg_afl_execs_per_sec) * 100) > 15: print(yellow(" [*] The difference between your slowest and fastest runs was >15%, maybe try again?")) From afb9b8a961db898c37ef387fee70af09b0351a20 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Tue, 14 Nov 2023 09:47:47 -0800 Subject: [PATCH 209/357] benchmark: disallow duplicate entries for the same CPU in COMPARISON --- benchmark/benchmark.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 1510acb6a9..d352a95b77 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -93,7 +93,7 @@ class Results: debug = lambda text: args.debug and print(blue(text)) if Mode.multicore in chosen_modes: print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") - print(blue("(use --fuzzers to override)" if args.fuzzers == cpu_count else f"(the default is {cpu_count})")) + print(blue("(use --fuzzers to override)." if args.fuzzers == cpu_count else f"(the default is {cpu_count})")) async def clean_up_tempfiles() -> None: shutil.rmtree(f"{args.basedir}/in") @@ -192,13 +192,16 @@ async def save_benchmark_results() -> None: with open("benchmark-results.jsonl", "a") as jsonfile: json.dump(asdict(results), jsonfile, sort_keys=True) jsonfile.write("\n") - print(blue(f" [*] Results have been written to {jsonfile.name}")) - with open("COMPARISON", "a") as comparisonfile: + print(blue(f" [*] Results have been written to the {jsonfile.name} file.")) + with open("COMPARISON", "r+") as comparisonfile: described_config = await describe_afl_config() aflconfig = described_config.ljust(12) if results.hardware is None: return cpu_model = results.hardware.cpu_model.ljust(51) + if cpu_model in comparisonfile.read(): + print(blue(f" [*] Results have not been written to the COMPARISON file; this CPU is already present.")) + return cpu_mhz = str(round(results.hardware.cpu_fastest_core_mhz)).ljust(5) if "test-instr-persist-shmem" in results.targets and "multicore" in results.targets["test-instr-persist-shmem"]: if results.targets["test-instr-persist-shmem"]["singlecore"] is None or \ @@ -208,6 +211,7 @@ async def save_benchmark_results() -> None: multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].afl_execs_per_sec)).ljust(9) cores = str(args.fuzzers).ljust(7) comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {cores} | {single} | {multi} | {aflconfig} |\n") + print(blue(f" [*] Results have been written to the COMPARISON file.")) with open("COMPARISON", "r") as comparisonfile: print(comparisonfile.read()) From a289a3e454480463bbf948995e99068e3158c9fa Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 15 Nov 2023 08:24:22 +0000 Subject: [PATCH 210/357] Update benchmark.py --- benchmark/benchmark.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index d352a95b77..cd3a876ab0 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -63,6 +63,7 @@ class Results: env_vars = { "AFL_BENCH_JUST_ONE": "1", "AFL_DISABLE_TRIM": "1", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", "AFL_NO_UI": "1", "AFL_TRY_AFFINITY": "1", "PATH": f'{str(Path("../").resolve())}:{os.environ["PATH"]}', + "AFL_FAST_CAL": "1", } parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) @@ -91,9 +92,6 @@ class Results: str(t.binary): {m.name: None for m in chosen_modes} for t in chosen_targets} ) debug = lambda text: args.debug and print(blue(text)) -if Mode.multicore in chosen_modes: - print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") - print(blue("(use --fuzzers to override)." if args.fuzzers == cpu_count else f"(the default is {cpu_count})")) async def clean_up_tempfiles() -> None: shutil.rmtree(f"{args.basedir}/in") @@ -240,6 +238,9 @@ async def main() -> None: await compile_target(target.source, target.binary) binary = str(target.binary) for mode in chosen_modes: + if mode == Mode.multicore: + print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") + print(blue("(use --fuzzers to override)." if args.fuzzers == cpu_count else f"(the default is {cpu_count})")) afl_execs_per_sec, execs_total, run_time_total = ([] for _ in range(3)) for run_idx in range(0, args.runs): print(gray(f" [*] {mode.name} {binary} run {run_idx+1} of {args.runs}, execs/s: "), end="", flush=True) From a0714309834e9aecb348608a2c5da5b726868b82 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 16 Nov 2023 11:00:33 +0100 Subject: [PATCH 211/357] fix inf in stats --- src/afl-fuzz-stats.c | 59 +++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 31 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 66e32e78ed..07184cf070 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -138,7 +138,7 @@ void load_stats_file(afl_state_t *afl) { FILE *f; u8 buf[MAX_LINE]; - u8 *lptr; + u8 * lptr; u8 fn[PATH_MAX]; u32 lineno = 0; snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); @@ -288,6 +288,8 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, #ifndef __HAIKU__ if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; } #endif + u64 runtime = afl->prev_run_time + cur_time - afl->start_time; + if (!runtime) { runtime = 1; } fprintf( f, @@ -336,17 +338,14 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, "target_mode : %s%s%s%s%s%s%s%s%s%s\n" "command_line : %s\n", (afl->start_time - afl->prev_run_time) / 1000, cur_time / 1000, - (afl->prev_run_time + cur_time - afl->start_time) / 1000, (u32)getpid(), + runtime / 1000, (u32)getpid(), afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds, afl->longest_find_time > cur_time - afl->last_find_time ? afl->longest_find_time / 1000 : ((afl->start_time == 0 || afl->last_find_time == 0) ? 0 : (cur_time - afl->last_find_time) / 1000), - afl->fsrv.total_execs, - afl->fsrv.total_execs / - ((double)(afl->prev_run_time + get_cur_time() - afl->start_time) / - 1000), + afl->fsrv.total_execs, afl->fsrv.total_execs / ((double)(runtime) / 1000), afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored, afl->queued_discovered, afl->queued_imported, afl->queued_variable, afl->max_depth, afl->current_entry, afl->pending_favored, @@ -422,7 +421,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, void write_queue_stats(afl_state_t *afl) { FILE *f; - u8 *fn = alloc_printf("%s/queue_data", afl->out_dir); + u8 * fn = alloc_printf("%s/queue_data", afl->out_dir); if ((f = fopen(fn, "w")) != NULL) { u32 id; @@ -858,9 +857,8 @@ void show_stats_normal(afl_state_t *afl) { /* Since `total_crashes` does not get reloaded from disk on restart, it indicates if we found crashes this round already -> paint red. If it's 0, but `saved_crashes` is set from a past run, paint in yellow. */ - char *crash_color = afl->total_crashes ? cLRD - : afl->saved_crashes ? cYEL - : cRST; + char *crash_color = + afl->total_crashes ? cLRD : afl->saved_crashes ? cYEL : cRST; /* Lord, forgive me this. */ @@ -883,26 +881,26 @@ void show_stats_normal(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } @@ -1668,9 +1666,8 @@ void show_stats_pizza(afl_state_t *afl) { /* Since `total_crashes` does not get reloaded from disk on restart, it indicates if we found crashes this round already -> paint red. If it's 0, but `saved_crashes` is set from a past run, paint in yellow. */ - char *crash_color = afl->total_crashes ? cLRD - : afl->saved_crashes ? cYEL - : cRST; + char *crash_color = + afl->total_crashes ? cLRD : afl->saved_crashes ? cYEL : cRST; /* Lord, forgive me this. */ @@ -1693,26 +1690,26 @@ void show_stats_pizza(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } From 885f949ac75efb2dd6379f72ef7918e537d77b22 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 16 Nov 2023 14:59:44 +0000 Subject: [PATCH 212/357] Fix benchmark.py --- benchmark/benchmark.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index cd3a876ab0..7184ccef76 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -61,9 +61,8 @@ class Results: targets = [str(target.binary) for target in all_targets] cpu_count = multiprocessing.cpu_count() env_vars = { - "AFL_BENCH_JUST_ONE": "1", "AFL_DISABLE_TRIM": "1", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", + "AFL_DISABLE_TRIM": "1", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES": "1", "AFL_FAST_CAL": "1", "AFL_NO_UI": "1", "AFL_TRY_AFFINITY": "1", "PATH": f'{str(Path("../").resolve())}:{os.environ["PATH"]}', - "AFL_FAST_CAL": "1", } parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) @@ -249,7 +248,7 @@ async def main() -> None: cmds = [] for fuzzer_idx, afl in enumerate(fuzzers): name = ["-o", outdir, "-M" if fuzzer_idx == 0 else "-S", str(afl)] - cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "-D", f"./{binary}"]) + cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "V10", "-D", f"./{binary}"]) # Prepare the afl-fuzz tasks, and then block while waiting for them to finish. fuzztasks = [run_command(cmds[cpu]) for cpu in fuzzers] From b05e3f7ac019224884af9f35d3cfdb72a604d02d Mon Sep 17 00:00:00 2001 From: ifyGecko <26214995+ifyGecko@users.noreply.github.com> Date: Thu, 16 Nov 2023 19:02:46 -0500 Subject: [PATCH 213/357] missing closing parenthesis --- src/afl-fuzz-redqueen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 86e7f1cf16..13f164f557 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -1321,7 +1321,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } else { #ifndef WORD_SIZE_64 - if (repl <= 0x00ffffffffffffff { + if (repl <= 0x00ffffffffffffff) { new_val = repl << 8; u8 scale_len = 0; From 43b8812c5c32da1a5d549b4484f19c2c48120962 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 17 Nov 2023 09:17:59 +0000 Subject: [PATCH 214/357] Update benchmark.py --- benchmark/benchmark.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 7184ccef76..e953975907 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -248,7 +248,7 @@ async def main() -> None: cmds = [] for fuzzer_idx, afl in enumerate(fuzzers): name = ["-o", outdir, "-M" if fuzzer_idx == 0 else "-S", str(afl)] - cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "V10", "-D", f"./{binary}"]) + cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "-V10", "-D", f"./{binary}"]) # Prepare the afl-fuzz tasks, and then block while waiting for them to finish. fuzztasks = [run_command(cmds[cpu]) for cpu in fuzzers] From 4d8df780ed1f187ca67254dae4ca015cadb224ad Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 19 Nov 2023 14:08:40 -0800 Subject: [PATCH 215/357] benchmark: remove self-calculation of execs/sec --- benchmark/benchmark.py | 59 ++++++++++++++++-------------------------- 1 file changed, 23 insertions(+), 36 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index e953975907..5f0861c9ad 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # Part of the aflplusplus project, requires Python 3.8+. # Author: Chris Ball , ported from Marc "van Hauser" Heuse's "benchmark.sh". -import argparse, asyncio, datetime, json, multiprocessing, os, platform, re, shutil, sys +import argparse, asyncio, json, multiprocessing, os, platform, re, shutil, sys from dataclasses import asdict, dataclass from decimal import Decimal from enum import Enum, auto @@ -23,13 +23,9 @@ class Target: @dataclass class Run: - afl_execs_per_sec: float - afl_execs_total: float + execs_per_sec: float + execs_total: float fuzzers_used: int - run_end: str - run_start: str - total_execs_per_sec: float - total_run_time: float @dataclass class Config: @@ -68,7 +64,7 @@ class Results: parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) parser.add_argument("-b", "--basedir", help="directory to use for temp files", type=str, default="/tmp/aflpp-benchmark") parser.add_argument("-d", "--debug", help="show verbose debugging output", action="store_true") -parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=3) +parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=2) parser.add_argument("-f", "--fuzzers", help="how many afl-fuzz workers to use", type=int, default=cpu_count) parser.add_argument("-m", "--mode", help="pick modes", action="append", default=modes, choices=modes) parser.add_argument("-c", "--comment", help="add a comment about your setup", type=str, default="") @@ -150,8 +146,8 @@ async def check_deps() -> None: compiler = "" target_arch = "" for line in stderr.decode().split("\n"): - if m := re.match(r"(.* clang version .*?)\s", line): - compiler = m.group(1) + if "clang version" in line: + compiler = line elif m := re.match(r"^Target: (.*)", line): target_arch = m.group(1) @@ -200,15 +196,17 @@ async def save_benchmark_results() -> None: print(blue(f" [*] Results have not been written to the COMPARISON file; this CPU is already present.")) return cpu_mhz = str(round(results.hardware.cpu_fastest_core_mhz)).ljust(5) - if "test-instr-persist-shmem" in results.targets and "multicore" in results.targets["test-instr-persist-shmem"]: - if results.targets["test-instr-persist-shmem"]["singlecore"] is None or \ - results.targets["test-instr-persist-shmem"]["multicore"] is None: - return - single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].afl_execs_per_sec)).ljust(10) - multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].afl_execs_per_sec)).ljust(9) - cores = str(args.fuzzers).ljust(7) - comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {cores} | {single} | {multi} | {aflconfig} |\n") - print(blue(f" [*] Results have been written to the COMPARISON file.")) + if not "test-instr-persist-shmem" in results.targets or \ + not "multicore" in results.targets["test-instr-persist-shmem"] or \ + not "singlecore" in results.targets["test-instr-persist-shmem"] or \ + results.targets["test-instr-persist-shmem"]["singlecore"] is None or \ + results.targets["test-instr-persist-shmem"]["multicore"] is None: + return + single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].afl_execs_per_sec)).ljust(10) + multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].afl_execs_per_sec)).ljust(9) + cores = str(args.fuzzers).ljust(7) + comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {cores} | {single} | {multi} | {aflconfig} |\n") + print(blue(f" [*] Results have been written to the COMPARISON file.")) with open("COMPARISON", "r") as comparisonfile: print(comparisonfile.read()) @@ -240,7 +238,7 @@ async def main() -> None: if mode == Mode.multicore: print(blue(f" [*] Using {args.fuzzers} fuzzers for multicore fuzzing "), end="") print(blue("(use --fuzzers to override)." if args.fuzzers == cpu_count else f"(the default is {cpu_count})")) - afl_execs_per_sec, execs_total, run_time_total = ([] for _ in range(3)) + execs_per_sec, execs_total = ([] for _ in range(2)) for run_idx in range(0, args.runs): print(gray(f" [*] {mode.name} {binary} run {run_idx+1} of {args.runs}, execs/s: "), end="", flush=True) fuzzers = range(0, args.fuzzers if mode == Mode.multicore else 1) @@ -249,41 +247,30 @@ async def main() -> None: for fuzzer_idx, afl in enumerate(fuzzers): name = ["-o", outdir, "-M" if fuzzer_idx == 0 else "-S", str(afl)] cmds.append(["afl-fuzz", "-i", f"{args.basedir}/in"] + name + ["-s", "123", "-V10", "-D", f"./{binary}"]) - # Prepare the afl-fuzz tasks, and then block while waiting for them to finish. fuzztasks = [run_command(cmds[cpu]) for cpu in fuzzers] - start_time = datetime.datetime.now() await asyncio.gather(*fuzztasks) - end_time = datetime.datetime.now() afl_versions = await colon_values(f"{outdir}/0/fuzzer_stats", "afl_version") if results.config: results.config.afl_version = afl_versions[0] - # Our score is the sum of all execs_per_sec entries in fuzzer_stats files for the run. sectasks = [colon_values(f"{outdir}/{afl}/fuzzer_stats", "execs_per_sec") for afl in fuzzers] all_execs_per_sec = await asyncio.gather(*sectasks) execs = sum([Decimal(count[0]) for count in all_execs_per_sec]) print(green(execs)) - afl_execs_per_sec.append(execs) - + execs_per_sec.append(execs) # Also gather execs_total and total_run_time for this run. exectasks = [colon_values(f"{outdir}/{afl}/fuzzer_stats", "execs_done") for afl in fuzzers] all_execs_total = await asyncio.gather(*exectasks) execs_total.append(sum([Decimal(count[0]) for count in all_execs_total])) - run_time_total.append((end_time - start_time).total_seconds()) # (Using float() because Decimal() is not JSON-serializable.) - avg_afl_execs_per_sec = round(Decimal(sum(afl_execs_per_sec) / len(afl_execs_per_sec)), 2) + avg_afl_execs_per_sec = round(Decimal(sum(execs_per_sec) / len(execs_per_sec)), 2) afl_execs_total = int(sum([Decimal(execs) for execs in execs_total])) - total_run_time = float(round(Decimal(sum(run_time_total)), 2)) - total_execs_per_sec = float(round(Decimal(afl_execs_total / total_run_time), 2)) - run = Run(afl_execs_per_sec=float(avg_afl_execs_per_sec), afl_execs_total=afl_execs_total, - fuzzers_used=len(fuzzers), run_end=str(end_time), run_start=str(start_time), - total_execs_per_sec=total_execs_per_sec, total_run_time=total_run_time) + run = Run(execs_per_sec=float(avg_afl_execs_per_sec), execs_total=afl_execs_total, fuzzers_used=len(fuzzers)) results.targets[binary][mode.name] = run - - print(f" [*] Average AFL execs/sec for this test across all runs was: {green(avg_afl_execs_per_sec)}") - if (((max(afl_execs_per_sec) - min(afl_execs_per_sec)) / avg_afl_execs_per_sec) * 100) > 15: + print(f" [*] Average execs/sec for this test across all runs was: {green(avg_afl_execs_per_sec)}") + if (((max(execs_per_sec) - min(execs_per_sec)) / avg_afl_execs_per_sec) * 100) > 15: print(yellow(" [*] The difference between your slowest and fastest runs was >15%, maybe try again?")) await clean_up_tempfiles() From 75a3af8a23f2fd1488ee7cb6e5fca00289031c6c Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 19 Nov 2023 14:58:19 -0800 Subject: [PATCH 216/357] benchmark: update COMPARISON --- benchmark/COMPARISON | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index c26c6adb7a..fd41282e18 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -1,4 +1,4 @@ CPU | MHz | threads | singlecore | multicore | afl-*-config | ====================================================|=======|=========|============|===========|==============| -Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 174386 | 1112585 | both | -Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz | 4995 | 16 | 133706 | 1169989 | both | +Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 | 1157465 | both | +Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz | 4995 | 16 | 120064 | 1168943 | both | From d34bed5dbf024788251f519674519937b1f9009a Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 19 Nov 2023 14:58:43 -0800 Subject: [PATCH 217/357] benchmark: Update Jupyter notebook and results file. --- benchmark/benchmark-results.jsonl | 965 ++++++++++++--------------- benchmark/benchmark.ipynb | 1020 +++++++++++++++++++---------- 2 files changed, 1085 insertions(+), 900 deletions(-) diff --git a/benchmark/benchmark-results.jsonl b/benchmark/benchmark-results.jsonl index 1d52402d7d..f3dd60be2b 100644 --- a/benchmark/benchmark-results.jsonl +++ b/benchmark/benchmark-results.jsonl @@ -1,550 +1,415 @@ -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.879, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 11025.88, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 01:18:19.516294", "run_start": "2023-09-24 01:17:55.982600", "total_execs_per_sec": 11019.3, "total_run_time": 47.16}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 134423.5, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 01:17:32.262373", "run_start": "2023-09-24 01:17:30.328037", "total_execs_per_sec": 133591.26, "total_run_time": 3.89}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.794, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 21139.64, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 01:19:15.060420", "run_start": "2023-09-24 01:18:50.438781", "total_execs_per_sec": 21111.92, "total_run_time": 49.23}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 258490.04, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 01:18:25.733140", "run_start": "2023-09-24 01:18:23.718094", "total_execs_per_sec": 255995.07, "total_run_time": 4.06}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.859, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30618.28, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 01:20:12.416984", "run_start": "2023-09-24 01:19:46.914403", "total_execs_per_sec": 30568.82, "total_run_time": 51.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 383777.45, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 01:19:21.318951", "run_start": "2023-09-24 01:19:19.272479", "total_execs_per_sec": 380246.34, "total_run_time": 4.1}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.078, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 39125.92, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 01:21:12.260174", "run_start": "2023-09-24 01:20:45.582491", "total_execs_per_sec": 38963.07, "total_run_time": 53.35}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 496249.48, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 01:20:18.814456", "run_start": "2023-09-24 01:20:16.695833", "total_execs_per_sec": 490254.72, "total_run_time": 4.24}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.885, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 47861.04, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 01:22:13.343107", "run_start": "2023-09-24 01:21:46.122861", "total_execs_per_sec": 47693.65, "total_run_time": 54.48}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 613089.31, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 01:21:18.761554", "run_start": "2023-09-24 01:21:16.594119", "total_execs_per_sec": 598698.16, "total_run_time": 4.34}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.858, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 56211.32, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 01:23:15.911108", "run_start": "2023-09-24 01:22:47.859974", "total_execs_per_sec": 55718.73, "total_run_time": 55.96}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 730366.19, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 01:22:19.852674", "run_start": "2023-09-24 01:22:17.681157", "total_execs_per_sec": 716786.21, "total_run_time": 4.35}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.185, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 64693.0, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 01:24:19.277214", "run_start": "2023-09-24 01:23:50.907613", "total_execs_per_sec": 64156.79, "total_run_time": 56.7}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 844187.32, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 01:23:22.478441", "run_start": "2023-09-24 01:23:20.278066", "total_execs_per_sec": 824873.02, "total_run_time": 4.41}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.127, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 72891.1, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 01:25:23.549468", "run_start": "2023-09-24 01:24:54.669082", "total_execs_per_sec": 72176.39, "total_run_time": 57.6}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 962846.18, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 01:24:25.847447", "run_start": "2023-09-24 01:24:23.641287", "total_execs_per_sec": 942712.02, "total_run_time": 4.41}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.023, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 77010.42, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 01:26:48.746727", "run_start": "2023-09-24 01:26:10.482261", "total_execs_per_sec": 61257.76, "total_run_time": 76.35}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 997414.74, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 01:25:32.299204", "run_start": "2023-09-24 01:25:29.007738", "total_execs_per_sec": 709716.24, "total_run_time": 6.59}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.285, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 81236.44, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 01:28:14.663719", "run_start": "2023-09-24 01:27:36.151805", "total_execs_per_sec": 67507.14, "total_run_time": 76.98}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1034757.73, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 01:26:57.584679", "run_start": "2023-09-24 01:26:54.258615", "total_execs_per_sec": 779115.44, "total_run_time": 6.67}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.789, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84931.02, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 01:29:41.745595", "run_start": "2023-09-24 01:29:02.716653", "total_execs_per_sec": 73183.59, "total_run_time": 78.11}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1070703.42, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 01:28:23.536164", "run_start": "2023-09-24 01:28:20.182216", "total_execs_per_sec": 851918.03, "total_run_time": 6.71}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.141, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 88612.76, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 01:31:09.594139", "run_start": "2023-09-24 01:30:30.212264", "total_execs_per_sec": 79167.7, "total_run_time": 78.77}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1104249.08, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 01:29:50.724883", "run_start": "2023-09-24 01:29:47.322648", "total_execs_per_sec": 914375.37, "total_run_time": 6.82}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.578, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 92521.51, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 01:32:37.968941", "run_start": "2023-09-24 01:31:58.284180", "total_execs_per_sec": 85202.55, "total_run_time": 79.29}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1131176.88, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 01:31:18.581144", "run_start": "2023-09-24 01:31:15.171084", "total_execs_per_sec": 990573.31, "total_run_time": 6.82}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.439, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 96442.72, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 01:34:06.531013", "run_start": "2023-09-24 01:33:26.819041", "total_execs_per_sec": 91594.86, "total_run_time": 79.43}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1164076.48, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 01:32:46.996344", "run_start": "2023-09-24 01:32:43.559968", "total_execs_per_sec": 1060551.02, "total_run_time": 6.86}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.838, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100383.1, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 01:35:35.471145", "run_start": "2023-09-24 01:34:55.546637", "total_execs_per_sec": 97682.33, "total_run_time": 79.8}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1198824.47, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 01:34:15.568004", "run_start": "2023-09-24 01:34:12.146116", "total_execs_per_sec": 1134650.66, "total_run_time": 6.87}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5008.445, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104391.1, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 01:37:04.769018", "run_start": "2023-09-24 01:36:24.749874", "total_execs_per_sec": 103765.38, "total_run_time": 80.13}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1227578.7, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 01:35:44.538459", "run_start": "2023-09-24 01:35:41.081987", "total_execs_per_sec": 1203287.99, "total_run_time": 6.91}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.239, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105131.32, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 01:39:00.153699", "run_start": "2023-09-24 01:38:07.827496", "total_execs_per_sec": 84547.71, "total_run_time": 104.49}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1272311.96, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 01:37:15.568570", "run_start": "2023-09-24 01:37:11.294035", "total_execs_per_sec": 1022498.84, "total_run_time": 8.64}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.529, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105404.62, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 01:40:59.252233", "run_start": "2023-09-24 01:40:05.173822", "total_execs_per_sec": 86611.67, "total_run_time": 108.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1295688.8, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 01:39:11.155677", "run_start": "2023-09-24 01:39:06.734088", "total_execs_per_sec": 1058151.58, "total_run_time": 8.84}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.734, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105495.74, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 01:43:02.054797", "run_start": "2023-09-24 01:42:06.356850", "total_execs_per_sec": 88657.0, "total_run_time": 111.37}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1314398.6, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 01:41:10.587096", "run_start": "2023-09-24 01:41:06.022450", "total_execs_per_sec": 1076742.64, "total_run_time": 9.17}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.126, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105396.9, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 01:45:09.145463", "run_start": "2023-09-24 01:44:11.454370", "total_execs_per_sec": 90134.42, "total_run_time": 115.31}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1328581.94, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 01:43:13.738510", "run_start": "2023-09-24 01:43:08.966636", "total_execs_per_sec": 1091743.7, "total_run_time": 9.52}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.033, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105119.1, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 01:47:21.557909", "run_start": "2023-09-24 01:46:21.705659", "total_execs_per_sec": 91033.28, "total_run_time": 119.88}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1342660.66, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 01:45:21.581031", "run_start": "2023-09-24 01:45:16.490130", "total_execs_per_sec": 1062616.36, "total_run_time": 10.27}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.77, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104539.28, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 01:49:39.155477", "run_start": "2023-09-24 01:48:36.363384", "total_execs_per_sec": 91637.86, "total_run_time": 124.76}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1363930.3, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 01:47:34.296346", "run_start": "2023-09-24 01:47:29.003538", "total_execs_per_sec": 1081621.57, "total_run_time": 10.57}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.238, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104801.64, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 01:52:00.846974", "run_start": "2023-09-24 01:50:56.269319", "total_execs_per_sec": 92747.81, "total_run_time": 128.87}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1377043.72, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 01:49:51.871338", "run_start": "2023-09-24 01:49:46.608903", "total_execs_per_sec": 1132929.86, "total_run_time": 10.55}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.689, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104626.64, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 01:54:27.929135", "run_start": "2023-09-24 01:53:21.188535", "total_execs_per_sec": 93207.38, "total_run_time": 133.81}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1375818.24, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 01:52:14.017269", "run_start": "2023-09-24 01:52:08.417103", "total_execs_per_sec": 1133825.45, "total_run_time": 11.0}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.865, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103625.52, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 01:57:01.590450", "run_start": "2023-09-24 01:55:50.477909", "total_execs_per_sec": 92970.87, "total_run_time": 139.74}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1361687.56, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 01:54:41.751749", "run_start": "2023-09-24 01:54:35.926527", "total_execs_per_sec": 1114215.27, "total_run_time": 11.66}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.436, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103642.56, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 01:59:39.385881", "run_start": "2023-09-24 01:58:27.977127", "total_execs_per_sec": 94162.8, "total_run_time": 143.49}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1369637.56, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 01:57:15.794016", "run_start": "2023-09-24 01:57:09.689134", "total_execs_per_sec": 1122210.96, "total_run_time": 12.04}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4987.506, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103267.76, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 02:02:22.952873", "run_start": "2023-09-24 02:01:09.290072", "total_execs_per_sec": 94237.96, "total_run_time": 148.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1375444.16, "afl_execs_total": 14031091, "fuzzers_used": 27, "run_end": "2023-09-24 01:59:53.958604", "run_start": "2023-09-24 01:59:47.723097", "total_execs_per_sec": 1130627.8, "total_run_time": 12.41}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.772, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100341.05, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 02:05:16.680364", "run_start": "2023-09-24 02:03:57.227193", "total_execs_per_sec": 91716.1, "total_run_time": 158.65}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1349599.77, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 02:02:37.927549", "run_start": "2023-09-24 02:02:31.519144", "total_execs_per_sec": 1135890.71, "total_run_time": 12.81}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.485, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101984.94, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 02:08:12.395536", "run_start": "2023-09-24 02:06:54.079626", "total_execs_per_sec": 94072.6, "total_run_time": 160.2}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1321658.08, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 02:05:32.092036", "run_start": "2023-09-24 02:05:25.459594", "total_execs_per_sec": 1137390.94, "total_run_time": 13.25}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.626, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102878.83, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 02:11:11.308556", "run_start": "2023-09-24 02:09:49.657804", "total_execs_per_sec": 95644.79, "total_run_time": 163.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1301868.24, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 02:08:28.201574", "run_start": "2023-09-24 02:08:21.332394", "total_execs_per_sec": 1142969.21, "total_run_time": 13.64}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.223, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101535.66, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 02:14:17.385915", "run_start": "2023-09-24 02:12:51.690660", "total_execs_per_sec": 94880.56, "total_run_time": 169.79}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1276904.9, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 02:11:27.496096", "run_start": "2023-09-24 02:11:20.481581", "total_execs_per_sec": 1149056.35, "total_run_time": 14.02}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.503, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99851.02, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-24 02:17:32.145041", "run_start": "2023-09-24 02:16:02.721278", "total_execs_per_sec": 93460.57, "total_run_time": 177.93}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1243444.8, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-24 02:14:34.114993", "run_start": "2023-09-24 02:14:26.720106", "total_execs_per_sec": 1142131.87, "total_run_time": 14.56}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.595, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100240.3, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 02:20:51.659901", "run_start": "2023-09-24 02:19:21.822695", "total_execs_per_sec": 94194.83, "total_run_time": 182.06}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1243981.21, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 02:17:49.500735", "run_start": "2023-09-24 02:17:41.955747", "total_execs_per_sec": 1128973.67, "total_run_time": 15.19}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.555, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99678.04, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-24 02:24:18.018494", "run_start": "2023-09-24 02:22:44.498513", "total_execs_per_sec": 93853.08, "total_run_time": 188.26}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1234425.98, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 02:21:09.653173", "run_start": "2023-09-24 02:21:01.732356", "total_execs_per_sec": 1116863.53, "total_run_time": 15.82}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.991, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 100580.6, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 02:27:47.727570", "run_start": "2023-09-24 02:26:12.129398", "total_execs_per_sec": 95147.78, "total_run_time": 191.16}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1244349.38, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 02:24:36.460851", "run_start": "2023-09-24 02:24:28.308797", "total_execs_per_sec": 1117913.34, "total_run_time": 16.27}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.083, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 98288.94, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 02:31:28.450726", "run_start": "2023-09-24 02:29:44.771882", "total_execs_per_sec": 92697.06, "total_run_time": 201.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1250454.58, "afl_execs_total": 18708121, "fuzzers_used": 36, "run_end": "2023-09-24 02:28:06.530926", "run_start": "2023-09-24 02:27:58.260327", "total_execs_per_sec": 1124962.18, "total_run_time": 16.63}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.244, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 11044.13, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 10:54:15.650694", "run_start": "2023-09-24 10:53:52.087842", "total_execs_per_sec": 11038.96, "total_run_time": 117.69}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 136407.81, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 10:52:17.857749", "run_start": "2023-09-24 10:52:15.945914", "total_execs_per_sec": 135613.26, "total_run_time": 9.58}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.158, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 10811.77, "afl_execs_total": 1299176, "fuzzers_used": 1, "run_end": "2023-09-24 12:39:02.563664", "run_start": "2023-09-24 12:38:38.978965", "total_execs_per_sec": 10789.6, "total_run_time": 120.41}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 131406.35, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 12:37:02.043931", "run_start": "2023-09-24 12:36:59.987289", "total_execs_per_sec": 128631.19, "total_run_time": 10.1}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.92, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 10715.76, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 12:42:40.908251", "run_start": "2023-09-24 12:42:16.845383", "total_execs_per_sec": 10710.43, "total_run_time": 48.52}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 132400.08, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 12:41:52.291246", "run_start": "2023-09-24 12:41:50.322641", "total_execs_per_sec": 131895.94, "total_run_time": 3.94}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.697, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 20854.64, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 12:43:37.534771", "run_start": "2023-09-24 12:43:12.121987", "total_execs_per_sec": 20716.36, "total_run_time": 50.17}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 251595.56, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 12:42:47.260558", "run_start": "2023-09-24 12:42:45.222077", "total_execs_per_sec": 248052.51, "total_run_time": 4.19}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.851, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30031.44, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 12:44:36.154738", "run_start": "2023-09-24 12:44:10.164181", "total_execs_per_sec": 29929.16, "total_run_time": 52.09}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 370723.34, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 12:43:43.961935", "run_start": "2023-09-24 12:43:41.834942", "total_execs_per_sec": 365964.79, "total_run_time": 4.26}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.162, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 38080.26, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 12:45:38.018614", "run_start": "2023-09-24 12:45:10.443814", "total_execs_per_sec": 37677.72, "total_run_time": 55.17}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 475374.16, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 12:44:42.745377", "run_start": "2023-09-24 12:44:40.528736", "total_execs_per_sec": 469227.99, "total_run_time": 4.43}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.31, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 47096.43, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 12:46:40.390657", "run_start": "2023-09-24 12:46:12.480330", "total_execs_per_sec": 46724.51, "total_run_time": 55.61}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 584304.0, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 12:45:44.683537", "run_start": "2023-09-24 12:45:42.438460", "total_execs_per_sec": 577411.11, "total_run_time": 4.5}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.03, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 55400.56, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 12:47:44.319015", "run_start": "2023-09-24 12:47:15.727865", "total_execs_per_sec": 54606.3, "total_run_time": 57.1}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 694022.72, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 12:46:47.117653", "run_start": "2023-09-24 12:46:44.832536", "total_execs_per_sec": 682280.09, "total_run_time": 4.57}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.555, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 63245.39, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 12:48:50.125332", "run_start": "2023-09-24 12:48:20.556598", "total_execs_per_sec": 61676.67, "total_run_time": 58.98}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 814508.74, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 12:47:51.044268", "run_start": "2023-09-24 12:47:48.771695", "total_execs_per_sec": 797739.04, "total_run_time": 4.56}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.29, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 72432.56, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 12:49:55.920525", "run_start": "2023-09-24 12:49:26.361783", "total_execs_per_sec": 70631.33, "total_run_time": 58.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 917473.26, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 12:48:56.961868", "run_start": "2023-09-24 12:48:54.644354", "total_execs_per_sec": 890226.98, "total_run_time": 4.67}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.548, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 75949.66, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 12:51:22.635355", "run_start": "2023-09-24 12:50:43.830709", "total_execs_per_sec": 60154.73, "total_run_time": 77.75}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 965602.18, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 12:50:04.780935", "run_start": "2023-09-24 12:50:01.425000", "total_execs_per_sec": 698064.18, "total_run_time": 6.7}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.483, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 80512.68, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 12:52:49.470915", "run_start": "2023-09-24 12:52:10.461416", "total_execs_per_sec": 66829.99, "total_run_time": 77.76}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 998986.98, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 12:51:31.612414", "run_start": "2023-09-24 12:51:28.213385", "total_execs_per_sec": 763098.38, "total_run_time": 6.81}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.638, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84513.95, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 12:54:17.263514", "run_start": "2023-09-24 12:53:37.968299", "total_execs_per_sec": 72644.17, "total_run_time": 78.69}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1036432.21, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 12:52:58.474788", "run_start": "2023-09-24 12:52:55.052064", "total_execs_per_sec": 835726.61, "total_run_time": 6.84}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.188, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 88217.72, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 12:55:46.480694", "run_start": "2023-09-24 12:55:06.431631", "total_execs_per_sec": 77892.08, "total_run_time": 80.06}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1073911.72, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 12:54:26.321964", "run_start": "2023-09-24 12:54:22.896926", "total_execs_per_sec": 903773.91, "total_run_time": 6.9}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.062, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 91807.02, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 12:57:16.097045", "run_start": "2023-09-24 12:56:35.944410", "total_execs_per_sec": 84078.53, "total_run_time": 80.35}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1101237.59, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 12:55:55.649954", "run_start": "2023-09-24 12:55:52.173739", "total_execs_per_sec": 963724.68, "total_run_time": 7.01}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.019, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 94970.68, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 12:58:46.462924", "run_start": "2023-09-24 12:58:05.635410", "total_execs_per_sec": 89675.58, "total_run_time": 81.13}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1133610.48, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 12:57:25.232597", "run_start": "2023-09-24 12:57:21.760452", "total_execs_per_sec": 1043813.49, "total_run_time": 6.97}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.322, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99308.38, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 13:00:16.930581", "run_start": "2023-09-24 12:59:36.066381", "total_execs_per_sec": 96116.52, "total_run_time": 81.1}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1167081.18, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 12:58:55.730751", "run_start": "2023-09-24 12:58:52.152437", "total_execs_per_sec": 1097894.37, "total_run_time": 7.1}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.921, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103080.0, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 13:01:47.864984", "run_start": "2023-09-24 13:01:07.145811", "total_execs_per_sec": 101796.28, "total_run_time": 81.68}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1209874.16, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 13:00:26.088554", "run_start": "2023-09-24 13:00:22.579660", "total_execs_per_sec": 1189516.45, "total_run_time": 6.99}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.795, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103854.9, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 13:03:46.020383", "run_start": "2023-09-24 13:02:52.112426", "total_execs_per_sec": 82333.55, "total_run_time": 107.3}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1235226.09, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 13:01:58.616651", "run_start": "2023-09-24 13:01:54.433216", "total_execs_per_sec": 1028450.52, "total_run_time": 8.59}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.638, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105360.02, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 13:05:48.865672", "run_start": "2023-09-24 13:04:53.468137", "total_execs_per_sec": 84270.81, "total_run_time": 111.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1266916.76, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 13:03:57.764376", "run_start": "2023-09-24 13:03:52.706784", "total_execs_per_sec": 976415.45, "total_run_time": 9.58}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.116, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105987.0, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 13:07:55.098077", "run_start": "2023-09-24 13:06:57.580749", "total_execs_per_sec": 86195.81, "total_run_time": 114.55}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1285985.22, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 13:06:00.448075", "run_start": "2023-09-24 13:05:55.743257", "total_execs_per_sec": 1048166.67, "total_run_time": 9.42}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.301, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 106091.02, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 13:10:06.069189", "run_start": "2023-09-24 13:09:06.393096", "total_execs_per_sec": 87390.9, "total_run_time": 118.93}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1310616.48, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 13:08:07.036494", "run_start": "2023-09-24 13:08:02.172093", "total_execs_per_sec": 1063807.57, "total_run_time": 9.77}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.599, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 106572.58, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 13:12:22.081686", "run_start": "2023-09-24 13:11:20.183467", "total_execs_per_sec": 88393.57, "total_run_time": 123.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1321193.68, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 13:10:18.524377", "run_start": "2023-09-24 13:10:13.368524", "total_execs_per_sec": 1060551.02, "total_run_time": 10.29}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.609, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 107012.52, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 13:14:42.490543", "run_start": "2023-09-24 13:13:38.952070", "total_execs_per_sec": 89710.77, "total_run_time": 127.44}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1331667.92, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 13:12:34.949424", "run_start": "2023-09-24 13:12:29.512010", "total_execs_per_sec": 1068480.37, "total_run_time": 10.7}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.138, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105863.49, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 13:17:08.637002", "run_start": "2023-09-24 13:16:01.562446", "total_execs_per_sec": 89847.48, "total_run_time": 133.03}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1356435.79, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 13:14:55.502464", "run_start": "2023-09-24 13:14:49.931147", "total_execs_per_sec": 1102620.85, "total_run_time": 10.84}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.021, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105227.38, "afl_execs_total": 12472081, "fuzzers_used": 24, "run_end": "2023-09-24 13:19:40.073211", "run_start": "2023-09-24 13:18:30.690872", "total_execs_per_sec": 90416.71, "total_run_time": 137.94}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1346772.79, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 13:17:22.030596", "run_start": "2023-09-24 13:17:16.426597", "total_execs_per_sec": 1110603.74, "total_run_time": 11.23}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.883, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 105680.56, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 13:22:15.108605", "run_start": "2023-09-24 13:21:04.865634", "total_execs_per_sec": 92369.36, "total_run_time": 140.65}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1355786.81, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 13:19:54.357956", "run_start": "2023-09-24 13:19:48.305636", "total_execs_per_sec": 1071926.57, "total_run_time": 12.12}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.444, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 103354.18, "afl_execs_total": 13511421, "fuzzers_used": 26, "run_end": "2023-09-24 13:24:57.512817", "run_start": "2023-09-24 13:23:44.393328", "total_execs_per_sec": 91342.76, "total_run_time": 147.92}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1354682.57, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 13:22:29.492810", "run_start": "2023-09-24 13:22:23.424990", "total_execs_per_sec": 1105680.85, "total_run_time": 12.22}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.438, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104285.82, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 13:27:43.623633", "run_start": "2023-09-24 13:26:27.918860", "total_execs_per_sec": 92902.67, "total_run_time": 151.03}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1316458.32, "afl_execs_total": 14031091, "fuzzers_used": 27, "run_end": "2023-09-24 13:25:12.488434", "run_start": "2023-09-24 13:25:06.139573", "total_execs_per_sec": 1095323.26, "total_run_time": 12.81}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5008.273, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 104090.41, "afl_execs_total": 14550761, "fuzzers_used": 28, "run_end": "2023-09-24 13:30:33.958306", "run_start": "2023-09-24 13:29:16.731601", "total_execs_per_sec": 93875.88, "total_run_time": 155.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1323401.3, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 13:27:58.852477", "run_start": "2023-09-24 13:27:52.257993", "total_execs_per_sec": 1114147.01, "total_run_time": 13.06}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.279, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101994.78, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 13:33:32.648701", "run_start": "2023-09-24 13:32:09.634181", "total_execs_per_sec": 92479.32, "total_run_time": 162.96}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1309236.02, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 13:30:49.588354", "run_start": "2023-09-24 13:30:42.896575", "total_execs_per_sec": 1119645.62, "total_run_time": 13.46}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.622, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101283.95, "afl_execs_total": 15590101, "fuzzers_used": 30, "run_end": "2023-09-24 13:36:37.832127", "run_start": "2023-09-24 13:35:11.711375", "total_execs_per_sec": 92292.81, "total_run_time": 168.92}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1277234.79, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 13:33:48.810276", "run_start": "2023-09-24 13:33:41.803638", "total_execs_per_sec": 1114374.55, "total_run_time": 13.99}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.087, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 101046.9, "afl_execs_total": 16109771, "fuzzers_used": 31, "run_end": "2023-09-24 13:39:48.663520", "run_start": "2023-09-24 13:38:20.709938", "total_execs_per_sec": 92526.4, "total_run_time": 174.11}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1235333.64, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 13:36:54.454347", "run_start": "2023-09-24 13:36:47.257005", "total_execs_per_sec": 1114862.98, "total_run_time": 14.45}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.923, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102543.52, "afl_execs_total": 16629441, "fuzzers_used": 32, "run_end": "2023-09-24 13:43:00.960955", "run_start": "2023-09-24 13:41:33.292124", "total_execs_per_sec": 95074.27, "total_run_time": 174.91}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1186041.1, "afl_execs_total": 16629442, "fuzzers_used": 32, "run_end": "2023-09-24 13:40:05.947882", "run_start": "2023-09-24 13:39:58.300616", "total_execs_per_sec": 1100558.7, "total_run_time": 15.11}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.565, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102999.74, "afl_execs_total": 17149120, "fuzzers_used": 33, "run_end": "2023-09-24 13:46:17.942325", "run_start": "2023-09-24 13:44:48.468888", "total_execs_per_sec": 95751.65, "total_run_time": 179.1}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1223191.72, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 13:43:18.738029", "run_start": "2023-09-24 13:43:10.876403", "total_execs_per_sec": 1098597.69, "total_run_time": 15.61}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.432, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102000.48, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 13:49:42.734611", "run_start": "2023-09-24 13:48:10.094332", "total_execs_per_sec": 94881.22, "total_run_time": 186.22}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1196807.88, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-24 13:46:36.411637", "run_start": "2023-09-24 13:46:28.239611", "total_execs_per_sec": 1083974.23, "total_run_time": 16.3}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.597, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 99951.33, "afl_execs_total": 18188451, "fuzzers_used": 35, "run_end": "2023-09-24 13:53:17.682487", "run_start": "2023-09-24 13:51:38.859002", "total_execs_per_sec": 92864.55, "total_run_time": 195.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1214388.43, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 13:50:01.714804", "run_start": "2023-09-24 13:49:53.242641", "total_execs_per_sec": 1082001.78, "total_run_time": 16.81}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.358, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 102171.02, "afl_execs_total": 18708123, "fuzzers_used": 36, "run_end": "2023-09-24 13:56:53.861448", "run_start": "2023-09-24 13:55:15.921954", "total_execs_per_sec": 95226.12, "total_run_time": 196.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1207888.68, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 13:53:37.291196", "run_start": "2023-09-24 13:53:28.567297", "total_execs_per_sec": 1072713.3, "total_run_time": 17.44}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4981.432, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 8207.72, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 14:06:58.196236", "run_start": "2023-09-24 14:06:26.452726", "total_execs_per_sec": 8196.69, "total_run_time": 158.5}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 91698.53, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-24 14:04:19.539520", "run_start": "2023-09-24 14:04:16.658881", "total_execs_per_sec": 90471.8, "total_run_time": 14.36}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.776, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 8267.09, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 14:08:26.635795", "run_start": "2023-09-24 14:07:54.639902", "total_execs_per_sec": 8261.84, "total_run_time": 62.9}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 91138.75, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 14:07:23.626034", "run_start": "2023-09-24 14:07:20.772774", "total_execs_per_sec": 90851.4, "total_run_time": 5.72}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.554, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 16279.06, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 14:09:39.323040", "run_start": "2023-09-24 14:09:07.824587", "total_execs_per_sec": 16113.8, "total_run_time": 64.5}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 177363.7, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 14:08:34.709089", "run_start": "2023-09-24 14:08:31.755267", "total_execs_per_sec": 176159.32, "total_run_time": 5.9}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.008, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 23636.94, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 14:10:54.298651", "run_start": "2023-09-24 14:10:20.820810", "total_execs_per_sec": 23373.46, "total_run_time": 66.7}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 263123.58, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 14:09:47.490720", "run_start": "2023-09-24 14:09:44.492862", "total_execs_per_sec": 260268.78, "total_run_time": 5.99}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.462, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30604.66, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 14:12:12.572960", "run_start": "2023-09-24 14:11:37.495611", "total_execs_per_sec": 29776.25, "total_run_time": 69.81}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339927.76, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 14:11:02.653568", "run_start": "2023-09-24 14:10:59.562264", "total_execs_per_sec": 336355.99, "total_run_time": 6.18}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.648, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 37743.52, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 14:13:31.193378", "run_start": "2023-09-24 14:12:56.402157", "total_execs_per_sec": 37092.79, "total_run_time": 70.05}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 419480.4, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 14:12:21.034226", "run_start": "2023-09-24 14:12:17.889225", "total_execs_per_sec": 413750.0, "total_run_time": 6.28}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.285, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 44290.84, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 14:14:51.570814", "run_start": "2023-09-24 14:14:15.731813", "total_execs_per_sec": 43450.67, "total_run_time": 71.76}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 497907.76, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 14:13:39.701623", "run_start": "2023-09-24 14:13:36.530334", "total_execs_per_sec": 492578.2, "total_run_time": 6.33}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.9, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 50838.29, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 14:16:12.912735", "run_start": "2023-09-24 14:15:36.507378", "total_execs_per_sec": 50085.23, "total_run_time": 72.63}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 576473.46, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 14:15:00.172837", "run_start": "2023-09-24 14:14:56.953889", "total_execs_per_sec": 565737.17, "total_run_time": 6.43}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.619, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 58067.92, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 14:17:34.730514", "run_start": "2023-09-24 14:16:58.097475", "total_execs_per_sec": 56918.95, "total_run_time": 73.04}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 656570.84, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 14:16:21.578297", "run_start": "2023-09-24 14:16:18.328529", "total_execs_per_sec": 640579.35, "total_run_time": 6.49}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.332, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 61181.32, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 14:19:22.677343", "run_start": "2023-09-24 14:18:34.837058", "total_execs_per_sec": 48648.12, "total_run_time": 96.14}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 683958.84, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 14:17:46.424068", "run_start": "2023-09-24 14:17:41.649084", "total_execs_per_sec": 491284.66, "total_run_time": 9.52}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.671, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 64476.22, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 14:21:11.892596", "run_start": "2023-09-24 14:20:23.765134", "total_execs_per_sec": 53398.07, "total_run_time": 97.32}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 709710.3, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 14:19:34.467513", "run_start": "2023-09-24 14:19:29.670899", "total_execs_per_sec": 540759.63, "total_run_time": 9.61}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.58, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 67386.63, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 14:23:02.884065", "run_start": "2023-09-24 14:22:13.279871", "total_execs_per_sec": 57723.62, "total_run_time": 99.03}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 734038.8, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 14:21:23.742863", "run_start": "2023-09-24 14:21:18.898824", "total_execs_per_sec": 591144.78, "total_run_time": 9.67}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.4, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 70759.94, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 14:24:55.829859", "run_start": "2023-09-24 14:24:05.547665", "total_execs_per_sec": 61810.29, "total_run_time": 100.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 756391.75, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 14:23:14.823286", "run_start": "2023-09-24 14:23:09.941914", "total_execs_per_sec": 638938.52, "total_run_time": 9.76}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.827, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 73151.81, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 14:26:49.245824", "run_start": "2023-09-24 14:25:58.698042", "total_execs_per_sec": 66683.55, "total_run_time": 101.31}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 780070.94, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 14:25:07.823813", "run_start": "2023-09-24 14:25:02.912948", "total_execs_per_sec": 687954.18, "total_run_time": 9.82}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.001, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 76776.36, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 14:28:42.654596", "run_start": "2023-09-24 14:27:51.944677", "total_execs_per_sec": 71876.9, "total_run_time": 101.22}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 800594.19, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 14:27:01.319408", "run_start": "2023-09-24 14:26:56.373792", "total_execs_per_sec": 734886.87, "total_run_time": 9.9}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.227, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 79831.5, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 14:30:36.609378", "run_start": "2023-09-24 14:29:45.800496", "total_execs_per_sec": 76624.89, "total_run_time": 101.73}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 825640.43, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 14:28:54.770164", "run_start": "2023-09-24 14:28:49.786776", "total_execs_per_sec": 784210.26, "total_run_time": 9.94}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.065, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82476.37, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 14:32:31.147834", "run_start": "2023-09-24 14:31:40.224168", "total_execs_per_sec": 81285.76, "total_run_time": 102.29}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 849990.94, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 14:30:48.746970", "run_start": "2023-09-24 14:30:43.747216", "total_execs_per_sec": 834811.24, "total_run_time": 9.96}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.723, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83521.3, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 14:34:58.142345", "run_start": "2023-09-24 14:33:52.388262", "total_execs_per_sec": 66760.3, "total_run_time": 132.33}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 875109.69, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 14:32:45.703318", "run_start": "2023-09-24 14:32:39.528061", "total_execs_per_sec": 714178.66, "total_run_time": 12.37}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5008.13, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84370.24, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 14:37:32.336869", "run_start": "2023-09-24 14:36:22.675577", "total_execs_per_sec": 67213.19, "total_run_time": 139.17}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 901736.22, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 14:35:13.056511", "run_start": "2023-09-24 14:35:06.650007", "total_execs_per_sec": 734804.4, "total_run_time": 12.73}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.961, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85071.12, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 14:40:10.473312", "run_start": "2023-09-24 14:38:59.002204", "total_execs_per_sec": 69284.47, "total_run_time": 142.51}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 911174.31, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 14:37:47.848085", "run_start": "2023-09-24 14:37:41.184824", "total_execs_per_sec": 740714.93, "total_run_time": 13.33}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.561, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85608.02, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 14:42:53.561970", "run_start": "2023-09-24 14:41:40.018675", "total_execs_per_sec": 70727.46, "total_run_time": 146.95}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 924870.54, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 14:40:26.503353", "run_start": "2023-09-24 14:40:19.607593", "total_execs_per_sec": 750425.99, "total_run_time": 13.85}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5009.349, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 86080.03, "afl_execs_total": 10913071, "fuzzers_used": 21, "run_end": "2023-09-24 14:45:43.177319", "run_start": "2023-09-24 14:44:26.594261", "total_execs_per_sec": 71411.27, "total_run_time": 152.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 933521.78, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 14:43:10.244946", "run_start": "2023-09-24 14:43:02.941291", "total_execs_per_sec": 752625.52, "total_run_time": 14.5}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.592, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85880.33, "afl_execs_total": 11432741, "fuzzers_used": 22, "run_end": "2023-09-24 14:48:38.124542", "run_start": "2023-09-24 14:47:18.712660", "total_execs_per_sec": 72533.57, "total_run_time": 157.62}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 934187.07, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 14:46:00.394403", "run_start": "2023-09-24 14:45:52.873136", "total_execs_per_sec": 760661.34, "total_run_time": 15.03}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.635, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 86447.28, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 14:51:38.640961", "run_start": "2023-09-24 14:50:17.299990", "total_execs_per_sec": 73571.4, "total_run_time": 162.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 943178.1, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 14:48:56.066068", "run_start": "2023-09-24 14:48:48.255861", "total_execs_per_sec": 758401.65, "total_run_time": 15.76}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.49, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 86324.32, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 14:54:44.675606", "run_start": "2023-09-24 14:53:21.373150", "total_execs_per_sec": 74460.18, "total_run_time": 167.5}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 946623.08, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 14:51:57.062837", "run_start": "2023-09-24 14:51:48.897777", "total_execs_per_sec": 767985.22, "total_run_time": 16.24}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.89, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85714.59, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 14:57:57.324175", "run_start": "2023-09-24 14:56:30.116296", "total_execs_per_sec": 74742.55, "total_run_time": 173.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960821.32, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 14:55:03.395867", "run_start": "2023-09-24 14:54:55.066621", "total_execs_per_sec": 785474.61, "total_run_time": 16.54}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.522, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85885.6, "afl_execs_total": 13511421, "fuzzers_used": 26, "run_end": "2023-09-24 15:01:14.197584", "run_start": "2023-09-24 14:59:45.583845", "total_execs_per_sec": 76137.84, "total_run_time": 177.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 955691.7, "afl_execs_total": 13511421, "fuzzers_used": 26, "run_end": "2023-09-24 14:58:16.621411", "run_start": "2023-09-24 14:58:07.968697", "total_execs_per_sec": 789679.78, "total_run_time": 17.11}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.167, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85243.1, "afl_execs_total": 14031091, "fuzzers_used": 27, "run_end": "2023-09-24 15:04:38.138681", "run_start": "2023-09-24 15:03:07.006169", "total_execs_per_sec": 76301.54, "total_run_time": 183.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 954671.54, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 15:01:34.132760", "run_start": "2023-09-24 15:01:25.285320", "total_execs_per_sec": 790483.94, "total_run_time": 17.75}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.431, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83902.7, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 15:08:10.670550", "run_start": "2023-09-24 15:06:34.841525", "total_execs_per_sec": 75785.21, "total_run_time": 192.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 935961.1, "afl_execs_total": 14550761, "fuzzers_used": 28, "run_end": "2023-09-24 15:04:58.552985", "run_start": "2023-09-24 15:04:49.457626", "total_execs_per_sec": 798176.69, "total_run_time": 18.23}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.393, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83783.56, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 15:11:49.886163", "run_start": "2023-09-24 15:10:10.149405", "total_execs_per_sec": 76151.74, "total_run_time": 197.9}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 920967.02, "afl_execs_total": 15070432, "fuzzers_used": 29, "run_end": "2023-09-24 15:08:31.869780", "run_start": "2023-09-24 15:08:22.393532", "total_execs_per_sec": 792763.39, "total_run_time": 19.01}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.901, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84406.94, "afl_execs_total": 15590117, "fuzzers_used": 30, "run_end": "2023-09-24 15:15:33.632811", "run_start": "2023-09-24 15:13:52.931926", "total_execs_per_sec": 77301.25, "total_run_time": 201.68}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 889656.56, "afl_execs_total": 15590101, "fuzzers_used": 30, "run_end": "2023-09-24 15:12:11.837155", "run_start": "2023-09-24 15:12:01.950769", "total_execs_per_sec": 788972.72, "total_run_time": 19.76}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.174, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83121.9, "afl_execs_total": 16109771, "fuzzers_used": 31, "run_end": "2023-09-24 15:19:27.203632", "run_start": "2023-09-24 15:17:41.168185", "total_execs_per_sec": 76400.32, "total_run_time": 210.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 877691.15, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 15:15:56.227310", "run_start": "2023-09-24 15:15:46.006690", "total_execs_per_sec": 789307.69, "total_run_time": 20.41}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.279, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84725.6, "afl_execs_total": 16629444, "fuzzers_used": 32, "run_end": "2023-09-24 15:23:22.336242", "run_start": "2023-09-24 15:21:36.722796", "total_execs_per_sec": 78648.52, "total_run_time": 211.44}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 838063.5, "afl_execs_total": 16629442, "fuzzers_used": 32, "run_end": "2023-09-24 15:19:50.780991", "run_start": "2023-09-24 15:19:40.193840", "total_execs_per_sec": 777440.02, "total_run_time": 21.39}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.017, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83374.03, "afl_execs_total": 17149117, "fuzzers_used": 33, "run_end": "2023-09-24 15:27:27.631358", "run_start": "2023-09-24 15:25:36.037185", "total_execs_per_sec": 77713.86, "total_run_time": 220.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 835098.26, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 15:23:46.846903", "run_start": "2023-09-24 15:23:35.611966", "total_execs_per_sec": 767985.22, "total_run_time": 22.33}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.486, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83537.64, "afl_execs_total": 17668784, "fuzzers_used": 34, "run_end": "2023-09-24 15:31:39.702567", "run_start": "2023-09-24 15:29:46.335712", "total_execs_per_sec": 77836.05, "total_run_time": 227.0}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 841212.97, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 15:27:52.587608", "run_start": "2023-09-24 15:27:41.195914", "total_execs_per_sec": 775967.55, "total_run_time": 22.77}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.515, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82926.92, "afl_execs_total": 18188453, "fuzzers_used": 35, "run_end": "2023-09-24 15:36:01.855573", "run_start": "2023-09-24 15:34:04.115728", "total_execs_per_sec": 77043.6, "total_run_time": 236.08}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 849724.02, "afl_execs_total": 18188452, "fuzzers_used": 35, "run_end": "2023-09-24 15:32:05.667331", "run_start": "2023-09-24 15:31:53.738804", "total_execs_per_sec": 764863.41, "total_run_time": 23.78}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.181, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83619.42, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 15:40:27.976488", "run_start": "2023-09-24 15:38:28.474524", "total_execs_per_sec": 78116.5, "total_run_time": 239.49}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 861755.56, "afl_execs_total": 18708121, "fuzzers_used": 36, "run_end": "2023-09-24 15:36:28.376556", "run_start": "2023-09-24 15:36:16.192411", "total_execs_per_sec": 768616.31, "total_run_time": 24.34}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.896, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 8344.63, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 15:54:04.769064", "run_start": "2023-09-24 15:53:33.612874", "total_execs_per_sec": 8341.41, "total_run_time": 62.3}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 91347.28, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-24 15:53:02.356341", "run_start": "2023-09-24 15:52:59.506960", "total_execs_per_sec": 90851.4, "total_run_time": 5.72}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.441, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 16305.42, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 15:55:16.838958", "run_start": "2023-09-24 15:54:45.015659", "total_execs_per_sec": 16277.84, "total_run_time": 63.85}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 176114.98, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-24 15:54:12.878194", "run_start": "2023-09-24 15:54:09.907781", "total_execs_per_sec": 174973.06, "total_run_time": 5.94}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.996, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 23968.87, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 15:56:30.348929", "run_start": "2023-09-24 15:55:57.762125", "total_execs_per_sec": 23907.53, "total_run_time": 65.21}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 262375.62, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-24 15:55:25.029732", "run_start": "2023-09-24 15:55:22.013495", "total_execs_per_sec": 258971.76, "total_run_time": 6.02}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.494, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 30763.4, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 15:57:46.745474", "run_start": "2023-09-24 15:57:12.810864", "total_execs_per_sec": 30595.82, "total_run_time": 67.94}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339796.08, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-24 15:56:38.702088", "run_start": "2023-09-24 15:56:35.613645", "total_execs_per_sec": 336355.99, "total_run_time": 6.18}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.925, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 37814.19, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 15:59:04.507651", "run_start": "2023-09-24 15:58:29.893733", "total_execs_per_sec": 37521.3, "total_run_time": 69.25}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 421141.75, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-24 15:57:55.151823", "run_start": "2023-09-24 15:57:52.053088", "total_execs_per_sec": 417070.63, "total_run_time": 6.23}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.62, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 44660.22, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 16:00:23.800870", "run_start": "2023-09-24 15:59:48.452860", "total_execs_per_sec": 44139.58, "total_run_time": 70.64}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 497039.78, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-24 15:59:13.047422", "run_start": "2023-09-24 15:59:09.875230", "total_execs_per_sec": 489485.09, "total_run_time": 6.37}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5003.174, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 51658.38, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 16:01:43.368092", "run_start": "2023-09-24 16:01:07.872956", "total_execs_per_sec": 51314.57, "total_run_time": 70.89}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 577013.44, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-24 16:00:32.369325", "run_start": "2023-09-24 16:00:29.181925", "total_execs_per_sec": 568389.06, "total_run_time": 6.4}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.931, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 58680.74, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 16:03:03.479904", "run_start": "2023-09-24 16:02:27.758503", "total_execs_per_sec": 58210.03, "total_run_time": 71.42}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 659183.78, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-24 16:01:51.947049", "run_start": "2023-09-24 16:01:48.736648", "total_execs_per_sec": 649587.5, "total_run_time": 6.4}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.599, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 61849.66, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 16:04:51.912978", "run_start": "2023-09-24 16:04:03.557070", "total_execs_per_sec": 48381.4, "total_run_time": 96.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 686608.22, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-24 16:03:15.131301", "run_start": "2023-09-24 16:03:10.414608", "total_execs_per_sec": 493357.59, "total_run_time": 9.48}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.472, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 65243.13, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 16:06:40.674199", "run_start": "2023-09-24 16:05:52.284579", "total_execs_per_sec": 53640.59, "total_run_time": 96.88}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 711824.83, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-24 16:05:03.680850", "run_start": "2023-09-24 16:04:58.897273", "total_execs_per_sec": 541887.38, "total_run_time": 9.59}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.96, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 68227.46, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 16:08:30.465574", "run_start": "2023-09-24 16:07:41.544302", "total_execs_per_sec": 58443.62, "total_run_time": 97.81}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 737566.66, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-24 16:06:52.553535", "run_start": "2023-09-24 16:06:47.707666", "total_execs_per_sec": 589316.49, "total_run_time": 9.7}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.43, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 71167.86, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 16:10:21.393562", "run_start": "2023-09-24 16:09:31.938221", "total_execs_per_sec": 63053.99, "total_run_time": 98.9}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 760064.32, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-24 16:08:42.382975", "run_start": "2023-09-24 16:08:37.507158", "total_execs_per_sec": 640250.51, "total_run_time": 9.74}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.512, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 73977.92, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 16:12:13.344359", "run_start": "2023-09-24 16:11:23.431202", "total_execs_per_sec": 67651.81, "total_run_time": 99.86}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 782532.04, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-24 16:10:33.376482", "run_start": "2023-09-24 16:10:28.476264", "total_execs_per_sec": 688655.45, "total_run_time": 9.81}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.562, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 76895.64, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 16:14:05.718398", "run_start": "2023-09-24 16:13:15.697181", "total_execs_per_sec": 72615.83, "total_run_time": 100.19}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 802839.13, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-24 16:12:25.416316", "run_start": "2023-09-24 16:12:20.457283", "total_execs_per_sec": 734886.87, "total_run_time": 9.9}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.617, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 79816.73, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 16:15:58.678205", "run_start": "2023-09-24 16:15:08.265699", "total_execs_per_sec": 77331.85, "total_run_time": 100.8}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 829536.34, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-24 16:14:17.774454", "run_start": "2023-09-24 16:14:12.844300", "total_execs_per_sec": 788972.67, "total_run_time": 9.88}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.004, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82757.2, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 16:17:52.198051", "run_start": "2023-09-24 16:17:01.582837", "total_execs_per_sec": 82088.26, "total_run_time": 101.29}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 850820.6, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-24 16:16:10.796609", "run_start": "2023-09-24 16:16:05.817431", "total_execs_per_sec": 836490.95, "total_run_time": 9.94}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.412, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84433.92, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 16:20:16.891756", "run_start": "2023-09-24 16:19:11.890527", "total_execs_per_sec": 67946.39, "total_run_time": 130.02}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 874087.04, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-24 16:18:06.758575", "run_start": "2023-09-24 16:18:00.524318", "total_execs_per_sec": 713601.78, "total_run_time": 12.38}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.439, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84968.4, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 16:22:47.442884", "run_start": "2023-09-24 16:21:39.684043", "total_execs_per_sec": 69028.56, "total_run_time": 135.51}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 897653.2, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-24 16:20:31.821620", "run_start": "2023-09-24 16:20:25.382817", "total_execs_per_sec": 733651.76, "total_run_time": 12.75}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.139, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85348.2, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 16:25:21.579802", "run_start": "2023-09-24 16:24:12.289293", "total_execs_per_sec": 71239.03, "total_run_time": 138.6}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 912736.78, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-24 16:23:02.870514", "run_start": "2023-09-24 16:22:56.262468", "total_execs_per_sec": 745187.17, "total_run_time": 13.25}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.557, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85486.58, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 16:28:00.528995", "run_start": "2023-09-24 16:26:49.168878", "total_execs_per_sec": 72788.01, "total_run_time": 142.79}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 929048.06, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-24 16:25:37.626104", "run_start": "2023-09-24 16:25:30.686367", "total_execs_per_sec": 749343.91, "total_run_time": 13.87}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.94, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85569.07, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 16:30:44.984529", "run_start": "2023-09-24 16:29:31.240724", "total_execs_per_sec": 73966.86, "total_run_time": 147.54}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 930340.88, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-24 16:28:17.337038", "run_start": "2023-09-24 16:28:09.980774", "total_execs_per_sec": 745937.8, "total_run_time": 14.63}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.406, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85331.66, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 16:33:35.091509", "run_start": "2023-09-24 16:32:18.653085", "total_execs_per_sec": 74885.31, "total_run_time": 152.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 951206.33, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-24 16:31:02.310053", "run_start": "2023-09-24 16:30:54.836982", "total_execs_per_sec": 755134.74, "total_run_time": 15.14}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5005.486, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85440.7, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 16:36:30.399241", "run_start": "2023-09-24 16:35:11.576104", "total_execs_per_sec": 75801.69, "total_run_time": 157.68}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 950651.91, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-24 16:33:52.610544", "run_start": "2023-09-24 16:33:44.870938", "total_execs_per_sec": 779166.23, "total_run_time": 15.34}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.359, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84699.08, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 16:39:32.848882", "run_start": "2023-09-24 16:38:09.886115", "total_execs_per_sec": 75831.95, "total_run_time": 164.47}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 967178.92, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-24 16:36:48.267903", "run_start": "2023-09-24 16:36:40.397038", "total_execs_per_sec": 794906.31, "total_run_time": 15.69}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.28, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 85321.95, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 16:42:40.468679", "run_start": "2023-09-24 16:41:16.139963", "total_execs_per_sec": 77074.93, "total_run_time": 168.56}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 951489.66, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-24 16:39:51.795187", "run_start": "2023-09-24 16:39:43.493804", "total_execs_per_sec": 774701.85, "total_run_time": 16.77}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.021, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84838.27, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 16:45:54.357508", "run_start": "2023-09-24 16:44:26.961255", "total_execs_per_sec": 77367.27, "total_run_time": 174.64}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960006.17, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-24 16:42:59.608775", "run_start": "2023-09-24 16:42:51.114067", "total_execs_per_sec": 796663.92, "total_run_time": 16.96}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5004.233, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84775.88, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 16:49:14.438836", "run_start": "2023-09-24 16:47:44.307579", "total_execs_per_sec": 77885.6, "total_run_time": 180.15}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 951641.78, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-24 16:46:14.177658", "run_start": "2023-09-24 16:46:05.339754", "total_execs_per_sec": 795413.27, "total_run_time": 17.64}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.406, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84270.22, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-24 16:52:41.902416", "run_start": "2023-09-24 16:51:07.672987", "total_execs_per_sec": 77874.02, "total_run_time": 186.85}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 942547.06, "afl_execs_total": 14550761, "fuzzers_used": 28, "run_end": "2023-09-24 16:49:34.941484", "run_start": "2023-09-24 16:49:25.798090", "total_execs_per_sec": 794255.51, "total_run_time": 18.32}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.364, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 84210.82, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 16:56:15.463501", "run_start": "2023-09-24 16:54:39.353283", "total_execs_per_sec": 78381.6, "total_run_time": 192.27}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 931777.12, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-24 16:53:03.085166", "run_start": "2023-09-24 16:52:53.548366", "total_execs_per_sec": 793180.53, "total_run_time": 19.0}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.833, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83474.02, "afl_execs_total": 15590101, "fuzzers_used": 30, "run_end": "2023-09-24 16:59:57.179830", "run_start": "2023-09-24 16:58:18.011175", "total_execs_per_sec": 78036.34, "total_run_time": 199.78}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 904578.64, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-24 16:56:37.287359", "run_start": "2023-09-24 16:56:27.480580", "total_execs_per_sec": 793793.28, "total_run_time": 19.64}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.067, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83753.88, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 17:03:44.530794", "run_start": "2023-09-24 17:02:03.017448", "total_execs_per_sec": 78722.49, "total_run_time": 204.64}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 860768.7, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-24 17:00:19.784409", "run_start": "2023-09-24 17:00:09.599876", "total_execs_per_sec": 788921.16, "total_run_time": 20.42}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.331, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83407.92, "afl_execs_total": 16629441, "fuzzers_used": 32, "run_end": "2023-09-24 17:07:39.378291", "run_start": "2023-09-24 17:05:54.344321", "total_execs_per_sec": 78652.23, "total_run_time": 211.43}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 834314.67, "afl_execs_total": 16629441, "fuzzers_used": 32, "run_end": "2023-09-24 17:04:07.840571", "run_start": "2023-09-24 17:03:57.258412", "total_execs_per_sec": 787006.2, "total_run_time": 21.13}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.693, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83062.75, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 17:11:42.343153", "run_start": "2023-09-24 17:09:52.612804", "total_execs_per_sec": 78449.73, "total_run_time": 218.6}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 855717.74, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-24 17:08:03.634580", "run_start": "2023-09-24 17:07:52.624413", "total_execs_per_sec": 777032.62, "total_run_time": 22.07}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.462, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82323.54, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 17:15:54.292772", "run_start": "2023-09-24 17:14:00.388082", "total_execs_per_sec": 77897.81, "total_run_time": 226.82}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 853364.74, "afl_execs_total": 17668781, "fuzzers_used": 34, "run_end": "2023-09-24 17:12:07.356738", "run_start": "2023-09-24 17:11:55.831474", "total_execs_per_sec": 773928.21, "total_run_time": 22.83}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.207, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 82233.29, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-24 17:20:13.687173", "run_start": "2023-09-24 17:18:17.746089", "total_execs_per_sec": 77908.21, "total_run_time": 233.46}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 856149.98, "afl_execs_total": 18188451, "fuzzers_used": 35, "run_end": "2023-09-24 17:16:20.119782", "run_start": "2023-09-24 17:16:08.327944", "total_execs_per_sec": 769393.02, "total_run_time": 23.64}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.711, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"afl_execs_per_sec": 83213.99, "afl_execs_total": 18708148, "fuzzers_used": 36, "run_end": "2023-09-24 17:24:36.894994", "run_start": "2023-09-24 17:22:38.634589", "total_execs_per_sec": 79047.4, "total_run_time": 236.67}}, "test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 859532.49, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-24 17:20:40.112104", "run_start": "2023-09-24 17:20:28.014910", "total_execs_per_sec": 771787.13, "total_run_time": 24.24}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 15.0.7", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.545, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"afl_execs_per_sec": 8285.54, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-25 13:50:09.111113", "run_start": "2023-09-25 13:49:37.761134", "total_execs_per_sec": 8281.33, "total_run_time": 156.88}}, "test-instr-persist-shmem": {"singlecore": {"afl_execs_per_sec": 91280.21, "afl_execs_total": 1299175, "fuzzers_used": 1, "run_end": "2023-09-25 13:47:32.127167", "run_start": "2023-09-25 13:47:29.232406", "total_execs_per_sec": 90851.4, "total_run_time": 14.3}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.314, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 85586.47, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-30 07:42:00.479418", "run_start": "2023-09-30 07:41:57.396293", "total_execs_per_sec": 84636.81, "total_run_time": 6.14}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.425, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 171655.96, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-30 07:42:06.853436", "run_start": "2023-09-30 07:42:03.776562", "total_execs_per_sec": 168998.37, "total_run_time": 6.15}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.001, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 256521.42, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-30 07:42:13.270331", "run_start": "2023-09-30 07:42:10.166965", "total_execs_per_sec": 251859.45, "total_run_time": 6.19}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3327.666, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 344496.49, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-30 07:42:19.668698", "run_start": "2023-09-30 07:42:16.580126", "total_execs_per_sec": 336901.13, "total_run_time": 6.17}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.554, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 430553.78, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-30 07:42:26.076644", "run_start": "2023-09-30 07:42:22.989661", "total_execs_per_sec": 420444.98, "total_run_time": 6.18}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.151, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 517290.69, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-30 07:42:32.537905", "run_start": "2023-09-30 07:42:29.411608", "total_execs_per_sec": 500484.75, "total_run_time": 6.23}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3294.318, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 603429.02, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-30 07:42:39.059861", "run_start": "2023-09-30 07:42:35.931021", "total_execs_per_sec": 577411.11, "total_run_time": 6.3}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3448.74, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 685974.04, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-30 07:42:45.666900", "run_start": "2023-09-30 07:42:42.473287", "total_execs_per_sec": 651623.82, "total_run_time": 6.38}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.339, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 738669.0, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-30 07:42:52.784312", "run_start": "2023-09-30 07:42:49.379818", "total_execs_per_sec": 679800.87, "total_run_time": 6.88}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.018, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 810349.25, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-30 07:43:00.048425", "run_start": "2023-09-30 07:42:56.531062", "total_execs_per_sec": 739217.64, "total_run_time": 7.03}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3471.131, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 885402.32, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-30 07:43:07.364224", "run_start": "2023-09-30 07:43:03.835412", "total_execs_per_sec": 807396.89, "total_run_time": 7.08}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.582, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 961038.38, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-30 07:43:14.752012", "run_start": "2023-09-30 07:43:11.193261", "total_execs_per_sec": 872173.43, "total_run_time": 7.15}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.278, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037784.4, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-30 07:43:22.077638", "run_start": "2023-09-30 07:43:18.514879", "total_execs_per_sec": 952850.49, "total_run_time": 7.09}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3384.307, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1111727.18, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-30 07:43:29.585061", "run_start": "2023-09-30 07:43:25.974127", "total_execs_per_sec": 1000740.03, "total_run_time": 7.27}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3289.949, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1193878.8, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-30 07:43:37.079331", "run_start": "2023-09-30 07:43:33.458660", "total_execs_per_sec": 1073698.35, "total_run_time": 7.26}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.687, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1269475.91, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-30 07:43:44.640643", "run_start": "2023-09-30 07:43:40.963019", "total_execs_per_sec": 1135890.71, "total_run_time": 7.32}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.718, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1320835.4, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-30 07:43:52.612057", "run_start": "2023-09-30 07:43:48.691217", "total_execs_per_sec": 1141394.06, "total_run_time": 7.74}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.321, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1368865.62, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-30 07:44:00.765909", "run_start": "2023-09-30 07:43:56.810637", "total_execs_per_sec": 1181068.18, "total_run_time": 7.92}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3404.893, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1411475.19, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-30 07:44:08.984608", "run_start": "2023-09-30 07:44:04.978786", "total_execs_per_sec": 1235760.95, "total_run_time": 7.99}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3430.179, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1371473.76, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-30 07:44:18.226668", "run_start": "2023-09-30 07:44:13.705320", "total_execs_per_sec": 1153540.51, "total_run_time": 9.01}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.686, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1332041.97, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-30 07:44:27.722824", "run_start": "2023-09-30 07:44:23.106522", "total_execs_per_sec": 1178517.28, "total_run_time": 9.26}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.012, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1243041.86, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-30 07:44:38.175082", "run_start": "2023-09-30 07:44:33.072680", "total_execs_per_sec": 1118663.41, "total_run_time": 10.22}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3318.148, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1220434.69, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-30 07:44:49.198444", "run_start": "2023-09-30 07:44:43.788482", "total_execs_per_sec": 1107730.31, "total_run_time": 10.79}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.066, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1196276.88, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-30 07:45:00.949860", "run_start": "2023-09-30 07:44:55.207944", "total_execs_per_sec": 1083586.45, "total_run_time": 11.51}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.615, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1025499.64, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-30 07:45:16.720942", "run_start": "2023-09-30 07:45:08.965602", "total_execs_per_sec": 836558.27, "total_run_time": 15.53}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.493, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1032642.26, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-30 07:45:32.582384", "run_start": "2023-09-30 07:45:24.771210", "total_execs_per_sec": 865007.68, "total_run_time": 15.62}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3291.311, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1031647.08, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-30 07:45:48.577446", "run_start": "2023-09-30 07:45:40.724916", "total_execs_per_sec": 890862.86, "total_run_time": 15.75}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.158, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1028311.91, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-30 07:46:04.948104", "run_start": "2023-09-30 07:45:56.896793", "total_execs_per_sec": 902092.99, "total_run_time": 16.13}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.339, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1036212.6, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-30 07:46:22.013910", "run_start": "2023-09-30 07:46:13.634483", "total_execs_per_sec": 895982.76, "total_run_time": 16.82}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.896, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1042322.69, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-30 07:46:39.832515", "run_start": "2023-09-30 07:46:31.041676", "total_execs_per_sec": 886808.87, "total_run_time": 17.58}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3375.202, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1047997.08, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-30 07:46:58.278047", "run_start": "2023-09-30 07:46:49.168725", "total_execs_per_sec": 884666.12, "total_run_time": 18.21}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.366, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1056984.49, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-30 07:47:16.969303", "run_start": "2023-09-30 07:47:07.713753", "total_execs_per_sec": 901324.66, "total_run_time": 18.45}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.405, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1036325.44, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-30 07:47:39.043252", "run_start": "2023-09-30 07:47:28.121713", "total_execs_per_sec": 785575.36, "total_run_time": 21.83}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3507.854, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1053026.98, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-30 07:48:01.352860", "run_start": "2023-09-30 07:47:50.307789", "total_execs_per_sec": 800579.07, "total_run_time": 22.07}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3485.859, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1072895.06, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-30 07:48:23.763319", "run_start": "2023-09-30 07:48:12.662817", "total_execs_per_sec": 820408.21, "total_run_time": 22.17}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.606, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1085027.92, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-30 07:48:46.251174", "run_start": "2023-09-30 07:48:35.157875", "total_execs_per_sec": 841192.45, "total_run_time": 22.24}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.157, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1094717.62, "afl_execs_total": 19227790, "fuzzers_used": 37, "run_end": "2023-09-30 07:49:09.195316", "run_start": "2023-09-30 07:48:57.896581", "total_execs_per_sec": 847039.21, "total_run_time": 22.7}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.948, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1103173.32, "afl_execs_total": 19747460, "fuzzers_used": 38, "run_end": "2023-09-30 07:49:32.557795", "run_start": "2023-09-30 07:49:21.048584", "total_execs_per_sec": 854128.89, "total_run_time": 23.12}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.547, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1108812.92, "afl_execs_total": 20267130, "fuzzers_used": 39, "run_end": "2023-09-30 07:49:56.462550", "run_start": "2023-09-30 07:49:44.629586", "total_execs_per_sec": 856598.9, "total_run_time": 23.66}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.557, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1123452.65, "afl_execs_total": 20786800, "fuzzers_used": 40, "run_end": "2023-09-30 07:50:20.901030", "run_start": "2023-09-30 07:50:08.795372", "total_execs_per_sec": 859313.77, "total_run_time": 24.19}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3483.028, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1101846.02, "afl_execs_total": 21306470, "fuzzers_used": 41, "run_end": "2023-09-30 07:50:48.480926", "run_start": "2023-09-30 07:50:34.835000", "total_execs_per_sec": 779314.92, "total_run_time": 27.34}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3586.158, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1114558.66, "afl_execs_total": 21826140, "fuzzers_used": 42, "run_end": "2023-09-30 07:51:15.760441", "run_start": "2023-09-30 07:51:02.262271", "total_execs_per_sec": 807179.73, "total_run_time": 27.04}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3583.002, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1131883.25, "afl_execs_total": 22345810, "fuzzers_used": 43, "run_end": "2023-09-30 07:51:43.056693", "run_start": "2023-09-30 07:51:29.534218", "total_execs_per_sec": 826092.79, "total_run_time": 27.05}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3260.438, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1142235.48, "afl_execs_total": 22865480, "fuzzers_used": 44, "run_end": "2023-09-30 07:52:10.570117", "run_start": "2023-09-30 07:51:56.932825", "total_execs_per_sec": 838484.78, "total_run_time": 27.27}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3583.173, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1156328.81, "afl_execs_total": 23385150, "fuzzers_used": 45, "run_end": "2023-09-30 07:52:38.356804", "run_start": "2023-09-30 07:52:24.552262", "total_execs_per_sec": 849133.99, "total_run_time": 27.54}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3273.24, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1165391.02, "afl_execs_total": 23904820, "fuzzers_used": 46, "run_end": "2023-09-30 07:53:06.789449", "run_start": "2023-09-30 07:52:52.645374", "total_execs_per_sec": 847989.36, "total_run_time": 28.19}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3482.575, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1174743.04, "afl_execs_total": 24424490, "fuzzers_used": 47, "run_end": "2023-09-30 07:53:35.397560", "run_start": "2023-09-30 07:53:21.192250", "total_execs_per_sec": 861230.25, "total_run_time": 28.36}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3347.054, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1185729.9, "afl_execs_total": 24944160, "fuzzers_used": 48, "run_end": "2023-09-30 07:54:04.383033", "run_start": "2023-09-30 07:53:49.986966", "total_execs_per_sec": 867924.84, "total_run_time": 28.74}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.361, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1169711.34, "afl_execs_total": 25463830, "fuzzers_used": 49, "run_end": "2023-09-30 07:54:34.587857", "run_start": "2023-09-30 07:54:19.631476", "total_execs_per_sec": 849927.57, "total_run_time": 29.96}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3482.474, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1177314.64, "afl_execs_total": 25983500, "fuzzers_used": 50, "run_end": "2023-09-30 07:55:05.521448", "run_start": "2023-09-30 07:54:50.164260", "total_execs_per_sec": 846919.82, "total_run_time": 30.68}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.345, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1186608.73, "afl_execs_total": 26503170, "fuzzers_used": 51, "run_end": "2023-09-30 07:55:37.277650", "run_start": "2023-09-30 07:55:21.521109", "total_execs_per_sec": 841103.46, "total_run_time": 31.51}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3436.247, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1194422.5, "afl_execs_total": 27022840, "fuzzers_used": 52, "run_end": "2023-09-30 07:56:09.743581", "run_start": "2023-09-30 07:55:53.622431", "total_execs_per_sec": 838697.7, "total_run_time": 32.22}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.568, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1196372.9, "afl_execs_total": 27542510, "fuzzers_used": 53, "run_end": "2023-09-30 07:56:43.089455", "run_start": "2023-09-30 07:56:26.549970", "total_execs_per_sec": 832100.0, "total_run_time": 33.1}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.116, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1175514.11, "afl_execs_total": 28062180, "fuzzers_used": 54, "run_end": "2023-09-30 07:57:17.691328", "run_start": "2023-09-30 07:57:00.498904", "total_execs_per_sec": 816948.47, "total_run_time": 34.35}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.584, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1155052.32, "afl_execs_total": 28581850, "fuzzers_used": 55, "run_end": "2023-09-30 07:57:53.454457", "run_start": "2023-09-30 07:57:35.704817", "total_execs_per_sec": 804669.2, "total_run_time": 35.52}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.372, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1123418.49, "afl_execs_total": 29101520, "fuzzers_used": 56, "run_end": "2023-09-30 07:58:30.658431", "run_start": "2023-09-30 07:58:12.196534", "total_execs_per_sec": 787591.88, "total_run_time": 36.95}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.404, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1129169.64, "afl_execs_total": 29621190, "fuzzers_used": 57, "run_end": "2023-09-30 07:59:08.704834", "run_start": "2023-09-30 07:58:49.772727", "total_execs_per_sec": 783836.73, "total_run_time": 37.79}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3397.422, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1148164.32, "afl_execs_total": 30140860, "fuzzers_used": 58, "run_end": "2023-09-30 07:59:47.277825", "run_start": "2023-09-30 07:59:28.121769", "total_execs_per_sec": 786556.89, "total_run_time": 38.32}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.772, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1161777.14, "afl_execs_total": 30660530, "fuzzers_used": 59, "run_end": "2023-09-30 08:00:26.502901", "run_start": "2023-09-30 08:00:07.032225", "total_execs_per_sec": 786570.81, "total_run_time": 38.98}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.361, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1175533.02, "afl_execs_total": 31180200, "fuzzers_used": 60, "run_end": "2023-09-30 08:01:06.175622", "run_start": "2023-09-30 08:00:46.486423", "total_execs_per_sec": 790974.12, "total_run_time": 39.42}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3494.462, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1174935.53, "afl_execs_total": 31699870, "fuzzers_used": 61, "run_end": "2023-09-30 08:01:46.692859", "run_start": "2023-09-30 08:01:26.589025", "total_execs_per_sec": 787183.26, "total_run_time": 40.27}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3298.878, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1160942.61, "afl_execs_total": 32219540, "fuzzers_used": 62, "run_end": "2023-09-30 08:02:28.314405", "run_start": "2023-09-30 08:02:07.671002", "total_execs_per_sec": 778814.12, "total_run_time": 41.37}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.072, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1146150.48, "afl_execs_total": 32739210, "fuzzers_used": 63, "run_end": "2023-09-30 08:03:11.129083", "run_start": "2023-09-30 08:02:49.863712", "total_execs_per_sec": 769248.36, "total_run_time": 42.56}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.676, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1116830.46, "afl_execs_total": 33258880, "fuzzers_used": 64, "run_end": "2023-09-30 08:03:55.318238", "run_start": "2023-09-30 08:03:33.344369", "total_execs_per_sec": 756915.79, "total_run_time": 43.94}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.035, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1127001.77, "afl_execs_total": 33778550, "fuzzers_used": 65, "run_end": "2023-09-30 08:04:40.326651", "run_start": "2023-09-30 08:04:17.983785", "total_execs_per_sec": 754659.29, "total_run_time": 44.76}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.461, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1151098.78, "afl_execs_total": 34298220, "fuzzers_used": 66, "run_end": "2023-09-30 08:05:25.734193", "run_start": "2023-09-30 08:05:03.138414", "total_execs_per_sec": 759482.29, "total_run_time": 45.16}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3419.698, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1170464.47, "afl_execs_total": 34817890, "fuzzers_used": 67, "run_end": "2023-09-30 08:06:11.829638", "run_start": "2023-09-30 08:05:48.997654", "total_execs_per_sec": 759386.91, "total_run_time": 45.85}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3136.734, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1174994.2, "afl_execs_total": 35337560, "fuzzers_used": 68, "run_end": "2023-09-30 08:06:58.556269", "run_start": "2023-09-30 08:06:35.299237", "total_execs_per_sec": 760274.53, "total_run_time": 46.48}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.646, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1176095.72, "afl_execs_total": 35857230, "fuzzers_used": 69, "run_end": "2023-09-30 08:07:46.210785", "run_start": "2023-09-30 08:07:22.462358", "total_execs_per_sec": 756481.65, "total_run_time": 47.4}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3244.285, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1166014.8, "afl_execs_total": 36376900, "fuzzers_used": 70, "run_end": "2023-09-30 08:08:34.778952", "run_start": "2023-09-30 08:08:10.693109", "total_execs_per_sec": 752833.2, "total_run_time": 48.32}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.273, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1142873.75, "afl_execs_total": 36896570, "fuzzers_used": 71, "run_end": "2023-09-30 08:09:24.786623", "run_start": "2023-09-30 08:08:59.916409", "total_execs_per_sec": 741639.6, "total_run_time": 49.75}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.447, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1108650.01, "afl_execs_total": 37416240, "fuzzers_used": 72, "run_end": "2023-09-30 08:10:16.275929", "run_start": "2023-09-30 08:09:50.685135", "total_execs_per_sec": 730357.99, "total_run_time": 51.23}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.076, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1114721.96, "afl_execs_total": 37935910, "fuzzers_used": 73, "run_end": "2023-09-30 08:11:08.771165", "run_start": "2023-09-30 08:10:42.681867", "total_execs_per_sec": 726185.11, "total_run_time": 52.24}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3311.198, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1135673.92, "afl_execs_total": 38455580, "fuzzers_used": 74, "run_end": "2023-09-30 08:12:01.839425", "run_start": "2023-09-30 08:11:35.385025", "total_execs_per_sec": 728187.46, "total_run_time": 52.81}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.365, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1149384.99, "afl_execs_total": 38975250, "fuzzers_used": 75, "run_end": "2023-09-30 08:12:55.629355", "run_start": "2023-09-30 08:12:28.874534", "total_execs_per_sec": 728101.06, "total_run_time": 53.53}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3338.382, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1148321.67, "afl_execs_total": 39494920, "fuzzers_used": 76, "run_end": "2023-09-30 08:13:50.498609", "run_start": "2023-09-30 08:13:23.117065", "total_execs_per_sec": 723217.73, "total_run_time": 54.61}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3440.273, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1149691.56, "afl_execs_total": 40014590, "fuzzers_used": 77, "run_end": "2023-09-30 08:14:46.302511", "run_start": "2023-09-30 08:14:18.523825", "total_execs_per_sec": 720464.35, "total_run_time": 55.54}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3458.227, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1131248.45, "afl_execs_total": 40534261, "fuzzers_used": 78, "run_end": "2023-09-30 08:15:43.563759", "run_start": "2023-09-30 08:15:15.076409", "total_execs_per_sec": 711002.65, "total_run_time": 57.01}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.926, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1109039.3, "afl_execs_total": 41053930, "fuzzers_used": 79, "run_end": "2023-09-30 08:16:42.369066", "run_start": "2023-09-30 08:16:13.140837", "total_execs_per_sec": 701177.28, "total_run_time": 58.55}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3191.361, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1080599.62, "afl_execs_total": 41573600, "fuzzers_used": 80, "run_end": "2023-09-30 08:17:42.677191", "run_start": "2023-09-30 08:17:12.727147", "total_execs_per_sec": 692201.13, "total_run_time": 60.06}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.022, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1087537.14, "afl_execs_total": 42093271, "fuzzers_used": 81, "run_end": "2023-09-30 08:18:44.004042", "run_start": "2023-09-30 08:18:13.499327", "total_execs_per_sec": 689262.67, "total_run_time": 61.07}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.572, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1103324.54, "afl_execs_total": 42612948, "fuzzers_used": 82, "run_end": "2023-09-30 08:19:46.209050", "run_start": "2023-09-30 08:19:15.276096", "total_execs_per_sec": 687971.39, "total_run_time": 61.94}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3466.789, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1117042.53, "afl_execs_total": 43132617, "fuzzers_used": 83, "run_end": "2023-09-30 08:20:49.384483", "run_start": "2023-09-30 08:20:17.917252", "total_execs_per_sec": 685515.21, "total_run_time": 62.92}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.234, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1125014.12, "afl_execs_total": 43652284, "fuzzers_used": 84, "run_end": "2023-09-30 08:21:53.320907", "run_start": "2023-09-30 08:21:21.448433", "total_execs_per_sec": 685494.41, "total_run_time": 63.68}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.96, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1116969.15, "afl_execs_total": 44171951, "fuzzers_used": 85, "run_end": "2023-09-30 08:22:58.378342", "run_start": "2023-09-30 08:22:25.970462", "total_execs_per_sec": 681665.91, "total_run_time": 64.8}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3467.782, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1097984.93, "afl_execs_total": 44691621, "fuzzers_used": 86, "run_end": "2023-09-30 08:24:05.075588", "run_start": "2023-09-30 08:23:31.908866", "total_execs_per_sec": 672661.36, "total_run_time": 66.44}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.665, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1078838.87, "afl_execs_total": 45211293, "fuzzers_used": 87, "run_end": "2023-09-30 08:25:13.164891", "run_start": "2023-09-30 08:24:39.305049", "total_execs_per_sec": 666538.3, "total_run_time": 67.83}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.332, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1042803.71, "afl_execs_total": 45730960, "fuzzers_used": 88, "run_end": "2023-09-30 08:26:22.957333", "run_start": "2023-09-30 08:25:48.212315", "total_execs_per_sec": 657715.52, "total_run_time": 69.53}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.928, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1046576.83, "afl_execs_total": 46250640, "fuzzers_used": 89, "run_end": "2023-09-30 08:27:33.938142", "run_start": "2023-09-30 08:26:58.577562", "total_execs_per_sec": 653996.61, "total_run_time": 70.72}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3522.561, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1068351.7, "afl_execs_total": 46770324, "fuzzers_used": 90, "run_end": "2023-09-30 08:28:45.597413", "run_start": "2023-09-30 08:28:09.939130", "total_execs_per_sec": 655046.55, "total_run_time": 71.4}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.089, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1080013.5, "afl_execs_total": 47289998, "fuzzers_used": 91, "run_end": "2023-09-30 08:29:58.294481", "run_start": "2023-09-30 08:29:22.096659", "total_execs_per_sec": 652906.23, "total_run_time": 72.43}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3269.827, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1081167.39, "afl_execs_total": 47809665, "fuzzers_used": 92, "run_end": "2023-09-30 08:31:11.684574", "run_start": "2023-09-30 08:30:35.095972", "total_execs_per_sec": 653852.09, "total_run_time": 73.12}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3447.482, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1070973.26, "afl_execs_total": 48329336, "fuzzers_used": 93, "run_end": "2023-09-30 08:32:26.267744", "run_start": "2023-09-30 08:31:49.142267", "total_execs_per_sec": 650287.08, "total_run_time": 74.32}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3470.833, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1053030.28, "afl_execs_total": 48848999, "fuzzers_used": 94, "run_end": "2023-09-30 08:33:42.312925", "run_start": "2023-09-30 08:33:04.442262", "total_execs_per_sec": 644615.98, "total_run_time": 75.78}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1034504.5, "afl_execs_total": 49368674, "fuzzers_used": 95, "run_end": "2023-09-30 08:35:00.145805", "run_start": "2023-09-30 08:34:21.460276", "total_execs_per_sec": 636440.3, "total_run_time": 77.57}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3366.601, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1007683.3, "afl_execs_total": 49888346, "fuzzers_used": 96, "run_end": "2023-09-30 08:36:19.640445", "run_start": "2023-09-30 08:35:40.102098", "total_execs_per_sec": 629664.85, "total_run_time": 79.23}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.618, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 997018.04, "afl_execs_total": 50408018, "fuzzers_used": 97, "run_end": "2023-09-30 08:37:40.724155", "run_start": "2023-09-30 08:37:00.290624", "total_execs_per_sec": 623707.23, "total_run_time": 80.82}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3358.197, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 991342.84, "afl_execs_total": 50927689, "fuzzers_used": 98, "run_end": "2023-09-30 08:39:03.174335", "run_start": "2023-09-30 08:38:22.103029", "total_execs_per_sec": 619633.64, "total_run_time": 82.19}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3376.095, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 983069.24, "afl_execs_total": 51447361, "fuzzers_used": 99, "run_end": "2023-09-30 08:40:27.215545", "run_start": "2023-09-30 08:39:45.346987", "total_execs_per_sec": 614150.19, "total_run_time": 83.77}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3420.112, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 977406.74, "afl_execs_total": 51967032, "fuzzers_used": 100, "run_end": "2023-09-30 08:41:52.597386", "run_start": "2023-09-30 08:41:09.937149", "total_execs_per_sec": 610514.94, "total_run_time": 85.12}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.649, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 971727.88, "afl_execs_total": 52486701, "fuzzers_used": 101, "run_end": "2023-09-30 08:43:19.643290", "run_start": "2023-09-30 08:42:36.266413", "total_execs_per_sec": 604824.86, "total_run_time": 86.78}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3261.563, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 968460.76, "afl_execs_total": 53006376, "fuzzers_used": 102, "run_end": "2023-09-30 08:44:48.432617", "run_start": "2023-09-30 08:44:04.055751", "total_execs_per_sec": 598739.14, "total_run_time": 88.53}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3520.756, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 954469.58, "afl_execs_total": 53526047, "fuzzers_used": 103, "run_end": "2023-09-30 08:46:19.604517", "run_start": "2023-09-30 08:45:34.043549", "total_execs_per_sec": 588780.63, "total_run_time": 90.91}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.248, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 943024.3, "afl_execs_total": 54045717, "fuzzers_used": 104, "run_end": "2023-09-30 08:47:53.270334", "run_start": "2023-09-30 08:47:06.453929", "total_execs_per_sec": 578647.93, "total_run_time": 93.4}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.219, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 936316.68, "afl_execs_total": 54565393, "fuzzers_used": 105, "run_end": "2023-09-30 08:49:28.619236", "run_start": "2023-09-30 08:48:41.107925", "total_execs_per_sec": 573889.28, "total_run_time": 95.08}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.369, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 931754.86, "afl_execs_total": 55085050, "fuzzers_used": 106, "run_end": "2023-09-30 08:51:05.597415", "run_start": "2023-09-30 08:50:17.363328", "total_execs_per_sec": 569590.01, "total_run_time": 96.71}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.281, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 928478.76, "afl_execs_total": 55604720, "fuzzers_used": 107, "run_end": "2023-09-30 08:52:43.989153", "run_start": "2023-09-30 08:51:54.966602", "total_execs_per_sec": 566701.18, "total_run_time": 98.12}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.391, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 923691.78, "afl_execs_total": 56124404, "fuzzers_used": 108, "run_end": "2023-09-30 08:54:23.819224", "run_start": "2023-09-30 08:53:34.061518", "total_execs_per_sec": 563724.43, "total_run_time": 99.56}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.525, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 914882.34, "afl_execs_total": 56644070, "fuzzers_used": 109, "run_end": "2023-09-30 08:56:05.695328", "run_start": "2023-09-30 08:55:14.890641", "total_execs_per_sec": 557465.51, "total_run_time": 101.61}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.336, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 911923.46, "afl_execs_total": 57163749, "fuzzers_used": 110, "run_end": "2023-09-30 08:57:49.444640", "run_start": "2023-09-30 08:56:57.631549", "total_execs_per_sec": 552413.5, "total_run_time": 103.48}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3490.214, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 901729.55, "afl_execs_total": 57683414, "fuzzers_used": 111, "run_end": "2023-09-30 08:59:35.842064", "run_start": "2023-09-30 08:58:42.750875", "total_execs_per_sec": 543516.57, "total_run_time": 106.13}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3285.647, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 894015.0, "afl_execs_total": 58203073, "fuzzers_used": 112, "run_end": "2023-09-30 09:01:24.623111", "run_start": "2023-09-30 09:00:30.323945", "total_execs_per_sec": 536334.99, "total_run_time": 108.52}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.685, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 890563.82, "afl_execs_total": 58722735, "fuzzers_used": 113, "run_end": "2023-09-30 09:03:14.866468", "run_start": "2023-09-30 09:02:19.916191", "total_execs_per_sec": 533940.13, "total_run_time": 109.98}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.408, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 886390.78, "afl_execs_total": 59242401, "fuzzers_used": 114, "run_end": "2023-09-30 09:05:06.759276", "run_start": "2023-09-30 09:04:10.963339", "total_execs_per_sec": 530750.77, "total_run_time": 111.62}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3361.694, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 881563.32, "afl_execs_total": 59762077, "fuzzers_used": 115, "run_end": "2023-09-30 09:07:00.456133", "run_start": "2023-09-30 09:06:03.753481", "total_execs_per_sec": 526863.06, "total_run_time": 113.43}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3125.151, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 879299.68, "afl_execs_total": 60281743, "fuzzers_used": 116, "run_end": "2023-09-30 09:08:55.616474", "run_start": "2023-09-30 09:07:58.153008", "total_execs_per_sec": 524690.95, "total_run_time": 114.89}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.31, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 873340.51, "afl_execs_total": 60801413, "fuzzers_used": 117, "run_end": "2023-09-30 09:10:52.737105", "run_start": "2023-09-30 09:09:54.279802", "total_execs_per_sec": 520337.3, "total_run_time": 116.85}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.47, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 871261.33, "afl_execs_total": 61321088, "fuzzers_used": 118, "run_end": "2023-09-30 09:12:51.598087", "run_start": "2023-09-30 09:11:52.384580", "total_execs_per_sec": 517084.81, "total_run_time": 118.59}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3284.117, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 862698.42, "afl_execs_total": 61840752, "fuzzers_used": 119, "run_end": "2023-09-30 09:14:52.868426", "run_start": "2023-09-30 09:13:52.363777", "total_execs_per_sec": 511080.6, "total_run_time": 121.0}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3356.592, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 861926.52, "afl_execs_total": 62360421, "fuzzers_used": 120, "run_end": "2023-09-30 09:16:56.074463", "run_start": "2023-09-30 09:15:54.637201", "total_execs_per_sec": 507242.73, "total_run_time": 122.94}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.621, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 859897.54, "afl_execs_total": 62880078, "fuzzers_used": 121, "run_end": "2023-09-30 09:19:00.972269", "run_start": "2023-09-30 09:17:58.634785", "total_execs_per_sec": 504534.04, "total_run_time": 124.63}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.388, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 856561.02, "afl_execs_total": 63399742, "fuzzers_used": 122, "run_end": "2023-09-30 09:21:07.399148", "run_start": "2023-09-30 09:20:04.336577", "total_execs_per_sec": 502534.42, "total_run_time": 126.16}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3436.902, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 850903.17, "afl_execs_total": 63919412, "fuzzers_used": 123, "run_end": "2023-09-30 09:23:15.587700", "run_start": "2023-09-30 09:22:11.621078", "total_execs_per_sec": 499682.71, "total_run_time": 127.92}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3253.219, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 850346.15, "afl_execs_total": 64439082, "fuzzers_used": 124, "run_end": "2023-09-30 09:25:25.067423", "run_start": "2023-09-30 09:24:20.478344", "total_execs_per_sec": 498715.9, "total_run_time": 129.21}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3414.153, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 846672.06, "afl_execs_total": 64958753, "fuzzers_used": 125, "run_end": "2023-09-30 09:27:36.609671", "run_start": "2023-09-30 09:26:31.031010", "total_execs_per_sec": 494848.43, "total_run_time": 131.27}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3361.171, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 842352.56, "afl_execs_total": 65478422, "fuzzers_used": 126, "run_end": "2023-09-30 09:29:50.384235", "run_start": "2023-09-30 09:28:43.637795", "total_execs_per_sec": 490438.33, "total_run_time": 133.51}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.553, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 841389.58, "afl_execs_total": 65998096, "fuzzers_used": 127, "run_end": "2023-09-30 09:32:06.515931", "run_start": "2023-09-30 09:30:58.540071", "total_execs_per_sec": 485780.19, "total_run_time": 135.86}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.887, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 836905.42, "afl_execs_total": 66517765, "fuzzers_used": 128, "run_end": "2023-09-30 09:34:24.980686", "run_start": "2023-09-30 09:33:15.797293", "total_execs_per_sec": 481315.23, "total_run_time": 138.2}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.465, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 834743.9, "afl_execs_total": 67037434, "fuzzers_used": 129, "run_end": "2023-09-30 09:36:46.435200", "run_start": "2023-09-30 09:35:35.764007", "total_execs_per_sec": 474836.62, "total_run_time": 141.18}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.312, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 830905.96, "afl_execs_total": 67557108, "fuzzers_used": 130, "run_end": "2023-09-30 09:39:09.175069", "run_start": "2023-09-30 09:37:57.952748", "total_execs_per_sec": 474184.8, "total_run_time": 142.47}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.256, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 829125.23, "afl_execs_total": 68076777, "fuzzers_used": 131, "run_end": "2023-09-30 09:41:33.102326", "run_start": "2023-09-30 09:40:21.290465", "total_execs_per_sec": 473874.27, "total_run_time": 143.66}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.987, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 827119.83, "afl_execs_total": 68596445, "fuzzers_used": 132, "run_end": "2023-09-30 09:43:58.332276", "run_start": "2023-09-30 09:42:45.862863", "total_execs_per_sec": 473242.12, "total_run_time": 144.95}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.313, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 824512.38, "afl_execs_total": 69116119, "fuzzers_used": 133, "run_end": "2023-09-30 09:46:25.412623", "run_start": "2023-09-30 09:45:11.961025", "total_execs_per_sec": 470786.18, "total_run_time": 146.81}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3601.545, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 822633.13, "afl_execs_total": 69635789, "fuzzers_used": 134, "run_end": "2023-09-30 09:48:54.930720", "run_start": "2023-09-30 09:47:40.272277", "total_execs_per_sec": 466571.45, "total_run_time": 149.25}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.861, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 822762.5, "afl_execs_total": 70155458, "fuzzers_used": 135, "run_end": "2023-09-30 09:51:26.289563", "run_start": "2023-09-30 09:50:10.658195", "total_execs_per_sec": 464328.93, "total_run_time": 151.09}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.701, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 819249.23, "afl_execs_total": 70675127, "fuzzers_used": 136, "run_end": "2023-09-30 09:53:59.678505", "run_start": "2023-09-30 09:52:43.109615", "total_execs_per_sec": 461566.92, "total_run_time": 153.12}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.611, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 817302.54, "afl_execs_total": 71194798, "fuzzers_used": 137, "run_end": "2023-09-30 09:56:34.611434", "run_start": "2023-09-30 09:55:17.255797", "total_execs_per_sec": 460331.04, "total_run_time": 154.66}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3273.527, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 816863.92, "afl_execs_total": 71714472, "fuzzers_used": 138, "run_end": "2023-09-30 09:59:10.993943", "run_start": "2023-09-30 09:57:53.026005", "total_execs_per_sec": 459384.23, "total_run_time": 156.11}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3275.624, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 813984.08, "afl_execs_total": 72234141, "fuzzers_used": 139, "run_end": "2023-09-30 10:01:48.858927", "run_start": "2023-09-30 10:00:30.038969", "total_execs_per_sec": 458367.54, "total_run_time": 157.59}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.294, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 814541.2, "afl_execs_total": 72753811, "fuzzers_used": 140, "run_end": "2023-09-30 10:04:28.031191", "run_start": "2023-09-30 10:03:08.621431", "total_execs_per_sec": 457859.1, "total_run_time": 158.9}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.971, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 810988.78, "afl_execs_total": 73273485, "fuzzers_used": 141, "run_end": "2023-09-30 10:07:09.005858", "run_start": "2023-09-30 10:05:48.622814", "total_execs_per_sec": 455964.44, "total_run_time": 160.7}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3308.444, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 810061.77, "afl_execs_total": 73793151, "fuzzers_used": 142, "run_end": "2023-09-30 10:09:51.125760", "run_start": "2023-09-30 10:08:30.176106", "total_execs_per_sec": 455935.44, "total_run_time": 161.85}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.07, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 809156.3, "afl_execs_total": 74312818, "fuzzers_used": 143, "run_end": "2023-09-30 10:12:35.031056", "run_start": "2023-09-30 10:11:13.100914", "total_execs_per_sec": 454179.31, "total_run_time": 163.62}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.348, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 805410.96, "afl_execs_total": 74832495, "fuzzers_used": 144, "run_end": "2023-09-30 10:15:20.827022", "run_start": "2023-09-30 10:13:57.994693", "total_execs_per_sec": 452105.46, "total_run_time": 165.52}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.621, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 800032.28, "afl_execs_total": 75352170, "fuzzers_used": 145, "run_end": "2023-09-30 10:18:09.037693", "run_start": "2023-09-30 10:16:44.981253", "total_execs_per_sec": 448711.78, "total_run_time": 167.93}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.84, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 790963.48, "afl_execs_total": 75871845, "fuzzers_used": 146, "run_end": "2023-09-30 10:20:59.881118", "run_start": "2023-09-30 10:19:34.510855", "total_execs_per_sec": 444813.54, "total_run_time": 170.57}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.834, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 781345.59, "afl_execs_total": 76391506, "fuzzers_used": 147, "run_end": "2023-09-30 10:23:53.423727", "run_start": "2023-09-30 10:22:26.766448", "total_execs_per_sec": 440906.76, "total_run_time": 173.26}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3410.167, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 775327.12, "afl_execs_total": 76911176, "fuzzers_used": 148, "run_end": "2023-09-30 10:26:49.498429", "run_start": "2023-09-30 10:25:21.525545", "total_execs_per_sec": 437492.47, "total_run_time": 175.8}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3206.588, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 761211.59, "afl_execs_total": 77430859, "fuzzers_used": 149, "run_end": "2023-09-30 10:29:49.778335", "run_start": "2023-09-30 10:28:19.704665", "total_execs_per_sec": 430171.44, "total_run_time": 180.0}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.526, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 746341.24, "afl_execs_total": 77950520, "fuzzers_used": 150, "run_end": "2023-09-30 10:32:54.980945", "run_start": "2023-09-30 10:31:22.480794", "total_execs_per_sec": 421536.45, "total_run_time": 184.92}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3318.45, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 732544.52, "afl_execs_total": 78470193, "fuzzers_used": 151, "run_end": "2023-09-30 10:36:04.848674", "run_start": "2023-09-30 10:34:30.030288", "total_execs_per_sec": 413894.16, "total_run_time": 189.59}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.203, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 716668.71, "afl_execs_total": 78989859, "fuzzers_used": 152, "run_end": "2023-09-30 10:39:20.378787", "run_start": "2023-09-30 10:37:42.681671", "total_execs_per_sec": 404557.54, "total_run_time": 195.25}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.599, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 711764.46, "afl_execs_total": 79509537, "fuzzers_used": 153, "run_end": "2023-09-30 10:42:38.512166", "run_start": "2023-09-30 10:40:59.546892", "total_execs_per_sec": 401867.76, "total_run_time": 197.85}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3398.079, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 705019.7, "afl_execs_total": 80029204, "fuzzers_used": 154, "run_end": "2023-09-30 10:45:59.339304", "run_start": "2023-09-30 10:44:19.127854", "total_execs_per_sec": 399068.53, "total_run_time": 200.54}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.279, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 699393.58, "afl_execs_total": 80548882, "fuzzers_used": 155, "run_end": "2023-09-30 10:49:22.803103", "run_start": "2023-09-30 10:47:41.186000", "total_execs_per_sec": 396441.0, "total_run_time": 203.18}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3594.454, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 695765.06, "afl_execs_total": 81068552, "fuzzers_used": 156, "run_end": "2023-09-30 10:52:48.613257", "run_start": "2023-09-30 10:51:05.825800", "total_execs_per_sec": 394436.59, "total_run_time": 205.53}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3564.62, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 684256.6, "afl_execs_total": 81588223, "fuzzers_used": 157, "run_end": "2023-09-30 10:56:18.728250", "run_start": "2023-09-30 10:54:33.718953", "total_execs_per_sec": 388811.59, "total_run_time": 209.84}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.622, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 670310.7, "afl_execs_total": 82107888, "fuzzers_used": 158, "run_end": "2023-09-30 10:59:53.586577", "run_start": "2023-09-30 10:58:06.300789", "total_execs_per_sec": 382644.65, "total_run_time": 214.58}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.231, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 662122.52, "afl_execs_total": 82627562, "fuzzers_used": 159, "run_end": "2023-09-30 11:03:32.597265", "run_start": "2023-09-30 11:01:43.188367", "total_execs_per_sec": 377760.54, "total_run_time": 218.73}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3145.96, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 647377.08, "afl_execs_total": 83147234, "fuzzers_used": 160, "run_end": "2023-09-30 11:07:17.127615", "run_start": "2023-09-30 11:05:24.903690", "total_execs_per_sec": 370779.19, "total_run_time": 224.25}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3362.788, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 643549.36, "afl_execs_total": 83666905, "fuzzers_used": 161, "run_end": "2023-09-30 11:11:04.351861", "run_start": "2023-09-30 11:09:10.831265", "total_execs_per_sec": 368674.12, "total_run_time": 226.94}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.202, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 636156.58, "afl_execs_total": 84186573, "fuzzers_used": 162, "run_end": "2023-09-30 11:14:54.503571", "run_start": "2023-09-30 11:12:59.508979", "total_execs_per_sec": 366235.58, "total_run_time": 229.87}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.736, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 628362.66, "afl_execs_total": 84706245, "fuzzers_used": 163, "run_end": "2023-09-30 11:18:47.774086", "run_start": "2023-09-30 11:16:51.217211", "total_execs_per_sec": 363561.72, "total_run_time": 232.99}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.06, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 624514.0, "afl_execs_total": 85225920, "fuzzers_used": 164, "run_end": "2023-09-30 11:22:43.395749", "run_start": "2023-09-30 11:20:45.667702", "total_execs_per_sec": 362139.54, "total_run_time": 235.34}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.6, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 613472.25, "afl_execs_total": 85745594, "fuzzers_used": 165, "run_end": "2023-09-30 11:26:43.417976", "run_start": "2023-09-30 11:24:43.470475", "total_execs_per_sec": 357660.77, "total_run_time": 239.74}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3195.125, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 600511.17, "afl_execs_total": 86265258, "fuzzers_used": 166, "run_end": "2023-09-30 11:30:48.288321", "run_start": "2023-09-30 11:28:45.936037", "total_execs_per_sec": 352693.32, "total_run_time": 244.59}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.147, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 589155.5, "afl_execs_total": 86784920, "fuzzers_used": 167, "run_end": "2023-09-30 11:34:57.997816", "run_start": "2023-09-30 11:32:53.179262", "total_execs_per_sec": 347932.97, "total_run_time": 249.43}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.233, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 573492.37, "afl_execs_total": 87304593, "fuzzers_used": 168, "run_end": "2023-09-30 11:39:13.948596", "run_start": "2023-09-30 11:37:06.077352", "total_execs_per_sec": 341473.75, "total_run_time": 255.67}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.017, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 565721.98, "afl_execs_total": 87824263, "fuzzers_used": 169, "run_end": "2023-09-30 11:43:32.944634", "run_start": "2023-09-30 11:41:23.519337", "total_execs_per_sec": 339469.92, "total_run_time": 258.71}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3385.57, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 555298.16, "afl_execs_total": 88343932, "fuzzers_used": 170, "run_end": "2023-09-30 11:47:55.581861", "run_start": "2023-09-30 11:45:44.323973", "total_execs_per_sec": 336740.74, "total_run_time": 262.35}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.642, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 545279.91, "afl_execs_total": 88863604, "fuzzers_used": 171, "run_end": "2023-09-30 11:52:21.793580", "run_start": "2023-09-30 11:50:08.736546", "total_execs_per_sec": 334174.2, "total_run_time": 265.92}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.36, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 540755.64, "afl_execs_total": 89383276, "fuzzers_used": 172, "run_end": "2023-09-30 11:56:50.885860", "run_start": "2023-09-30 11:54:36.352451", "total_execs_per_sec": 332514.7, "total_run_time": 268.81}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3327.926, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 525250.31, "afl_execs_total": 89902937, "fuzzers_used": 173, "run_end": "2023-09-30 12:01:25.609071", "run_start": "2023-09-30 11:59:08.281162", "total_execs_per_sec": 327586.86, "total_run_time": 274.44}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.35, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 510966.04, "afl_execs_total": 90422604, "fuzzers_used": 174, "run_end": "2023-09-30 12:06:06.195059", "run_start": "2023-09-30 12:03:46.024130", "total_execs_per_sec": 322592.24, "total_run_time": 280.3}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.625, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 499732.24, "afl_execs_total": 90942279, "fuzzers_used": 175, "run_end": "2023-09-30 12:10:52.387827", "run_start": "2023-09-30 12:08:29.338056", "total_execs_per_sec": 318080.09, "total_run_time": 285.91}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3410.072, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 484949.79, "afl_execs_total": 91461945, "fuzzers_used": 176, "run_end": "2023-09-30 12:15:44.879463", "run_start": "2023-09-30 12:13:18.664380", "total_execs_per_sec": 313000.74, "total_run_time": 292.21}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.954, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 474380.12, "afl_execs_total": 91981613, "fuzzers_used": 177, "run_end": "2023-09-30 12:20:40.703316", "run_start": "2023-09-30 12:18:12.953826", "total_execs_per_sec": 311232.36, "total_run_time": 295.54}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3354.443, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 462356.4, "afl_execs_total": 92501281, "fuzzers_used": 178, "run_end": "2023-09-30 12:25:40.362195", "run_start": "2023-09-30 12:23:10.582350", "total_execs_per_sec": 308986.47, "total_run_time": 299.37}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.767, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 452096.2, "afl_execs_total": 93020952, "fuzzers_used": 179, "run_end": "2023-09-30 12:30:43.681516", "run_start": "2023-09-30 12:28:12.170741", "total_execs_per_sec": 306959.32, "total_run_time": 303.04}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.296, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 447312.96, "afl_execs_total": 93540623, "fuzzers_used": 180, "run_end": "2023-09-30 12:35:50.105344", "run_start": "2023-09-30 12:33:16.986820", "total_execs_per_sec": 305548.52, "total_run_time": 306.14}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3345.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 432373.06, "afl_execs_total": 94060296, "fuzzers_used": 181, "run_end": "2023-09-30 12:41:02.298418", "run_start": "2023-09-30 12:38:26.249052", "total_execs_per_sec": 301571.97, "total_run_time": 311.9}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.4, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 415162.5, "afl_execs_total": 94579958, "fuzzers_used": 182, "run_end": "2023-09-30 12:46:20.940868", "run_start": "2023-09-30 12:43:41.732112", "total_execs_per_sec": 297094.26, "total_run_time": 318.35}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.462, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 404641.36, "afl_execs_total": 95099627, "fuzzers_used": 183, "run_end": "2023-09-30 12:51:45.127309", "run_start": "2023-09-30 12:49:03.108772", "total_execs_per_sec": 293607.99, "total_run_time": 323.9}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.402, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 386862.7, "afl_execs_total": 95619305, "fuzzers_used": 184, "run_end": "2023-09-30 12:57:16.947024", "run_start": "2023-09-30 12:54:31.189986", "total_execs_per_sec": 288418.26, "total_run_time": 331.53}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.747, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 383084.4, "afl_execs_total": 96138965, "fuzzers_used": 185, "run_end": "2023-09-30 13:02:51.781939", "run_start": "2023-09-30 13:00:04.541072", "total_execs_per_sec": 287368.0, "total_run_time": 334.55}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.117, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 377706.1, "afl_execs_total": 96658643, "fuzzers_used": 186, "run_end": "2023-09-30 13:08:30.207657", "run_start": "2023-09-30 13:05:41.145593", "total_execs_per_sec": 285853.92, "total_run_time": 338.14}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.081, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 371416.68, "afl_execs_total": 97178312, "fuzzers_used": 187, "run_end": "2023-09-30 13:14:12.257097", "run_start": "2023-09-30 13:11:21.263677", "total_execs_per_sec": 284346.65, "total_run_time": 341.76}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.976, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 368708.34, "afl_execs_total": 97697985, "fuzzers_used": 188, "run_end": "2023-09-30 13:19:57.606285", "run_start": "2023-09-30 13:17:05.006166", "total_execs_per_sec": 283141.53, "total_run_time": 345.05}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.902, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 359967.99, "afl_execs_total": 98217659, "fuzzers_used": 189, "run_end": "2023-09-30 13:25:48.697394", "run_start": "2023-09-30 13:22:53.296224", "total_execs_per_sec": 279981.92, "total_run_time": 350.8}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.575, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 347526.07, "afl_execs_total": 98737339, "fuzzers_used": 190, "run_end": "2023-09-30 13:31:45.896768", "run_start": "2023-09-30 13:28:47.350917", "total_execs_per_sec": 276644.92, "total_run_time": 356.91}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.408, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 338602.2, "afl_execs_total": 99256999, "fuzzers_used": 191, "run_end": "2023-09-30 13:37:49.247720", "run_start": "2023-09-30 13:34:47.689569", "total_execs_per_sec": 273390.07, "total_run_time": 363.06}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.228, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 326219.13, "afl_execs_total": 99776669, "fuzzers_used": 192, "run_end": "2023-09-30 13:44:00.218035", "run_start": "2023-09-30 13:40:54.931667", "total_execs_per_sec": 269171.98, "total_run_time": 370.68}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.629, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 325790.1, "afl_execs_total": 100296342, "fuzzers_used": 193, "run_end": "2023-09-30 13:50:13.580456", "run_start": "2023-09-30 13:47:07.068488", "total_execs_per_sec": 268840.54, "total_run_time": 373.07}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.402, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 325312.01, "afl_execs_total": 100816010, "fuzzers_used": 194, "run_end": "2023-09-30 13:56:29.550017", "run_start": "2023-09-30 13:53:21.762745", "total_execs_per_sec": 268356.07, "total_run_time": 375.68}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3407.125, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 324605.64, "afl_execs_total": 101335681, "fuzzers_used": 195, "run_end": "2023-09-30 14:02:48.207312", "run_start": "2023-09-30 13:59:39.186912", "total_execs_per_sec": 267821.66, "total_run_time": 378.37}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.322, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 322111.38, "afl_execs_total": 101855364, "fuzzers_used": 196, "run_end": "2023-09-30 14:09:10.506032", "run_start": "2023-09-30 14:05:58.934115", "total_execs_per_sec": 266630.1, "total_run_time": 382.01}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.383, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 322211.61, "afl_execs_total": 102375028, "fuzzers_used": 197, "run_end": "2023-09-30 14:15:35.121380", "run_start": "2023-09-30 14:12:22.331631", "total_execs_per_sec": 266379.65, "total_run_time": 384.32}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3431.415, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 318591.15, "afl_execs_total": 102894698, "fuzzers_used": 198, "run_end": "2023-09-30 14:22:04.616743", "run_start": "2023-09-30 14:18:49.922710", "total_execs_per_sec": 264374.87, "total_run_time": 389.2}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.372, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 318754.13, "afl_execs_total": 103414368, "fuzzers_used": 199, "run_end": "2023-09-30 14:28:35.889700", "run_start": "2023-09-30 14:25:20.243692", "total_execs_per_sec": 264500.4, "total_run_time": 390.98}}}} -{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.618, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 315160.68, "afl_execs_total": 103934040, "fuzzers_used": 200, "run_end": "2023-09-30 14:35:12.352989", "run_start": "2023-09-30 14:31:54.098330", "total_execs_per_sec": 262347.07, "total_run_time": 396.17}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3267.656, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 107126.58, "afl_execs_total": 519670, "fuzzers_used": 1, "run_end": "2023-09-30 22:49:12.547219", "run_start": "2023-09-30 22:49:10.096555", "total_execs_per_sec": 105839.1, "total_run_time": 4.91}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3531.38, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 214213.66, "afl_execs_total": 1039340, "fuzzers_used": 2, "run_end": "2023-09-30 22:49:17.694180", "run_start": "2023-09-30 22:49:15.237982", "total_execs_per_sec": 210819.47, "total_run_time": 4.93}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.314, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 322468.69, "afl_execs_total": 1559010, "fuzzers_used": 3, "run_end": "2023-09-30 22:49:22.842681", "run_start": "2023-09-30 22:49:20.375718", "total_execs_per_sec": 316229.21, "total_run_time": 4.93}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.382, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 427406.37, "afl_execs_total": 2078680, "fuzzers_used": 4, "run_end": "2023-09-30 22:49:28.091611", "run_start": "2023-09-30 22:49:25.564125", "total_execs_per_sec": 413256.46, "total_run_time": 5.03}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3221.769, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 535728.44, "afl_execs_total": 2598350, "fuzzers_used": 5, "run_end": "2023-09-30 22:49:33.328021", "run_start": "2023-09-30 22:49:30.817882", "total_execs_per_sec": 518632.73, "total_run_time": 5.01}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.505, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 643227.5, "afl_execs_total": 3118020, "fuzzers_used": 6, "run_end": "2023-09-30 22:49:38.581723", "run_start": "2023-09-30 22:49:36.062567", "total_execs_per_sec": 619884.69, "total_run_time": 5.03}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3221.915, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 746997.96, "afl_execs_total": 3637690, "fuzzers_used": 7, "run_end": "2023-09-30 22:49:43.987994", "run_start": "2023-09-30 22:49:41.431718", "total_execs_per_sec": 702256.76, "total_run_time": 5.18}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.678, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 852324.44, "afl_execs_total": 4157360, "fuzzers_used": 8, "run_end": "2023-09-30 22:49:49.379965", "run_start": "2023-09-30 22:49:46.773943", "total_execs_per_sec": 804131.53, "total_run_time": 5.17}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.274, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 898199.42, "afl_execs_total": 4677030, "fuzzers_used": 9, "run_end": "2023-09-30 22:49:55.133483", "run_start": "2023-09-30 22:49:52.384368", "total_execs_per_sec": 847288.04, "total_run_time": 5.52}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3351.732, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 994921.42, "afl_execs_total": 5196700, "fuzzers_used": 10, "run_end": "2023-09-30 22:50:00.874999", "run_start": "2023-09-30 22:49:58.098412", "total_execs_per_sec": 943139.75, "total_run_time": 5.51}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3486.535, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1086491.72, "afl_execs_total": 5716370, "fuzzers_used": 11, "run_end": "2023-09-30 22:50:06.680198", "run_start": "2023-09-30 22:50:03.896582", "total_execs_per_sec": 1024439.07, "total_run_time": 5.58}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3368.357, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1188114.32, "afl_execs_total": 6236040, "fuzzers_used": 12, "run_end": "2023-09-30 22:50:12.511798", "run_start": "2023-09-30 22:50:09.709245", "total_execs_per_sec": 1113578.57, "total_run_time": 5.6}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3419.592, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1275638.92, "afl_execs_total": 6755710, "fuzzers_used": 13, "run_end": "2023-09-30 22:50:18.551634", "run_start": "2023-09-30 22:50:15.697220", "total_execs_per_sec": 1162772.81, "total_run_time": 5.81}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3422.898, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1373504.32, "afl_execs_total": 7275380, "fuzzers_used": 14, "run_end": "2023-09-30 22:50:24.528330", "run_start": "2023-09-30 22:50:21.655863", "total_execs_per_sec": 1265283.48, "total_run_time": 5.75}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.124, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1456611.99, "afl_execs_total": 7795050, "fuzzers_used": 15, "run_end": "2023-09-30 22:50:30.552669", "run_start": "2023-09-30 22:50:27.646950", "total_execs_per_sec": 1346295.34, "total_run_time": 5.79}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3409.107, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1547050.37, "afl_execs_total": 8314720, "fuzzers_used": 16, "run_end": "2023-09-30 22:50:36.633662", "run_start": "2023-09-30 22:50:33.711668", "total_execs_per_sec": 1421319.66, "total_run_time": 5.85}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.587, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1556304.25, "afl_execs_total": 8834390, "fuzzers_used": 17, "run_end": "2023-09-30 22:50:43.228730", "run_start": "2023-09-30 22:50:40.078655", "total_execs_per_sec": 1389055.03, "total_run_time": 6.36}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3222.039, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1498337.65, "afl_execs_total": 9354060, "fuzzers_used": 18, "run_end": "2023-09-30 22:50:50.456797", "run_start": "2023-09-30 22:50:46.953750", "total_execs_per_sec": 1336294.29, "total_run_time": 7.0}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.285, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1480610.39, "afl_execs_total": 9873730, "fuzzers_used": 19, "run_end": "2023-09-30 22:50:57.979779", "run_start": "2023-09-30 22:50:54.340048", "total_execs_per_sec": 1354421.12, "total_run_time": 7.29}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3312.738, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1442181.26, "afl_execs_total": 10393400, "fuzzers_used": 20, "run_end": "2023-09-30 22:51:05.961693", "run_start": "2023-09-30 22:51:02.116378", "total_execs_per_sec": 1341083.87, "total_run_time": 7.75}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3518.757, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1380390.08, "afl_execs_total": 10913070, "fuzzers_used": 21, "run_end": "2023-09-30 22:51:14.802876", "run_start": "2023-09-30 22:51:10.511741", "total_execs_per_sec": 1267487.8, "total_run_time": 8.61}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.613, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1315149.42, "afl_execs_total": 11432740, "fuzzers_used": 22, "run_end": "2023-09-30 22:51:24.344470", "run_start": "2023-09-30 22:51:19.707252", "total_execs_per_sec": 1228006.44, "total_run_time": 9.31}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.752, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1250840.52, "afl_execs_total": 11952410, "fuzzers_used": 23, "run_end": "2023-09-30 22:51:34.839206", "run_start": "2023-09-30 22:51:29.711462", "total_execs_per_sec": 1164952.24, "total_run_time": 10.26}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.786, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1198962.91, "afl_execs_total": 12472080, "fuzzers_used": 24, "run_end": "2023-09-30 22:51:46.227739", "run_start": "2023-09-30 22:51:40.669862", "total_execs_per_sec": 1117569.89, "total_run_time": 11.16}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.299, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1113901.96, "afl_execs_total": 12991750, "fuzzers_used": 25, "run_end": "2023-09-30 22:51:59.107794", "run_start": "2023-09-30 22:51:52.782421", "total_execs_per_sec": 1027015.81, "total_run_time": 12.65}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3277.537, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1112866.02, "afl_execs_total": 13511420, "fuzzers_used": 26, "run_end": "2023-09-30 22:52:12.696417", "run_start": "2023-09-30 22:52:06.031126", "total_execs_per_sec": 1011333.83, "total_run_time": 13.36}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.26, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1109572.68, "afl_execs_total": 14031090, "fuzzers_used": 27, "run_end": "2023-09-30 22:52:27.053466", "run_start": "2023-09-30 22:52:19.981077", "total_execs_per_sec": 993703.26, "total_run_time": 14.12}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.68, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1112386.81, "afl_execs_total": 14550760, "fuzzers_used": 28, "run_end": "2023-09-30 22:52:42.076893", "run_start": "2023-09-30 22:52:34.664171", "total_execs_per_sec": 983824.21, "total_run_time": 14.79}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.78, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1104839.85, "afl_execs_total": 15070430, "fuzzers_used": 29, "run_end": "2023-09-30 22:52:57.848693", "run_start": "2023-09-30 22:52:50.086501", "total_execs_per_sec": 969783.14, "total_run_time": 15.54}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3453.527, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1088259.95, "afl_execs_total": 15590100, "fuzzers_used": 30, "run_end": "2023-09-30 22:53:14.436574", "run_start": "2023-09-30 22:53:06.278331", "total_execs_per_sec": 953522.94, "total_run_time": 16.35}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3308.084, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1072951.12, "afl_execs_total": 16109770, "fuzzers_used": 31, "run_end": "2023-09-30 22:53:31.854020", "run_start": "2023-09-30 22:53:23.306562", "total_execs_per_sec": 937704.89, "total_run_time": 17.18}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.573, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1038335.3, "afl_execs_total": 16629440, "fuzzers_used": 32, "run_end": "2023-09-30 22:53:50.279439", "run_start": "2023-09-30 22:53:41.188124", "total_execs_per_sec": 914207.81, "total_run_time": 18.19}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3474.482, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1039005.59, "afl_execs_total": 17149110, "fuzzers_used": 33, "run_end": "2023-09-30 22:54:09.595224", "run_start": "2023-09-30 22:54:00.072293", "total_execs_per_sec": 898800.31, "total_run_time": 19.08}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.322, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1055683.11, "afl_execs_total": 17668780, "fuzzers_used": 34, "run_end": "2023-09-30 22:54:29.545218", "run_start": "2023-09-30 22:54:19.706182", "total_execs_per_sec": 896437.34, "total_run_time": 19.71}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3291.169, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1074708.24, "afl_execs_total": 18188450, "fuzzers_used": 35, "run_end": "2023-09-30 22:54:50.082101", "run_start": "2023-09-30 22:54:39.937590", "total_execs_per_sec": 895982.76, "total_run_time": 20.3}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.43, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1088882.64, "afl_execs_total": 18708120, "fuzzers_used": 36, "run_end": "2023-09-30 22:55:11.186984", "run_start": "2023-09-30 22:55:00.733124", "total_execs_per_sec": 896412.07, "total_run_time": 20.87}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3442.88, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1084369.02, "afl_execs_total": 19227790, "fuzzers_used": 37, "run_end": "2023-09-30 22:55:33.072167", "run_start": "2023-09-30 22:55:22.235388", "total_execs_per_sec": 888119.63, "total_run_time": 21.65}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.669, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1061476.09, "afl_execs_total": 19747460, "fuzzers_used": 38, "run_end": "2023-09-30 22:55:55.894149", "run_start": "2023-09-30 22:55:44.632310", "total_execs_per_sec": 874168.22, "total_run_time": 22.59}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.531, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037330.81, "afl_execs_total": 20267130, "fuzzers_used": 39, "run_end": "2023-09-30 22:56:19.751866", "run_start": "2023-09-30 22:56:07.942445", "total_execs_per_sec": 858049.53, "total_run_time": 23.62}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.639, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1001283.07, "afl_execs_total": 20786800, "fuzzers_used": 40, "run_end": "2023-09-30 22:56:44.739038", "run_start": "2023-09-30 22:56:32.356644", "total_execs_per_sec": 839870.71, "total_run_time": 24.75}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.67, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1011982.42, "afl_execs_total": 21306470, "fuzzers_used": 41, "run_end": "2023-09-30 22:57:10.631327", "run_start": "2023-09-30 22:56:57.820505", "total_execs_per_sec": 830337.88, "total_run_time": 25.66}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.596, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1039061.07, "afl_execs_total": 21826140, "fuzzers_used": 42, "run_end": "2023-09-30 22:57:37.053742", "run_start": "2023-09-30 22:57:23.987008", "total_execs_per_sec": 833695.19, "total_run_time": 26.18}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3392.117, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1060191.68, "afl_execs_total": 22345810, "fuzzers_used": 43, "run_end": "2023-09-30 22:58:04.142943", "run_start": "2023-09-30 22:57:50.723112", "total_execs_per_sec": 832246.18, "total_run_time": 26.85}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.174, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1069379.92, "afl_execs_total": 22865480, "fuzzers_used": 44, "run_end": "2023-09-30 22:58:31.880464", "run_start": "2023-09-30 22:58:18.133970", "total_execs_per_sec": 831472.0, "total_run_time": 27.5}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.3, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1051676.06, "afl_execs_total": 23385150, "fuzzers_used": 45, "run_end": "2023-09-30 22:59:00.604783", "run_start": "2023-09-30 22:58:46.390060", "total_execs_per_sec": 820819.59, "total_run_time": 28.49}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3369.949, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1025702.93, "afl_execs_total": 23904820, "fuzzers_used": 46, "run_end": "2023-09-30 22:59:30.381431", "run_start": "2023-09-30 22:59:15.618865", "total_execs_per_sec": 809235.61, "total_run_time": 29.54}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.338, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1000795.88, "afl_execs_total": 24424490, "fuzzers_used": 47, "run_end": "2023-09-30 23:00:01.304861", "run_start": "2023-09-30 22:59:45.966936", "total_execs_per_sec": 796104.63, "total_run_time": 30.68}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3433.874, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 959941.0, "afl_execs_total": 24944160, "fuzzers_used": 48, "run_end": "2023-09-30 23:00:33.534503", "run_start": "2023-09-30 23:00:17.543090", "total_execs_per_sec": 779748.67, "total_run_time": 31.99}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3383.414, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 928333.9, "afl_execs_total": 25463830, "fuzzers_used": 49, "run_end": "2023-09-30 23:01:12.831570", "run_start": "2023-09-30 23:00:53.314147", "total_execs_per_sec": 651915.77, "total_run_time": 39.06}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.658, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 936392.44, "afl_execs_total": 25983500, "fuzzers_used": 50, "run_end": "2023-09-30 23:01:52.539154", "run_start": "2023-09-30 23:01:32.797969", "total_execs_per_sec": 658310.11, "total_run_time": 39.47}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 947163.68, "afl_execs_total": 26503170, "fuzzers_used": 51, "run_end": "2023-09-30 23:02:32.645289", "run_start": "2023-09-30 23:02:12.725860", "total_execs_per_sec": 664906.42, "total_run_time": 39.86}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3288.211, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 958614.58, "afl_execs_total": 27022840, "fuzzers_used": 52, "run_end": "2023-09-30 23:03:13.161133", "run_start": "2023-09-30 23:02:53.030893", "total_execs_per_sec": 670874.88, "total_run_time": 40.28}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3476.136, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 973982.54, "afl_execs_total": 27542510, "fuzzers_used": 53, "run_end": "2023-09-30 23:03:53.955349", "run_start": "2023-09-30 23:03:33.719867", "total_execs_per_sec": 679223.43, "total_run_time": 40.55}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.629, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 976113.12, "afl_execs_total": 28062180, "fuzzers_used": 54, "run_end": "2023-09-30 23:04:35.438777", "run_start": "2023-09-30 23:04:14.856099", "total_execs_per_sec": 680460.23, "total_run_time": 41.24}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.634, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 983432.87, "afl_execs_total": 28581850, "fuzzers_used": 55, "run_end": "2023-09-30 23:05:17.493381", "run_start": "2023-09-30 23:04:56.532515", "total_execs_per_sec": 683449.31, "total_run_time": 41.82}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3338.93, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 985159.38, "afl_execs_total": 29101520, "fuzzers_used": 56, "run_end": "2023-09-30 23:06:00.297515", "run_start": "2023-09-30 23:05:39.049512", "total_execs_per_sec": 683776.32, "total_run_time": 42.56}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.617, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 949664.42, "afl_execs_total": 29621190, "fuzzers_used": 57, "run_end": "2023-09-30 23:06:46.620220", "run_start": "2023-09-30 23:06:23.586780", "total_execs_per_sec": 642820.96, "total_run_time": 46.08}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.524, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960540.52, "afl_execs_total": 30140860, "fuzzers_used": 58, "run_end": "2023-09-30 23:07:32.789227", "run_start": "2023-09-30 23:07:09.795959", "total_execs_per_sec": 656234.7, "total_run_time": 45.93}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.344, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 971717.37, "afl_execs_total": 30660530, "fuzzers_used": 59, "run_end": "2023-09-30 23:08:19.205529", "run_start": "2023-09-30 23:07:56.118775", "total_execs_per_sec": 664079.06, "total_run_time": 46.17}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.947, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 978223.94, "afl_execs_total": 31180200, "fuzzers_used": 60, "run_end": "2023-09-30 23:09:06.065892", "run_start": "2023-09-30 23:08:42.712355", "total_execs_per_sec": 668815.96, "total_run_time": 46.62}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.079, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 995090.76, "afl_execs_total": 31699870, "fuzzers_used": 61, "run_end": "2023-09-30 23:09:53.117908", "run_start": "2023-09-30 23:09:29.706522", "total_execs_per_sec": 677202.95, "total_run_time": 46.81}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.347, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1000123.55, "afl_execs_total": 32219540, "fuzzers_used": 62, "run_end": "2023-09-30 23:10:40.588355", "run_start": "2023-09-30 23:10:16.955091", "total_execs_per_sec": 682183.78, "total_run_time": 47.23}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.342, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1006856.18, "afl_execs_total": 32739210, "fuzzers_used": 63, "run_end": "2023-09-30 23:11:28.431482", "run_start": "2023-09-30 23:11:04.649867", "total_execs_per_sec": 687798.53, "total_run_time": 47.6}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3289.276, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1013280.29, "afl_execs_total": 33258880, "fuzzers_used": 64, "run_end": "2023-09-30 23:12:16.529480", "run_start": "2023-09-30 23:11:52.576162", "total_execs_per_sec": 695065.41, "total_run_time": 47.85}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.751, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 977531.19, "afl_execs_total": 33778550, "fuzzers_used": 65, "run_end": "2023-09-30 23:13:08.431052", "run_start": "2023-09-30 23:12:42.607854", "total_execs_per_sec": 653862.76, "total_run_time": 51.66}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3521.846, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 988260.54, "afl_execs_total": 34298220, "fuzzers_used": 66, "run_end": "2023-09-30 23:14:00.457627", "run_start": "2023-09-30 23:13:34.609623", "total_execs_per_sec": 662255.65, "total_run_time": 51.79}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.104, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 996765.65, "afl_execs_total": 34817893, "fuzzers_used": 67, "run_end": "2023-09-30 23:14:52.887499", "run_start": "2023-09-30 23:14:26.922014", "total_execs_per_sec": 667137.25, "total_run_time": 52.19}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.26, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1006933.0, "afl_execs_total": 35337567, "fuzzers_used": 68, "run_end": "2023-09-30 23:15:45.540474", "run_start": "2023-09-30 23:15:19.383508", "total_execs_per_sec": 674252.38, "total_run_time": 52.41}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.655, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1016151.03, "afl_execs_total": 35857239, "fuzzers_used": 69, "run_end": "2023-09-30 23:16:38.920224", "run_start": "2023-09-30 23:16:12.361121", "total_execs_per_sec": 674769.27, "total_run_time": 53.14}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.292, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1020419.88, "afl_execs_total": 36376912, "fuzzers_used": 70, "run_end": "2023-09-30 23:17:32.908230", "run_start": "2023-09-30 23:17:06.097232", "total_execs_per_sec": 676779.76, "total_run_time": 53.75}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.291, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1024544.66, "afl_execs_total": 36896574, "fuzzers_used": 71, "run_end": "2023-09-30 23:18:27.486955", "run_start": "2023-09-30 23:18:00.353160", "total_execs_per_sec": 678994.74, "total_run_time": 54.34}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.053, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1027862.2, "afl_execs_total": 37416240, "fuzzers_used": 72, "run_end": "2023-09-30 23:19:22.939401", "run_start": "2023-09-30 23:18:55.292965", "total_execs_per_sec": 677707.66, "total_run_time": 55.21}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3256.623, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 989415.52, "afl_execs_total": 37935910, "fuzzers_used": 73, "run_end": "2023-09-30 23:20:22.128510", "run_start": "2023-09-30 23:19:52.680720", "total_execs_per_sec": 643636.07, "total_run_time": 58.94}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3175.582, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 999208.44, "afl_execs_total": 38455580, "fuzzers_used": 74, "run_end": "2023-09-30 23:21:21.994758", "run_start": "2023-09-30 23:20:52.109044", "total_execs_per_sec": 645011.41, "total_run_time": 59.62}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.431, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1009747.84, "afl_execs_total": 38975263, "fuzzers_used": 75, "run_end": "2023-09-30 23:22:22.400574", "run_start": "2023-09-30 23:21:52.308129", "total_execs_per_sec": 647860.09, "total_run_time": 60.16}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3424.949, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1016122.1, "afl_execs_total": 39494936, "fuzzers_used": 76, "run_end": "2023-09-30 23:23:23.367166", "run_start": "2023-09-30 23:22:53.084871", "total_execs_per_sec": 650443.61, "total_run_time": 60.72}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.15, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1026766.44, "afl_execs_total": 40014610, "fuzzers_used": 77, "run_end": "2023-09-30 23:24:24.632834", "run_start": "2023-09-30 23:23:54.183517", "total_execs_per_sec": 655762.21, "total_run_time": 61.02}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3592.097, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1032416.84, "afl_execs_total": 40534285, "fuzzers_used": 78, "run_end": "2023-09-30 23:25:26.680597", "run_start": "2023-09-30 23:24:55.800125", "total_execs_per_sec": 655894.58, "total_run_time": 61.8}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.891, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037369.06, "afl_execs_total": 41053955, "fuzzers_used": 79, "run_end": "2023-09-30 23:26:29.188422", "run_start": "2023-09-30 23:25:58.057408", "total_execs_per_sec": 659395.36, "total_run_time": 62.26}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3388.495, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037677.89, "afl_execs_total": 41573602, "fuzzers_used": 80, "run_end": "2023-09-30 23:27:32.371382", "run_start": "2023-09-30 23:27:00.950646", "total_execs_per_sec": 660632.48, "total_run_time": 62.93}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3586.326, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1001527.34, "afl_execs_total": 42093277, "fuzzers_used": 81, "run_end": "2023-09-30 23:28:38.739977", "run_start": "2023-09-30 23:28:05.654779", "total_execs_per_sec": 636619.43, "total_run_time": 66.12}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3463.049, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1008569.78, "afl_execs_total": 42612950, "fuzzers_used": 82, "run_end": "2023-09-30 23:29:45.918973", "run_start": "2023-09-30 23:29:12.428362", "total_execs_per_sec": 636679.37, "total_run_time": 66.93}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3392.247, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1024112.93, "afl_execs_total": 43132623, "fuzzers_used": 83, "run_end": "2023-09-30 23:30:53.449181", "run_start": "2023-09-30 23:30:19.814374", "total_execs_per_sec": 641091.3, "total_run_time": 67.28}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3404.469, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1033177.84, "afl_execs_total": 43652299, "fuzzers_used": 84, "run_end": "2023-09-30 23:32:01.675241", "run_start": "2023-09-30 23:31:27.738537", "total_execs_per_sec": 642134.44, "total_run_time": 67.98}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.579, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1035389.26, "afl_execs_total": 44171974, "fuzzers_used": 85, "run_end": "2023-09-30 23:33:10.497096", "run_start": "2023-09-30 23:32:36.251098", "total_execs_per_sec": 644188.04, "total_run_time": 68.57}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3584.426, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1040484.52, "afl_execs_total": 44691647, "fuzzers_used": 86, "run_end": "2023-09-30 23:34:19.962598", "run_start": "2023-09-30 23:33:45.308419", "total_execs_per_sec": 645646.45, "total_run_time": 69.22}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.376, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1047416.67, "afl_execs_total": 45211316, "fuzzers_used": 87, "run_end": "2023-09-30 23:35:29.960796", "run_start": "2023-09-30 23:34:55.107828", "total_execs_per_sec": 648190.91, "total_run_time": 69.75}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.768, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1043614.54, "afl_execs_total": 45730993, "fuzzers_used": 88, "run_end": "2023-09-30 23:36:41.094109", "run_start": "2023-09-30 23:36:05.629742", "total_execs_per_sec": 645188.95, "total_run_time": 70.88}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.133, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1014160.19, "afl_execs_total": 46250683, "fuzzers_used": 89, "run_end": "2023-09-30 23:37:55.516863", "run_start": "2023-09-30 23:37:18.491584", "total_execs_per_sec": 623576.69, "total_run_time": 74.17}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3374.57, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1019409.94, "afl_execs_total": 46770379, "fuzzers_used": 90, "run_end": "2023-09-30 23:39:10.778063", "run_start": "2023-09-30 23:38:33.294208", "total_execs_per_sec": 623521.92, "total_run_time": 75.01}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3411.736, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1033667.5, "afl_execs_total": 47290036, "fuzzers_used": 91, "run_end": "2023-09-30 23:40:26.422137", "run_start": "2023-09-30 23:39:48.679717", "total_execs_per_sec": 627188.81, "total_run_time": 75.4}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.108, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1040422.32, "afl_execs_total": 47809728, "fuzzers_used": 92, "run_end": "2023-09-30 23:41:42.356121", "run_start": "2023-09-30 23:41:04.496375", "total_execs_per_sec": 631735.31, "total_run_time": 75.68}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3592.853, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1045409.98, "afl_execs_total": 48329396, "fuzzers_used": 93, "run_end": "2023-09-30 23:42:59.057925", "run_start": "2023-09-30 23:42:20.833029", "total_execs_per_sec": 632169.99, "total_run_time": 76.45}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.471, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1048162.62, "afl_execs_total": 48849073, "fuzzers_used": 94, "run_end": "2023-09-30 23:44:16.590083", "run_start": "2023-09-30 23:43:38.042805", "total_execs_per_sec": 632104.98, "total_run_time": 77.28}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.809, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1050384.15, "afl_execs_total": 49368750, "fuzzers_used": 95, "run_end": "2023-09-30 23:45:34.408553", "run_start": "2023-09-30 23:44:55.753132", "total_execs_per_sec": 636441.28, "total_run_time": 77.57}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.421, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1050304.88, "afl_execs_total": 49888422, "fuzzers_used": 96, "run_end": "2023-09-30 23:46:53.074378", "run_start": "2023-09-30 23:46:13.842719", "total_execs_per_sec": 636413.09, "total_run_time": 78.39}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3460.622, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1037251.1, "afl_execs_total": 50408093, "fuzzers_used": 97, "run_end": "2023-09-30 23:48:13.624856", "run_start": "2023-09-30 23:47:33.555637", "total_execs_per_sec": 627747.11, "total_run_time": 80.3}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3422.534, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1023279.61, "afl_execs_total": 50927766, "fuzzers_used": 98, "run_end": "2023-09-30 23:49:36.206307", "run_start": "2023-09-30 23:48:55.043259", "total_execs_per_sec": 618580.91, "total_run_time": 82.33}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.706, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1009889.86, "afl_execs_total": 51447436, "fuzzers_used": 99, "run_end": "2023-09-30 23:51:00.769989", "run_start": "2023-09-30 23:50:18.655201", "total_execs_per_sec": 610289.87, "total_run_time": 84.3}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.659, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 996157.16, "afl_execs_total": 51967100, "fuzzers_used": 100, "run_end": "2023-09-30 23:52:27.268848", "run_start": "2023-09-30 23:51:44.273073", "total_execs_per_sec": 602517.1, "total_run_time": 86.25}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.698, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 973425.48, "afl_execs_total": 52486780, "fuzzers_used": 101, "run_end": "2023-09-30 23:53:56.895303", "run_start": "2023-09-30 23:53:12.201049", "total_execs_per_sec": 587297.53, "total_run_time": 89.37}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3483.595, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 960922.5, "afl_execs_total": 53006447, "fuzzers_used": 102, "run_end": "2023-09-30 23:55:29.361853", "run_start": "2023-09-30 23:54:43.291757", "total_execs_per_sec": 574782.55, "total_run_time": 92.22}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3410.047, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 941705.52, "afl_execs_total": 53526110, "fuzzers_used": 103, "run_end": "2023-09-30 23:57:05.299380", "run_start": "2023-09-30 23:56:17.519295", "total_execs_per_sec": 559428.41, "total_run_time": 95.68}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.635, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 927206.03, "afl_execs_total": 54045772, "fuzzers_used": 104, "run_end": "2023-09-30 23:58:44.910131", "run_start": "2023-09-30 23:57:55.290255", "total_execs_per_sec": 543938.93, "total_run_time": 99.36}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.142, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 919716.12, "afl_execs_total": 54565450, "fuzzers_used": 105, "run_end": "2023-10-01 00:00:26.567448", "run_start": "2023-09-30 23:59:35.913562", "total_execs_per_sec": 538120.81, "total_run_time": 101.4}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.628, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 907116.8, "afl_execs_total": 55085116, "fuzzers_used": 106, "run_end": "2023-10-01 00:02:10.450695", "run_start": "2023-10-01 00:01:18.697664", "total_execs_per_sec": 531555.69, "total_run_time": 103.63}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3334.306, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 898444.05, "afl_execs_total": 55604777, "fuzzers_used": 107, "run_end": "2023-10-01 00:03:56.377235", "run_start": "2023-10-01 00:03:03.600706", "total_execs_per_sec": 526211.57, "total_run_time": 105.67}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.076, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 889678.68, "afl_execs_total": 56124461, "fuzzers_used": 108, "run_end": "2023-10-01 00:05:44.193223", "run_start": "2023-10-01 00:04:50.491661", "total_execs_per_sec": 521796.77, "total_run_time": 107.56}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3405.282, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 871535.65, "afl_execs_total": 56644120, "fuzzers_used": 109, "run_end": "2023-10-01 00:07:35.315927", "run_start": "2023-10-01 00:06:39.971352", "total_execs_per_sec": 510905.75, "total_run_time": 110.87}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.359, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 858369.28, "afl_execs_total": 57163803, "fuzzers_used": 110, "run_end": "2023-10-01 00:09:29.476232", "run_start": "2023-10-01 00:08:32.660720", "total_execs_per_sec": 501877.11, "total_run_time": 113.9}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.695, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 839357.6, "afl_execs_total": 57683458, "fuzzers_used": 111, "run_end": "2023-10-01 00:11:27.304043", "run_start": "2023-10-01 00:10:28.607394", "total_execs_per_sec": 490630.76, "total_run_time": 117.57}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3324.22, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 828077.49, "afl_execs_total": 58203126, "fuzzers_used": 112, "run_end": "2023-10-01 00:13:28.858815", "run_start": "2023-10-01 00:12:28.271715", "total_execs_per_sec": 479788.36, "total_run_time": 121.31}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3571.382, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 817619.99, "afl_execs_total": 58722802, "fuzzers_used": 113, "run_end": "2023-10-01 00:15:32.648757", "run_start": "2023-10-01 00:14:30.925085", "total_execs_per_sec": 475372.8, "total_run_time": 123.53}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.08, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 806563.34, "afl_execs_total": 59242469, "fuzzers_used": 114, "run_end": "2023-10-01 00:17:38.748743", "run_start": "2023-10-01 00:16:35.893215", "total_execs_per_sec": 470776.14, "total_run_time": 125.84}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.311, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 795820.84, "afl_execs_total": 59762134, "fuzzers_used": 115, "run_end": "2023-10-01 00:19:47.207746", "run_start": "2023-10-01 00:18:43.168299", "total_execs_per_sec": 466163.29, "total_run_time": 128.2}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.741, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 789602.32, "afl_execs_total": 60281817, "fuzzers_used": 116, "run_end": "2023-10-01 00:21:57.545651", "run_start": "2023-10-01 00:20:52.587366", "total_execs_per_sec": 463421.1, "total_run_time": 130.08}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.898, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 769744.98, "afl_execs_total": 60801473, "fuzzers_used": 117, "run_end": "2023-10-01 00:24:11.570391", "run_start": "2023-10-01 00:23:04.770309", "total_execs_per_sec": 454522.49, "total_run_time": 133.77}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3528.728, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 754704.16, "afl_execs_total": 61321140, "fuzzers_used": 118, "run_end": "2023-10-01 00:26:29.133904", "run_start": "2023-10-01 00:25:20.633522", "total_execs_per_sec": 446589.03, "total_run_time": 137.31}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.663, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 739965.24, "afl_execs_total": 61840807, "fuzzers_used": 119, "run_end": "2023-10-01 00:28:50.375098", "run_start": "2023-10-01 00:27:39.889685", "total_execs_per_sec": 438649.5, "total_run_time": 140.98}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.298, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 721357.74, "afl_execs_total": 62360479, "fuzzers_used": 120, "run_end": "2023-10-01 00:31:16.004270", "run_start": "2023-10-01 00:30:03.324005", "total_execs_per_sec": 428977.64, "total_run_time": 145.37}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.799, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 705584.89, "afl_execs_total": 62880143, "fuzzers_used": 121, "run_end": "2023-10-01 00:33:44.457380", "run_start": "2023-10-01 00:32:30.384615", "total_execs_per_sec": 424292.46, "total_run_time": 148.2}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.942, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 689179.3, "afl_execs_total": 63399821, "fuzzers_used": 122, "run_end": "2023-10-01 00:36:16.074412", "run_start": "2023-10-01 00:35:00.480705", "total_execs_per_sec": 418867.74, "total_run_time": 151.36}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.711, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 674153.86, "afl_execs_total": 63919484, "fuzzers_used": 123, "run_end": "2023-10-01 00:38:50.357234", "run_start": "2023-10-01 00:37:33.341036", "total_execs_per_sec": 414980.74, "total_run_time": 154.03}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3277.002, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 668264.05, "afl_execs_total": 64439155, "fuzzers_used": 124, "run_end": "2023-10-01 00:41:26.881253", "run_start": "2023-10-01 00:40:08.743365", "total_execs_per_sec": 412384.2, "total_run_time": 156.26}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.587, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 648129.94, "afl_execs_total": 64958824, "fuzzers_used": 125, "run_end": "2023-10-01 00:44:07.838710", "run_start": "2023-10-01 00:42:47.507566", "total_execs_per_sec": 404224.17, "total_run_time": 160.7}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3435.316, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 630733.08, "afl_execs_total": 65478494, "fuzzers_used": 126, "run_end": "2023-10-01 00:46:53.319424", "run_start": "2023-10-01 00:45:30.720783", "total_execs_per_sec": 396310.94, "total_run_time": 165.22}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3529.637, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 614518.38, "afl_execs_total": 65998164, "fuzzers_used": 127, "run_end": "2023-10-01 00:49:43.065457", "run_start": "2023-10-01 00:48:18.407561", "total_execs_per_sec": 389392.67, "total_run_time": 169.49}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.368, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 598284.67, "afl_execs_total": 66517829, "fuzzers_used": 128, "run_end": "2023-10-01 00:52:37.587547", "run_start": "2023-10-01 00:51:10.457560", "total_execs_per_sec": 381715.99, "total_run_time": 174.26}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.404, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 580642.38, "afl_execs_total": 67037506, "fuzzers_used": 129, "run_end": "2023-10-01 00:55:35.274207", "run_start": "2023-10-01 00:54:06.552078", "total_execs_per_sec": 377825.09, "total_run_time": 177.43}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.247, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 562735.32, "afl_execs_total": 67557175, "fuzzers_used": 130, "run_end": "2023-10-01 00:58:36.064323", "run_start": "2023-10-01 00:57:05.772110", "total_execs_per_sec": 374215.78, "total_run_time": 180.53}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.272, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 547668.6, "afl_execs_total": 68076845, "fuzzers_used": 131, "run_end": "2023-10-01 01:01:39.967232", "run_start": "2023-10-01 01:00:08.173611", "total_execs_per_sec": 370708.15, "total_run_time": 183.64}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3582.186, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 540727.65, "afl_execs_total": 68596512, "fuzzers_used": 132, "run_end": "2023-10-01 01:04:46.423044", "run_start": "2023-10-01 01:03:13.262003", "total_execs_per_sec": 368402.32, "total_run_time": 186.2}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.113, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 519637.0, "afl_execs_total": 69116187, "fuzzers_used": 133, "run_end": "2023-10-01 01:07:57.647789", "run_start": "2023-10-01 01:06:22.230683", "total_execs_per_sec": 361940.65, "total_run_time": 190.96}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3395.817, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 499189.04, "afl_execs_total": 69635850, "fuzzers_used": 134, "run_end": "2023-10-01 01:11:13.787072", "run_start": "2023-10-01 01:09:36.015503", "total_execs_per_sec": 355502.6, "total_run_time": 195.88}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3518.708, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 482457.86, "afl_execs_total": 70155523, "fuzzers_used": 135, "run_end": "2023-10-01 01:14:34.734203", "run_start": "2023-10-01 01:12:54.428580", "total_execs_per_sec": 349589.01, "total_run_time": 200.68}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.411, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 458655.34, "afl_execs_total": 70675189, "fuzzers_used": 136, "run_end": "2023-10-01 01:18:01.346354", "run_start": "2023-10-01 01:16:18.205160", "total_execs_per_sec": 342501.52, "total_run_time": 206.35}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3450.23, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 453087.56, "afl_execs_total": 71194856, "fuzzers_used": 137, "run_end": "2023-10-01 01:21:31.070560", "run_start": "2023-10-01 01:19:46.328707", "total_execs_per_sec": 339897.15, "total_run_time": 209.46}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.302, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 445650.76, "afl_execs_total": 71714529, "fuzzers_used": 138, "run_end": "2023-10-01 01:25:03.543001", "run_start": "2023-10-01 01:23:17.438499", "total_execs_per_sec": 337989.11, "total_run_time": 212.18}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.375, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 438779.54, "afl_execs_total": 72234208, "fuzzers_used": 139, "run_end": "2023-10-01 01:28:38.966326", "run_start": "2023-10-01 01:26:51.446036", "total_execs_per_sec": 335723.22, "total_run_time": 215.16}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3474.59, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 434421.26, "afl_execs_total": 72753874, "fuzzers_used": 140, "run_end": "2023-10-01 01:32:17.031421", "run_start": "2023-10-01 01:30:28.143712", "total_execs_per_sec": 334039.83, "total_run_time": 217.8}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.222, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 422130.0, "afl_execs_total": 73273553, "fuzzers_used": 141, "run_end": "2023-10-01 01:35:59.924651", "run_start": "2023-10-01 01:34:08.658037", "total_execs_per_sec": 329127.04, "total_run_time": 222.63}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.022, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 403403.62, "afl_execs_total": 73793218, "fuzzers_used": 142, "run_end": "2023-10-01 01:39:48.590697", "run_start": "2023-10-01 01:37:54.409507", "total_execs_per_sec": 323073.5, "total_run_time": 228.41}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.413, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 391528.74, "afl_execs_total": 74312883, "fuzzers_used": 143, "run_end": "2023-10-01 01:43:42.069365", "run_start": "2023-10-01 01:41:45.382606", "total_execs_per_sec": 318652.21, "total_run_time": 233.21}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.866, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 374715.06, "afl_execs_total": 74832562, "fuzzers_used": 144, "run_end": "2023-10-01 01:47:41.260283", "run_start": "2023-10-01 01:45:41.775594", "total_execs_per_sec": 313198.69, "total_run_time": 238.93}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3357.232, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 372678.44, "afl_execs_total": 75352223, "fuzzers_used": 145, "run_end": "2023-10-01 01:51:43.356207", "run_start": "2023-10-01 01:49:42.472312", "total_execs_per_sec": 311591.71, "total_run_time": 241.83}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.107, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 371466.33, "afl_execs_total": 75871897, "fuzzers_used": 146, "run_end": "2023-10-01 01:55:47.958820", "run_start": "2023-10-01 01:53:45.928408", "total_execs_per_sec": 310530.42, "total_run_time": 244.33}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.599, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 369815.4, "afl_execs_total": 76391573, "fuzzers_used": 147, "run_end": "2023-10-01 01:59:55.130584", "run_start": "2023-10-01 01:57:51.745568", "total_execs_per_sec": 309390.36, "total_run_time": 246.91}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.671, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 367734.06, "afl_execs_total": 76911235, "fuzzers_used": 148, "run_end": "2023-10-01 02:04:05.131837", "run_start": "2023-10-01 02:02:00.313458", "total_execs_per_sec": 307977.56, "total_run_time": 249.73}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3294.05, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 366332.54, "afl_execs_total": 77430918, "fuzzers_used": 149, "run_end": "2023-10-01 02:08:17.978729", "run_start": "2023-10-01 02:06:11.617727", "total_execs_per_sec": 306559.97, "total_run_time": 252.58}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.556, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 365256.89, "afl_execs_total": 77950581, "fuzzers_used": 150, "run_end": "2023-10-01 02:12:33.764599", "run_start": "2023-10-01 02:10:26.004100", "total_execs_per_sec": 305066.46, "total_run_time": 255.52}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3348.309, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 362078.84, "afl_execs_total": 78470247, "fuzzers_used": 151, "run_end": "2023-10-01 02:16:53.731876", "run_start": "2023-10-01 02:14:43.903389", "total_execs_per_sec": 302157.29, "total_run_time": 259.7}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.192, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 361083.46, "afl_execs_total": 78989923, "fuzzers_used": 152, "run_end": "2023-10-01 02:21:16.337686", "run_start": "2023-10-01 02:19:05.372350", "total_execs_per_sec": 301097.52, "total_run_time": 262.34}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.034, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 359994.43, "afl_execs_total": 79509587, "fuzzers_used": 153, "run_end": "2023-10-01 02:25:41.511107", "run_start": "2023-10-01 02:23:29.060001", "total_execs_per_sec": 300138.11, "total_run_time": 264.91}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3520.806, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 359950.89, "afl_execs_total": 80029258, "fuzzers_used": 154, "run_end": "2023-10-01 02:30:08.696139", "run_start": "2023-10-01 02:27:55.269294", "total_execs_per_sec": 299824.88, "total_run_time": 266.92}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.647, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 357498.64, "afl_execs_total": 80548933, "fuzzers_used": 155, "run_end": "2023-10-01 02:34:39.145101", "run_start": "2023-10-01 02:32:24.091985", "total_execs_per_sec": 298130.63, "total_run_time": 270.18}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.421, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 357285.14, "afl_execs_total": 81068600, "fuzzers_used": 156, "run_end": "2023-10-01 02:39:11.604977", "run_start": "2023-10-01 02:36:55.542385", "total_execs_per_sec": 297838.27, "total_run_time": 272.19}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.298, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 355405.08, "afl_execs_total": 81588281, "fuzzers_used": 157, "run_end": "2023-10-01 02:43:47.334188", "run_start": "2023-10-01 02:41:29.662280", "total_execs_per_sec": 296189.21, "total_run_time": 275.46}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3528.873, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 354127.44, "afl_execs_total": 82107951, "fuzzers_used": 158, "run_end": "2023-10-01 02:48:26.223001", "run_start": "2023-10-01 02:46:06.801058", "total_execs_per_sec": 294695.11, "total_run_time": 278.62}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.709, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 351793.59, "afl_execs_total": 82627619, "fuzzers_used": 159, "run_end": "2023-10-01 02:53:08.961221", "run_start": "2023-10-01 02:50:47.665420", "total_execs_per_sec": 292518.21, "total_run_time": 282.47}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.784, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 350348.0, "afl_execs_total": 83147295, "fuzzers_used": 160, "run_end": "2023-10-01 02:57:54.928358", "run_start": "2023-10-01 02:55:32.035459", "total_execs_per_sec": 291030.08, "total_run_time": 285.7}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3326.109, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 349438.44, "afl_execs_total": 83666929, "fuzzers_used": 161, "run_end": "2023-10-01 03:02:43.496769", "run_start": "2023-10-01 03:00:19.361939", "total_execs_per_sec": 290207.87, "total_run_time": 288.3}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.045, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 349188.38, "afl_execs_total": 84186602, "fuzzers_used": 162, "run_end": "2023-10-01 03:07:34.244149", "run_start": "2023-10-01 03:05:09.171410", "total_execs_per_sec": 289828.9, "total_run_time": 290.47}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.336, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 348377.38, "afl_execs_total": 84706275, "fuzzers_used": 163, "run_end": "2023-10-01 03:12:27.363035", "run_start": "2023-10-01 03:10:00.998309", "total_execs_per_sec": 289247.99, "total_run_time": 292.85}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.188, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 347124.06, "afl_execs_total": 85225940, "fuzzers_used": 164, "run_end": "2023-10-01 03:17:23.255256", "run_start": "2023-10-01 03:14:55.247687", "total_execs_per_sec": 288295.58, "total_run_time": 295.62}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.234, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 346480.82, "afl_execs_total": 85745613, "fuzzers_used": 165, "run_end": "2023-10-01 03:22:21.826668", "run_start": "2023-10-01 03:19:52.678006", "total_execs_per_sec": 287447.58, "total_run_time": 298.3}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.62, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 345660.61, "afl_execs_total": 86265280, "fuzzers_used": 166, "run_end": "2023-10-01 03:27:23.304636", "run_start": "2023-10-01 03:24:52.670302", "total_execs_per_sec": 286405.31, "total_run_time": 301.2}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.434, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 344352.86, "afl_execs_total": 86784956, "fuzzers_used": 167, "run_end": "2023-10-01 03:32:28.347850", "run_start": "2023-10-01 03:29:56.101960", "total_execs_per_sec": 284755.57, "total_run_time": 304.77}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3320.621, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 343903.25, "afl_execs_total": 87304620, "fuzzers_used": 168, "run_end": "2023-10-01 03:37:35.985037", "run_start": "2023-10-01 03:35:02.350396", "total_execs_per_sec": 284046.79, "total_run_time": 307.36}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3477.517, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 342402.74, "afl_execs_total": 87824287, "fuzzers_used": 169, "run_end": "2023-10-01 03:42:46.403090", "run_start": "2023-10-01 03:40:11.272913", "total_execs_per_sec": 283176.27, "total_run_time": 310.14}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.115, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 342935.7, "afl_execs_total": 88343943, "fuzzers_used": 170, "run_end": "2023-10-01 03:47:58.790757", "run_start": "2023-10-01 03:45:22.971446", "total_execs_per_sec": 283053.87, "total_run_time": 312.11}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.952, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 342089.26, "afl_execs_total": 88863610, "fuzzers_used": 171, "run_end": "2023-10-01 03:53:13.982010", "run_start": "2023-10-01 03:50:36.576836", "total_execs_per_sec": 282178.36, "total_run_time": 314.92}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3600.078, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 341369.47, "afl_execs_total": 89383283, "fuzzers_used": 172, "run_end": "2023-10-01 03:58:31.757722", "run_start": "2023-10-01 03:55:52.882761", "total_execs_per_sec": 281522.15, "total_run_time": 317.5}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3548.438, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 340166.19, "afl_execs_total": 89902960, "fuzzers_used": 173, "run_end": "2023-10-01 04:03:52.679983", "run_start": "2023-10-01 04:01:12.489362", "total_execs_per_sec": 280377.23, "total_run_time": 320.65}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3507.999, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339692.96, "afl_execs_total": 90422626, "fuzzers_used": 174, "run_end": "2023-10-01 04:09:16.022890", "run_start": "2023-10-01 04:06:34.373466", "total_execs_per_sec": 279885.55, "total_run_time": 323.07}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.34, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 339204.8, "afl_execs_total": 90942302, "fuzzers_used": 175, "run_end": "2023-10-01 04:14:42.500004", "run_start": "2023-10-01 04:11:59.519266", "total_execs_per_sec": 278793.08, "total_run_time": 326.2}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.35, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 338925.12, "afl_execs_total": 91461973, "fuzzers_used": 176, "run_end": "2023-10-01 04:20:11.867354", "run_start": "2023-10-01 04:17:27.309554", "total_execs_per_sec": 277923.89, "total_run_time": 329.09}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3334.831, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 337700.46, "afl_execs_total": 91981627, "fuzzers_used": 177, "run_end": "2023-10-01 04:25:44.119595", "run_start": "2023-10-01 04:22:58.066484", "total_execs_per_sec": 277069.78, "total_run_time": 331.98}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3497.336, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 338203.76, "afl_execs_total": 92501299, "fuzzers_used": 178, "run_end": "2023-10-01 04:31:18.189721", "run_start": "2023-10-01 04:28:31.286314", "total_execs_per_sec": 277124.24, "total_run_time": 333.79}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3431.628, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 337556.9, "afl_execs_total": 93020971, "fuzzers_used": 179, "run_end": "2023-10-01 04:36:54.792996", "run_start": "2023-10-01 04:34:06.793088", "total_execs_per_sec": 276576.49, "total_run_time": 336.33}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3593.626, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336873.92, "afl_execs_total": 93540633, "fuzzers_used": 180, "run_end": "2023-10-01 04:42:33.966085", "run_start": "2023-10-01 04:39:44.518309", "total_execs_per_sec": 276020.64, "total_run_time": 338.89}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.309, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336399.84, "afl_execs_total": 94060303, "fuzzers_used": 181, "run_end": "2023-10-01 04:48:15.868413", "run_start": "2023-10-01 04:45:24.990090", "total_execs_per_sec": 275328.0, "total_run_time": 341.63}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3478.376, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336455.79, "afl_execs_total": 94579979, "fuzzers_used": 182, "run_end": "2023-10-01 04:54:00.031431", "run_start": "2023-10-01 04:51:08.184063", "total_execs_per_sec": 275029.74, "total_run_time": 343.89}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.357, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335823.56, "afl_execs_total": 95099645, "fuzzers_used": 183, "run_end": "2023-10-01 04:59:47.340839", "run_start": "2023-10-01 04:56:53.855437", "total_execs_per_sec": 274030.79, "total_run_time": 347.04}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.33, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335587.52, "afl_execs_total": 95619319, "fuzzers_used": 184, "run_end": "2023-10-01 05:05:37.094804", "run_start": "2023-10-01 05:02:42.459088", "total_execs_per_sec": 273612.38, "total_run_time": 349.47}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.749, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335620.09, "afl_execs_total": 96138976, "fuzzers_used": 185, "run_end": "2023-10-01 05:11:29.166451", "run_start": "2023-10-01 05:08:33.245194", "total_execs_per_sec": 273285.13, "total_run_time": 351.79}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.284, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334996.68, "afl_execs_total": 96658653, "fuzzers_used": 186, "run_end": "2023-10-01 05:17:23.465686", "run_start": "2023-10-01 05:14:26.488946", "total_execs_per_sec": 273039.33, "total_run_time": 354.01}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3473.897, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334980.98, "afl_execs_total": 97178332, "fuzzers_used": 187, "run_end": "2023-10-01 05:23:19.945356", "run_start": "2023-10-01 05:20:21.813464", "total_execs_per_sec": 272819.57, "total_run_time": 356.2}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3345.704, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335404.84, "afl_execs_total": 97697995, "fuzzers_used": 188, "run_end": "2023-10-01 05:29:18.144996", "run_start": "2023-10-01 05:26:19.134225", "total_execs_per_sec": 272960.42, "total_run_time": 357.92}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.3, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335051.8, "afl_execs_total": 98217668, "fuzzers_used": 189, "run_end": "2023-10-01 05:35:18.993110", "run_start": "2023-10-01 05:32:18.847641", "total_execs_per_sec": 272388.01, "total_run_time": 360.58}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3188.526, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334887.42, "afl_execs_total": 98737339, "fuzzers_used": 190, "run_end": "2023-10-01 05:41:21.860222", "run_start": "2023-10-01 05:38:20.496147", "total_execs_per_sec": 272311.26, "total_run_time": 362.59}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.191, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335150.96, "afl_execs_total": 99257022, "fuzzers_used": 191, "run_end": "2023-10-01 05:47:26.904358", "run_start": "2023-10-01 05:44:24.481817", "total_execs_per_sec": 272115.97, "total_run_time": 364.76}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.007, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334773.71, "afl_execs_total": 99776692, "fuzzers_used": 192, "run_end": "2023-10-01 05:53:33.938237", "run_start": "2023-10-01 05:50:30.580786", "total_execs_per_sec": 272056.42, "total_run_time": 366.75}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3585.52, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335035.28, "afl_execs_total": 100296389, "fuzzers_used": 193, "run_end": "2023-10-01 05:59:43.187657", "run_start": "2023-10-01 05:56:38.967074", "total_execs_per_sec": 271835.4, "total_run_time": 368.96}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3181.989, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334596.91, "afl_execs_total": 100816076, "fuzzers_used": 194, "run_end": "2023-10-01 06:05:54.950356", "run_start": "2023-10-01 06:02:49.325019", "total_execs_per_sec": 271397.63, "total_run_time": 371.47}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.021, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 336065.8, "afl_execs_total": 101335780, "fuzzers_used": 195, "run_end": "2023-10-01 06:12:07.984389", "run_start": "2023-10-01 06:09:01.587358", "total_execs_per_sec": 271867.2, "total_run_time": 372.74}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.015, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 335034.33, "afl_execs_total": 101855465, "fuzzers_used": 196, "run_end": "2023-10-01 06:18:24.032065", "run_start": "2023-10-01 06:15:16.159292", "total_execs_per_sec": 271065.21, "total_run_time": 375.76}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.612, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334931.36, "afl_execs_total": 102375169, "fuzzers_used": 197, "run_end": "2023-10-01 06:24:42.372973", "run_start": "2023-10-01 06:21:33.212336", "total_execs_per_sec": 270797.96, "total_run_time": 378.05}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.413, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 334191.98, "afl_execs_total": 102894843, "fuzzers_used": 198, "run_end": "2023-10-01 06:31:03.545925", "run_start": "2023-10-01 06:27:53.127882", "total_execs_per_sec": 270150.29, "total_run_time": 380.88}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.521, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 332929.11, "afl_execs_total": 103414536, "fuzzers_used": 199, "run_end": "2023-10-01 06:37:27.645981", "run_start": "2023-10-01 06:34:15.843433", "total_execs_per_sec": 269442.01, "total_run_time": 383.81}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3339.7, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 331957.22, "afl_execs_total": 103934201, "fuzzers_used": 200, "run_end": "2023-10-01 06:43:54.782368", "run_start": "2023-10-01 06:40:41.553700", "total_execs_per_sec": 268674.91, "total_run_time": 386.84}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1172198.55, "afl_execs_total": 12472081, "fuzzers_used": 16, "run_end": "2023-11-11 02:20:21.969027", "run_start": "2023-11-11 02:20:18.282561", "total_execs_per_sec": 1128695.11, "total_run_time": 11.05}, "singlecore": {"afl_execs_per_sec": 172105.52, "afl_execs_total": 779505, "fuzzers_used": 1, "run_end": "2023-11-11 02:20:10.920659", "run_start": "2023-11-11 02:20:09.459765", "total_execs_per_sec": 170570.02, "total_run_time": 4.57}}}} -{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.583, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"afl_execs_per_sec": 1193793.35, "afl_execs_total": 12472080, "fuzzers_used": 16, "run_end": "2023-11-10 10:25:40.047364", "run_start": "2023-11-10 10:25:36.510399", "total_execs_per_sec": 1169988.74, "total_run_time": 10.66}, "singlecore": {"afl_execs_per_sec": 134426.26, "afl_execs_total": 779505, "fuzzers_used": 1, "run_end": "2023-11-10 10:25:29.381317", "run_start": "2023-11-10 10:25:27.420959", "total_execs_per_sec": 133705.83, "total_run_time": 5.83}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4788.77, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"execs_per_sec": 9845.64, "execs_total": 98545, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4989.281, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"singlecore": {"execs_per_sec": 125682.73, "execs_total": 1257330, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4799.415, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 120293.77, "execs_total": 1203058, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4703.293, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 231429.96, "execs_total": 2314531, "fuzzers_used": 2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4800.375, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 346759.33, "execs_total": 3468290, "fuzzers_used": 3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4915.27, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 455340.06, "execs_total": 4554427, "fuzzers_used": 4}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4701.051, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 568405.15, "execs_total": 5685076, "fuzzers_used": 5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4704.999, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 678030.96, "execs_total": 6781781, "fuzzers_used": 6}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4800.438, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 782585.04, "execs_total": 7827974, "fuzzers_used": 7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4794.851, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 893618.35, "execs_total": 8938405, "fuzzers_used": 8}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.383, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 956026.15, "execs_total": 9562791, "fuzzers_used": 9}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.352, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 984942.13, "execs_total": 9853724, "fuzzers_used": 10}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4987.681, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1016758.62, "execs_total": 10172892, "fuzzers_used": 11}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.196, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1053087.9, "execs_total": 10536439, "fuzzers_used": 12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.211, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1085797.87, "execs_total": 10865305, "fuzzers_used": 13}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.577, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1110640.2, "execs_total": 11114033, "fuzzers_used": 14}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4799.955, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1138984.22, "execs_total": 11397389, "fuzzers_used": 15}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.247, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1168943.19, "execs_total": 11699439, "fuzzers_used": 16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.207, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1135093.91, "execs_total": 11360219, "fuzzers_used": 17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.47, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1160430.45, "execs_total": 11614570, "fuzzers_used": 18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4991.188, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1155769.97, "execs_total": 11569540, "fuzzers_used": 19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.63, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1150156.26, "execs_total": 11509407, "fuzzers_used": 20}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.227, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1136873.58, "execs_total": 11377110, "fuzzers_used": 21}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.317, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1112404.25, "execs_total": 11134086, "fuzzers_used": 22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.851, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1143131.72, "execs_total": 11440024, "fuzzers_used": 23}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.261, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1143931.38, "execs_total": 11448786, "fuzzers_used": 24}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.259, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1102090.61, "execs_total": 11028561, "fuzzers_used": 25}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.149, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1116518.7, "execs_total": 11172681, "fuzzers_used": 26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4801.01, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1099224.19, "execs_total": 11000537, "fuzzers_used": 27}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.448, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1114945.37, "execs_total": 11158802, "fuzzers_used": 28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.663, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1110889.91, "execs_total": 11118113, "fuzzers_used": 29}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.741, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1058548.28, "execs_total": 10595540, "fuzzers_used": 30}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.852, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1119804.85, "execs_total": 11208645, "fuzzers_used": 31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.417, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1118828.99, "execs_total": 11197813, "fuzzers_used": 32}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.682, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1093426.61, "execs_total": 10942324, "fuzzers_used": 33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.248, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1108123.59, "execs_total": 11090315, "fuzzers_used": 34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.053, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1041486.52, "execs_total": 10422413, "fuzzers_used": 35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.299, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1092395.61, "execs_total": 10932107, "fuzzers_used": 36}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.081, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"execs_per_sec": 8278.64, "execs_total": 82894, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.118, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 90641.62, "execs_total": 906960, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.588, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 178184.19, "execs_total": 1782109, "fuzzers_used": 2}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.204, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 262652.86, "execs_total": 2627228, "fuzzers_used": 3}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.829, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 339119.32, "execs_total": 3391956, "fuzzers_used": 4}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.205, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 420239.94, "execs_total": 4202989, "fuzzers_used": 5}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.0, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 498062.02, "execs_total": 4981367, "fuzzers_used": 6}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.407, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 578495.44, "execs_total": 5786691, "fuzzers_used": 7}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5002.997, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 661836.22, "execs_total": 6620265, "fuzzers_used": 8}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.952, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 684808.49, "execs_total": 6850000, "fuzzers_used": 9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.99, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 707094.65, "execs_total": 7074048, "fuzzers_used": 10}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.003, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 732106.17, "execs_total": 7325352, "fuzzers_used": 11}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.488, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 752910.17, "execs_total": 7533775, "fuzzers_used": 12}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5003.679, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 776179.85, "execs_total": 7767507, "fuzzers_used": 13}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.45, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 797520.58, "execs_total": 7981534, "fuzzers_used": 14}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.313, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 822235.41, "execs_total": 8228941, "fuzzers_used": 15}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.723, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 843897.51, "execs_total": 8445693, "fuzzers_used": 16}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.488, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 843177.15, "execs_total": 8438493, "fuzzers_used": 17}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.299, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 844779.09, "execs_total": 8456834, "fuzzers_used": 18}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.662, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 846060.74, "execs_total": 8465728, "fuzzers_used": 19}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.922, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 847556.23, "execs_total": 8482537, "fuzzers_used": 20}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.098, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 844022.97, "execs_total": 8447616, "fuzzers_used": 21}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.352, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 845818.7, "execs_total": 8464237, "fuzzers_used": 22}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.457, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 844118.27, "execs_total": 8448858, "fuzzers_used": 23}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.019, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 837189.02, "execs_total": 8379746, "fuzzers_used": 24}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.513, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 834712.31, "execs_total": 8354719, "fuzzers_used": 25}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.891, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 836344.12, "execs_total": 8370166, "fuzzers_used": 26}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.494, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 827784.91, "execs_total": 8283782, "fuzzers_used": 27}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.761, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 828641.27, "execs_total": 8293602, "fuzzers_used": 28}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.115, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 826123.67, "execs_total": 8268211, "fuzzers_used": 29}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4993.515, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 817765.77, "execs_total": 8184720, "fuzzers_used": 30}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.555, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 816556.66, "execs_total": 8171816, "fuzzers_used": 31}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.999, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 812661.77, "execs_total": 8132767, "fuzzers_used": 32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.561, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 805352.16, "execs_total": 8060482, "fuzzers_used": 33}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.938, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 815888.26, "execs_total": 8164454, "fuzzers_used": 34}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.951, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 812348.56, "execs_total": 8129441, "fuzzers_used": 35}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.444, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 817278.03, "execs_total": 8178918, "fuzzers_used": 36}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.133, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 91247.98, "execs_total": 912571, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.029, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 177503.74, "execs_total": 1775569, "fuzzers_used": 2}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.516, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 263559.94, "execs_total": 2635863, "fuzzers_used": 3}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.946, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 339880.84, "execs_total": 3399660, "fuzzers_used": 4}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.539, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 418569.46, "execs_total": 4186780, "fuzzers_used": 5}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.53, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 496208.2, "execs_total": 4962992, "fuzzers_used": 6}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.015, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 580870.62, "execs_total": 5809953, "fuzzers_used": 7}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.662, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 662910.24, "execs_total": 6631172, "fuzzers_used": 8}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.8, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 683654.43, "execs_total": 6838092, "fuzzers_used": 9}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.849, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 707555.71, "execs_total": 7078261, "fuzzers_used": 10}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5007.628, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 732211.35, "execs_total": 7325661, "fuzzers_used": 11}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4981.601, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 756121.92, "execs_total": 7565074, "fuzzers_used": 12}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.041, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 774101.97, "execs_total": 7745053, "fuzzers_used": 13}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5004.554, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 796439.54, "execs_total": 7972225, "fuzzers_used": 14}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.433, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 822652.36, "execs_total": 8232836, "fuzzers_used": 15}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.063, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 846458.67, "execs_total": 8473949, "fuzzers_used": 16}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.85, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 847285.31, "execs_total": 8479183, "fuzzers_used": 17}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.627, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 847278.34, "execs_total": 8481577, "fuzzers_used": 18}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5002.007, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 849345.2, "execs_total": 8500890, "fuzzers_used": 19}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.497, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 848498.04, "execs_total": 8491840, "fuzzers_used": 20}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.084, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 848737.28, "execs_total": 8494747, "fuzzers_used": 21}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.872, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 847610.49, "execs_total": 8484864, "fuzzers_used": 22}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.036, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 846329.82, "execs_total": 8471670, "fuzzers_used": 23}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.731, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 839140.26, "execs_total": 8397496, "fuzzers_used": 24}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4988.743, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 843648.98, "execs_total": 8444091, "fuzzers_used": 25}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5004.084, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 835215.19, "execs_total": 8359949, "fuzzers_used": 26}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.828, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 833416.5, "execs_total": 8340275, "fuzzers_used": 27}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.795, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 826512.71, "execs_total": 8272574, "fuzzers_used": 28}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.022, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 828656.04, "execs_total": 8292856, "fuzzers_used": 29}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.939, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 823292.55, "execs_total": 8239885, "fuzzers_used": 30}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.233, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 824657.95, "execs_total": 8252812, "fuzzers_used": 31}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.909, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 817807.44, "execs_total": 8183838, "fuzzers_used": 32}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.834, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 815344.89, "execs_total": 8160193, "fuzzers_used": 33}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.968, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 814327.97, "execs_total": 8149984, "fuzzers_used": 34}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.625, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 819612.64, "execs_total": 8202605, "fuzzers_used": 35}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.404, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 813155.19, "execs_total": 8137546, "fuzzers_used": 36}}}} +{"config": {"afl_persistent_config": false, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5001.911, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"execs_per_sec": 8391.52, "execs_total": 83932, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4980.444, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"execs_per_sec": 10754.79, "execs_total": 107720, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 5000.011, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 126201.28, "execs_total": 1262139, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4993.941, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 245701.79, "execs_total": 2457750, "fuzzers_used": 2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4983.297, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 361167.18, "execs_total": 3612273, "fuzzers_used": 3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.008, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 475221.97, "execs_total": 4752815, "fuzzers_used": 4}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.977, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 586393.43, "execs_total": 5865460, "fuzzers_used": 5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.97, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 690946.36, "execs_total": 6910846, "fuzzers_used": 6}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.017, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 801029.31, "execs_total": 8011774, "fuzzers_used": 7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.617, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 913876.89, "execs_total": 9140715, "fuzzers_used": 8}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.997, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 946293.38, "execs_total": 9464848, "fuzzers_used": 9}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.162, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 980031.45, "execs_total": 9803628, "fuzzers_used": 10}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.223, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1015241.63, "execs_total": 10157948, "fuzzers_used": 11}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.761, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1042290.69, "execs_total": 10427527, "fuzzers_used": 12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.045, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1073567.99, "execs_total": 10739590, "fuzzers_used": 13}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.484, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1119312.88, "execs_total": 11199130, "fuzzers_used": 14}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.729, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1156363.75, "execs_total": 11573213, "fuzzers_used": 15}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.146, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1183713.3, "execs_total": 11848245, "fuzzers_used": 16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.048, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1187603.56, "execs_total": 11886825, "fuzzers_used": 17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4986.845, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1190369.21, "execs_total": 11914954, "fuzzers_used": 18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4985.364, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1188828.6, "execs_total": 11902947, "fuzzers_used": 19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.108, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1187617.46, "execs_total": 11887934, "fuzzers_used": 20}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.754, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1188490.16, "execs_total": 11894967, "fuzzers_used": 21}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.129, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1184138.92, "execs_total": 11850653, "fuzzers_used": 22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.048, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1189374.23, "execs_total": 11903803, "fuzzers_used": 23}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.261, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1178947.43, "execs_total": 11800850, "fuzzers_used": 24}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.422, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1173540.28, "execs_total": 11743120, "fuzzers_used": 25}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.909, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1168471.78, "execs_total": 11696401, "fuzzers_used": 26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4966.966, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1169320.61, "execs_total": 11703900, "fuzzers_used": 27}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.207, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1165434.17, "execs_total": 11661131, "fuzzers_used": 28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.554, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1161113.26, "execs_total": 11619771, "fuzzers_used": 29}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.822, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1155066.44, "execs_total": 11560147, "fuzzers_used": 30}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.061, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1145196.35, "execs_total": 11461349, "fuzzers_used": 31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.006, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1151794.28, "execs_total": 11526764, "fuzzers_used": 32}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4995.939, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1151652.84, "execs_total": 11526720, "fuzzers_used": 33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.002, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1153215.56, "execs_total": 11539780, "fuzzers_used": 34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.456, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1146882.5, "execs_total": 11478112, "fuzzers_used": 35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": false, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.183, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1155253.95, "execs_total": 11561694, "fuzzers_used": 36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4848.974, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 10714.79, "execs_total": 107180, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.353, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 20493.07, "execs_total": 205279, "fuzzers_used": 2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.198, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 29660.06, "execs_total": 297006, "fuzzers_used": 3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.015, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 37875.57, "execs_total": 379078, "fuzzers_used": 4}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.975, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 46326.75, "execs_total": 463731, "fuzzers_used": 5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.579, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 54595.48, "execs_total": 546283, "fuzzers_used": 6}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4983.814, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 62720.98, "execs_total": 628151, "fuzzers_used": 7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.617, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 70777.99, "execs_total": 708505, "fuzzers_used": 8}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.286, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 74236.02, "execs_total": 743157, "fuzzers_used": 9}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4799.516, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 78134.94, "execs_total": 782272, "fuzzers_used": 10}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4911.536, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 81886.33, "execs_total": 819649, "fuzzers_used": 11}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.199, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 85923.44, "execs_total": 860033, "fuzzers_used": 12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.447, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 89696.95, "execs_total": 897746, "fuzzers_used": 13}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.496, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 93540.52, "execs_total": 936217, "fuzzers_used": 14}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.936, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 97641.51, "execs_total": 977546, "fuzzers_used": 15}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4991.829, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 101692.65, "execs_total": 1017683, "fuzzers_used": 16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.489, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 101236.75, "execs_total": 1013188, "fuzzers_used": 17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.352, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 101006.28, "execs_total": 1011004, "fuzzers_used": 18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4999.894, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 99952.26, "execs_total": 1000431, "fuzzers_used": 19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4942.12, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 99798.64, "execs_total": 998795, "fuzzers_used": 20}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.686, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 99018.86, "execs_total": 991012, "fuzzers_used": 21}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.308, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 98600.87, "execs_total": 986643, "fuzzers_used": 22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.683, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 98634.02, "execs_total": 987082, "fuzzers_used": 23}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.457, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 98352.9, "execs_total": 984071, "fuzzers_used": 24}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.733, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 98118.63, "execs_total": 981865, "fuzzers_used": 25}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4994.474, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 97752.45, "execs_total": 978192, "fuzzers_used": 26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4853.378, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 97864.07, "execs_total": 979334, "fuzzers_used": 27}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.484, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 97821.8, "execs_total": 978814, "fuzzers_used": 28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4996.738, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 97564.87, "execs_total": 976335, "fuzzers_used": 29}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.341, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 98508.1, "execs_total": 985853, "fuzzers_used": 30}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.773, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 98238.96, "execs_total": 983062, "fuzzers_used": 31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.037, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 98363.93, "execs_total": 984411, "fuzzers_used": 32}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.448, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 96758.69, "execs_total": 968157, "fuzzers_used": 33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.238, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 96327.0, "execs_total": 964046, "fuzzers_used": 34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4997.619, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 95913.98, "execs_total": 959817, "fuzzers_used": 35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "i9-9900k, 16GB DDR4-3000, Arch Linux", "compiler": "clang version 16.0.6", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4998.076, "cpu_model": "Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz", "cpu_threads": 16}, "targets": {"test-instr": {"multicore": {"execs_per_sec": 95871.39, "execs_total": 959318, "fuzzers_used": 36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr": {"singlecore": {"execs_per_sec": 5741.89, "execs_total": 57505, "fuzzers_used": 1}}, "test-instr-persist-shmem": {"singlecore": {"execs_per_sec": 163570.34, "execs_total": 1635867, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 164224.43, "execs_total": 1642737, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 167222.58, "execs_total": 1672393, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 306547.24, "execs_total": 3065934, "fuzzers_used": 2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 436010.2, "execs_total": 4360827, "fuzzers_used": 3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 536415.92, "execs_total": 5365101, "fuzzers_used": 4}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 622104.43, "execs_total": 6222784, "fuzzers_used": 5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 729436.2, "execs_total": 7295214, "fuzzers_used": 6}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 820258.88, "execs_total": 8203409, "fuzzers_used": 7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 884746.31, "execs_total": 8848458, "fuzzers_used": 8}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 947308.55, "execs_total": 9474351, "fuzzers_used": 9}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 985953.62, "execs_total": 9860922, "fuzzers_used": 10}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1009716.71, "execs_total": 10098454, "fuzzers_used": 11}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1041437.1, "execs_total": 10415844, "fuzzers_used": 12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1068180.17, "execs_total": 10683116, "fuzzers_used": 13}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1108873.82, "execs_total": 11089926, "fuzzers_used": 14}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1134135.0, "execs_total": 11354464, "fuzzers_used": 15}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1157465.79, "execs_total": 11582583, "fuzzers_used": 16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1122785.14, "execs_total": 11235138, "fuzzers_used": 17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1094132.3, "execs_total": 10950326, "fuzzers_used": 18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1041102.04, "execs_total": 10420102, "fuzzers_used": 19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1022474.0, "execs_total": 10236560, "fuzzers_used": 20}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 960681.48, "execs_total": 9618077, "fuzzers_used": 21}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 853680.22, "execs_total": 8545665, "fuzzers_used": 22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 799719.75, "execs_total": 8005071, "fuzzers_used": 23}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 797512.71, "execs_total": 7983371, "fuzzers_used": 24}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 659476.15, "execs_total": 6601599, "fuzzers_used": 25}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 560625.96, "execs_total": 5612503, "fuzzers_used": 26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 537839.62, "execs_total": 5381649, "fuzzers_used": 27}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 510072.53, "execs_total": 5106056, "fuzzers_used": 28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 408667.49, "execs_total": 4091795, "fuzzers_used": 29}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 453849.79, "execs_total": 4542311, "fuzzers_used": 30}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 405935.72, "execs_total": 4064268, "fuzzers_used": 31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 579312.77, "execs_total": 5798912, "fuzzers_used": 32}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 470961.79, "execs_total": 4715503, "fuzzers_used": 33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 436380.3, "execs_total": 4368099, "fuzzers_used": 34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 439819.17, "execs_total": 4405705, "fuzzers_used": 35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "Apple Mac Studio M2 Ultra 2023, Linux VM guest, 16 threads assigned to VM", "compiler": "Ubuntu clang version 16.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3500.0, "cpu_model": "Apple Mac Studio M2 Ultra 2023", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 407460.31, "execs_total": 4084528, "fuzzers_used": 36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3514.326, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 119469.35, "execs_total": 1194813, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.748, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 237177.2, "execs_total": 2372250, "fuzzers_used": 2}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3455.647, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 358305.9, "execs_total": 3583655, "fuzzers_used": 3}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.67, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 475974.21, "execs_total": 4760218, "fuzzers_used": 4}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.813, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 594372.12, "execs_total": 5944793, "fuzzers_used": 5}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3584.545, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 711732.18, "execs_total": 7118626, "fuzzers_used": 6}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.377, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 824314.1, "execs_total": 8245020, "fuzzers_used": 7}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.535, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 936358.89, "execs_total": 9365349, "fuzzers_used": 8}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3469.977, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1010050.77, "execs_total": 10102421, "fuzzers_used": 9}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.644, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1087333.72, "execs_total": 10875294, "fuzzers_used": 10}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3473.935, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1180500.37, "execs_total": 11807345, "fuzzers_used": 11}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3334.193, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1284695.8, "execs_total": 12849848, "fuzzers_used": 12}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3436.186, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1377659.89, "execs_total": 13779252, "fuzzers_used": 13}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.27, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1471828.49, "execs_total": 14721973, "fuzzers_used": 14}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3466.893, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1557812.41, "execs_total": 15581135, "fuzzers_used": 15}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3561.127, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1634678.08, "execs_total": 16349952, "fuzzers_used": 16}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.848, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1518908.2, "execs_total": 15192488, "fuzzers_used": 17}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.34, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1470513.71, "execs_total": 14709207, "fuzzers_used": 18}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.619, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1414625.05, "execs_total": 14156400, "fuzzers_used": 19}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.99, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1355481.53, "execs_total": 13565462, "fuzzers_used": 20}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.232, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1292684.55, "execs_total": 12934801, "fuzzers_used": 21}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3442.34, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1234478.66, "execs_total": 12352256, "fuzzers_used": 22}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.796, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1174550.37, "execs_total": 11752094, "fuzzers_used": 23}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3494.124, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1125218.66, "execs_total": 11258330, "fuzzers_used": 24}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3350.261, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 1022021.81, "execs_total": 10226548, "fuzzers_used": 25}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.929, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 990339.75, "execs_total": 9908883, "fuzzers_used": 26}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3484.153, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 953861.38, "execs_total": 9543479, "fuzzers_used": 27}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3393.24, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 942151.65, "execs_total": 9426176, "fuzzers_used": 28}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3434.881, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 927072.1, "execs_total": 9275954, "fuzzers_used": 29}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3444.453, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 908669.71, "execs_total": 9092225, "fuzzers_used": 30}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3442.593, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 893432.26, "execs_total": 8938840, "fuzzers_used": 31}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3380.389, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 876618.01, "execs_total": 8770325, "fuzzers_used": 32}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3586.135, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 834676.33, "execs_total": 8350992, "fuzzers_used": 33}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.956, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 830200.25, "execs_total": 8306463, "fuzzers_used": 34}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.94, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 821667.96, "execs_total": 8220135, "fuzzers_used": 35}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.052, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 829075.87, "execs_total": 8294543, "fuzzers_used": 36}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3573.541, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 814422.62, "execs_total": 8148191, "fuzzers_used": 37}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.902, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 806770.85, "execs_total": 8071030, "fuzzers_used": 38}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3488.496, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 794433.8, "execs_total": 7947600, "fuzzers_used": 39}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3470.314, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 781022.61, "execs_total": 7813248, "fuzzers_used": 40}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.761, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 754394.26, "execs_total": 7546321, "fuzzers_used": 41}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.125, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 763116.33, "execs_total": 7634125, "fuzzers_used": 42}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.437, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 759323.54, "execs_total": 7596118, "fuzzers_used": 43}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.079, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 764198.14, "execs_total": 7644920, "fuzzers_used": 44}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.619, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 757777.51, "execs_total": 7580317, "fuzzers_used": 45}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3425.09, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 749357.06, "execs_total": 7496189, "fuzzers_used": 46}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.567, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 732083.87, "execs_total": 7323543, "fuzzers_used": 47}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.365, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 721133.28, "execs_total": 7214084, "fuzzers_used": 48}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.699, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 658925.82, "execs_total": 6591967, "fuzzers_used": 49}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.889, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 659890.97, "execs_total": 6601888, "fuzzers_used": 50}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3381.676, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 655176.63, "execs_total": 6554987, "fuzzers_used": 51}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.51, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 660889.12, "execs_total": 6612265, "fuzzers_used": 52}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3546.407, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 651803.54, "execs_total": 6520961, "fuzzers_used": 53}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3439.83, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 659012.17, "execs_total": 6593396, "fuzzers_used": 54}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3387.899, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 660016.18, "execs_total": 6603558, "fuzzers_used": 55}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3444.077, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 655931.36, "execs_total": 6561865, "fuzzers_used": 56}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.775, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 618906.23, "execs_total": 6192465, "fuzzers_used": 57}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.33, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 614008.28, "execs_total": 6143464, "fuzzers_used": 58}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.487, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 622400.85, "execs_total": 6227304, "fuzzers_used": 59}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.123, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 624883.06, "execs_total": 6251875, "fuzzers_used": 60}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.657, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 628668.94, "execs_total": 6289966, "fuzzers_used": 61}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.335, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 628892.17, "execs_total": 6292361, "fuzzers_used": 62}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.368, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 622065.07, "execs_total": 6224119, "fuzzers_used": 63}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3413.262, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 625528.06, "execs_total": 6258762, "fuzzers_used": 64}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.18, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 602248.19, "execs_total": 6025927, "fuzzers_used": 65}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.981, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 597615.89, "execs_total": 5979708, "fuzzers_used": 66}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3600.012, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 607270.98, "execs_total": 6076233, "fuzzers_used": 67}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3507.753, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 608945.09, "execs_total": 6092446, "fuzzers_used": 68}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.845, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 611736.03, "execs_total": 6121207, "fuzzers_used": 69}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3412.629, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 615031.23, "execs_total": 6153592, "fuzzers_used": 70}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3443.261, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 608202.64, "execs_total": 6084885, "fuzzers_used": 71}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.439, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 614339.09, "execs_total": 6146152, "fuzzers_used": 72}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3379.556, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 587046.59, "execs_total": 5873881, "fuzzers_used": 73}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.574, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 587238.27, "execs_total": 5875646, "fuzzers_used": 74}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.098, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 594097.56, "execs_total": 5944036, "fuzzers_used": 75}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.762, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 598450.35, "execs_total": 5987756, "fuzzers_used": 76}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.629, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 600430.29, "execs_total": 6007598, "fuzzers_used": 77}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3362.161, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 602014.19, "execs_total": 6023649, "fuzzers_used": 78}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3588.173, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 606146.9, "execs_total": 6065033, "fuzzers_used": 79}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.159, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 599360.46, "execs_total": 5997023, "fuzzers_used": 80}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3503.299, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 574792.78, "execs_total": 5751470, "fuzzers_used": 81}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3584.593, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 578265.29, "execs_total": 5785927, "fuzzers_used": 82}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3401.073, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 589985.07, "execs_total": 5903506, "fuzzers_used": 83}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3468.764, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 589281.87, "execs_total": 5895767, "fuzzers_used": 84}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3466.115, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 596581.77, "execs_total": 5969747, "fuzzers_used": 85}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.706, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 589017.68, "execs_total": 5893108, "fuzzers_used": 86}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3521.556, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 593403.75, "execs_total": 5937422, "fuzzers_used": 87}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.254, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 601611.06, "execs_total": 6019864, "fuzzers_used": 88}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.211, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 576056.15, "execs_total": 5763322, "fuzzers_used": 89}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.489, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 576151.97, "execs_total": 5764687, "fuzzers_used": 90}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.444, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 583769.1, "execs_total": 5841115, "fuzzers_used": 91}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3446.364, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 585285.47, "execs_total": 5856103, "fuzzers_used": 92}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3562.852, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 581524.67, "execs_total": 5818808, "fuzzers_used": 93}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.403, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 596383.31, "execs_total": 5967460, "fuzzers_used": 94}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3421.421, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 596239.29, "execs_total": 5965882, "fuzzers_used": 95}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3276.519, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 595382.67, "execs_total": 5957136, "fuzzers_used": 96}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.029, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 586144.68, "execs_total": 5865411, "fuzzers_used": 97}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.48, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 579467.06, "execs_total": 5798123, "fuzzers_used": 98}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.89, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 572801.45, "execs_total": 5731838, "fuzzers_used": 99}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.31, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 573916.1, "execs_total": 5742901, "fuzzers_used": 100}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.943, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 565823.06, "execs_total": 5660910, "fuzzers_used": 101}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3391.191, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 561854.84, "execs_total": 5621778, "fuzzers_used": 102}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3372.775, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 562717.02, "execs_total": 5630085, "fuzzers_used": 103}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3365.142, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 559273.67, "execs_total": 5596400, "fuzzers_used": 104}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.44, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 553209.58, "execs_total": 5535044, "fuzzers_used": 105}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3563.12, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 547678.42, "execs_total": 5480061, "fuzzers_used": 106}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3477.381, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 552316.36, "execs_total": 5526570, "fuzzers_used": 107}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.467, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 545257.97, "execs_total": 5455157, "fuzzers_used": 108}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3344.258, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 549190.03, "execs_total": 5495511, "fuzzers_used": 109}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3421.467, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 546845.0, "execs_total": 5472086, "fuzzers_used": 110}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.157, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 545239.46, "execs_total": 5455236, "fuzzers_used": 111}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.389, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 543139.24, "execs_total": 5434484, "fuzzers_used": 112}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3461.931, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 543252.43, "execs_total": 5435319, "fuzzers_used": 113}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3354.728, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 538720.77, "execs_total": 5390315, "fuzzers_used": 114}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.185, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 536681.55, "execs_total": 5369963, "fuzzers_used": 115}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.862, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 540956.43, "execs_total": 5412850, "fuzzers_used": 116}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.403, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 536348.84, "execs_total": 5367054, "fuzzers_used": 117}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.449, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 534734.41, "execs_total": 5350358, "fuzzers_used": 118}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.736, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 536060.28, "execs_total": 5363892, "fuzzers_used": 119}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.738, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 533480.83, "execs_total": 5338193, "fuzzers_used": 120}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.482, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 514271.98, "execs_total": 5145571, "fuzzers_used": 121}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.864, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 503271.79, "execs_total": 5035794, "fuzzers_used": 122}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3586.097, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 496011.52, "execs_total": 4963063, "fuzzers_used": 123}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.507, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 490784.42, "execs_total": 4910734, "fuzzers_used": 124}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.718, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 488441.09, "execs_total": 4887140, "fuzzers_used": 125}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.035, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 481281.33, "execs_total": 4815386, "fuzzers_used": 126}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.332, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 469294.96, "execs_total": 4695183, "fuzzers_used": 127}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.346, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 465563.78, "execs_total": 4657841, "fuzzers_used": 128}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.943, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 459922.67, "execs_total": 4601391, "fuzzers_used": 129}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3280.928, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 459384.3, "execs_total": 4596590, "fuzzers_used": 130}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.875, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 453310.58, "execs_total": 4535383, "fuzzers_used": 131}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3600.179, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 460246.7, "execs_total": 4604954, "fuzzers_used": 132}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3601.396, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 457201.82, "execs_total": 4574474, "fuzzers_used": 133}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3600.942, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 452487.43, "execs_total": 4527226, "fuzzers_used": 134}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3458.573, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 450514.18, "execs_total": 4507745, "fuzzers_used": 135}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.922, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 449479.52, "execs_total": 4496843, "fuzzers_used": 136}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.911, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 444691.06, "execs_total": 4449491, "fuzzers_used": 137}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.654, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 443497.81, "execs_total": 4437339, "fuzzers_used": 138}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.626, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 437981.1, "execs_total": 4382263, "fuzzers_used": 139}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.124, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 443055.68, "execs_total": 4432987, "fuzzers_used": 140}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.978, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 438908.41, "execs_total": 4391393, "fuzzers_used": 141}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3453.125, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 442841.02, "execs_total": 4430878, "fuzzers_used": 142}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3214.708, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 441891.92, "execs_total": 4421776, "fuzzers_used": 143}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.764, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 441860.76, "execs_total": 4421068, "fuzzers_used": 144}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3443.44, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 426935.73, "execs_total": 4272029, "fuzzers_used": 145}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3586.383, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 427322.41, "execs_total": 4275938, "fuzzers_used": 146}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3424.014, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 426914.69, "execs_total": 4271924, "fuzzers_used": 147}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.58, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 433246.64, "execs_total": 4335165, "fuzzers_used": 148}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.546, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 435016.77, "execs_total": 4352822, "fuzzers_used": 149}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.587, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 432197.7, "execs_total": 4324740, "fuzzers_used": 150}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3537.464, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 434928.88, "execs_total": 4351767, "fuzzers_used": 151}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.135, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 435174.29, "execs_total": 4354184, "fuzzers_used": 152}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3371.959, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 426852.22, "execs_total": 4271150, "fuzzers_used": 153}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.413, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 431241.89, "execs_total": 4315307, "fuzzers_used": 154}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3590.69, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 430842.14, "execs_total": 4311025, "fuzzers_used": 155}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3591.29, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 434156.3, "execs_total": 4344575, "fuzzers_used": 156}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3583.517, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 430896.1, "execs_total": 4311642, "fuzzers_used": 157}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.926, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 435704.89, "execs_total": 4360326, "fuzzers_used": 158}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.395, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 438155.8, "execs_total": 4384203, "fuzzers_used": 159}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3396.521, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 442883.53, "execs_total": 4432039, "fuzzers_used": 160}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.95, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 433993.37, "execs_total": 4342838, "fuzzers_used": 161}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.614, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 437174.96, "execs_total": 4374708, "fuzzers_used": 162}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.894, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 435745.93, "execs_total": 4360320, "fuzzers_used": 163}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.633, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 441564.58, "execs_total": 4418619, "fuzzers_used": 164}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.069, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 445500.18, "execs_total": 4457810, "fuzzers_used": 165}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3581.223, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 445887.53, "execs_total": 4461995, "fuzzers_used": 166}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.249, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 443509.97, "execs_total": 4438012, "fuzzers_used": 167}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.106, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 446851.67, "execs_total": 4471572, "fuzzers_used": 168}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3417.764, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 447685.22, "execs_total": 4479536, "fuzzers_used": 169}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3589.058, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 446730.72, "execs_total": 4470322, "fuzzers_used": 170}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.116, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 448668.48, "execs_total": 4489967, "fuzzers_used": 171}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.905, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 450972.11, "execs_total": 4513110, "fuzzers_used": 172}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.114, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 450615.23, "execs_total": 4509271, "fuzzers_used": 173}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.851, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 458016.89, "execs_total": 4583318, "fuzzers_used": 174}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.106, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 460677.5, "execs_total": 4609716, "fuzzers_used": 175}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3374.143, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 460763.9, "execs_total": 4610640, "fuzzers_used": 176}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.42, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 452298.55, "execs_total": 4526006, "fuzzers_used": 177}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.801, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 456748.89, "execs_total": 4570571, "fuzzers_used": 178}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.709, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 451289.94, "execs_total": 4516046, "fuzzers_used": 179}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.769, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 463235.15, "execs_total": 4635628, "fuzzers_used": 180}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3330.854, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 464366.11, "execs_total": 4646649, "fuzzers_used": 181}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.585, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 469453.17, "execs_total": 4697909, "fuzzers_used": 182}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.242, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 467300.47, "execs_total": 4676077, "fuzzers_used": 183}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.952, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 475115.57, "execs_total": 4754150, "fuzzers_used": 184}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3583.539, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 472179.98, "execs_total": 4724913, "fuzzers_used": 185}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3598.57, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 465528.62, "execs_total": 4658439, "fuzzers_used": 186}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3587.126, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 476194.69, "execs_total": 4765385, "fuzzers_used": 187}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3423.033, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 475886.86, "execs_total": 4762069, "fuzzers_used": 188}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.32, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 473599.91, "execs_total": 4739128, "fuzzers_used": 189}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.599, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 476949.52, "execs_total": 4772500, "fuzzers_used": 190}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3437.101, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 474259.76, "execs_total": 4745505, "fuzzers_used": 191}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.17, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 479848.23, "execs_total": 4801111, "fuzzers_used": 192}}}} diff --git a/benchmark/benchmark.ipynb b/benchmark/benchmark.ipynb index e4c29f2f82..aea2e0f1de 100644 --- a/benchmark/benchmark.ipynb +++ b/benchmark/benchmark.ipynb @@ -2,7 +2,7 @@ "cells": [ { "cell_type": "code", - "execution_count": 40, + "execution_count": 142, "metadata": {}, "outputs": [], "source": [ @@ -27,7 +27,7 @@ }, { "cell_type": "code", - "execution_count": 41, + "execution_count": 143, "metadata": {}, "outputs": [ { @@ -40,35 +40,20 @@ " \"afl_system_config\": true,\n", " \"afl_version\": \"++4.09a\",\n", " \"comment\": \"i9-9900k, 16GB DDR4-3000, Arch Linux\",\n", - " \"compiler\": \"clang version 15.0.7\",\n", + " \"compiler\": \"clang version 16.0.6\",\n", " \"target_arch\": \"x86_64-pc-linux-gnu\"\n", " },\n", " \"hardware\": {\n", - " \"cpu_fastest_core_mhz\": 4999.879,\n", + " \"cpu_fastest_core_mhz\": 4788.77,\n", " \"cpu_model\": \"Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz\",\n", " \"cpu_threads\": 16\n", " },\n", " \"targets\": {\n", " \"test-instr\": {\n", - " \"multicore\": {\n", - " \"afl_execs_per_sec\": 11025.88,\n", - " \"afl_execs_total\": 519670,\n", - " \"fuzzers_used\": 1,\n", - " \"run_end\": \"2023-09-24 01:18:19.516294\",\n", - " \"run_start\": \"2023-09-24 01:17:55.982600\",\n", - " \"total_execs_per_sec\": 11019.3,\n", - " \"total_run_time\": 47.16\n", - " }\n", - " },\n", - " \"test-instr-persist-shmem\": {\n", - " \"multicore\": {\n", - " \"afl_execs_per_sec\": 134423.5,\n", - " \"afl_execs_total\": 519670,\n", - " \"fuzzers_used\": 1,\n", - " \"run_end\": \"2023-09-24 01:17:32.262373\",\n", - " \"run_start\": \"2023-09-24 01:17:30.328037\",\n", - " \"total_execs_per_sec\": 133591.26,\n", - " \"total_run_time\": 3.89\n", + " \"singlecore\": {\n", + " \"execs_per_sec\": 9845.64,\n", + " \"execs_total\": 98545,\n", + " \"fuzzers_used\": 1\n", " }\n", " }\n", " }\n", @@ -89,7 +74,7 @@ }, { "cell_type": "code", - "execution_count": 42, + "execution_count": 144, "metadata": {}, "outputs": [ { @@ -122,18 +107,18 @@ " hardware.cpu_fastest_core_mhz\n", " hardware.cpu_model\n", " hardware.cpu_threads\n", - " targets.test-instr.multicore.afl_execs_per_sec\n", + " targets.test-instr.singlecore.execs_per_sec\n", " ...\n", - " targets.test-instr.singlecore.run_start\n", - " targets.test-instr.singlecore.total_execs_per_sec\n", - " targets.test-instr.singlecore.total_run_time\n", - " targets.test-instr-persist-shmem.singlecore.afl_execs_per_sec\n", - " targets.test-instr-persist-shmem.singlecore.afl_execs_total\n", + " targets.test-instr.singlecore.fuzzers_used\n", + " targets.test-instr-persist-shmem.singlecore.execs_per_sec\n", + " targets.test-instr-persist-shmem.singlecore.execs_total\n", " targets.test-instr-persist-shmem.singlecore.fuzzers_used\n", - " targets.test-instr-persist-shmem.singlecore.run_end\n", - " targets.test-instr-persist-shmem.singlecore.run_start\n", - " targets.test-instr-persist-shmem.singlecore.total_execs_per_sec\n", - " targets.test-instr-persist-shmem.singlecore.total_run_time\n", + " targets.test-instr-persist-shmem.multicore.execs_per_sec\n", + " targets.test-instr-persist-shmem.multicore.execs_total\n", + " targets.test-instr-persist-shmem.multicore.fuzzers_used\n", + " targets.test-instr.multicore.execs_per_sec\n", + " targets.test-instr.multicore.execs_total\n", + " targets.test-instr.multicore.fuzzers_used\n", " \n", " \n", " \n", @@ -143,14 +128,14 @@ " True\n", " ++4.09a\n", " i9-9900k, 16GB DDR4-3000, Arch Linux\n", - " clang version 15.0.7\n", + " clang version 16.0.6\n", " x86_64-pc-linux-gnu\n", - " 4999.879\n", + " 4788.770\n", " Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz\n", " 16\n", - " 11025.88\n", + " 9845.64\n", " ...\n", - " NaN\n", + " 1.0\n", " NaN\n", " NaN\n", " NaN\n", @@ -167,17 +152,17 @@ " True\n", " ++4.09a\n", " i9-9900k, 16GB DDR4-3000, Arch Linux\n", - " clang version 15.0.7\n", + " clang version 16.0.6\n", " x86_64-pc-linux-gnu\n", - " 4998.794\n", + " 4989.281\n", " Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz\n", " 16\n", - " 21139.64\n", - " ...\n", - " NaN\n", - " NaN\n", " NaN\n", + " ...\n", " NaN\n", + " 125682.73\n", + " 1257330.0\n", + " 1.0\n", " NaN\n", " NaN\n", " NaN\n", @@ -191,20 +176,20 @@ " True\n", " ++4.09a\n", " i9-9900k, 16GB DDR4-3000, Arch Linux\n", - " clang version 15.0.7\n", + " clang version 16.0.6\n", " x86_64-pc-linux-gnu\n", - " 4998.859\n", + " 4799.415\n", " Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz\n", " 16\n", - " 30618.28\n", - " ...\n", - " NaN\n", - " NaN\n", " NaN\n", + " ...\n", " NaN\n", " NaN\n", " NaN\n", " NaN\n", + " 120293.77\n", + " 1203058.0\n", + " 1.0\n", " NaN\n", " NaN\n", " NaN\n", @@ -215,20 +200,20 @@ " True\n", " ++4.09a\n", " i9-9900k, 16GB DDR4-3000, Arch Linux\n", - " clang version 15.0.7\n", + " clang version 16.0.6\n", " x86_64-pc-linux-gnu\n", - " 5000.078\n", + " 4703.293\n", " Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz\n", " 16\n", - " 39125.92\n", - " ...\n", - " NaN\n", - " NaN\n", " NaN\n", + " ...\n", " NaN\n", " NaN\n", " NaN\n", " NaN\n", + " 231429.96\n", + " 2314531.0\n", + " 2.0\n", " NaN\n", " NaN\n", " NaN\n", @@ -239,27 +224,27 @@ " True\n", " ++4.09a\n", " i9-9900k, 16GB DDR4-3000, Arch Linux\n", - " clang version 15.0.7\n", + " clang version 16.0.6\n", " x86_64-pc-linux-gnu\n", - " 4996.885\n", + " 4800.375\n", " Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz\n", " 16\n", - " 47861.04\n", - " ...\n", - " NaN\n", - " NaN\n", " NaN\n", + " ...\n", " NaN\n", " NaN\n", " NaN\n", " NaN\n", + " 346759.33\n", + " 3468290.0\n", + " 3.0\n", " NaN\n", " NaN\n", " NaN\n", " \n", " \n", "\n", - "

5 rows × 37 columns

\n", + "

5 rows × 21 columns

\n", "" ], "text/plain": [ @@ -271,18 +256,18 @@ "4 True True ++4.09a \n", "\n", " config.comment config.compiler \\\n", - "0 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", - "1 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", - "2 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", - "3 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", - "4 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 15.0.7 \n", + "0 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 16.0.6 \n", + "1 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 16.0.6 \n", + "2 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 16.0.6 \n", + "3 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 16.0.6 \n", + "4 i9-9900k, 16GB DDR4-3000, Arch Linux clang version 16.0.6 \n", "\n", " config.target_arch hardware.cpu_fastest_core_mhz \\\n", - "0 x86_64-pc-linux-gnu 4999.879 \n", - "1 x86_64-pc-linux-gnu 4998.794 \n", - "2 x86_64-pc-linux-gnu 4998.859 \n", - "3 x86_64-pc-linux-gnu 5000.078 \n", - "4 x86_64-pc-linux-gnu 4996.885 \n", + "0 x86_64-pc-linux-gnu 4788.770 \n", + "1 x86_64-pc-linux-gnu 4989.281 \n", + "2 x86_64-pc-linux-gnu 4799.415 \n", + "3 x86_64-pc-linux-gnu 4703.293 \n", + "4 x86_64-pc-linux-gnu 4800.375 \n", "\n", " hardware.cpu_model hardware.cpu_threads \\\n", "0 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", @@ -291,87 +276,87 @@ "3 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", "4 Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz 16 \n", "\n", - " targets.test-instr.multicore.afl_execs_per_sec ... \\\n", - "0 11025.88 ... \n", - "1 21139.64 ... \n", - "2 30618.28 ... \n", - "3 39125.92 ... \n", - "4 47861.04 ... \n", - "\n", - " targets.test-instr.singlecore.run_start \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr.singlecore.execs_per_sec ... \\\n", + "0 9845.64 ... \n", + "1 NaN ... \n", + "2 NaN ... \n", + "3 NaN ... \n", + "4 NaN ... \n", "\n", - " targets.test-instr.singlecore.total_execs_per_sec \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr.singlecore.fuzzers_used \\\n", + "0 1.0 \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", "\n", - " targets.test-instr.singlecore.total_run_time \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr-persist-shmem.singlecore.execs_per_sec \\\n", + "0 NaN \n", + "1 125682.73 \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", "\n", - " targets.test-instr-persist-shmem.singlecore.afl_execs_per_sec \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", - "\n", - " targets.test-instr-persist-shmem.singlecore.afl_execs_total \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr-persist-shmem.singlecore.execs_total \\\n", + "0 NaN \n", + "1 1257330.0 \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", "\n", " targets.test-instr-persist-shmem.singlecore.fuzzers_used \\\n", "0 NaN \n", - "1 NaN \n", + "1 1.0 \n", "2 NaN \n", "3 NaN \n", "4 NaN \n", "\n", - " targets.test-instr-persist-shmem.singlecore.run_end \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr-persist-shmem.multicore.execs_per_sec \\\n", + "0 NaN \n", + "1 NaN \n", + "2 120293.77 \n", + "3 231429.96 \n", + "4 346759.33 \n", "\n", - " targets.test-instr-persist-shmem.singlecore.run_start \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr-persist-shmem.multicore.execs_total \\\n", + "0 NaN \n", + "1 NaN \n", + "2 1203058.0 \n", + "3 2314531.0 \n", + "4 3468290.0 \n", "\n", - " targets.test-instr-persist-shmem.singlecore.total_execs_per_sec \\\n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr-persist-shmem.multicore.fuzzers_used \\\n", + "0 NaN \n", + "1 NaN \n", + "2 1.0 \n", + "3 2.0 \n", + "4 3.0 \n", "\n", - " targets.test-instr-persist-shmem.singlecore.total_run_time \n", - "0 NaN \n", - "1 NaN \n", - "2 NaN \n", - "3 NaN \n", - "4 NaN \n", + " targets.test-instr.multicore.execs_per_sec \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", "\n", - "[5 rows x 37 columns]" + " targets.test-instr.multicore.execs_total \\\n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + " targets.test-instr.multicore.fuzzers_used \n", + "0 NaN \n", + "1 NaN \n", + "2 NaN \n", + "3 NaN \n", + "4 NaN \n", + "\n", + "[5 rows x 21 columns]" ] }, - "execution_count": 42, + "execution_count": 144, "metadata": {}, "output_type": "execute_result" } @@ -388,28 +373,24 @@ "source": [ "### Graph prep\n", "\n", - "We're looking for a line graph showing lines for each fuzz target, in both singlecore and multicore modes, in each config setting -- where the x-axis is number of cores, and the y-axis is either afl_execs_per_sec or total_execs_per_sec (I'm not yet sure which is a better metric to use).\n", + "We're looking for a line graph showing lines for each fuzz target, in both singlecore and multicore modes, in each config setting -- where the x-axis is number of cores, and the y-axis is execs_per_sec.\n", "\n", - "But first, a mini test harness by checking that the number of rows matched what we'd intuitively expect:" + "First, a quick check that the number of rows matched what we'd intuitively expect:" ] }, { "cell_type": "code", - "execution_count": 43, + "execution_count": 145, "metadata": {}, "outputs": [], "source": [ "i7 = df.query(\"`config.comment` == 'i9-9900k, 16GB DDR4-3000, Arch Linux'\")\n", - "assert len(i7) == 148\n", - "multicore = i7.query(\"`targets.test-instr-persist-shmem.multicore.total_execs_per_sec` > 0 or `targets.test-instr.multicore.total_execs_per_sec` > 0\")\n", - "assert len(multicore) == 144 # 36 cores * 4 states * 1 run (containing two targets)\n", - "singlecore = i7.query(\"`targets.test-instr-persist-shmem.singlecore.total_execs_per_sec` > 0 or `targets.test-instr.singlecore.total_execs_per_sec` > 0\")\n", - "assert len(singlecore) == 4 # 1 core * 4 states * 1 run (containing two targets)" + "assert len(i7) == 185" ] }, { "cell_type": "code", - "execution_count": 44, + "execution_count": 146, "metadata": {}, "outputs": [], "source": [ @@ -421,10 +402,9 @@ " for target in [\"test-instr-persist-shmem\", \"test-instr\"]:\n", " for mode in [\"multicore\", \"singlecore\"]:\n", " label = \"\"\n", - " if not row[f\"targets.{target}.{mode}.total_execs_per_sec\"] > 0:\n", + " if not row[f\"targets.{target}.{mode}.execs_per_sec\"] > 0:\n", " continue\n", - " execs_per_sec = row[f\"targets.{target}.{mode}.total_execs_per_sec\"]\n", - " afl_execs_per_sec = row[f\"targets.{target}.{mode}.afl_execs_per_sec\"]\n", + " execs_per_sec = row[f\"targets.{target}.{mode}.execs_per_sec\"]\n", " parallel_fuzzers = row[f\"targets.{target}.{mode}.fuzzers_used\"]\n", " afl_persistent_config = row[\"config.afl_persistent_config\"]\n", " afl_system_config = row[\"config.afl_system_config\"]\n", @@ -443,7 +423,6 @@ " \n", " if label == \"shmem-multicore+persist-conf+system-conf\":\n", " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory + kernel config\"})\n", - " graphdata.append({\"execs_per_sec\": afl_execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: afl_execs: Persistent mode/shared memory + kernel config\"})\n", " if label == \"shmem-multicore\":\n", " graphdata.append({\"execs_per_sec\": execs_per_sec, \"parallel_fuzzers\": parallel_fuzzers, \"afl_persistent_config\": afl_persistent_config, \"afl_system_config\": afl_system_config, \"label\": \"Multicore: Persistent mode/shared memory without kernel config\"})\n", " if label == \"base-multicore+persist-conf+system-conf\":\n", @@ -461,13 +440,13 @@ }, { "cell_type": "code", - "execution_count": 45, + "execution_count": 147, "metadata": {}, "outputs": [ { "data": { "image/svg+xml": [ - "1234567891011121314151617181920212223242526272829303132333435361x26x51x75x100x125xConfigurationMulticore: Non-persistent mode + kernel configMulticore: Persistent mode/shared memory + kernel configMulticore: Persistent mode/shared memory without kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configSinglecore: Non-persistent mode + kernel configSinglecore: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" + "1234567891011121314151617181920212223242526272829303132333435361x25x48x72x95x119xConfigurationMulticore: Non-persistent mode + kernel configMulticore: Persistent mode/shared memory + kernel configMulticore: Persistent mode/shared memory without kernel configSinglecore: Non-persistent mode + kernel configSinglecore: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" ] }, "metadata": {}, @@ -509,7 +488,7 @@ }, { "cell_type": "code", - "execution_count": 46, + "execution_count": 148, "metadata": {}, "outputs": [ { @@ -536,7 +515,6 @@ " Multicore: Non-persistent mode + kernel config\n", " Multicore: Persistent mode/shared memory + kernel config\n", " Multicore: Persistent mode/shared memory without kernel config\n", - " Multicore: afl_execs: Persistent mode/shared memory + kernel config\n", " Singlecore: Non-persistent mode + kernel config\n", " Singlecore: Persistent mode/shared memory + kernel config\n", " \n", @@ -547,54 +525,296 @@ " \n", " \n", " \n", - " \n", " \n", " \n", " \n", " \n", " 1.0\n", - " 11019.30\n", - " 133591.26\n", - " 90851.40\n", - " 134423.50\n", - " 11038.96\n", - " 135613.26\n", + " 10714.79\n", + " 120293.77\n", + " 90641.62\n", + " 9845.64\n", + " 125682.73\n", " \n", " \n", " 2.0\n", - " 21111.92\n", - " 255995.07\n", - " 176159.32\n", - " 258490.04\n", - " 11038.96\n", - " 135613.26\n", + " 20493.07\n", + " 231429.96\n", + " 178184.19\n", + " 9845.64\n", + " 125682.73\n", " \n", " \n", " 3.0\n", - " 30568.82\n", - " 380246.34\n", - " 260268.78\n", - " 383777.45\n", - " 11038.96\n", - " 135613.26\n", + " 29660.06\n", + " 346759.33\n", + " 262652.86\n", + " 9845.64\n", + " 125682.73\n", " \n", " \n", " 4.0\n", - " 38963.07\n", - " 490254.72\n", - " 336355.99\n", - " 496249.48\n", - " 11038.96\n", - " 135613.26\n", + " 37875.57\n", + " 455340.06\n", + " 339119.32\n", + " 9845.64\n", + " 125682.73\n", " \n", " \n", " 5.0\n", - " 47693.65\n", - " 598698.16\n", - " 413750.00\n", - " 613089.31\n", - " 11038.96\n", - " 135613.26\n", + " 46326.75\n", + " 568405.15\n", + " 420239.94\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 6.0\n", + " 54595.48\n", + " 678030.96\n", + " 498062.02\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 7.0\n", + " 62720.98\n", + " 782585.04\n", + " 578495.44\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 8.0\n", + " 70777.99\n", + " 893618.35\n", + " 661836.22\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 9.0\n", + " 74236.02\n", + " 956026.15\n", + " 684808.49\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 10.0\n", + " 78134.94\n", + " 984942.13\n", + " 707094.65\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 11.0\n", + " 81886.33\n", + " 1016758.62\n", + " 732106.17\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 12.0\n", + " 85923.44\n", + " 1053087.90\n", + " 752910.17\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 13.0\n", + " 89696.95\n", + " 1085797.87\n", + " 776179.85\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 14.0\n", + " 93540.52\n", + " 1110640.20\n", + " 797520.58\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 15.0\n", + " 97641.51\n", + " 1138984.22\n", + " 822235.41\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 16.0\n", + " 101692.65\n", + " 1168943.19\n", + " 843897.51\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 17.0\n", + " 101236.75\n", + " 1135093.91\n", + " 843177.15\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 18.0\n", + " 101006.28\n", + " 1160430.45\n", + " 844779.09\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 19.0\n", + " 99952.26\n", + " 1155769.97\n", + " 846060.74\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 20.0\n", + " 99798.64\n", + " 1150156.26\n", + " 847556.23\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 21.0\n", + " 99018.86\n", + " 1136873.58\n", + " 844022.97\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 22.0\n", + " 98600.87\n", + " 1112404.25\n", + " 845818.70\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 23.0\n", + " 98634.02\n", + " 1143131.72\n", + " 844118.27\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 24.0\n", + " 98352.90\n", + " 1143931.38\n", + " 837189.02\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 25.0\n", + " 98118.63\n", + " 1102090.61\n", + " 834712.31\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 26.0\n", + " 97752.45\n", + " 1116518.70\n", + " 836344.12\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 27.0\n", + " 97864.07\n", + " 1099224.19\n", + " 827784.91\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 28.0\n", + " 97821.80\n", + " 1114945.37\n", + " 828641.27\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 29.0\n", + " 97564.87\n", + " 1110889.91\n", + " 826123.67\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 30.0\n", + " 98508.10\n", + " 1058548.28\n", + " 817765.77\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 31.0\n", + " 98238.96\n", + " 1119804.85\n", + " 816556.66\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 32.0\n", + " 98363.93\n", + " 1118828.99\n", + " 812661.77\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 33.0\n", + " 96758.69\n", + " 1093426.61\n", + " 805352.16\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 34.0\n", + " 96327.00\n", + " 1108123.59\n", + " 815888.26\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 35.0\n", + " 95913.98\n", + " 1041486.52\n", + " 812348.56\n", + " 9845.64\n", + " 125682.73\n", + " \n", + " \n", + " 36.0\n", + " 95871.39\n", + " 1092395.61\n", + " 817278.03\n", + " 9845.64\n", + " 125682.73\n", " \n", " \n", "\n", @@ -603,60 +823,207 @@ "text/plain": [ "label Multicore: Non-persistent mode + kernel config \\\n", "parallel_fuzzers \n", - "1.0 11019.30 \n", - "2.0 21111.92 \n", - "3.0 30568.82 \n", - "4.0 38963.07 \n", - "5.0 47693.65 \n", + "1.0 10714.79 \n", + "2.0 20493.07 \n", + "3.0 29660.06 \n", + "4.0 37875.57 \n", + "5.0 46326.75 \n", + "6.0 54595.48 \n", + "7.0 62720.98 \n", + "8.0 70777.99 \n", + "9.0 74236.02 \n", + "10.0 78134.94 \n", + "11.0 81886.33 \n", + "12.0 85923.44 \n", + "13.0 89696.95 \n", + "14.0 93540.52 \n", + "15.0 97641.51 \n", + "16.0 101692.65 \n", + "17.0 101236.75 \n", + "18.0 101006.28 \n", + "19.0 99952.26 \n", + "20.0 99798.64 \n", + "21.0 99018.86 \n", + "22.0 98600.87 \n", + "23.0 98634.02 \n", + "24.0 98352.90 \n", + "25.0 98118.63 \n", + "26.0 97752.45 \n", + "27.0 97864.07 \n", + "28.0 97821.80 \n", + "29.0 97564.87 \n", + "30.0 98508.10 \n", + "31.0 98238.96 \n", + "32.0 98363.93 \n", + "33.0 96758.69 \n", + "34.0 96327.00 \n", + "35.0 95913.98 \n", + "36.0 95871.39 \n", "\n", "label Multicore: Persistent mode/shared memory + kernel config \\\n", "parallel_fuzzers \n", - "1.0 133591.26 \n", - "2.0 255995.07 \n", - "3.0 380246.34 \n", - "4.0 490254.72 \n", - "5.0 598698.16 \n", + "1.0 120293.77 \n", + "2.0 231429.96 \n", + "3.0 346759.33 \n", + "4.0 455340.06 \n", + "5.0 568405.15 \n", + "6.0 678030.96 \n", + "7.0 782585.04 \n", + "8.0 893618.35 \n", + "9.0 956026.15 \n", + "10.0 984942.13 \n", + "11.0 1016758.62 \n", + "12.0 1053087.90 \n", + "13.0 1085797.87 \n", + "14.0 1110640.20 \n", + "15.0 1138984.22 \n", + "16.0 1168943.19 \n", + "17.0 1135093.91 \n", + "18.0 1160430.45 \n", + "19.0 1155769.97 \n", + "20.0 1150156.26 \n", + "21.0 1136873.58 \n", + "22.0 1112404.25 \n", + "23.0 1143131.72 \n", + "24.0 1143931.38 \n", + "25.0 1102090.61 \n", + "26.0 1116518.70 \n", + "27.0 1099224.19 \n", + "28.0 1114945.37 \n", + "29.0 1110889.91 \n", + "30.0 1058548.28 \n", + "31.0 1119804.85 \n", + "32.0 1118828.99 \n", + "33.0 1093426.61 \n", + "34.0 1108123.59 \n", + "35.0 1041486.52 \n", + "36.0 1092395.61 \n", "\n", "label Multicore: Persistent mode/shared memory without kernel config \\\n", "parallel_fuzzers \n", - "1.0 90851.40 \n", - "2.0 176159.32 \n", - "3.0 260268.78 \n", - "4.0 336355.99 \n", - "5.0 413750.00 \n", - "\n", - "label Multicore: afl_execs: Persistent mode/shared memory + kernel config \\\n", - "parallel_fuzzers \n", - "1.0 134423.50 \n", - "2.0 258490.04 \n", - "3.0 383777.45 \n", - "4.0 496249.48 \n", - "5.0 613089.31 \n", + "1.0 90641.62 \n", + "2.0 178184.19 \n", + "3.0 262652.86 \n", + "4.0 339119.32 \n", + "5.0 420239.94 \n", + "6.0 498062.02 \n", + "7.0 578495.44 \n", + "8.0 661836.22 \n", + "9.0 684808.49 \n", + "10.0 707094.65 \n", + "11.0 732106.17 \n", + "12.0 752910.17 \n", + "13.0 776179.85 \n", + "14.0 797520.58 \n", + "15.0 822235.41 \n", + "16.0 843897.51 \n", + "17.0 843177.15 \n", + "18.0 844779.09 \n", + "19.0 846060.74 \n", + "20.0 847556.23 \n", + "21.0 844022.97 \n", + "22.0 845818.70 \n", + "23.0 844118.27 \n", + "24.0 837189.02 \n", + "25.0 834712.31 \n", + "26.0 836344.12 \n", + "27.0 827784.91 \n", + "28.0 828641.27 \n", + "29.0 826123.67 \n", + "30.0 817765.77 \n", + "31.0 816556.66 \n", + "32.0 812661.77 \n", + "33.0 805352.16 \n", + "34.0 815888.26 \n", + "35.0 812348.56 \n", + "36.0 817278.03 \n", "\n", "label Singlecore: Non-persistent mode + kernel config \\\n", "parallel_fuzzers \n", - "1.0 11038.96 \n", - "2.0 11038.96 \n", - "3.0 11038.96 \n", - "4.0 11038.96 \n", - "5.0 11038.96 \n", + "1.0 9845.64 \n", + "2.0 9845.64 \n", + "3.0 9845.64 \n", + "4.0 9845.64 \n", + "5.0 9845.64 \n", + "6.0 9845.64 \n", + "7.0 9845.64 \n", + "8.0 9845.64 \n", + "9.0 9845.64 \n", + "10.0 9845.64 \n", + "11.0 9845.64 \n", + "12.0 9845.64 \n", + "13.0 9845.64 \n", + "14.0 9845.64 \n", + "15.0 9845.64 \n", + "16.0 9845.64 \n", + "17.0 9845.64 \n", + "18.0 9845.64 \n", + "19.0 9845.64 \n", + "20.0 9845.64 \n", + "21.0 9845.64 \n", + "22.0 9845.64 \n", + "23.0 9845.64 \n", + "24.0 9845.64 \n", + "25.0 9845.64 \n", + "26.0 9845.64 \n", + "27.0 9845.64 \n", + "28.0 9845.64 \n", + "29.0 9845.64 \n", + "30.0 9845.64 \n", + "31.0 9845.64 \n", + "32.0 9845.64 \n", + "33.0 9845.64 \n", + "34.0 9845.64 \n", + "35.0 9845.64 \n", + "36.0 9845.64 \n", "\n", "label Singlecore: Persistent mode/shared memory + kernel config \n", "parallel_fuzzers \n", - "1.0 135613.26 \n", - "2.0 135613.26 \n", - "3.0 135613.26 \n", - "4.0 135613.26 \n", - "5.0 135613.26 " + "1.0 125682.73 \n", + "2.0 125682.73 \n", + "3.0 125682.73 \n", + "4.0 125682.73 \n", + "5.0 125682.73 \n", + "6.0 125682.73 \n", + "7.0 125682.73 \n", + "8.0 125682.73 \n", + "9.0 125682.73 \n", + "10.0 125682.73 \n", + "11.0 125682.73 \n", + "12.0 125682.73 \n", + "13.0 125682.73 \n", + "14.0 125682.73 \n", + "15.0 125682.73 \n", + "16.0 125682.73 \n", + "17.0 125682.73 \n", + "18.0 125682.73 \n", + "19.0 125682.73 \n", + "20.0 125682.73 \n", + "21.0 125682.73 \n", + "22.0 125682.73 \n", + "23.0 125682.73 \n", + "24.0 125682.73 \n", + "25.0 125682.73 \n", + "26.0 125682.73 \n", + "27.0 125682.73 \n", + "28.0 125682.73 \n", + "29.0 125682.73 \n", + "30.0 125682.73 \n", + "31.0 125682.73 \n", + "32.0 125682.73 \n", + "33.0 125682.73 \n", + "34.0 125682.73 \n", + "35.0 125682.73 \n", + "36.0 125682.73 " ] }, - "execution_count": 46, + "execution_count": 148, "metadata": {}, "output_type": "execute_result" } ], "source": [ - "pivotdf.head()" + "pivotdf" ] }, { @@ -668,7 +1035,7 @@ }, { "cell_type": "code", - "execution_count": 47, + "execution_count": 149, "metadata": {}, "outputs": [ { @@ -680,81 +1047,71 @@ "\n", "#### test-instr vs. test-instr-persist-shmem\n", "\n", - "This graph is scaled so that the single-core, non-persistent-mode performance (11038 execs per second) is\n", + "This graph is scaled so that the single-core, non-persistent-mode performance (9845 execs per second) is\n", "represented as **1.0x**. If you build and run a fuzzer without creating a persistent mode harness for it, and without running fuzzers in parallel, this is the performance\n", "you get on this machine.\n", "\n", "#### Multicore test-instr\n", "\n", - "By running as many parallel fuzzers are there are CPU threads, we can reach 103765 execs per second, which is **9.4x** that base speed.\n", + "By running as many parallel fuzzers are there are CPU threads, we can reach 101692 execs per second, which is **10.3x** that base speed.\n", "\n", "#### Persistent mode + shared memory\n", "\n", "##### Singlecore\n", "\n", "By modifying the harness to use persistent mode with shared memory as described [here](https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md#4-persistent-mode),\n", - "we end up with **12.3x** base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", + "we end up with **12.8x** base speed. So -- perhaps counter-intuively -- if you have a choice between switching to using multiple cores or rewriting\n", "the harness to use persistent mode on a single core, it is better (at least on this machine) to use persistent mode on a single core, than to use non-persistent mode on all cores.\n", "\n", "##### Multicore\n", "\n", "By scaling up that persistent mode with shared memory harness across cores, and with kernel mitigations still turned on (see next section), we get to\n", - "**75.6x** base speed.\n", + "**86.1x** base speed.\n", "\n", "#### Kernel config\n", "\n", "By \"kernel config\", I'm referring to booting the Linux kernel with `mitigations=off`, which is a meta-parameter for disabling *all* hardware vulnerability meltdowns (such as Spectre,\n", - "Meltdown, Retbleed, etc) introduced in Linux v5.2. Disabling these results in a `total_execs_per_sec` increase of 368476 execs -- the difference between\n", - "109.0x (mitigations off) and 75.6x (mitigations on) base speed. Turning on mitigations\n", - "reduced the overall performance by 31%!\n", + "Meltdown, Retbleed, etc) introduced in Linux v5.2. Disabling these results in a `execs_per_sec` increase of 321386 execs -- the difference between\n", + "118.7x (mitigations off) and 86.1x (mitigations on) base speed. Turning on mitigations\n", + "reduced the overall performance by 27%!\n", "\n", "One way to think about this is that the mitigations turn this 16-thread CPU into a 7-thread CPU, since the number of execs reached with 16 threads and mitigations on is around the same\n", "number of execs reached with 7 threads and mitigations off.\n", "\n", - "Or if we want to think in terms of cores, then the average number of execs gained per core in the initial eight is 115588 execs per sec, but the loss due to\n", - "mitigations is 368476 execs per sec, which is the averaged performance of 3.2 cores.\n", + "Or if we want to think in terms of cores, then the average number of execs gained per core in the initial eight is 110474 execs per sec, but the loss due to\n", + "mitigations is 321386 execs per sec, which is the averaged performance of 2.9 cores.\n", "\n", - "With kernel mitigations turned off, we reach our highest available total_execs_per_sec speed on this machine, which is **109.0x** higher\n", + "With kernel mitigations turned off, we reach our highest available execs_per_sec speed on this machine, which is **118.7x** higher\n", "than where we started from.\n", "\n", - "#### afl_execs_per_sec vs. total_execs_per_sec\n", - "\n", - "* The purple line at the top is measuring `afl_execs_per_sec`. This is afl's own measurement of the speed of each fuzzer process, from the `out/fuzzer/fuzzer_stats` file.\n", - " * It peaks at 23 fuzzers running in parallel, on this 8-core (16-thread) CPU.\n", - " * In contrast, `total_execs_per_sec` shows large drops in performance as we pass 8 (cores) and 16 (threads) fuzzers.\n", - " * I'm inclined to trust `total_execs_per_sec` `(total_execs / (end time - start time))` more, so we'll use that from now on.\n", - "\n", "#### How many parallel fuzzers should we use on this machine?\n", "\n", - "* The drops in performance after 8/16 fuzzers are profound.\n", - " * Using 9-12 fuzzers is *worse* than using 8 fuzzers on this 8C/16T system, but using 13-16 is better than 8.\n", - " * And using >16 is worse than using 16. Makes sense.\n", - " * We should use the number of CPUs in /proc/cpuinfo (threads) to get the best performance. But if we did halve the number of\n", - " fuzzers, we would surprisingly only lose 21%\n", - " of performance. This could be a good tradeoff in terms of cost.\n" + "* Using >16 is worse than using 16. Makes sense.\n", + "* So, we should use the number of CPUs in /proc/cpuinfo (threads) to get the best performance. But if we did halve the number of\n", + " fuzzers, we would surprisingly only lose 23%\n", + " of performance. This could be a good tradeoff in terms of cost.\n" ], "text/plain": [ "" ] }, - "execution_count": 47, + "execution_count": 149, "metadata": {}, "output_type": "execute_result" } ], "source": [ - "# (Ignore this code cell.)\n", + "# (You can ignore reading this code cell.)\n", "from IPython.display import Markdown as md\n", "singlecore_base_execs = pivotdf.iloc[0][\"Singlecore: Non-persistent mode + kernel config\"]\n", "singlecore_persist_execs = pivotdf.iloc[0][\"Singlecore: Persistent mode/shared memory + kernel config\"]\n", - "multicore_fuzzers_with_afl_max_execs = int(pivotdf[\"Multicore: afl_execs: Persistent mode/shared memory + kernel config\"].idxmax())\n", - "multicore_fuzzers_with_total_max_execs = int(pivotdf[\"Multicore: Persistent mode/shared memory + kernel config\"].idxmax())\n", + "multicore_fuzzers_max_execs = int(pivotdf[\"Multicore: Persistent mode/shared memory + kernel config\"].idxmax())\n", "multicore_base_max_execs = pivotdf[\"Multicore: Non-persistent mode + kernel config\"].max()\n", "factor_for_execs = lambda execs: round(execs / singlecore_base_execs, 1)\n", "\n", "multicore_persistent_without_mitigations_label = \"Multicore: Persistent mode/shared memory + kernel config\"\n", "multicore_max_execs_mitigations_off = pivotdf[multicore_persistent_without_mitigations_label].max()\n", - "multicore_max_execs_mitigations_off_only_cores = pivotdf.loc[multicore_fuzzers_with_total_max_execs / 2][multicore_persistent_without_mitigations_label]\n", + "multicore_max_execs_mitigations_off_only_cores = pivotdf.loc[multicore_fuzzers_max_execs / 2][multicore_persistent_without_mitigations_label]\n", "multicore_max_execs_mitigations_on = pivotdf[\"Multicore: Persistent mode/shared memory without kernel config\"].max()\n", "multicore_avg_gain_per_core = pivotdf.loc[pivotdf.index <= 8][\"Multicore: Persistent mode/shared memory + kernel config\"].diff().dropna().mean()\n", "mitigations_off_increase = int(multicore_max_execs_mitigations_off - multicore_max_execs_mitigations_on)\n", @@ -789,7 +1146,7 @@ "#### Kernel config\n", "\n", "By \"kernel config\", I'm referring to booting the Linux kernel with `mitigations=off`, which is a meta-parameter for disabling *all* hardware vulnerability meltdowns (such as Spectre,\n", - "Meltdown, Retbleed, etc) introduced in Linux v5.2. Disabling these results in a `total_execs_per_sec` increase of {mitigations_off_increase} execs -- the difference between\n", + "Meltdown, Retbleed, etc) introduced in Linux v5.2. Disabling these results in a `execs_per_sec` increase of {mitigations_off_increase} execs -- the difference between\n", "{factor_for_execs(multicore_max_execs_mitigations_off)}x (mitigations off) and {factor_for_execs(multicore_max_execs_mitigations_on)}x (mitigations on) base speed. Turning on mitigations\n", "reduced the overall performance by {abs(round(((multicore_max_execs_mitigations_on - multicore_max_execs_mitigations_off) / multicore_max_execs_mitigations_off) * 100))}%!\n", "\n", @@ -799,24 +1156,15 @@ "Or if we want to think in terms of cores, then the average number of execs gained per core in the initial eight is {int(multicore_avg_gain_per_core)} execs per sec, but the loss due to\n", "mitigations is {mitigations_off_increase} execs per sec, which is the averaged performance of {round(mitigations_off_increase / multicore_avg_gain_per_core, 1)} cores.\n", "\n", - "With kernel mitigations turned off, we reach our highest available total_execs_per_sec speed on this machine, which is **{factor_for_execs(multicore_max_execs_mitigations_off)}x** higher\n", + "With kernel mitigations turned off, we reach our highest available execs_per_sec speed on this machine, which is **{factor_for_execs(multicore_max_execs_mitigations_off)}x** higher\n", "than where we started from.\n", "\n", - "#### afl_execs_per_sec vs. total_execs_per_sec\n", - "\n", - "* The purple line at the top is measuring `afl_execs_per_sec`. This is afl's own measurement of the speed of each fuzzer process, from the `out/fuzzer/fuzzer_stats` file.\n", - " * It peaks at {multicore_fuzzers_with_afl_max_execs} fuzzers running in parallel, on this 8-core (16-thread) CPU.\n", - " * In contrast, `total_execs_per_sec` shows large drops in performance as we pass 8 (cores) and 16 (threads) fuzzers.\n", - " * I'm inclined to trust `total_execs_per_sec` `(total_execs / (end time - start time))` more, so we'll use that from now on.\n", - "\n", "#### How many parallel fuzzers should we use on this machine?\n", "\n", - "* The drops in performance after 8/16 fuzzers are profound.\n", - " * Using 9-12 fuzzers is *worse* than using 8 fuzzers on this 8C/16T system, but using 13-16 is better than 8.\n", - " * And using >16 is worse than using 16. Makes sense.\n", - " * We should use the number of CPUs in /proc/cpuinfo (threads) to get the best performance. But if we did halve the number of\n", - " fuzzers, we would surprisingly only lose {abs(int(((multicore_max_execs_mitigations_off_only_cores - multicore_max_execs_mitigations_off) / multicore_max_execs_mitigations_off) * 100))}%\n", - " of performance. This could be a good tradeoff in terms of cost.\n", + "* Using >16 is worse than using 16. Makes sense.\n", + "* So, we should use the number of CPUs in /proc/cpuinfo (threads) to get the best performance. But if we did halve the number of\n", + " fuzzers, we would surprisingly only lose {abs(int(((multicore_max_execs_mitigations_off_only_cores - multicore_max_execs_mitigations_off) / multicore_max_execs_mitigations_off) * 100))}%\n", + " of performance. This could be a good tradeoff in terms of cost.\n", "\"\"\")\n" ] }, @@ -826,12 +1174,12 @@ "source": [ "### Example with more cores\n", "\n", - "While there was some nuance here, the answer was pretty straightforward -- use the number of CPU threads you have access to. What if there were more threads? Here the experiment is repeated on an AWS EC2 \"r6a.48xlarge\" spot instance with 192 vCPUs, and the answer calls the conclusion we just made above into question:" + "While there was some nuance here, the answer was pretty straightforward -- use the number of CPU threads you have access to. What if there were more threads? Here the experiment is repeated on an AWS EC2 \"r6a.48xlarge\" spot instance with 192 vCPUs:" ] }, { "cell_type": "code", - "execution_count": 48, + "execution_count": 150, "metadata": {}, "outputs": [ { @@ -864,53 +1212,41 @@ " hardware.cpu_fastest_core_mhz\n", " hardware.cpu_model\n", " hardware.cpu_threads\n", - " targets.test-instr-persist-shmem.multicore.afl_execs_per_sec\n", - " targets.test-instr-persist-shmem.multicore.afl_execs_total\n", + " targets.test-instr-persist-shmem.multicore.execs_per_sec\n", + " targets.test-instr-persist-shmem.multicore.execs_total\n", " targets.test-instr-persist-shmem.multicore.fuzzers_used\n", - " targets.test-instr-persist-shmem.multicore.run_end\n", - " targets.test-instr-persist-shmem.multicore.run_start\n", - " targets.test-instr-persist-shmem.multicore.total_execs_per_sec\n", - " targets.test-instr-persist-shmem.multicore.total_run_time\n", " \n", " \n", " \n", " \n", - " 148\n", - " False\n", + " 223\n", + " True\n", " True\n", " ++4.09a\n", " AWS EC2 r6a.48xlarge spot instance\n", " clang version 15.0.7 (Amazon Linux 15.0.7-3.am...\n", " x86_64-amazon-linux-gnu\n", - " 3599.314\n", + " 3514.326\n", " AMD EPYC 7R13 Processor\n", " 192\n", - " 85586.47\n", - " 519670.0\n", + " 119469.35\n", + " 1194813.0\n", " 1.0\n", - " 2023-09-30 07:42:00.479418\n", - " 2023-09-30 07:41:57.396293\n", - " 84636.81\n", - " 6.14\n", " \n", " \n", - " 149\n", - " False\n", + " 224\n", + " True\n", " True\n", " ++4.09a\n", " AWS EC2 r6a.48xlarge spot instance\n", " clang version 15.0.7 (Amazon Linux 15.0.7-3.am...\n", " x86_64-amazon-linux-gnu\n", - " 3599.425\n", + " 3599.748\n", " AMD EPYC 7R13 Processor\n", " 192\n", - " 171655.96\n", - " 1039340.0\n", + " 237177.20\n", + " 2372250.0\n", " 2.0\n", - " 2023-09-30 07:42:06.853436\n", - " 2023-09-30 07:42:03.776562\n", - " 168998.37\n", - " 6.15\n", " \n", " \n", "\n", @@ -918,55 +1254,39 @@ ], "text/plain": [ " config.afl_persistent_config config.afl_system_config \\\n", - "148 False True \n", - "149 False True \n", + "223 True True \n", + "224 True True \n", "\n", " config.afl_version config.comment \\\n", - "148 ++4.09a AWS EC2 r6a.48xlarge spot instance \n", - "149 ++4.09a AWS EC2 r6a.48xlarge spot instance \n", + "223 ++4.09a AWS EC2 r6a.48xlarge spot instance \n", + "224 ++4.09a AWS EC2 r6a.48xlarge spot instance \n", "\n", " config.compiler \\\n", - "148 clang version 15.0.7 (Amazon Linux 15.0.7-3.am... \n", - "149 clang version 15.0.7 (Amazon Linux 15.0.7-3.am... \n", + "223 clang version 15.0.7 (Amazon Linux 15.0.7-3.am... \n", + "224 clang version 15.0.7 (Amazon Linux 15.0.7-3.am... \n", "\n", " config.target_arch hardware.cpu_fastest_core_mhz \\\n", - "148 x86_64-amazon-linux-gnu 3599.314 \n", - "149 x86_64-amazon-linux-gnu 3599.425 \n", + "223 x86_64-amazon-linux-gnu 3514.326 \n", + "224 x86_64-amazon-linux-gnu 3599.748 \n", "\n", " hardware.cpu_model hardware.cpu_threads \\\n", - "148 AMD EPYC 7R13 Processor 192 \n", - "149 AMD EPYC 7R13 Processor 192 \n", - "\n", - " targets.test-instr-persist-shmem.multicore.afl_execs_per_sec \\\n", - "148 85586.47 \n", - "149 171655.96 \n", + "223 AMD EPYC 7R13 Processor 192 \n", + "224 AMD EPYC 7R13 Processor 192 \n", "\n", - " targets.test-instr-persist-shmem.multicore.afl_execs_total \\\n", - "148 519670.0 \n", - "149 1039340.0 \n", + " targets.test-instr-persist-shmem.multicore.execs_per_sec \\\n", + "223 119469.35 \n", + "224 237177.20 \n", "\n", - " targets.test-instr-persist-shmem.multicore.fuzzers_used \\\n", - "148 1.0 \n", - "149 2.0 \n", + " targets.test-instr-persist-shmem.multicore.execs_total \\\n", + "223 1194813.0 \n", + "224 2372250.0 \n", "\n", - " targets.test-instr-persist-shmem.multicore.run_end \\\n", - "148 2023-09-30 07:42:00.479418 \n", - "149 2023-09-30 07:42:06.853436 \n", - "\n", - " targets.test-instr-persist-shmem.multicore.run_start \\\n", - "148 2023-09-30 07:41:57.396293 \n", - "149 2023-09-30 07:42:03.776562 \n", - "\n", - " targets.test-instr-persist-shmem.multicore.total_execs_per_sec \\\n", - "148 84636.81 \n", - "149 168998.37 \n", - "\n", - " targets.test-instr-persist-shmem.multicore.total_run_time \n", - "148 6.14 \n", - "149 6.15 " + " targets.test-instr-persist-shmem.multicore.fuzzers_used \n", + "223 1.0 \n", + "224 2.0 " ] }, - "execution_count": 48, + "execution_count": 150, "metadata": {}, "output_type": "execute_result" } @@ -978,7 +1298,7 @@ }, { "cell_type": "code", - "execution_count": 49, + "execution_count": 151, "metadata": {}, "outputs": [ { @@ -1011,36 +1331,36 @@ " \n", " \n", " \n", - " 399\n", - " 331957.22\n", - " 200.0\n", + " 0\n", + " 119469.35\n", + " 1.0\n", " True\n", " True\n", - " Multicore: afl_execs: Persistent mode/shared m...\n", + " Multicore: Persistent mode/shared memory + ker...\n", " \n", " \n", - " 153\n", - " 1026766.44\n", - " 77.0\n", + " 1\n", + " 237177.20\n", + " 2.0\n", " True\n", " True\n", - " Multicore: afl_execs: Persistent mode/shared m...\n", + " Multicore: Persistent mode/shared memory + ker...\n", " \n", " \n", "\n", "" ], "text/plain": [ - " execs_per_sec parallel_fuzzers afl_persistent_config \\\n", - "399 331957.22 200.0 True \n", - "153 1026766.44 77.0 True \n", + " execs_per_sec parallel_fuzzers afl_persistent_config afl_system_config \\\n", + "0 119469.35 1.0 True True \n", + "1 237177.20 2.0 True True \n", "\n", - " afl_system_config label \n", - "399 True Multicore: afl_execs: Persistent mode/shared m... \n", - "153 True Multicore: afl_execs: Persistent mode/shared m... " + " label \n", + "0 Multicore: Persistent mode/shared memory + ker... \n", + "1 Multicore: Persistent mode/shared memory + ker... " ] }, - "execution_count": 49, + "execution_count": 151, "metadata": {}, "output_type": "execute_result" } @@ -1052,13 +1372,13 @@ }, { "cell_type": "code", - "execution_count": 50, + "execution_count": 152, "metadata": {}, "outputs": [ { "data": { "image/svg+xml": [ - "510152025303540455055606570758085909510010511011512012513013514014515015516016517017518018519019520010x36x62x89x115x141xConfigurationMulticore: Persistent mode/shared memory + kernel configMulticore: afl_execs: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" + "481216202428323640444852566064687276808488929610010410811211612012412813213614014414815215616016416817217618018418819212x43x74x104x135x166xConfigurationMulticore: Persistent mode/shared memory + kernel configFuzzer performanceNumber of parallel fuzzersFuzz target executions per second" ] }, "metadata": {}, @@ -1081,7 +1401,7 @@ "ticktext = [f\"{val:.0f}x\" for val in tickvals / graphdf['execs_per_sec'].min()]\n", "# Update the primary Y-axis with custom tick labels\n", "r6a_fig.update_yaxes(tickvals=tickvals, ticktext=ticktext)\n", - "r6a_fig.update_xaxes(tickvals=list(range(0,200+1, 5)))\n", + "r6a_fig.update_xaxes(tickvals=list(range(0,200+1, 4)))\n", "r6a_fig.update_layout(width=1200, height=400)\n", "r6a_fig.show(\"svg\")" ] @@ -1092,11 +1412,11 @@ "source": [ "### Line graph analysis\n", "\n", - "This is a shocking result for a 192 vCPU machine -- whether you count `afl_execs` or `total_execs`, our optimal number of parallel fuzzers was 16!\n", + "This is a shocking result for a 192 vCPU machine -- our optimal number of parallel fuzzers was 16! Using 32 parallel fuzzers gives less performance than using 8 fuzzers. Using 192 parallel fuzzers (the physical number of threads in this machine) gives the same performance as using 4 fuzzers.\n", "\n", - "Does this mean that AFL++ is a bad fuzzer, or that AWS tricked us and gave us a 16-thread machine instead of a 192-thread one?\n", + "This is clearly a cautionary tale about measuring before simply using the number of hardware threads in your machine. But does this mean that AFL++ is a bad fuzzer, or that AWS tricked us and gave us a 16-thread machine instead of a 192-thread one?\n", "\n", - "No, probably not -- the most likely causes here are a problem with our Python harness, or potentially that we're already saturating the Linux kernel's ability to service system calls, although we're definitely hitting such a limit way earlier than expected. A good way to test this theory would be to run more system-call-servicers (read: kernels!) at once on this machine; one way to do that is to use hardware virtualization with KVM. " + "No, probably not -- the most likely cause here (other than a horrible bug) may be that we're already saturating the Linux kernel's ability to service system calls (although we're definitely hitting such a limit way earlier than I expected). A good way to test this theory would be to run more system-call-servicers (read: kernels!) at once on this machine; one way to do that is to use hardware virtualization with KVM. " ] } ], @@ -1116,7 +1436,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.11.3" + "version": "3.11.5" }, "orig_nbformat": 4 }, From d9ffe7427f15bf9c3afc978c3d7195b22dd3602c Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 19 Nov 2023 15:06:40 -0800 Subject: [PATCH 218/357] benchmark: rename afl_execs_per_sec to execs_per_sec --- benchmark/benchmark.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index 5f0861c9ad..85dc7fd384 100644 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -202,8 +202,8 @@ async def save_benchmark_results() -> None: results.targets["test-instr-persist-shmem"]["singlecore"] is None or \ results.targets["test-instr-persist-shmem"]["multicore"] is None: return - single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].afl_execs_per_sec)).ljust(10) - multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].afl_execs_per_sec)).ljust(9) + single = str(round(results.targets["test-instr-persist-shmem"]["singlecore"].execs_per_sec)).ljust(10) + multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].execs_per_sec)).ljust(9) cores = str(args.fuzzers).ljust(7) comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {cores} | {single} | {multi} | {aflconfig} |\n") print(blue(f" [*] Results have been written to the COMPARISON file.")) From f2cbcdf3ff7349ab505e1fcebc3242c9252f2176 Mon Sep 17 00:00:00 2001 From: Chris Ball Date: Sun, 19 Nov 2023 15:10:23 -0800 Subject: [PATCH 219/357] benchmark: update README --- benchmark/README.md | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/benchmark/README.md b/benchmark/README.md index 66f7f59e03..e37abad2fe 100644 --- a/benchmark/README.md +++ b/benchmark/README.md @@ -9,20 +9,22 @@ To achieve this, we use a sample program ("test-instr.c") where each path is equally likely, supply it a single seed, and tell AFL to exit after one run of deterministic mutations against that seed. -Usage: +Usage example: ``` cd aflplusplus/benchmark python3 benchmark.py - [*] Using 16 fuzzers for multicore fuzzing (use --fuzzers to override) [*] Ready, starting benchmark... [*] Compiling the test-instr-persist-shmem fuzzing harness for the benchmark to use. - [*] multicore test-instr-persist-shmem run 1 of 3, execs/s: 846065.81 - [*] multicore test-instr-persist-shmem run 2 of 3, execs/s: 849694.03 - [*] multicore test-instr-persist-shmem run 3 of 3, execs/s: 850757.52 - [*] Average AFL execs/sec for this test across all runs was: 848839.12 - [*] Average total execs/sec for this test across all runs was: 833138.28 - [*] Results have been written to benchmark-results.jsonl + [*] singlecore test-instr-persist-shmem run 1 of 2, execs/s: 124883.62 + [*] singlecore test-instr-persist-shmem run 2 of 2, execs/s: 126704.93 + [*] Average execs/sec for this test across all runs was: 125794.28 + [*] Using 16 fuzzers for multicore fuzzing (use --fuzzers to override). + [*] multicore test-instr-persist-shmem run 1 of 2, execs/s: 1179822.66 + [*] multicore test-instr-persist-shmem run 2 of 2, execs/s: 1175584.09 + [*] Average execs/sec for this test across all runs was: 1177703.38 + [*] Results have been written to the benchmark-results.jsonl file. + [*] Results have been written to the COMPARISON file. ``` By default, the script will use a number of parallel fuzzers equal to your @@ -33,6 +35,9 @@ The script will use multicore fuzzing instead of singlecore by default (change with `--mode singlecore`) and use a persistent-mode shared memory harness for optimal speed (change with `--target test-instr`). +Feel free to submit the resulting line for your CPU added to the COMPARISON +file back to aflplusplus in a pull request. + Each run writes results to [benchmark-results.jsonl](benchmark-results.jsonl) in [JSON Lines](https://jsonlines.org/) format, ready to be pulled in to other tools such as [jq -cs](https://jqlang.github.io/jq/) or From 91a14598200d6254395a5484fed18de7f13b8326 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 20 Nov 2023 09:30:12 +0100 Subject: [PATCH 220/357] update --- benchmark/benchmark.py | 2 +- benchmark/benchmark.sh | 42 --------------------------------------- nyx_mode/LIBNYX_VERSION | 2 +- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- nyx_mode/libnyx | 2 +- 6 files changed, 5 insertions(+), 47 deletions(-) mode change 100644 => 100755 benchmark/benchmark.py delete mode 100755 benchmark/benchmark.sh diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py old mode 100644 new mode 100755 index 85dc7fd384..b3d55f21bd --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -64,7 +64,7 @@ class Results: parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) parser.add_argument("-b", "--basedir", help="directory to use for temp files", type=str, default="/tmp/aflpp-benchmark") parser.add_argument("-d", "--debug", help="show verbose debugging output", action="store_true") -parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=2) +parser.add_argument("-r", "--runs", help="how many runs to average results over", type=int, default=3) parser.add_argument("-f", "--fuzzers", help="how many afl-fuzz workers to use", type=int, default=cpu_count) parser.add_argument("-m", "--mode", help="pick modes", action="append", default=modes, choices=modes) parser.add_argument("-c", "--comment", help="add a comment about your setup", type=str, default="") diff --git a/benchmark/benchmark.sh b/benchmark/benchmark.sh deleted file mode 100755 index 3318adceef..0000000000 --- a/benchmark/benchmark.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -test -x ../afl-fuzz -a -x ../afl-cc -a -e ../SanitizerCoveragePCGUARD.so || { - echo Error: you need to compile AFL++ first, we need afl-fuzz, afl-clang-fast and SanitizerCoveragePCGUARD.so built. - exit 1 -} - -echo Preparing environment - -env | grep AFL_ | sed 's/=.*//' | while read e; do - unset $e -done - -AFL_PATH=`pwd`/.. -export PATH=$AFL_PATH:$PATH - -AFL_LLVM_INSTRUMENT=PCGUARD afl-cc -o test-instr ../test-instr.c > afl.log 2>&1 || { - echo Error: afl-cc is unable to compile - exit 1 -} - -{ -mkdir in -dd if=/dev/zero of=in/in.txt bs=10K count=1 -} > /dev/null 2>&1 - -echo Ready, starting benchmark - this will take approx 20-30 seconds ... - -AFL_DISABLE_TRIM=1 AFL_NO_UI=1 AFL_TRY_AFFINITY=1 AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_BENCH_JUST_ONE=1 time afl-fuzz -i in -o out -s 123 -D ./test-instr >> afl.log 2>&1 - -echo Analysis: - -CPUID=$(grep 'try binding to' afl.log | tail -n 1 | sed 's/.*#//' | sed 's/\..*//') -grep 'model name' /proc/cpuinfo | head -n 1 | sed 's/.*:/ CPU:/' -test -n "$CPUID" && grep -E '^processor|^cpu MHz' /proc/cpuinfo | grep -A1 -w "$CPUID" | grep 'cpu MHz' | head -n 1 | sed 's/.*:/ Mhz:/' -test -z "$CPUID" && grep 'cpu MHz' /proc/cpuinfo | head -n 1 | sed 's/.*:/ Mhz:/' -grep execs_per_sec out/default/fuzzer_stats | sed 's/.*:/ execs\/s:/' - -echo -echo "Comparison: (note that values can change by 10-15% per run)" -cat COMPARISON - -rm -rf in out test-instr afl.log diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION index a4ffd230bd..da3939adcf 100644 --- a/nyx_mode/LIBNYX_VERSION +++ b/nyx_mode/LIBNYX_VERSION @@ -1 +1 @@ -8291ef4 +512058a diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 874fa033d1..02a6f2aed3 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 874fa033d117a3e9931245cb9e82836a4abc0425 +Subproject commit 02a6f2aed360cfe76bb3d788dafe517c350d74e5 diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index d0a435a403..4f58054c20 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -874fa033d1 +02a6f2aed3 diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx index 8291ef4cb4..512058a68d 160000 --- a/nyx_mode/libnyx +++ b/nyx_mode/libnyx @@ -1 +1 @@ -Subproject commit 8291ef4cb4f1d4bfe3026fe198167fd5c98e3a15 +Subproject commit 512058a68d58b1a90a4e3971b526a955559735bf From 07352a932ba47fdd69468451750be6b1f5958c55 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 20 Nov 2023 09:31:43 +0100 Subject: [PATCH 221/357] add benchmark --- benchmark/COMPARISON | 1 + benchmark/benchmark-results.jsonl | 1 + 2 files changed, 2 insertions(+) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index fd41282e18..ba82baf2c0 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -2,3 +2,4 @@ CPU | MHz | threads | singleco ====================================================|=======|=========|============|===========|==============| Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 | 1157465 | both | Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz | 4995 | 16 | 120064 | 1168943 | both | +12th Gen Intel(R) Core(TM) i7-1270P | 4761 | 16 | 149778 | 641219 | both | diff --git a/benchmark/benchmark-results.jsonl b/benchmark/benchmark-results.jsonl index f3dd60be2b..2c327b56e8 100644 --- a/benchmark/benchmark-results.jsonl +++ b/benchmark/benchmark-results.jsonl @@ -413,3 +413,4 @@ {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3597.599, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 476949.52, "execs_total": 4772500, "fuzzers_used": 190}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3437.101, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 474259.76, "execs_total": 4745505, "fuzzers_used": 191}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.17, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 479848.23, "execs_total": 4801111, "fuzzers_used": 192}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Debian clang version 17.0.4 (++20231031083102+309d55140c46-1~exp1~20231031083155.63)", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4761.063, "cpu_model": "12th Gen Intel(R) Core(TM) i7-1270P", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 641219.02, "execs_total": 19251242, "fuzzers_used": 16}, "singlecore": {"execs_per_sec": 149778.22, "execs_total": 4493796, "fuzzers_used": 1}}}} From 5681267bbc901941e6056390abfe6aad43b45775 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 20 Nov 2023 09:32:00 +0100 Subject: [PATCH 222/357] nits --- docs/Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index c74a9ad7c1..1e2a47651d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -24,7 +24,7 @@ - fixes support for large map offsets - afl-cmin/afl-cmin.bash: prevent unneeded file errors - added new tool afl-addseeds that adds new seeds to a running campaign - - added benchmark/benchmark.sh if you want to see how good your fuzzing + - added benchmark/benchmark.py if you want to see how good your fuzzing speed is in comparison to other setups. From aabbdac86d6215833391a54fa7d3a474ad41e3fd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 20 Nov 2023 09:56:09 +0100 Subject: [PATCH 223/357] add benchmarks --- benchmark/COMPARISON | 4 +++- benchmark/README.md | 8 ++++++++ benchmark/benchmark-results.jsonl | 2 ++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index ba82baf2c0..a8de1a60e6 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -1,5 +1,7 @@ CPU | MHz | threads | singlecore | multicore | afl-*-config | ====================================================|=======|=========|============|===========|==============| -Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 | 1157465 | both | Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz | 4995 | 16 | 120064 | 1168943 | both | +Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 | 1157465 | both | +AMD EPYC 7282 16-Core Processor | 3194 | 32 | 87199 | 769001 | both | +AMD Ryzen 5 PRO 4650G with Radeon Graphics | 3700 | 12 | 95356 | 704840 | both | 12th Gen Intel(R) Core(TM) i7-1270P | 4761 | 16 | 149778 | 641219 | both | diff --git a/benchmark/README.md b/benchmark/README.md index e37abad2fe..c7d75e42bb 100644 --- a/benchmark/README.md +++ b/benchmark/README.md @@ -9,6 +9,14 @@ To achieve this, we use a sample program ("test-instr.c") where each path is equally likely, supply it a single seed, and tell AFL to exit after one run of deterministic mutations against that seed. +**Note that this is not a real-world scenario!** +Because the target does basically nothing this is rather a stress test on +Kernel I/O / context switching. +For this reason you will not see a difference if you run the multicore test +with 20 or 40 threads - or even see the performance decline the more threads +(`-f` parameter) you use. In a real-world scenario you can expect to gain +exec/s until 40-60 threads (if you have that many available on your CPU). + Usage example: ``` diff --git a/benchmark/benchmark-results.jsonl b/benchmark/benchmark-results.jsonl index 2c327b56e8..9b8ef038f2 100644 --- a/benchmark/benchmark-results.jsonl +++ b/benchmark/benchmark-results.jsonl @@ -414,3 +414,5 @@ {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3437.101, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 474259.76, "execs_total": 4745505, "fuzzers_used": 191}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "AWS EC2 r6a.48xlarge spot instance", "compiler": "clang version 15.0.7 (Amazon Linux 15.0.7-3.amzn2023.0.1)", "target_arch": "x86_64-amazon-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3599.17, "cpu_model": "AMD EPYC 7R13 Processor", "cpu_threads": 192}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 479848.23, "execs_total": 4801111, "fuzzers_used": 192}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Debian clang version 17.0.4 (++20231031083102+309d55140c46-1~exp1~20231031083155.63)", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4761.063, "cpu_model": "12th Gen Intel(R) Core(TM) i7-1270P", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 641219.02, "execs_total": 19251242, "fuzzers_used": 16}, "singlecore": {"execs_per_sec": 149778.22, "execs_total": 4493796, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Ubuntu clang version 17.0.2 (++20231003073128+b2417f51dbbd-1~exp1~20231003073233.51)", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3193.942, "cpu_model": "AMD EPYC 7282 16-Core Processor", "cpu_threads": 64}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 769000.8, "execs_total": 23084516, "fuzzers_used": 32}, "singlecore": {"execs_per_sec": 87198.85, "execs_total": 2616227, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.08a", "comment": "", "compiler": "Ubuntu clang version 14.0.0-1ubuntu1.1", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3700.0, "cpu_model": "AMD Ryzen 5 PRO 4650G with Radeon Graphics", "cpu_threads": 12}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 704840.16, "execs_total": 21163992, "fuzzers_used": 12}, "singlecore": {"execs_per_sec": 95356.14, "execs_total": 2862114, "fuzzers_used": 1}}}} From d6cefdc1936fc0c312670469502d8ba9208530a3 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 20 Nov 2023 11:03:47 +0100 Subject: [PATCH 224/357] Update unicornafl ref --- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/libnyx | 2 +- nyx_mode/packer | 2 +- qemu_mode/qemuafl | 2 +- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 02a6f2aed3..60c216bc9e 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 02a6f2aed360cfe76bb3d788dafe517c350d74e5 +Subproject commit 60c216bc9e4c79834716d4099993d8397a3a8fd9 diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx index 512058a68d..2da7f08b6e 160000 --- a/nyx_mode/libnyx +++ b/nyx_mode/libnyx @@ -1 +1 @@ -Subproject commit 512058a68d58b1a90a4e3971b526a955559735bf +Subproject commit 2da7f08b6e0267ccfe64e1320b24cdb29223459c diff --git a/nyx_mode/packer b/nyx_mode/packer index bcf3e248b6..202bace888 160000 --- a/nyx_mode/packer +++ b/nyx_mode/packer @@ -1 +1 @@ -Subproject commit bcf3e248b660764f48af54232a3388389a2dfc22 +Subproject commit 202bace888d237e4e8f4507d0eba6791a811554d diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index a1321713c7..b0abbe2e74 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit a1321713c7502c152dd7527555e0f8a800d55225 +Subproject commit b0abbe2e74ed74ff6ff25b5ea3110d27ba978001 diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index 51878a56f3..7f09adb174 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -f607118f +63aab0f diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index f2cede37a7..63aab0f752 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit f2cede37a75bbd4a9b9438f0277727b5d4620572 +Subproject commit 63aab0f752ba1d40a1c4de6988a78cd1e6dcc1c7 From a2a4171039a2cdef0204ff673f888177dec04560 Mon Sep 17 00:00:00 2001 From: "Christian Holler (:decoder)" Date: Wed, 22 Nov 2023 15:08:26 +0100 Subject: [PATCH 225/357] Pass correct Nyx ID when creating a Nyx runner --- src/afl-forkserver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 9b710733ce..3f9bfa728d 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -679,8 +679,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } - fsrv->nyx_runner = - fsrv->nyx_handlers->nyx_new(nyx_config, fsrv->nyx_bind_cpu_id); + fsrv->nyx_runner = fsrv->nyx_handlers->nyx_new(nyx_config, fsrv->nyx_id); ck_free(workdir_path); ck_free(outdir_path_absolute); From d17e0b32f454319a117782bf7a8e4824213321df Mon Sep 17 00:00:00 2001 From: Carlo Maragno Date: Thu, 23 Nov 2023 00:05:56 +0100 Subject: [PATCH 226/357] Fix typo in docker pull command, add exampe to mount current dir as volume (#1914) --- docs/INSTALL.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 41f512ed8f..4f029f5d48 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -7,10 +7,17 @@ You can use the [Dockerfile](../Dockerfile) or just pull directly from the Docker Hub (for x86_64 and arm64): ```shell -docker pull aflplusplus/aflplusplus: +docker pull aflplusplus/aflplusplus:latest docker run -ti -v /location/of/your/target:/src aflplusplus/aflplusplus ``` +Or for convinince to run in the current directory: + +```shell +docker pull aflplusplus/aflplusplus:latest +docker run -ti -v $(pwd):/src aflplusplus/aflplusplus +``` + This image is automatically generated when a push to the stable branch happens. You will find your target source code in `/src` in the container. From c96aa400e4cf4e85d234375f47028a926babe4c0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 23 Nov 2023 21:28:44 +0100 Subject: [PATCH 227/357] mini fix --- src/afl-fuzz-stats.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 07184cf070..f212a4b841 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -1058,7 +1058,7 @@ void show_stats_normal(afl_state_t *afl) { sprintf(tmp, "%s (%s%s saved)", u_stringify_int(IB(0), afl->total_tmouts), u_stringify_int(IB(1), afl->saved_tmouts), - (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); + (afl->saved_tmouts >= KEEP_UNIQUE_HANG) ? "+" : ""); SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-20s" bSTG bV "\n", tmp); @@ -1889,7 +1889,7 @@ void show_stats_pizza(afl_state_t *afl) { sprintf(tmp, "%s (%s%s saved)", u_stringify_int(IB(0), afl->total_tmouts), u_stringify_int(IB(1), afl->saved_tmouts), - (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); + (afl->saved_tmouts >= KEEP_UNIQUE_HANG) ? "+" : ""); SAYF(bSTG bV bSTOP " burned pizzas : " cRST "%-20s" bSTG bV "\n", From 770e868d04c0f52a1c57e5471e459dd24a002748 Mon Sep 17 00:00:00 2001 From: yangzao Date: Fri, 24 Nov 2023 11:06:06 -0700 Subject: [PATCH 228/357] add custom_post_run.c --- custom_mutators/examples/custom_post_run.c | 53 ++++++++++++++++++++++ include/afl-fuzz.h | 12 +++++ src/afl-fuzz-mutators.c | 12 +++++ src/afl-fuzz-run.c | 2 + 4 files changed, 79 insertions(+) create mode 100644 custom_mutators/examples/custom_post_run.c diff --git a/custom_mutators/examples/custom_post_run.c b/custom_mutators/examples/custom_post_run.c new file mode 100644 index 0000000000..073aac96f5 --- /dev/null +++ b/custom_mutators/examples/custom_post_run.c @@ -0,0 +1,53 @@ +// +// This is an example on how to use afl_custom_post_run +// It executes custom code each time after AFL++ executes the target +// +// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c /////////////////////to_be_edited +// cd ../.. +// afl-cc -o test-instr test-instr.c +// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_send.so \ +// afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo +// + + +#include "afl-fuzz.h" + +#include +#include +#include +#include + +typedef struct my_mutator { + + afl_state_t *afl; + +} my_mutator_t; + +my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { + + my_mutator_t *data = calloc(1, sizeof(my_mutator_t)); + if (!data) { + + perror("afl_custom_init alloc"); + return NULL; + + } + + data->afl = afl; + + return data; + +} + +void afl_custom_post_run(my_mutator_t *data, uint8_t *buf, size_t buf_size) { + + printf("hello from afl_custom_post_run\n"); + return; +} + + +void afl_custom_deinit(my_mutator_t *data) { + + free(data); + +} \ No newline at end of file diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 8112d430e2..7e91dc0358 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1020,6 +1020,18 @@ struct custom_mutator { */ void (*afl_custom_fuzz_send)(void *data, const u8 *buf, size_t buf_size); + /** + * This method can be used if you want to run some code or scripts each time + * AFL++ executes the target with afl-fuzz. + * + * (Optional) + * + * @param data pointer returned in afl_custom_init by this custom mutator + * @param buf Buffer containing the test case + * @param buf_size Size of the test case + */ + void (*afl_custom_post_run)(void *data, const u8 *buf, size_t buf_size); + /** * Allow for additional analysis (e.g. calling a different tool that does a * different kind of coverage and saves this for the custom mutator). diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 64dbe7c61a..17fb936873 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -397,6 +397,18 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { } + /* "afl_custom_post_run", optional */ + mutator->afl_custom_post_run = dlsym(dh, "afl_custom_post_run"); + if (!mutator->afl_custom_post_run) { + + ACTF("optional symbol 'afl_custom_post_run' not found."); + + } else { + + OKF("Found 'afl_custom_post_run'."); + + } + /* "afl_custom_queue_new_entry", optional */ mutator->afl_custom_queue_new_entry = dlsym(dh, "afl_custom_queue_new_entry"); if (!mutator->afl_custom_queue_new_entry) { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index ac4fb4a941..29cc535230 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -60,6 +60,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); + + #ifdef PROFILING clock_gettime(CLOCK_REALTIME, &spec); time_spent_start = (spec.tv_sec * 1000000000) + spec.tv_nsec; From 8af74bcaeebbe2407006333024d8803baacdb4e2 Mon Sep 17 00:00:00 2001 From: yangzao Date: Fri, 24 Nov 2023 22:47:50 -0700 Subject: [PATCH 229/357] update afl-fuzz-run --- custom_mutators/examples/custom_post_run.c | 6 +++--- include/afl-fuzz.h | 4 +--- src/afl-fuzz-run.c | 19 ++++++++++++++++++- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/custom_mutators/examples/custom_post_run.c b/custom_mutators/examples/custom_post_run.c index 073aac96f5..828216ea77 100644 --- a/custom_mutators/examples/custom_post_run.c +++ b/custom_mutators/examples/custom_post_run.c @@ -2,10 +2,10 @@ // This is an example on how to use afl_custom_post_run // It executes custom code each time after AFL++ executes the target // -// cc -O3 -fPIC -shared -g -o custom_send.so -I../../include custom_send.c /////////////////////to_be_edited +// cc -O3 -fPIC -shared -g -o custom_post_run.so -I../../include custom_post_run.c // cd ../.. // afl-cc -o test-instr test-instr.c -// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_send.so \ +// AFL_CUSTOM_MUTATOR_LIBRARY=custom_mutators/examples/custom_post_run.so \ // afl-fuzz -i in -o out -- ./test-instr -f /tmp/foo // @@ -39,7 +39,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { } -void afl_custom_post_run(my_mutator_t *data, uint8_t *buf, size_t buf_size) { +void afl_custom_post_run(my_mutator_t *data) { printf("hello from afl_custom_post_run\n"); return; diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 7e91dc0358..94f480097a 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1027,10 +1027,8 @@ struct custom_mutator { * (Optional) * * @param data pointer returned in afl_custom_init by this custom mutator - * @param buf Buffer containing the test case - * @param buf_size Size of the test case */ - void (*afl_custom_post_run)(void *data, const u8 *buf, size_t buf_size); + void (*afl_custom_post_run)(void *data); /** * Allow for additional analysis (e.g. calling a different tool that does a diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 29cc535230..ac346b8628 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -60,7 +60,7 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); - + post_run(afl); #ifdef PROFILING clock_gettime(CLOCK_REALTIME, &spec); @@ -1113,3 +1113,20 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { } +/* Run some code each time scripts each time AFL++ executes the target + with afl-fuzz. */ + +void post_run(afl_state_t *afl) { + if (unlikely(afl->custom_mutators_count)) { + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_post_run) { + + el->afl_custom_post_run(el->data); + + } + + }); + } +} \ No newline at end of file From faedb3fb29186c29a4f0cf28daa5d07350ed8094 Mon Sep 17 00:00:00 2001 From: yangzao Date: Sat, 25 Nov 2023 21:18:32 -0700 Subject: [PATCH 230/357] update python module --- custom_mutators/examples/example.py | 5 +++++ include/afl-fuzz.h | 2 ++ src/afl-fuzz-python.c | 32 +++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+) diff --git a/custom_mutators/examples/example.py b/custom_mutators/examples/example.py index 3a6d22e471..830f302fb5 100644 --- a/custom_mutators/examples/example.py +++ b/custom_mutators/examples/example.py @@ -133,6 +133,11 @@ def fuzz(buf, add_buf, max_size): # @return: The buffer containing the test case after # ''' # return buf +# def post_run(): +# ''' +# Called after each time the execution of the target program by AFL++ +# ''' +# pass # # def havoc_mutation(buf, max_size): # ''' diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 94f480097a..f1813df652 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -345,6 +345,7 @@ enum { /* 13 */ PY_FUNC_DESCRIBE, /* 14 */ PY_FUNC_FUZZ_SEND, /* 15 */ PY_FUNC_SPLICE_OPTOUT, + /* 16 */ PY_FUNC_POST_RUN, PY_FUNC_COUNT }; @@ -1085,6 +1086,7 @@ void finalize_py_module(void *); u32 fuzz_count_py(void *, const u8 *, size_t); void fuzz_send_py(void *, const u8 *, size_t); +void post_run_py(void *); size_t post_process_py(void *, u8 *, size_t, u8 **); s32 init_trim_py(void *, u8 *, size_t); s32 post_trim_py(void *, u8); diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 7dad0770de..1b287405d3 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -249,6 +249,8 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { PyObject_GetAttrString(py_module, "queue_get"); py_functions[PY_FUNC_FUZZ_SEND] = PyObject_GetAttrString(py_module, "fuzz_send"); + py_functions[PY_FUNC_POST_RUN] = + PyObject_GetAttrString(py_module, "post_run"); py_functions[PY_FUNC_SPLICE_OPTOUT] = PyObject_GetAttrString(py_module, "splice_optout"); if (py_functions[PY_FUNC_SPLICE_OPTOUT]) { afl->custom_splice_optout = 1; } @@ -468,6 +470,12 @@ struct custom_mutator *load_custom_mutator_py(afl_state_t *afl, } + if (py_functions[PY_FUNC_POST_RUN]) { + + mutator->afl_custom_post_run = post_run_py; + + } + if (py_functions[PY_FUNC_SPLICE_OPTOUT]) { mutator->afl_custom_splice_optout = splice_optout_py; @@ -925,6 +933,30 @@ void fuzz_send_py(void *py_mutator, const u8 *buf, size_t buf_size) { } +void post_run_py(void *py_mutator) { + + PyObject *py_args, *py_value; + + py_args = PyTuple_New(0); + py_value = PyObject_CallObject( + ((py_mutator_t *)py_mutator) + ->py_functions[PY_FUNC_POST_RUN], + py_args); + Py_DECREF(py_args); + + if (py_value != NULL) { + + Py_DECREF(py_value); + + } else { + + PyErr_Print(); + FATAL("Call failed"); + + } + +} + u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, const u8 *filename_orig_queue) { From c9e0f01b439870dc2b619ab2c18240b201ca1460 Mon Sep 17 00:00:00 2001 From: yangzao Date: Mon, 27 Nov 2023 09:58:03 -0700 Subject: [PATCH 231/357] format code --- src/afl-fuzz-one.c | 1 + src/afl-fuzz-python.c | 4 +--- src/afl-fuzz-run.c | 13 ++++++----- src/afl-fuzz-stats.c | 50 ++++++++++++++++++++++--------------------- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 67dafda8d0..01e34b69cf 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1894,6 +1894,7 @@ u8 fuzz_one_original(afl_state_t *afl) { LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { if (el->afl_custom_fuzz) { + havoc_queued = afl->queued_items; afl->current_custom_fuzz = el; diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 1b287405d3..4c7da774a5 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -939,9 +939,7 @@ void post_run_py(void *py_mutator) { py_args = PyTuple_New(0); py_value = PyObject_CallObject( - ((py_mutator_t *)py_mutator) - ->py_functions[PY_FUNC_POST_RUN], - py_args); + ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_POST_RUN], py_args); Py_DECREF(py_args); if (py_value != NULL) { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index ac346b8628..04ccccba46 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -1117,16 +1117,15 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { with afl-fuzz. */ void post_run(afl_state_t *afl) { + if (unlikely(afl->custom_mutators_count)) { - LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if (el->afl_custom_post_run) { + if (el->afl_custom_post_run) { el->afl_custom_post_run(el->data); } - el->afl_custom_post_run(el->data); + }); - } + } - }); - } -} \ No newline at end of file +} diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 07184cf070..d945dabfcc 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -138,7 +138,7 @@ void load_stats_file(afl_state_t *afl) { FILE *f; u8 buf[MAX_LINE]; - u8 * lptr; + u8 *lptr; u8 fn[PATH_MAX]; u32 lineno = 0; snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); @@ -421,7 +421,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, void write_queue_stats(afl_state_t *afl) { FILE *f; - u8 * fn = alloc_printf("%s/queue_data", afl->out_dir); + u8 *fn = alloc_printf("%s/queue_data", afl->out_dir); if ((f = fopen(fn, "w")) != NULL) { u32 id; @@ -857,8 +857,9 @@ void show_stats_normal(afl_state_t *afl) { /* Since `total_crashes` does not get reloaded from disk on restart, it indicates if we found crashes this round already -> paint red. If it's 0, but `saved_crashes` is set from a past run, paint in yellow. */ - char *crash_color = - afl->total_crashes ? cLRD : afl->saved_crashes ? cYEL : cRST; + char *crash_color = afl->total_crashes ? cLRD + : afl->saved_crashes ? cYEL + : cRST; /* Lord, forgive me this. */ @@ -881,26 +882,26 @@ void show_stats_normal(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } @@ -1666,8 +1667,9 @@ void show_stats_pizza(afl_state_t *afl) { /* Since `total_crashes` does not get reloaded from disk on restart, it indicates if we found crashes this round already -> paint red. If it's 0, but `saved_crashes` is set from a past run, paint in yellow. */ - char *crash_color = - afl->total_crashes ? cLRD : afl->saved_crashes ? cYEL : cRST; + char *crash_color = afl->total_crashes ? cLRD + : afl->saved_crashes ? cYEL + : cRST; /* Lord, forgive me this. */ @@ -1690,26 +1692,26 @@ void show_stats_pizza(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } From bb523b46482ce212355b32882158cb129d2e8487 Mon Sep 17 00:00:00 2001 From: yangzao Date: Mon, 27 Nov 2023 09:59:02 -0700 Subject: [PATCH 232/357] update --- src/afl-fuzz-run.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 04ccccba46..8d0f2c2d45 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -1113,7 +1113,7 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { } -/* Run some code each time scripts each time AFL++ executes the target +/* Run some code or scripts each time AFL++ executes the target program with afl-fuzz. */ void post_run(afl_state_t *afl) { From 81b43cefdfa99b14628c487dc0183a4c1a21c811 Mon Sep 17 00:00:00 2001 From: yangzao Date: Mon, 27 Nov 2023 10:25:12 -0700 Subject: [PATCH 233/357] merge function --- src/afl-fuzz-run.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 8d0f2c2d45..ae7969a697 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -60,7 +60,18 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); - post_run(afl); + /* If post_run() function is defined in custom mutator, the function will be + called each time after AFL++ executes the target program. */ + + if (unlikely(afl->custom_mutators_count)) { + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_post_run) { el->afl_custom_post_run(el->data); } + + }); + + } #ifdef PROFILING clock_gettime(CLOCK_REALTIME, &spec); @@ -1112,20 +1123,3 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { return 0; } - -/* Run some code or scripts each time AFL++ executes the target program - with afl-fuzz. */ - -void post_run(afl_state_t *afl) { - - if (unlikely(afl->custom_mutators_count)) { - - LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - - if (el->afl_custom_post_run) { el->afl_custom_post_run(el->data); } - - }); - - } - -} From d2aef74ad77e49a96f152517445a515ba4814bcb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 22 Nov 2023 14:56:57 +0100 Subject: [PATCH 234/357] changes --- TODO.md | 2 ++ src/afl-fuzz-run.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/TODO.md b/TODO.md index 3f8855a04b..9e9a236646 100644 --- a/TODO.md +++ b/TODO.md @@ -7,6 +7,8 @@ - cmplog rtn sanity check on fixed length? + no length 1 - afl-showmap -f support - afl-fuzz multicore wrapper script + - when trimming then perform crash detection + - either -L0 and/or -p mmopt results in zero new coverage ## Should diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index ae7969a697..b6d5df9508 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -931,7 +931,7 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { detected, it will still work to some extent, so we don't check for this. */ - if (q->len < 5) { return 0; } + if (unlikely(q->len < 5)) { return 0; } afl->stage_name = afl->stage_name_buf; afl->bytes_trim_in += q->len; From dd9a04c901c79fe2f3f078de6cc0777e3a5d96df Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 28 Nov 2023 09:14:29 +0100 Subject: [PATCH 235/357] code format --- docs/Changelog.md | 1 + src/afl-fuzz-run.c | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 1e2a47651d..f7842d591e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -13,6 +13,7 @@ - added scale support to CMPLOG (-l S) - added --version and --help command line parameters - fixed endless loop when reading malformed dictionaries + - new custom mutator function: post_run - thanks to yangzao! - afl-whatsup: - detect instanced that are starting up and show them as such as not dead - now also shows coverage reached diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index b6d5df9508..34a5ff8171 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -62,12 +62,16 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { /* If post_run() function is defined in custom mutator, the function will be called each time after AFL++ executes the target program. */ - + if (unlikely(afl->custom_mutators_count)) { LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if (el->afl_custom_post_run) { el->afl_custom_post_run(el->data); } + if (unlikely(el->afl_custom_post_run)) { + + el->afl_custom_post_run(el->data); + + } }); @@ -1123,3 +1127,4 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { return 0; } + From 74f8ca6b468b6d89e8d588e3835486be48184893 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 28 Nov 2023 10:26:37 +0100 Subject: [PATCH 236/357] improve cmplog --- docs/Changelog.md | 4 ++- instrumentation/afl-compiler-rt.o.c | 10 ++++-- instrumentation/cmplog-instructions-pass.cc | 38 +++++++++++---------- src/afl-fuzz-redqueen.c | 4 +++ 4 files changed, 35 insertions(+), 21 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index f7842d591e..b2e9fbf6b9 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,7 +10,9 @@ - added AFL_IGNORE_SEED_PROBLEMS to skip over seeds that time out instead of exiting with an error message - allow -S/-M naming up to 50 characters (from 24) - - added scale support to CMPLOG (-l S) + - CMPLOG: + - added scale support (-l S) + - skip unhelpful insertions (u8) - added --version and --help command line parameters - fixed endless loop when reading malformed dictionaries - new custom mutator function: post_run - thanks to yangzao! diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 8ce8bca147..106892e255 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1910,6 +1910,10 @@ void __cmplog_ins_hook1(uint8_t arg1, uint8_t arg2, uint8_t attr) { // fprintf(stderr, "hook1 arg0=%02x arg1=%02x attr=%u\n", // (u8) arg1, (u8) arg2, attr); + return; + + /* + if (unlikely(!__afl_cmp_map || arg1 == arg2)) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); @@ -1936,6 +1940,8 @@ void __cmplog_ins_hook1(uint8_t arg1, uint8_t arg2, uint8_t attr) { __afl_cmp_map->log[k][hits].v0 = arg1; __afl_cmp_map->log[k][hits].v1 = arg2; + */ + } void __cmplog_ins_hook2(uint16_t arg1, uint16_t arg2, uint8_t attr) { @@ -2142,13 +2148,13 @@ void __cmplog_ins_hook16(uint128_t arg1, uint128_t arg2, uint8_t attr) { void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) { - __cmplog_ins_hook1(arg1, arg2, 0); + //__cmplog_ins_hook1(arg1, arg2, 0); } void __sanitizer_cov_trace_const_cmp1(uint8_t arg1, uint8_t arg2) { - __cmplog_ins_hook1(arg1, arg2, 0); + //__cmplog_ins_hook1(arg1, arg2, 0); } diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 9cd1dc59cf..8be8c29462 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -165,23 +165,25 @@ bool CmpLogInstructions::hookInstrs(Module &M) { IntegerType *Int64Ty = IntegerType::getInt64Ty(C); IntegerType *Int128Ty = IntegerType::getInt128Ty(C); -#if LLVM_VERSION_MAJOR >= 9 - FunctionCallee -#else - Constant * -#endif - c1 = M.getOrInsertFunction("__cmplog_ins_hook1", VoidTy, Int8Ty, Int8Ty, - Int8Ty -#if LLVM_VERSION_MAJOR < 5 - , - NULL -#endif - ); -#if LLVM_VERSION_MAJOR >= 9 - FunctionCallee cmplogHookIns1 = c1; -#else - Function *cmplogHookIns1 = cast(c1); -#endif + /* + #if LLVM_VERSION_MAJOR >= 9 + FunctionCallee + #else + Constant * + #endif + c1 = M.getOrInsertFunction("__cmplog_ins_hook1", VoidTy, Int8Ty, Int8Ty, + Int8Ty + #if LLVM_VERSION_MAJOR < 5 + , + NULL + #endif + ); + #if LLVM_VERSION_MAJOR >= 9 + FunctionCallee cmplogHookIns1 = c1; + #else + Function *cmplogHookIns1 = cast(c1); + #endif + */ #if LLVM_VERSION_MAJOR >= 9 FunctionCallee @@ -619,7 +621,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { switch (cast_size) { case 8: - IRB.CreateCall(cmplogHookIns1, args); + // IRB.CreateCall(cmplogHookIns1, args); break; case 16: IRB.CreateCall(cmplogHookIns2, args); diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 13f164f557..c0ea50050e 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -1906,6 +1906,8 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, #endif + if (hshape < 2) { return 0; } + for (i = 0; i < loggeds; ++i) { struct cmp_operands *o = &afl->shm.cmp_map->log[key][i]; @@ -2698,6 +2700,8 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, hshape = SHAPE_BYTES(h->shape); + if (hshape < 2) { return 0; } + if (h->hits > CMP_MAP_RTN_H) { loggeds = CMP_MAP_RTN_H; From 39be50e2a80443224cc781e4630714df977f52c0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 28 Nov 2023 16:32:36 +0100 Subject: [PATCH 237/357] nit --- src/afl-fuzz-redqueen.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index c0ea50050e..9e9b38226e 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -1379,7 +1379,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, new_vall += (scale_len << 2) + 3; ilen = scale_len + 5; - if (ilen <= its_len) { + if (ilen <= its_len && ilen > 1) { u8 tmpbuf[32]; memcpy(tmpbuf, buf + idx, ilen); @@ -1403,7 +1403,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, if (do_call) { - if (ilen <= its_len) { + if (ilen <= its_len && ilen > 1) { u8 tmpbuf[32]; memcpy(tmpbuf, buf + idx, ilen); @@ -1421,7 +1421,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - // here we add and subract 1 from the value, but only if it is not an + // here we add and subtract 1 from the value, but only if it is not an // == or != comparison // Bits: 1 = Equal, 2 = Greater, 4 = Lesser, 8 = Float // 16 = modified float, 32 = modified integer (modified = wont match From 1fa285079f895b3e0b5b347830ce8a7ab980c691 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 30 Nov 2023 11:52:10 +0100 Subject: [PATCH 238/357] nit --- utils/aflpp_driver/aflpp_driver.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index 4e8f466d9a..1104a81eb7 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -279,7 +279,9 @@ __attribute__((weak)) int main(int argc, char **argv) { */ - if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) + if (argc < 2 || strncmp(argv[1], "-h", 2) == 0 || + strcmp(argv[1], "--help") == 0) { + printf( "============================== INFO ================================\n" "This binary is built for afl++.\n" @@ -296,6 +298,13 @@ __attribute__((weak)) int main(int argc, char **argv) { "option\n" "===================================================================\n", argv[0], argv[0]); + if (strncmp(argv[1], "-h", 2) == 0 || strcmp(argv[1], "--help") == 0) { + + exit(0); + + } + + } return LLVMFuzzerRunDriver(&argc, &argv, LLVMFuzzerTestOneInput); From d02036adfd098766ce9576905613cb7911e315d5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 1 Dec 2023 07:20:00 +0100 Subject: [PATCH 239/357] fix --- instrumentation/afl-compiler-rt.o.c | 2 +- utils/aflpp_driver/aflpp_driver.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 106892e255..def59b6b36 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -183,7 +183,7 @@ static u8 _is_sancov; /* Debug? */ -static u32 __afl_debug; +/*static*/ u32 __afl_debug; /* Already initialized markers */ diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index 1104a81eb7..3f8e1ef7ee 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -298,7 +298,8 @@ __attribute__((weak)) int main(int argc, char **argv) { "option\n" "===================================================================\n", argv[0], argv[0]); - if (strncmp(argv[1], "-h", 2) == 0 || strcmp(argv[1], "--help") == 0) { + if (argc == 2 && strncmp(argv[1], "-h", 2) == 0 || + strcmp(argv[1], "--help") == 0) { exit(0); From 858e0bfd05894d07630d8a56bb25d56a8206b2b7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 1 Dec 2023 07:21:43 +0100 Subject: [PATCH 240/357] fix --- utils/aflpp_driver/aflpp_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index 3f8e1ef7ee..dab7fd95d7 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -298,8 +298,8 @@ __attribute__((weak)) int main(int argc, char **argv) { "option\n" "===================================================================\n", argv[0], argv[0]); - if (argc == 2 && strncmp(argv[1], "-h", 2) == 0 || - strcmp(argv[1], "--help") == 0) { + if (argc == 2 && + (strncmp(argv[1], "-h", 2) == 0 || strcmp(argv[1], "--help") == 0)) { exit(0); From 3fc9e680f3f0bcd19372941b88d8dde1e73dbdf3 Mon Sep 17 00:00:00 2001 From: Romain Geissler Date: Fri, 1 Dec 2023 16:28:33 +0000 Subject: [PATCH 241/357] Stop hardcoding the path /usr/local/lib/afl in afl-ld-lto.c and respect the configured PREFIX. --- src/afl-ld-lto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index b1e6c84879..7ce5de4134 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -278,7 +278,7 @@ int main(int argc, char **argv) { if (getenv("AFL_LD_PASSTHROUGH") != NULL) passthrough = 1; if (getenv("AFL_REAL_LD") != NULL) real_ld = getenv("AFL_REAL_LD"); - if (!afl_path || !*afl_path) afl_path = "/usr/local/lib/afl"; + if (!afl_path || !*afl_path) afl_path = AFL_PATH; setenv("AFL_LD_CALLER", "1", 1); From 4e0a79443157265716bd829d5ff4385a674265e5 Mon Sep 17 00:00:00 2001 From: Jakob Lell Date: Sat, 2 Dec 2023 20:10:05 +0100 Subject: [PATCH 242/357] Add benchmark for Raspberry Pi 5 --- benchmark/benchmark-results.jsonl | 1 + 1 file changed, 1 insertion(+) diff --git a/benchmark/benchmark-results.jsonl b/benchmark/benchmark-results.jsonl index 9b8ef038f2..2dd9f406cc 100644 --- a/benchmark/benchmark-results.jsonl +++ b/benchmark/benchmark-results.jsonl @@ -416,3 +416,4 @@ {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Debian clang version 17.0.4 (++20231031083102+309d55140c46-1~exp1~20231031083155.63)", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4761.063, "cpu_model": "12th Gen Intel(R) Core(TM) i7-1270P", "cpu_threads": 16}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 641219.02, "execs_total": 19251242, "fuzzers_used": 16}, "singlecore": {"execs_per_sec": 149778.22, "execs_total": 4493796, "fuzzers_used": 1}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Ubuntu clang version 17.0.2 (++20231003073128+b2417f51dbbd-1~exp1~20231003073233.51)", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3193.942, "cpu_model": "AMD EPYC 7282 16-Core Processor", "cpu_threads": 64}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 769000.8, "execs_total": 23084516, "fuzzers_used": 32}, "singlecore": {"execs_per_sec": 87198.85, "execs_total": 2616227, "fuzzers_used": 1}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.08a", "comment": "", "compiler": "Ubuntu clang version 14.0.0-1ubuntu1.1", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3700.0, "cpu_model": "AMD Ryzen 5 PRO 4650G with Radeon Graphics", "cpu_threads": 12}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 704840.16, "execs_total": 21163992, "fuzzers_used": 12}, "singlecore": {"execs_per_sec": 95356.14, "execs_total": 2862114, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Debian clang version 14.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 2400.0, "cpu_model": "Raspberry Pi 5", "cpu_threads": 4}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 101114.23, "execs_total": 3036637, "fuzzers_used": 4}, "singlecore": {"execs_per_sec": 25786.11, "execs_total": 774460, "fuzzers_used": 1}}}} From b0cb2f7e83d3f0273761a3adf0cb6bcbfd5395c6 Mon Sep 17 00:00:00 2001 From: vH Date: Sun, 3 Dec 2023 12:54:44 +0100 Subject: [PATCH 243/357] ryzen 5950 benchmark --- benchmark/COMPARISON | 1 + benchmark/benchmark-results.jsonl | 1 + 2 files changed, 2 insertions(+) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index a8de1a60e6..801b58d8fe 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -5,3 +5,4 @@ Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 AMD EPYC 7282 16-Core Processor | 3194 | 32 | 87199 | 769001 | both | AMD Ryzen 5 PRO 4650G with Radeon Graphics | 3700 | 12 | 95356 | 704840 | both | 12th Gen Intel(R) Core(TM) i7-1270P | 4761 | 16 | 149778 | 641219 | both | +AMD Ryzen 9 5950X 16-Core Processor | 4792 | 32 | 161690 | 2339763 | both | diff --git a/benchmark/benchmark-results.jsonl b/benchmark/benchmark-results.jsonl index 2dd9f406cc..ac800d65b8 100644 --- a/benchmark/benchmark-results.jsonl +++ b/benchmark/benchmark-results.jsonl @@ -417,3 +417,4 @@ {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Ubuntu clang version 17.0.2 (++20231003073128+b2417f51dbbd-1~exp1~20231003073233.51)", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3193.942, "cpu_model": "AMD EPYC 7282 16-Core Processor", "cpu_threads": 64}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 769000.8, "execs_total": 23084516, "fuzzers_used": 32}, "singlecore": {"execs_per_sec": 87198.85, "execs_total": 2616227, "fuzzers_used": 1}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.08a", "comment": "", "compiler": "Ubuntu clang version 14.0.0-1ubuntu1.1", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 3700.0, "cpu_model": "AMD Ryzen 5 PRO 4650G with Radeon Graphics", "cpu_threads": 12}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 704840.16, "execs_total": 21163992, "fuzzers_used": 12}, "singlecore": {"execs_per_sec": 95356.14, "execs_total": 2862114, "fuzzers_used": 1}}}} {"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.09a", "comment": "", "compiler": "Debian clang version 14.0.6", "target_arch": "aarch64-unknown-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 2400.0, "cpu_model": "Raspberry Pi 5", "cpu_threads": 4}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 101114.23, "execs_total": 3036637, "fuzzers_used": 4}, "singlecore": {"execs_per_sec": 25786.11, "execs_total": 774460, "fuzzers_used": 1}}}} +{"config": {"afl_persistent_config": true, "afl_system_config": true, "afl_version": "++4.07a", "comment": "", "compiler": "Debian clang version 17.0.0 (++20230417071830+ae77aceba5ad-1~exp1~20230417071935.630)", "target_arch": "x86_64-pc-linux-gnu"}, "hardware": {"cpu_fastest_core_mhz": 4792.073, "cpu_model": "AMD Ryzen 9 5950X 16-Core Processor", "cpu_threads": 32}, "targets": {"test-instr-persist-shmem": {"multicore": {"execs_per_sec": 2339762.91, "execs_total": 70253164, "fuzzers_used": 32}, "singlecore": {"execs_per_sec": 161690.07, "execs_total": 4851838, "fuzzers_used": 1}}}} From 477a5176281a907c9c54d4588c88ea1ed93e72e2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 3 Dec 2023 13:01:34 +0100 Subject: [PATCH 244/357] add missing raspery5 --- benchmark/COMPARISON | 1 + 1 file changed, 1 insertion(+) diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON index 801b58d8fe..f3ac368764 100644 --- a/benchmark/COMPARISON +++ b/benchmark/COMPARISON @@ -5,4 +5,5 @@ Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 AMD EPYC 7282 16-Core Processor | 3194 | 32 | 87199 | 769001 | both | AMD Ryzen 5 PRO 4650G with Radeon Graphics | 3700 | 12 | 95356 | 704840 | both | 12th Gen Intel(R) Core(TM) i7-1270P | 4761 | 16 | 149778 | 641219 | both | +Raspberry Pi 5 | 2400 | 4 | 774460 | 3036637 | both AMD Ryzen 9 5950X 16-Core Processor | 4792 | 32 | 161690 | 2339763 | both | From 01e0d4aa1c9e856124491d1f23deea0ae443d8ea Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 3 Dec 2023 13:12:22 +0100 Subject: [PATCH 245/357] comparison -> comparison.md --- benchmark/COMPARISON | 9 --------- benchmark/README.md | 6 +++--- benchmark/benchmark.py | 8 ++++---- 3 files changed, 7 insertions(+), 16 deletions(-) delete mode 100644 benchmark/COMPARISON diff --git a/benchmark/COMPARISON b/benchmark/COMPARISON deleted file mode 100644 index f3ac368764..0000000000 --- a/benchmark/COMPARISON +++ /dev/null @@ -1,9 +0,0 @@ -CPU | MHz | threads | singlecore | multicore | afl-*-config | -====================================================|=======|=========|============|===========|==============| -Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz | 4995 | 16 | 120064 | 1168943 | both | -Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 | 1157465 | both | -AMD EPYC 7282 16-Core Processor | 3194 | 32 | 87199 | 769001 | both | -AMD Ryzen 5 PRO 4650G with Radeon Graphics | 3700 | 12 | 95356 | 704840 | both | -12th Gen Intel(R) Core(TM) i7-1270P | 4761 | 16 | 149778 | 641219 | both | -Raspberry Pi 5 | 2400 | 4 | 774460 | 3036637 | both -AMD Ryzen 9 5950X 16-Core Processor | 4792 | 32 | 161690 | 2339763 | both | diff --git a/benchmark/README.md b/benchmark/README.md index c7d75e42bb..12f4763e52 100644 --- a/benchmark/README.md +++ b/benchmark/README.md @@ -32,7 +32,7 @@ python3 benchmark.py [*] multicore test-instr-persist-shmem run 2 of 2, execs/s: 1175584.09 [*] Average execs/sec for this test across all runs was: 1177703.38 [*] Results have been written to the benchmark-results.jsonl file. - [*] Results have been written to the COMPARISON file. + [*] Results have been written to the COMPARISON.md file. ``` By default, the script will use a number of parallel fuzzers equal to your @@ -43,8 +43,8 @@ The script will use multicore fuzzing instead of singlecore by default (change with `--mode singlecore`) and use a persistent-mode shared memory harness for optimal speed (change with `--target test-instr`). -Feel free to submit the resulting line for your CPU added to the COMPARISON -file back to aflplusplus in a pull request. +Feel free to submit the resulting line for your CPU added to the COMPARISON.md +and benchmark-results.jsonl files back to AFL++ in a pull request. Each run writes results to [benchmark-results.jsonl](benchmark-results.jsonl) in [JSON Lines](https://jsonlines.org/) format, ready to be pulled in to other diff --git a/benchmark/benchmark.py b/benchmark/benchmark.py index b3d55f21bd..0685cedd50 100755 --- a/benchmark/benchmark.py +++ b/benchmark/benchmark.py @@ -186,14 +186,14 @@ async def save_benchmark_results() -> None: json.dump(asdict(results), jsonfile, sort_keys=True) jsonfile.write("\n") print(blue(f" [*] Results have been written to the {jsonfile.name} file.")) - with open("COMPARISON", "r+") as comparisonfile: + with open("COMPARISON.md", "r+") as comparisonfile: described_config = await describe_afl_config() aflconfig = described_config.ljust(12) if results.hardware is None: return cpu_model = results.hardware.cpu_model.ljust(51) if cpu_model in comparisonfile.read(): - print(blue(f" [*] Results have not been written to the COMPARISON file; this CPU is already present.")) + print(blue(f" [*] Results have not been written to the COMPARISON.md file; this CPU is already present.")) return cpu_mhz = str(round(results.hardware.cpu_fastest_core_mhz)).ljust(5) if not "test-instr-persist-shmem" in results.targets or \ @@ -206,8 +206,8 @@ async def save_benchmark_results() -> None: multi = str(round(results.targets["test-instr-persist-shmem"]["multicore"].execs_per_sec)).ljust(9) cores = str(args.fuzzers).ljust(7) comparisonfile.write(f"{cpu_model} | {cpu_mhz} | {cores} | {single} | {multi} | {aflconfig} |\n") - print(blue(f" [*] Results have been written to the COMPARISON file.")) - with open("COMPARISON", "r") as comparisonfile: + print(blue(f" [*] Results have been written to the COMPARISON.md file.")) + with open("COMPARISON.md", "r") as comparisonfile: print(comparisonfile.read()) From 0e7afb75dd02efebc5518505d06667fde0467c7e Mon Sep 17 00:00:00 2001 From: vincenzo MEZZELA Date: Mon, 4 Dec 2023 16:39:10 +0100 Subject: [PATCH 246/357] removing options "-Wl,-rpath" "LLVM_LIBDIR" when using gcc --- src/afl-cc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index c3c677b47c..6faed538db 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1144,7 +1144,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!have_pic) { cc_params[cc_par_cnt++] = "-fPIC"; } - if (!getenv("AFL_LLVM_NO_RPATH")) { + if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC && + !getenv("AFL_LLVM_NO_RPATH")) { // in case LLVM is installed not via a package manager or "make install" // e.g. compiled download or compiled from github then its ./lib directory From 6c04d4cc80b55efee8bb005bbd616a0aaeede395 Mon Sep 17 00:00:00 2001 From: vincenzo MEZZELA Date: Mon, 4 Dec 2023 16:41:21 +0100 Subject: [PATCH 247/357] fixing -Wl,-rpath= --- src/afl-cc.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 6faed538db..ceea61f217 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1150,16 +1150,12 @@ static void edit_params(u32 argc, char **argv, char **envp) { // in case LLVM is installed not via a package manager or "make install" // e.g. compiled download or compiled from github then its ./lib directory // might not be in the search path. Add it if so. - u8 *libdir = strdup(LLVM_LIBDIR); + const char *libdir = LLVM_LIBDIR; if (plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && strncmp(libdir, "/lib", 4)) { - cc_params[cc_par_cnt++] = "-Wl,-rpath"; - cc_params[cc_par_cnt++] = libdir; - - } else { - - free(libdir); + u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR); + cc_params[cc_par_cnt++] = libdir_opt; } From 638273e4f80ba89ada8a4428a6211ee6b59d964a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 5 Dec 2023 17:38:32 +0100 Subject: [PATCH 248/357] nits --- docs/INSTALL.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 4f029f5d48..1379df0af4 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -11,13 +11,6 @@ docker pull aflplusplus/aflplusplus:latest docker run -ti -v /location/of/your/target:/src aflplusplus/aflplusplus ``` -Or for convinince to run in the current directory: - -```shell -docker pull aflplusplus/aflplusplus:latest -docker run -ti -v $(pwd):/src aflplusplus/aflplusplus -``` - This image is automatically generated when a push to the stable branch happens. You will find your target source code in `/src` in the container. From 5b655e0d59973099c8ecaea6f105d62c24fddafd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 5 Dec 2023 19:07:56 +0100 Subject: [PATCH 249/357] fix --- benchmark/COMPARISON.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 benchmark/COMPARISON.md diff --git a/benchmark/COMPARISON.md b/benchmark/COMPARISON.md new file mode 100644 index 0000000000..49c107a2b0 --- /dev/null +++ b/benchmark/COMPARISON.md @@ -0,0 +1,9 @@ +CPU | MHz | threads | singlecore | multicore | afl-*-config | +====================================================|=======|=========|============|===========|==============| +Raspberry Pi 5 | 2400 | 4 | 25786 | 101114 | both | +AMD EPYC 7282 16-Core Processor | 3194 | 32 | 87199 | 769001 | both | +AMD Ryzen 5 PRO 4650G with Radeon Graphics | 3700 | 12 | 95356 | 704840 | both | +Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz | 4995 | 16 | 120064 | 1168943 | both | +12th Gen Intel(R) Core(TM) i7-1270P | 4761 | 16 | 149778 | 641219 | both | +AMD Ryzen 9 5950X 16-Core Processor | 4792 | 32 | 161690 | 2339763 | both | +Apple Mac Studio M2 Ultra 2023, Linux VM guest | 3500 | 16 | 163570 | 1157465 | both | From bb1d4a24917fd95f5389ed6f406c99811e0ed6eb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 7 Dec 2023 16:15:18 +0100 Subject: [PATCH 250/357] afl-cc fixes --- src/afl-cc.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index ceea61f217..6242ece02c 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -395,12 +395,16 @@ static void process_params(u32 argc, char **argv) { } + // reset + have_instr_list = 0; + have_c = 0; + if (lto_mode && argc > 1) { u32 idx; for (idx = 1; idx < argc; idx++) { - if (!strncasecmp(argv[idx], "-fpic", 5)) have_pic = 1; + if (!strncasecmp(argv[idx], "-fpic", 5)) { have_pic = 1; } } @@ -689,6 +693,18 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *)); + for (u32 c = 1; c < argc; ++c) { + + if (!strcmp(argv[c], "-c")) have_c = 1; + if (!strncmp(argv[c], "-fsanitize-coverage-", 20) && + strstr(argv[c], "list=")) { + + have_instr_list = 1; + + } + + } + if (lto_mode) { if (lto_flag[0] != '-') @@ -1125,24 +1141,18 @@ static void edit_params(u32 argc, char **argv, char **envp) { // cc_params[cc_par_cnt++] = "-Qunused-arguments"; - if (lto_mode && argc > 1) { - - u32 idx; - for (idx = 1; idx < argc; idx++) { - - if (!strncasecmp(argv[idx], "-fpic", 5)) have_pic = 1; - - } - - } - } /* Inspect the command line parameters. */ process_params(argc, argv); - if (!have_pic) { cc_params[cc_par_cnt++] = "-fPIC"; } + if (!have_pic) { + + cc_params[cc_par_cnt++] = "-fPIC"; + have_pic = 1; + + } if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC && !getenv("AFL_LLVM_NO_RPATH")) { From 520daf5e0f8b6e7df9fa3b77b7c1b8268b0dcd0f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 10 Dec 2023 13:23:59 +0100 Subject: [PATCH 251/357] nit --- src/afl-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 6242ece02c..22cce2cd2c 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2313,7 +2313,7 @@ int main(int argc, char **argv, char **envp) { "0x10000\n" " AFL_LLVM_DOCUMENT_IDS: write all edge IDs and the corresponding " "functions\n" - " into this file\n" + " into this file (LTO mode)\n" " AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a " "global var\n" " AFL_LLVM_LTO_STARTID: from which ID to start counting from for " From a062e84ba60a687b2a0ea390a8b7d9701e1ee27b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 10 Dec 2023 14:05:41 +0100 Subject: [PATCH 252/357] add n_fuzz to ignore_timeouts --- src/afl-fuzz-bitmap.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 568c527442..7c81d01a83 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -459,6 +459,17 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (unlikely(fault == FSRV_RUN_TMOUT && afl->afl_env.afl_ignore_timeouts)) { + if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { + + classify_counts(&afl->fsrv); + cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + + // Saturated increment + if (likely(afl->n_fuzz[cksum % N_FUZZ_SIZE] < 0xFFFFFFFF)) + afl->n_fuzz[cksum % N_FUZZ_SIZE]++; + + } + return 0; } From b2d118f821b9a98b64a955b6dce5785646a8f19e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 10 Dec 2023 14:07:25 +0100 Subject: [PATCH 253/357] fix --- src/afl-fuzz-bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 7c81d01a83..5f67347ced 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -462,7 +462,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { classify_counts(&afl->fsrv); - cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); // Saturated increment if (likely(afl->n_fuzz[cksum % N_FUZZ_SIZE] < 0xFFFFFFFF)) From ab532e7c151edaa1b563702dc26daabed09da157 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 11 Dec 2023 11:54:30 +0100 Subject: [PATCH 254/357] Fix #1927 --- instrumentation/afl-llvm-common.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 7f17b02d64..96952bd6c4 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -97,11 +97,15 @@ bool isIgnoreFunction(const llvm::Function *F) { static constexpr const char *ignoreSubstringList[] = { - "__asan", "__msan", "__ubsan", "__lsan", "__san", "__sanitize", - "__cxx", "DebugCounter", "DwarfDebug", "DebugLoc" + "__asan", "__msan", "__ubsan", "__lsan", "__san", + "__sanitize", "DebugCounter", "DwarfDebug", "DebugLoc" }; + // This check is very sensitive, we must be sure to not include patterns + // that are part of user-written C++ functions like the ones including + // std::string as parameter (see #1927) as the mangled type is inserted in the + // mangled name of the user-written function for (auto const &ignoreListFunc : ignoreSubstringList) { // hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0 From a576f7aef42d190f969030a3efde7032d1425833 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 12 Dec 2023 09:34:04 +0100 Subject: [PATCH 255/357] in-depth blog post --- docs/afl-fuzz_approach.md | 4 ++++ docs/tutorials.md | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/afl-fuzz_approach.md b/docs/afl-fuzz_approach.md index 7d18b17883..9ea063255d 100644 --- a/docs/afl-fuzz_approach.md +++ b/docs/afl-fuzz_approach.md @@ -5,6 +5,10 @@ instrumentation-guided genetic algorithm. It uses a modified form of edge coverage to effortlessly pick up subtle, local-scale changes to program control flow. +Note: If you are interested in a more current up-to-date deep dive how AFL++ +works then we commend this blog post: +[https://blog.ritsec.club/posts/afl-under-hood/](https://blog.ritsec.club/posts/afl-under-hood/) + Simplifying a bit, the overall algorithm can be summed up as: 1) Load user-supplied initial test cases into the queue. diff --git a/docs/tutorials.md b/docs/tutorials.md index a5ee33225b..0a09f6dc18 100644 --- a/docs/tutorials.md +++ b/docs/tutorials.md @@ -21,7 +21,7 @@ training, then we can highly recommend the following: * [https://github.com/antonio-morales/Fuzzing101](https://github.com/antonio-morales/Fuzzing101) -Here is a good forkflow description (and tutorial) for qemu_mode: +Here is a good workflow description (and tutorial) for qemu_mode: * [https://airbus-seclab.github.io/AFLplusplus-blogpost/](https://airbus-seclab.github.io/AFLplusplus-blogpost/) @@ -41,6 +41,9 @@ structure is), these links have you covered (some are outdated though): * Superion for AFL++: [https://github.com/adrian-rt/superion-mutator](https://github.com/adrian-rt/superion-mutator) +For a very in-depth explanation on how AFL++ works check out: +[https://blog.ritsec.club/posts/afl-under-hood/](https://blog.ritsec.club/posts/afl-under-hood/) + ## Video Tutorials * [Install AFL++ Ubuntu](https://www.youtube.com/watch?v=5dCvhkbi3RA) From f290bdd83ba1b540396db2215d133e5a40570419 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 14 Dec 2023 16:00:57 +0100 Subject: [PATCH 256/357] add AFL_FUZZER_LOOPCOUNT --- include/envs.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/envs.h b/include/envs.h index 93e49e34c0..560092d963 100644 --- a/include/envs.h +++ b/include/envs.h @@ -172,6 +172,7 @@ static char *afl_environment_variables[] = { "AFL_LLVM_LTO_DONTWRITEID", "AFL_LLVM_LTO_SKIPINIT" "AFL_LLVM_LTO_STARTID", + "AFL_FUZZER_LOOPCOUNT", "AFL_NO_ARITH", "AFL_NO_AUTODICT", "AFL_NO_BUILTIN", From ae9cdb34e4fdc10c7c2d1c775238a7501fda288a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 14 Dec 2023 16:04:00 +0100 Subject: [PATCH 257/357] AFL_FUZZER_LOOPCOUNT --- docs/Changelog.md | 1 + utils/aflpp_driver/aflpp_driver.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index b2e9fbf6b9..7faa0ab3f2 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -25,6 +25,7 @@ - fix for a few string compare transform functions for LAF - frida_mode: - fixes support for large map offsets + - support for AFL_FUZZER_LOOPCOUNT for afl.rs and LLVMFuzzerTestOneInput - afl-cmin/afl-cmin.bash: prevent unneeded file errors - added new tool afl-addseeds that adds new seeds to a running campaign - added benchmark/benchmark.py if you want to see how good your fuzzing diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index dab7fd95d7..9ffb2383f0 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -292,6 +292,7 @@ __attribute__((weak)) int main(int argc, char **argv) { "afl-fuzz will run N iterations before re-spawning the process " "(default: " "INT_MAX)\n" + "You can also use AFL_FUZZER_LOOPCOUNT to set N\n" "For stdin input processing, pass '-' as single command line option.\n" "For file input processing, pass '@@' as single command line option.\n" "To use with afl-cmin or afl-cmin.bash pass '-' as single command line " @@ -379,6 +380,12 @@ __attribute__((weak)) int LLVMFuzzerRunDriver( } + if (getenv("AFL_FUZZER_LOOPCOUNT")) { + + N = atoi(getenv("AFL_FUZZER_LOOPCOUNT")); + + } + assert(N > 0); __afl_manual_init(); From 37505928bcec63a08fe50cdebdbf7b9b28b952d0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 15 Dec 2023 09:23:30 +0100 Subject: [PATCH 258/357] fix 2 mutation bugs --- docs/Changelog.md | 3 +++ include/afl-mutations.h | 16 ++++++++-------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 7faa0ab3f2..0d75782d7f 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -5,6 +5,7 @@ ### Version ++4.09a (dev) - afl-fuzz: + - fixed the new mutation implementation for two bugs - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) before terminating. - added AFL_IGNORE_SEED_PROBLEMS to skip over seeds that time out instead @@ -23,6 +24,8 @@ - option -n will not use color in the output - instrumentation: - fix for a few string compare transform functions for LAF + - we are instrumenting __cxx internal functions again. this might break + a few targets, please report if so. - frida_mode: - fixes support for large map offsets - support for AFL_FUZZER_LOOPCOUNT for afl.rs and LLVMFuzzerTestOneInput diff --git a/include/afl-mutations.h b/include/afl-mutations.h index d709b90d05..6338c93c1a 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -2456,14 +2456,14 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } - char buf[20]; - snprintf(buf, sizeof(buf), "%" PRId64, val); + char numbuf[32]; + snprintf(numbuf, sizeof(buf), "%" PRId64, val); u32 old_len = off2 - off; - u32 new_len = strlen(buf); + u32 new_len = strlen(numbuf); if (old_len == new_len) { - memcpy(buf + off, buf, new_len); + memcpy(buf + off, numbuf, new_len); } else { @@ -2473,7 +2473,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, /* Inserted part */ - memcpy(tmp_buf + off, buf, new_len); + memcpy(tmp_buf + off, numbuf, new_len); /* Tail */ memcpy(tmp_buf + off + new_len, buf + off2, len - off2); @@ -2509,9 +2509,9 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } u64 val = rand_next(afl); - char buf[20]; - snprintf(buf, sizeof(buf), "%llu", val); - memcpy(buf + pos, buf, len); + char numbuf[32]; + snprintf(numbuf, sizeof(numbuf), "%llu", val); + memcpy(buf + pos, numbuf, len); break; From 8a7705aedbb759dd8ff331d47a99cc6bbc17902b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 15 Dec 2023 09:28:39 +0100 Subject: [PATCH 259/357] v4.09c release --- README.md | 4 ++-- docs/Changelog.md | 2 +- include/config.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 322ebcf22d..a09147c5cd 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ logo -Release version: [4.08c](https://github.com/AFLplusplus/AFLplusplus/releases) +Release version: [4.09c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.09a +GitHub version: 4.09c Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index 0d75782d7f..2dfcb482fd 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,7 +3,7 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. -### Version ++4.09a (dev) +### Version ++4.09c (release) - afl-fuzz: - fixed the new mutation implementation for two bugs - added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`) diff --git a/include/config.h b/include/config.h index 988e536eef..b346d7b4b5 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.09a" +#define VERSION "++4.09c" /****************************************************** * * From ca0c9f6d1797bac121996c3b2ac50423f6e67b8f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 15 Dec 2023 09:44:02 +0100 Subject: [PATCH 260/357] v4.10a init --- README.md | 2 +- docs/Changelog.md | 5 ++++- include/config.h | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a09147c5cd..fd48cb1412 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Release version: [4.09c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.09c +GitHub version: 4.10a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index 2dfcb482fd..2ac87f4754 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,6 +3,10 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. +### Version ++4.10a (dev) + - ... + + ### Version ++4.09c (release) - afl-fuzz: - fixed the new mutation implementation for two bugs @@ -34,7 +38,6 @@ - added benchmark/benchmark.py if you want to see how good your fuzzing speed is in comparison to other setups. - ### Version ++4.08c (release) - afl-fuzz: - new mutation engine: mutations that favor discovery more paths are diff --git a/include/config.h b/include/config.h index b346d7b4b5..63340650ea 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.09c" +#define VERSION "++4.10a" /****************************************************** * * From 353ae3682a02634abae0b6590dfb47b762cf6bfa Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 15 Dec 2023 10:24:12 +0100 Subject: [PATCH 261/357] switch to explore powerschedule as default --- docs/Changelog.md | 3 ++- src/afl-fuzz-state.c | 3 +-- src/afl-fuzz.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 2ac87f4754..150ce6c707 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,7 +4,8 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.10a (dev) - - ... + - default power schedule is now EXPLORE, due a fix in fast schedules + explore is slightly better now. ### Version ++4.09c (release) diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index db82536dcd..7d6fdfb9a3 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -89,9 +89,8 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->w_end = 0.3; afl->g_max = 5000; afl->period_pilot_tmp = 5000.0; - afl->schedule = FAST; /* Power schedule (default: FAST) */ + afl->schedule = EXPLORE; /* Power schedule (default: EXPLORE)*/ afl->havoc_max_mult = HAVOC_MAX_MULT; - afl->clear_screen = 1; /* Window resized? */ afl->havoc_div = 1; /* Cycle count divisor for havoc */ afl->stage_name = "init"; /* Name of the current fuzz stage */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index becad3511f..dd990e717e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -138,7 +138,7 @@ static void usage(u8 *argv0, int more_help) { "to\n" " exploit mode, and back on new coverage (default: %u)\n" " -p schedule - power schedules compute a seed's performance score:\n" - " fast(default), explore, exploit, seek, rare, mmopt, " + " explore(default), fast, exploit, seek, rare, mmopt, " "coe, lin\n" " quad -- see docs/FAQ.md for more information\n" " -f file - location read by the fuzzed program (default: stdin " From 7fabe5052bd41deec72fad43acd5219b5f506ac0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 09:26:11 +0100 Subject: [PATCH 262/357] fix MUT_INSERTASCIINUM --- include/afl-mutations.h | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 6338c93c1a..24c6b8ffcb 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -2490,12 +2490,13 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, case MUT_INSERTASCIINUM: { - u32 len = 1 + rand_below(afl, 8); + u32 ins_len = 1 + rand_below(afl, 8); u32 pos = rand_below(afl, len); /* Insert ascii number. */ - if (unlikely(len < pos + len)) { + if (unlikely(len < pos + ins_len)) { + // no retry if we have a small input if (unlikely(len < 8)) { break; @@ -2511,7 +2512,20 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, u64 val = rand_next(afl); char numbuf[32]; snprintf(numbuf, sizeof(numbuf), "%llu", val); - memcpy(buf + pos, numbuf, len); + size_t val_len = strlen(numbuf), off; + + if (ins_len > val_len) { + + ins_len = val_len; + off = 0; + + } else { + + off = val_len - ins_len; + + } + + memcpy(buf + pos, numbuf + off, ins_len); break; From f822cdeb747fb7aad8be7a9d9472331e36f3dd83 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 09:29:12 +0100 Subject: [PATCH 263/357] fix MUT_STRATEGY_ARRAY_SIZE --- include/afl-mutations.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 24c6b8ffcb..dcc62d0be1 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -32,7 +32,7 @@ #include #include "afl-fuzz.h" -#define MUT_STRATEGY_ARRAY_SIZE 256 +#define MUT_STRATEGY_ARRAY_SIZE 255 enum { From 806a76afaeb1e1c99847df95af4181b3d1b48a91 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 11:15:33 +0100 Subject: [PATCH 264/357] fix bad fix for MUT_STRATEGY_ARRAY_SIZE --- docs/Changelog.md | 7 +++++-- include/afl-mutations.h | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 150ce6c707..133e460bfe 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,8 +4,11 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.10a (dev) - - default power schedule is now EXPLORE, due a fix in fast schedules - explore is slightly better now. + - afl-fuzz: + - default power schedule is now EXPLORE, due a fix in fast schedules + explore is slightly better now. + - fixed minor issues in the mutation engine, thanks to @futhewo for + reporting! ### Version ++4.09c (release) diff --git a/include/afl-mutations.h b/include/afl-mutations.h index dcc62d0be1..75e664847b 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -32,7 +32,7 @@ #include #include "afl-fuzz.h" -#define MUT_STRATEGY_ARRAY_SIZE 255 +#define MUT_STRATEGY_ARRAY_SIZE 256 enum { @@ -1082,6 +1082,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_CLONE_COPY, MUT_CLONE_COPY, MUT_CLONE_COPY, + MUT_CLONE_COPY, MUT_CLONE_FIXED, MUT_CLONE_FIXED, MUT_CLONE_FIXED, From 2f74feaf9959870bf2f8728371c4b9f9208f795d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 11:19:33 +0100 Subject: [PATCH 265/357] remove afl-network-client on uninstall --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index 5fd371479f..364cdde1dd 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -816,7 +816,7 @@ endif .PHONY: uninstall uninstall: - -cd $${DESTDIR}$(BIN_PATH) && rm -f $(PROGS) $(SH_PROGS) afl-cs-proxy afl-qemu-trace afl-plot-ui afl-fuzz-document afl-network-server afl-g* afl-plot.sh afl-as afl-ld-lto afl-c* afl-lto* + -cd $${DESTDIR}$(BIN_PATH) && rm -f $(PROGS) $(SH_PROGS) afl-cs-proxy afl-qemu-trace afl-plot-ui afl-fuzz-document afl-network-client afl-network-server afl-g* afl-plot.sh afl-as afl-ld-lto afl-c* afl-lto* -cd $${DESTDIR}$(HELPER_PATH) && rm -f afl-g*.*o afl-llvm-*.*o afl-compiler-*.*o libdislocator.so libtokencap.so libcompcov.so libqasan.so afl-frida-trace.so libnyx.so socketfuzz*.so argvfuzz*.so libAFLDriver.a libAFLQemuDriver.a as afl-as SanitizerCoverage*.so compare-transform-pass.so cmplog-*-pass.so split-*-pass.so dynamic_list.txt -rm -rf $${DESTDIR}$(MISC_PATH)/testcases $${DESTDIR}$(MISC_PATH)/dictionaries -sh -c "ls docs/*.md | sed 's|^docs/|$${DESTDIR}$(DOC_PATH)/|' | xargs rm -f" From c38dedbecdaab3ec3482e2af282f78a6f5bf792b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 21 Dec 2023 08:31:16 +0100 Subject: [PATCH 266/357] update nyx --- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/libnyx | 2 +- nyx_mode/packer | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 60c216bc9e..02a6f2aed3 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 60c216bc9e4c79834716d4099993d8397a3a8fd9 +Subproject commit 02a6f2aed360cfe76bb3d788dafe517c350d74e5 diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx index 2da7f08b6e..512058a68d 160000 --- a/nyx_mode/libnyx +++ b/nyx_mode/libnyx @@ -1 +1 @@ -Subproject commit 2da7f08b6e0267ccfe64e1320b24cdb29223459c +Subproject commit 512058a68d58b1a90a4e3971b526a955559735bf diff --git a/nyx_mode/packer b/nyx_mode/packer index 202bace888..bcf3e248b6 160000 --- a/nyx_mode/packer +++ b/nyx_mode/packer @@ -1 +1 @@ -Subproject commit 202bace888d237e4e8f4507d0eba6791a811554d +Subproject commit bcf3e248b660764f48af54232a3388389a2dfc22 From 86d76b52acb945c662ba6d2f8ff44cf036a12161 Mon Sep 17 00:00:00 2001 From: Bet4 <0xbet4@gmail.com> Date: Thu, 21 Dec 2023 23:48:43 +0800 Subject: [PATCH 267/357] Improve binary-only related docs --- docs/fuzzing_binary-only_targets.md | 8 +------- frida_mode/src/main.c | 4 ++-- frida_mode/src/ranges.c | 2 +- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/docs/fuzzing_binary-only_targets.md b/docs/fuzzing_binary-only_targets.md index 9d9d6bb6cf..a151bce486 100644 --- a/docs/fuzzing_binary-only_targets.md +++ b/docs/fuzzing_binary-only_targets.md @@ -94,8 +94,7 @@ For more information, see In FRIDA mode, you can fuzz binary-only targets as easily as with QEMU mode. FRIDA mode is most of the times slightly faster than QEMU mode. It is also -newer, lacks COMPCOV, and has the advantage that it works on MacOS (both intel -and M1). +newer, and has the advantage that it works on MacOS (both intel and M1). To build FRIDA mode: @@ -113,10 +112,6 @@ The mode is approximately 2-5x slower than compile-time instrumentation, and is less conducive to parallelization. But for binary-only fuzzing, it gives a huge speed improvement if it is possible to use. -If you want to fuzz a binary-only library, then you can fuzz it with frida-gum -via frida_mode/. You will have to write a harness to call the target function in -the library, use afl-frida.c as a template. - You can also perform remote fuzzing with frida, e.g., if you want to fuzz on iPhone or Android devices, for this you can use [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) as @@ -302,7 +297,6 @@ some are very hard to set up... * S2E: [https://github.com/S2E](https://github.com/S2E) * TinyInst: [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) - (Mac/Windows only) * ... please send me any missing that are good ## Closing words diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index bd7b1351d3..9daf067b50 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -166,7 +166,7 @@ static void afl_print_env(void) { if (fd < 0) { - FWARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno); + FWARNF("Failed to open /proc/self/environ, errno: (%d)", errno); return; } @@ -174,7 +174,7 @@ static void afl_print_env(void) { ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1); if (bytes_read < 0) { - FFATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno); + FFATAL("Failed to read /proc/self/environ, errno: (%d)", errno); } diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index e9fc3b4e95..269ba59b4d 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -653,7 +653,7 @@ void ranges_init(void) { /* * After step 4 we have the total ranges to be instrumented, we now subtract * that either from the original ranges of the modules or from the whole - * memory if AFL_INST_NO_DYNAMIC_LOAD to configure the stalker. + * memory if AFL_FRIDA_INST_NO_DYNAMIC_LOAD to configure the stalker. */ if (ranges_inst_dynamic_load) { From df0638ab87a37f0a3604f5a95a4164153a3bd582 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 22 Dec 2023 13:34:35 +0000 Subject: [PATCH 268/357] llvm 18 build fixes. --- instrumentation/SanitizerCoverageLTO.so.cc | 14 +++++++++----- instrumentation/SanitizerCoveragePCGUARD.so.cc | 4 ++++ instrumentation/afl-llvm-dict2file.so.cc | 10 +++++----- instrumentation/cmplog-routines-pass.cc | 4 ++-- instrumentation/compare-transform-pass.so.cc | 8 ++++---- 5 files changed, 24 insertions(+), 16 deletions(-) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index c70fbd4f3c..8365cf65ca 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -696,12 +696,12 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()); + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isStrcasecmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()); + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isMemcmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0)->isPointerTy() && @@ -711,13 +711,13 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()) && + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && FT->getParamType(2)->isIntegerTy(); isStrncasecmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()) && + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && FT->getParamType(2)->isIntegerTy(); isStdString &= FT->getNumParams() >= 2 && FT->getParamType(0)->isPointerTy() && @@ -1241,7 +1241,11 @@ void ModuleSanitizerCoverageLTO::instrumentFunction( if (F.empty()) return; if (F.getName().find(".module_ctor") != std::string::npos) return; // Should not instrument sanitizer init functions. +#if LLVM_VERSION_MAJOR >= 18 + if (F.getName().starts_with("__sanitizer_")) +#else if (F.getName().startswith("__sanitizer_")) +#endif return; // Don't instrument __sanitizer_* callbacks. // Don't touch available_externally functions, their actual body is elsewhere. if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage) return; @@ -1493,7 +1497,7 @@ GlobalVariable *ModuleSanitizerCoverageLTO::CreateFunctionLocalArrayInSection( Array->setComdat(Comdat); #endif Array->setSection(getSectionName(Section)); - Array->setAlignment(Align(DL->getTypeStoreSize(Ty).getFixedSize())); + Array->setAlignment(Align(DL->getTypeStoreSize(Ty).getFixedValue())); GlobalsToAppendToUsed.push_back(Array); GlobalsToAppendToCompilerUsed.push_back(Array); MDNode *MD = MDNode::get(F.getContext(), ValueAsMetadata::get(&F)); diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 588eb95057..1c019d2695 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -572,7 +572,11 @@ void ModuleSanitizerCoverageAFL::instrumentFunction( if (!isInInstrumentList(&F, FMNAME)) return; if (F.getName().find(".module_ctor") != std::string::npos) return; // Should not instrument sanitizer init functions. +#if LLVM_VERSION_MAJOR >= 18 + if (F.getName().starts_with("__sanitizer_")) +#else if (F.getName().startswith("__sanitizer_")) +#endif return; // Don't instrument __sanitizer_* callbacks. // Don't touch available_externally functions, their actual body is elewhere. if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage) return; diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 59b16ca052..3a5b99f861 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -433,15 +433,15 @@ bool AFLdict2filePass::runOnModule(Module &M) { isStrstr &= FT->getNumParams() == 2 && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8PtrTy(M.getContext()); + FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isStrcmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8PtrTy(M.getContext()); + FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isStrcasecmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8PtrTy(M.getContext()); + FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isMemcmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0)->isPointerTy() && @@ -451,13 +451,13 @@ bool AFLdict2filePass::runOnModule(Module &M) { FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()) && + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && FT->getParamType(2)->isIntegerTy(); isStrncasecmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()) && + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && FT->getParamType(2)->isIntegerTy(); isStdString &= FT->getNumParams() >= 2 && FT->getParamType(0)->isPointerTy() && diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 54e9ddf3ed..9272be6206 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -385,7 +385,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { isStrcmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8PtrTy(M.getContext()); + FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); bool isStrncmp = (!FuncName.compare("strncmp") || !FuncName.compare("xmlStrncmp") || @@ -402,7 +402,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()) && + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && FT->getParamType(2)->isIntegerTy(); bool isGccStdStringStdString = diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 5a5415d74e..5c707914e6 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -271,11 +271,11 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, isStrcmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8PtrTy(M.getContext()); + FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isStrcasecmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8PtrTy(M.getContext()); + FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isMemcmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0)->isPointerTy() && @@ -285,13 +285,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()) && + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && FT->getParamType(2)->isIntegerTy(); isStrncasecmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0) == - IntegerType::getInt8PtrTy(M.getContext()) && + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && FT->getParamType(2)->isIntegerTy(); if (!isStrcmp && !isMemcmp && !isStrncmp && !isStrcasecmp && From daaefcddc063b356018c29027494a00bcfc3e240 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 24 Dec 2023 10:35:02 +0100 Subject: [PATCH 269/357] code format --- docs/Changelog.md | 2 + instrumentation/SanitizerCoverageLTO.so.cc | 48 +++++++++++--------- instrumentation/afl-llvm-dict2file.so.cc | 33 ++++++++------ instrumentation/cmplog-routines-pass.cc | 15 +++--- instrumentation/compare-transform-pass.so.cc | 30 ++++++------ 5 files changed, 70 insertions(+), 58 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 133e460bfe..c8f0421725 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,8 @@ explore is slightly better now. - fixed minor issues in the mutation engine, thanks to @futhewo for reporting! + - instrumentation: + - LLVM 18 support, thanks to @devnexen! ### Version ++4.09c (release) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 8365cf65ca..68423029b3 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -692,33 +692,37 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( * prototype */ FunctionType *FT = Callee->getFunctionType(); - isStrcmp &= FT->getNumParams() == 2 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); - isStrcasecmp &= FT->getNumParams() == 2 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + isStrcmp &= + FT->getNumParams() == 2 && + FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + isStrcasecmp &= + FT->getNumParams() == 2 && + FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isMemcmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0)->isPointerTy() && FT->getParamType(1)->isPointerTy() && FT->getParamType(2)->isIntegerTy(); - isStrncmp &= FT->getNumParams() == 3 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && - FT->getParamType(2)->isIntegerTy(); - isStrncasecmp &= FT->getNumParams() == 3 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && - FT->getParamType(2)->isIntegerTy(); + isStrncmp &= + FT->getNumParams() == 3 && + FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && + FT->getParamType(2)->isIntegerTy(); + isStrncasecmp &= + FT->getNumParams() == 3 && + FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && + FT->getParamType(2)->isIntegerTy(); isStdString &= FT->getNumParams() >= 2 && FT->getParamType(0)->isPointerTy() && FT->getParamType(1)->isPointerTy(); diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 3a5b99f861..c60f3e06ab 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -433,32 +433,35 @@ bool AFLdict2filePass::runOnModule(Module &M) { isStrstr &= FT->getNumParams() == 2 && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isStrcmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isStrcasecmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isMemcmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0)->isPointerTy() && FT->getParamType(1)->isPointerTy() && FT->getParamType(2)->isIntegerTy(); - isStrncmp &= FT->getNumParams() == 3 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && - FT->getParamType(2)->isIntegerTy(); - isStrncasecmp &= FT->getNumParams() == 3 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && - FT->getParamType(2)->isIntegerTy(); + isStrncmp &= + FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && + FT->getParamType(2)->isIntegerTy(); + isStrncasecmp &= + FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && + FT->getParamType(2)->isIntegerTy(); isStdString &= FT->getNumParams() >= 2 && FT->getParamType(0)->isPointerTy() && FT->getParamType(1)->isPointerTy(); diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 9272be6206..b27e06e0c4 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -385,7 +385,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { isStrcmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); bool isStrncmp = (!FuncName.compare("strncmp") || !FuncName.compare("xmlStrncmp") || @@ -398,12 +399,12 @@ bool CmpLogRoutines::hookRtns(Module &M) { !FuncName.compare("g_ascii_strncasecmp") || !FuncName.compare("Curl_strncasecompare") || !FuncName.compare("g_strncasecmp")); - isStrncmp &= FT->getNumParams() == 3 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && - FT->getParamType(2)->isIntegerTy(); + isStrncmp &= + FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && + FT->getParamType(2)->isIntegerTy(); bool isGccStdStringStdString = Callee->getName().find("__is_charIT_EE7__value") != diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 5c707914e6..b0d6355aae 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -271,28 +271,30 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, isStrcmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isStrcasecmp &= FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0); isMemcmp &= FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && FT->getParamType(0)->isPointerTy() && FT->getParamType(1)->isPointerTy() && FT->getParamType(2)->isIntegerTy(); - isStrncmp &= FT->getNumParams() == 3 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && - FT->getParamType(2)->isIntegerTy(); - isStrncasecmp &= FT->getNumParams() == 3 && - FT->getReturnType()->isIntegerTy(32) && - FT->getParamType(0) == FT->getParamType(1) && - FT->getParamType(0) == - IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && - FT->getParamType(2)->isIntegerTy(); + isStrncmp &= + FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && + FT->getParamType(2)->isIntegerTy(); + isStrncasecmp &= + FT->getNumParams() == 3 && FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8Ty(M.getContext())->getPointerTo(0) && + FT->getParamType(2)->isIntegerTy(); if (!isStrcmp && !isMemcmp && !isStrncmp && !isStrcasecmp && !isStrncasecmp && !isIntMemcpy) From a9e6998b829e58eab670c79fca8913ba8c5f684d Mon Sep 17 00:00:00 2001 From: Xeonacid Date: Mon, 25 Dec 2023 13:50:32 +0800 Subject: [PATCH 270/357] Fix custom_send link Add a leading '/' to walk in the repo root instead of current dir. --- docs/custom_mutators.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 1c4ab2cf1f..71547f8b66 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -198,7 +198,7 @@ def deinit(): # optional for Python This method can be used if you want to send data to the target yourself, e.g. via IPC. This replaces some usage of utils/afl_proxy but requires that you start the target with afl-fuzz. - Example: [custom_mutators/examples/custom_send.c](custom_mutators/examples/custom_send.c) + Example: [custom_mutators/examples/custom_send.c](/custom_mutators/examples/custom_send.c) - `queue_new_entry` (optional): @@ -377,4 +377,4 @@ See [example.c](../custom_mutators/examples/example.c) and - [bruce30262/libprotobuf-mutator_fuzzing_learning](https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator) - [thebabush/afl-libprotobuf-mutator](https://github.com/thebabush/afl-libprotobuf-mutator) - [XML Fuzzing@NullCon 2017](https://www.agarri.fr/docs/XML_Fuzzing-NullCon2017-PUBLIC.pdf) - - [A bug detected by AFL + XML-aware mutators](https://bugs.chromium.org/p/chromium/issues/detail?id=930663) \ No newline at end of file + - [A bug detected by AFL + XML-aware mutators](https://bugs.chromium.org/p/chromium/issues/detail?id=930663) From c3197dfeb736f3018124529eb184827eafe3a2d9 Mon Sep 17 00:00:00 2001 From: Xeonacid Date: Mon, 25 Dec 2023 18:30:46 +0800 Subject: [PATCH 271/357] Use ../ instead --- docs/custom_mutators.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 71547f8b66..ce0a42dc63 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -198,7 +198,7 @@ def deinit(): # optional for Python This method can be used if you want to send data to the target yourself, e.g. via IPC. This replaces some usage of utils/afl_proxy but requires that you start the target with afl-fuzz. - Example: [custom_mutators/examples/custom_send.c](/custom_mutators/examples/custom_send.c) + Example: [custom_mutators/examples/custom_send.c](../custom_mutators/examples/custom_send.c) - `queue_new_entry` (optional): From 1fc1b32db261b27cf14f0d1d7f77a06854b7376c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 27 Dec 2023 13:53:11 +0100 Subject: [PATCH 272/357] initial simple injection detection support --- GNUmakefile | 5 +-- GNUmakefile.llvm | 5 ++- include/envs.h | 4 +++ injections.dic | 7 +++++ instrumentation/afl-compiler-rt.o.c | 48 +++++++++++++++++++++++++++++ src/afl-cc.c | 20 ++++++++++++ 6 files changed, 86 insertions(+), 3 deletions(-) create mode 100644 injections.dic diff --git a/GNUmakefile b/GNUmakefile index 364cdde1dd..b67f9c1595 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -782,7 +782,7 @@ install: all $(MANPAGES) @rm -f $${DESTDIR}$(BIN_PATH)/afl-plot.sh @rm -f $${DESTDIR}$(BIN_PATH)/afl-as @rm -f $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt.o $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt-32.o $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt-64.o $${DESTDIR}$(HELPER_PATH)/afl-gcc-rt.o - @for i in afl-llvm-dict2file.so afl-llvm-lto-instrumentlist.so afl-llvm-pass.so cmplog-instructions-pass.so cmplog-routines-pass.so cmplog-switches-pass.so compare-transform-pass.so libcompcov.so libdislocator.so libnyx.so libqasan.so libtokencap.so SanitizerCoverageLTO.so SanitizerCoveragePCGUARD.so split-compares-pass.so split-switches-pass.so; do echo rm -fv $${DESTDIR}$(HELPER_PATH)/$${i}; done + @for i in afl-llvm-dict2file.so afl-llvm-lto-instrumentlist.so afl-llvm-pass.so cmplog-instructions-pass.so cmplog-routines-pass.so cmplog-switches-pass.so compare-transform-pass.so libcompcov.so libdislocator.so libnyx.so libqasan.so libtokencap.so SanitizerCoverageLTO.so SanitizerCoveragePCGUARD.so split-compares-pass.so split-switches-pass.so injection-pass.so; do echo rm -fv $${DESTDIR}$(HELPER_PATH)/$${i}; done install -m 755 $(PROGS) $(SH_PROGS) $${DESTDIR}$(BIN_PATH) @if [ -f afl-qemu-trace ]; then install -m 755 afl-qemu-trace $${DESTDIR}$(BIN_PATH); fi @if [ -f utils/plot_ui/afl-plot-ui ]; then install -m 755 utils/plot_ui/afl-plot-ui $${DESTDIR}$(BIN_PATH); fi @@ -813,11 +813,12 @@ endif install -m 644 docs/*.md $${DESTDIR}$(DOC_PATH) cp -r testcases/ $${DESTDIR}$(MISC_PATH) cp -r dictionaries/ $${DESTDIR}$(MISC_PATH) + cp injections.dic $${DESTDIR}$(MISC_PATH) .PHONY: uninstall uninstall: -cd $${DESTDIR}$(BIN_PATH) && rm -f $(PROGS) $(SH_PROGS) afl-cs-proxy afl-qemu-trace afl-plot-ui afl-fuzz-document afl-network-client afl-network-server afl-g* afl-plot.sh afl-as afl-ld-lto afl-c* afl-lto* - -cd $${DESTDIR}$(HELPER_PATH) && rm -f afl-g*.*o afl-llvm-*.*o afl-compiler-*.*o libdislocator.so libtokencap.so libcompcov.so libqasan.so afl-frida-trace.so libnyx.so socketfuzz*.so argvfuzz*.so libAFLDriver.a libAFLQemuDriver.a as afl-as SanitizerCoverage*.so compare-transform-pass.so cmplog-*-pass.so split-*-pass.so dynamic_list.txt + -cd $${DESTDIR}$(HELPER_PATH) && rm -f afl-g*.*o afl-llvm-*.*o afl-compiler-*.*o libdislocator.so libtokencap.so libcompcov.so libqasan.so afl-frida-trace.so libnyx.so socketfuzz*.so argvfuzz*.so libAFLDriver.a libAFLQemuDriver.a as afl-as SanitizerCoverage*.so compare-transform-pass.so cmplog-*-pass.so split-*-pass.so dynamic_list.txt injections.dic -rm -rf $${DESTDIR}$(MISC_PATH)/testcases $${DESTDIR}$(MISC_PATH)/dictionaries -sh -c "ls docs/*.md | sed 's|^docs/|$${DESTDIR}$(DOC_PATH)/|' | xargs rm -f" -cd $${DESTDIR}$(MAN_PATH) && rm -f $(MANPAGES) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 0845ae3a20..c704d772e9 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -341,7 +341,7 @@ ifeq "$(TEST_MMAP)" "1" endif PROGS_ALWAYS = ./afl-cc ./afl-compiler-rt.o ./afl-compiler-rt-32.o ./afl-compiler-rt-64.o -PROGS = $(PROGS_ALWAYS) ./afl-llvm-pass.so ./SanitizerCoveragePCGUARD.so ./split-compares-pass.so ./split-switches-pass.so ./cmplog-routines-pass.so ./cmplog-instructions-pass.so ./cmplog-switches-pass.so ./afl-llvm-dict2file.so ./compare-transform-pass.so ./afl-ld-lto ./afl-llvm-lto-instrumentlist.so ./SanitizerCoverageLTO.so +PROGS = $(PROGS_ALWAYS) ./afl-llvm-pass.so ./SanitizerCoveragePCGUARD.so ./split-compares-pass.so ./split-switches-pass.so ./cmplog-routines-pass.so ./cmplog-instructions-pass.so ./cmplog-switches-pass.so ./afl-llvm-dict2file.so ./compare-transform-pass.so ./afl-ld-lto ./afl-llvm-lto-instrumentlist.so ./SanitizerCoverageLTO.so ./injection-pass.so # If prerequisites are not given, warn, do not build anything, and exit with code 0 ifeq "$(LLVMVER)" "" @@ -469,6 +469,9 @@ endif afl-llvm-dict2file.so: instrumentation/afl-llvm-dict2file.so.cc instrumentation/afl-llvm-common.o | test_deps $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o +./injection-pass.so: instrumentation/injection-pass.cc instrumentation/afl-llvm-common.o | test_deps + $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o + .PHONY: document document: $(CLANG_BIN) -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS_SAFE) $(CPPFLAGS) $(CLANG_CFL) -O3 -Wno-unused-result -fPIC -c instrumentation/afl-compiler-rt.o.c -o ./afl-compiler-rt.o diff --git a/include/envs.h b/include/envs.h index 560092d963..75b2e13d84 100644 --- a/include/envs.h +++ b/include/envs.h @@ -151,6 +151,10 @@ static char *afl_environment_variables[] = { "AFL_LLVM_LTO_AUTODICTIONARY", "AFL_LLVM_AUTODICTIONARY", "AFL_LLVM_SKIPSINGLEBLOCK", + "AFL_LLVM_INJECTIONS_ALL", + "AFL_LLVM_INJECTIONS_SQL", + "AFL_LLVM_INJECTIONS_LDAP", + "AFL_LLVM_INJECTIONS_XSS", "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", "AFL_LLVM_LAF_SPLIT_COMPARES", "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", diff --git a/injections.dic b/injections.dic new file mode 100644 index 0000000000..4063cd1764 --- /dev/null +++ b/injections.dic @@ -0,0 +1,7 @@ +"1'\" OR \"1\"=\"1" +"1\"' OR '1'='1" +"'\"><\""))) { fprintf(stderr, "ALERT: Detected XSS injection in content: %s\n", buf); abort(); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index dd990e717e..17949fd7b9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1749,6 +1749,34 @@ int main(int argc, char **argv_orig, char **envp) { } + // Marker: ADD_TO_INJECTIONS + if (getenv("AFL_LLVM_INJECTIONS_ALL") || getenv("AFL_LLVM_INJECTIONS_SQL") || + getenv("AFL_LLVM_INJECTIONS_LDAP") || getenv("AFL_LLVM_INJECTIONS_XSS")) { + + OKF("Adding injection tokens to dictionary."); + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_SQL")) { + + add_extra(afl, "'\"\"'", 4); + + } + + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_LDAP")) { + + add_extra(afl, "*)(1=*))(|", 10); + + } + + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_XSS")) { + + add_extra(afl, "1\"><\"", 5); + + } + + } + OKF("Generating fuzz data with a length of min=%u max=%u", afl->min_length, afl->max_length); u32 min_alloc = MAX(64U, afl->min_length); From c5b4e260529b9afeed3a2f7fab55d87874c5120c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 30 Dec 2023 10:56:15 +0100 Subject: [PATCH 277/357] remove tmp todo --- TODO.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/TODO.md b/TODO.md index 8d746d509e..7cab71e8fe 100644 --- a/TODO.md +++ b/TODO.md @@ -10,14 +10,6 @@ - when trimming then perform crash detection - either -L0 and/or -p mmopt results in zero new coverage -afl-clang-fast -Iapps -I. -Iinclude -Iapps/include -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -fno-inline-functions -g -pthread -Wno-unused-command-line-argument -O3 -fno-sanitize=alignment -DOPENSSL_BUILDING_OPENSSL -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -MMD -MF apps/openssl-bin-speed.d.tmp -MT apps/openssl-bin-speed.o -c -o apps/openssl-bin-speed.o apps/speed.c -afl-cc++4.10a by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: LLVM-PCGUARD -Split-compare-newpass by laf.intel@gmail.com, extended by heiko@hexco.de (splitting icmp to 8 bit) -Split-floatingpoint-compare-pass: 2 FP comparisons split -724 comparisons found -SanitizerCoveragePCGUARD++4.10a -[+] Instrumented 7356 locations with no collisions (non-hardened mode) of which are 99 handled and 7 unhandled selects. - ## Should From 5f492da71793e75e145e13d4c0dd9506bac2d60c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 30 Dec 2023 11:00:28 +0100 Subject: [PATCH 278/357] update changelog --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 178d0f8a79..adc81d64a7 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -11,6 +11,8 @@ reporting! - instrumentation: - LLVM 18 support, thanks to @devnexen! + - Injection (SQL, LDAP, XSS) feature now available, see + `instrumentation/README.injections.md` how to activate/use/expand. - compcov/LAF-intel: - floating point splitting bug fix by @hexcoder - due a bug in LLVM 17 integer splitting is disabled! From 0aeee03e471c654e5a6434a29aeb1c27440a7198 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 3 Jan 2024 13:16:31 +0100 Subject: [PATCH 279/357] forgot to add the injection pass --- instrumentation/injection-pass.cc | 366 ++++++++++++++++++++++++++++++ 1 file changed, 366 insertions(+) create mode 100644 instrumentation/injection-pass.cc diff --git a/instrumentation/injection-pass.cc b/instrumentation/injection-pass.cc new file mode 100644 index 0000000000..971b103bab --- /dev/null +++ b/instrumentation/injection-pass.cc @@ -0,0 +1,366 @@ +/* + american fuzzy lop++ - LLVM Injection instrumentation + -------------------------------------------------- + + Written by Marc Heuse + + Copyright 2015, 2016 Google Inc. All rights reserved. + Copyright 2019-2023 AFLplusplus Project. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + https://www.apache.org/licenses/LICENSE-2.0 + +*/ + +#include +#include +#include + +#include +#include +#include +#include +#include "llvm/Config/llvm-config.h" + +#include "llvm/ADT/Statistic.h" +#include "llvm/IR/IRBuilder.h" +#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ + #include "llvm/Passes/PassPlugin.h" + #include "llvm/Passes/PassBuilder.h" + #include "llvm/IR/PassManager.h" +#else + #include "llvm/IR/LegacyPassManager.h" + #include "llvm/Transforms/IPO/PassManagerBuilder.h" +#endif +#include "llvm/IR/Module.h" +#include "llvm/Support/Debug.h" +#include "llvm/Support/raw_ostream.h" +#if LLVM_VERSION_MAJOR < 17 + #include "llvm/Transforms/IPO/PassManagerBuilder.h" +#endif +#include "llvm/Transforms/Utils/BasicBlockUtils.h" +#include "llvm/Pass.h" +#include "llvm/Analysis/ValueTracking.h" + +#include "llvm/IR/IRBuilder.h" +#if LLVM_VERSION_MAJOR >= 4 || \ + (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) + #include "llvm/IR/Verifier.h" + #include "llvm/IR/DebugInfo.h" +#else + #include "llvm/Analysis/Verifier.h" + #include "llvm/DebugInfo.h" + #define nullptr 0 +#endif + +#include +#include "afl-llvm-common.h" + +using namespace llvm; + +namespace { + +#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ +class InjectionRoutines : public PassInfoMixin { + + public: + InjectionRoutines() { + +#else +class InjectionRoutines : public ModulePass { + + public: + static char ID; + InjectionRoutines() : ModulePass(ID) { + +#endif + + initInstrumentList(); + + } + +#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ + PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM); +#else + bool runOnModule(Module &M) override; + + #if LLVM_VERSION_MAJOR >= 4 + StringRef getPassName() const override { + + #else + const char *getPassName() const override { + + #endif + return "Injection routines"; + + } + +#endif + + private: + bool hookRtns(Module &M); + + bool doSQL = false; + bool doLDAP = false; + bool doXSS = false; + +}; + +} // namespace + +#if LLVM_MAJOR >= 11 +extern "C" ::llvm::PassPluginLibraryInfo LLVM_ATTRIBUTE_WEAK +llvmGetPassPluginInfo() { + + return {LLVM_PLUGIN_API_VERSION, "Injectionroutines", "v0.1", + /* lambda to insert our pass into the pass pipeline. */ + [](PassBuilder &PB) { + + #if LLVM_VERSION_MAJOR <= 13 + using OptimizationLevel = typename PassBuilder::OptimizationLevel; + #endif + PB.registerOptimizerLastEPCallback( + [](ModulePassManager &MPM, OptimizationLevel OL) { + + MPM.addPass(InjectionRoutines()); + + }); + + }}; + +} + +#else +char InjectionRoutines::ID = 0; +#endif + +bool InjectionRoutines::hookRtns(Module &M) { + + std::vector calls, llvmStdStd, llvmStdC, gccStdStd, gccStdC, + Memcmp, Strcmp, Strncmp; + LLVMContext &C = M.getContext(); + + Type *VoidTy = Type::getVoidTy(C); + IntegerType *Int8Ty = IntegerType::getInt8Ty(C); + PointerType *i8PtrTy = PointerType::get(Int8Ty, 0); + +#if LLVM_VERSION_MAJOR >= 9 + FunctionCallee +#else + Constant * +#endif + c1 = M.getOrInsertFunction("__afl_injection_sql", VoidTy, i8PtrTy +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR >= 9 + FunctionCallee sqlfunc = c1; +#else + Function *sqlfunc = cast(c1); +#endif + +#if LLVM_VERSION_MAJOR >= 9 + FunctionCallee +#else + Constant * +#endif + c2 = M.getOrInsertFunction("__afl_injection_ldap", VoidTy, i8PtrTy +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR >= 9 + FunctionCallee ldapfunc = c2; +#else + Function *ldapfunc = cast(c2); +#endif + +#if LLVM_VERSION_MAJOR >= 9 + FunctionCallee +#else + Constant * +#endif + c3 = M.getOrInsertFunction("__afl_injection_xss", VoidTy, i8PtrTy +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR >= 9 + FunctionCallee xssfunc = c3; +#else + Function *xssfunc = cast(c3); +#endif + +#if LLVM_VERSION_MAJOR >= 9 + FunctionCallee FuncPtr; +#else + Function *FuncPtr; +#endif + + /* iterate over all functions, bbs and instruction and add suitable calls */ + for (auto &F : M) { + + if (!isInInstrumentList(&F, MNAME)) continue; + + for (auto &BB : F) { + + for (auto &IN : BB) { + + CallInst *callInst = nullptr; + + if ((callInst = dyn_cast(&IN))) { + + Function *Callee = callInst->getCalledFunction(); + if (!Callee) continue; + if (callInst->getCallingConv() != llvm::CallingConv::C) continue; + + std::string FuncName = Callee->getName().str(); + FuncPtr = nullptr; + size_t param = 0; + + // Marker: ADD_TO_INJECTIONS + // If you just need to add another function to test for SQL etc. + // then add them here. + // To add a new class or to work on e.g. std::string/Rust strings/... + // you will need to add a function to afl-compiler-rt.c.o and + // and upwards in this file add a pointer to that function to use + // here. + + if (doSQL && + (FuncName.compare("sqlite3_exec") == 0 || + FuncName.compare("PQexec") == 0 || FuncName.compare("") == 0 || + FuncName.compare("PQexecParams") == 0 || + FuncName.compare("mysql_query") == 0)) { + + if (!be_quiet) { + + errs() << "Injection SQL hook: " << FuncName << "\n"; + + } + + FuncPtr = sqlfunc; + param = 1; + + } + + if (doLDAP && (FuncName.compare("ldap_search_ext") == 0 || + FuncName.compare("ldap_search_ext_s") == 0)) { + + if (!be_quiet) { + + errs() << "Injection LDAP hook: " << FuncName << "\n"; + + } + + FuncPtr = ldapfunc; + param = 1; + + } + + if (doXSS && (FuncName.compare("htmlReadMemory") == 0)) { + + if (!be_quiet) { + + errs() << "Injection XSS hook: " << FuncName << "\n"; + + } + + FuncPtr = xssfunc; + param = 1; + + } + + if (FuncPtr) { + + IRBuilder<> IRB(callInst->getParent()); + IRB.SetInsertPoint(callInst); + + Value *parameter = callInst->getArgOperand(param); + + std::vector args; + Value *casted = IRB.CreatePointerCast(parameter, i8PtrTy); + args.push_back(casted); + IRB.CreateCall(FuncPtr, args); + + } + + } + + } + + } + + } + + return true; + +} + +#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ +PreservedAnalyses InjectionRoutines::run(Module &M, + ModuleAnalysisManager &MAM) { + +#else +bool InjectionRoutines::runOnModule(Module &M) { + +#endif + + if (getenv("AFL_QUIET") == NULL) + printf("Running injection-pass by Marc Heuse (mh@mh-sec.de)\n"); + else + be_quiet = 1; + if (getenv("AFL_LLVM_INJECTIONS_ALL")) { + + doSQL = true; + doLDAP = true; + doXSS = true; + + } + + if (getenv("AFL_LLVM_INJECTIONS_SQL")) { doSQL = true; } + if (getenv("AFL_LLVM_INJECTIONS_LDAP")) { doLDAP = true; } + if (getenv("AFL_LLVM_INJECTIONS_XSS")) { doXSS = true; } + + hookRtns(M); +#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ + auto PA = PreservedAnalyses::all(); +#endif + verifyModule(M); + +#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ + return PA; +#else + return true; +#endif + +} + +#if LLVM_VERSION_MAJOR < 11 /* use old pass manager */ +static void registerInjectionRoutinesPass(const PassManagerBuilder &, + legacy::PassManagerBase &PM) { + + auto p = new InjectionRoutines(); + PM.add(p); + +} + +static RegisterStandardPasses RegisterInjectionRoutinesPass( + PassManagerBuilder::EP_OptimizerLast, registerInjectionRoutinesPass); + +static RegisterStandardPasses RegisterInjectionRoutinesPass0( + PassManagerBuilder::EP_EnabledOnOptLevel0, registerInjectionRoutinesPass); + + #if LLVM_VERSION_MAJOR >= 11 +static RegisterStandardPasses RegisterInjectionRoutinesPassLTO( + PassManagerBuilder::EP_FullLinkTimeOptimizationLast, + registerInjectionRoutinesPass); + #endif +#endif + From aad9ac2b33cc05dc4bc11a3763386c4eb8d5672b Mon Sep 17 00:00:00 2001 From: Sonic <50692172+SonicStark@users.noreply.github.com> Date: Thu, 4 Jan 2024 21:35:25 +0800 Subject: [PATCH 280/357] Output afl-clang-fast stuffs only if necessary (#1912) * afl-cc header * afl-cc common declarations - Add afl-cc-state.c - Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c - Use debugf_args in main - Modify execvp stuffs to fit new aflcc struct * afl-cc show usage * afl-cc mode selecting 1. compiler_mode by callname in argv[0] 2. compiler_mode by env "AFL_CC_COMPILER" 3. compiler_mode/instrument_mode by command line options "--afl-..." 4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT" 5. final checking steps 6. print "... - mode: %s-%s\n" 7. determine real argv[0] according to compiler_mode * afl-cc macro defs * afl-cc linking behaviors * afl-cc fsanitize behaviors * afl-cc misc * afl-cc body update * afl-cc all-in-one formated with custom-format.py * nits --------- Co-authored-by: vanhauser-thc --- src/afl-cc.c | 3264 ++++++++++++++++++++++++++++---------------------- 1 file changed, 1838 insertions(+), 1426 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 54c733c9ce..08348d2c0d 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -47,23 +47,22 @@ #define LLVM_MINOR 0 #endif -static u8 *obj_path; /* Path to runtime libraries */ -static u8 **cc_params; /* Parameters passed to the real CC */ -static u32 cc_par_cnt = 1; /* Param count, including argv0 */ -static u8 clang_mode; /* Invoked as afl-clang*? */ -static u8 llvm_fullpath[PATH_MAX]; -static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode; -static u8 compiler_mode, plusplus_mode, have_instr_env = 0, need_aflpplib = 0; -static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0; -static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull; -static u8 debug; -static u8 cwd[4096]; -static u8 cmplog_mode; -u8 use_stdin; /* dummy */ -static int passthrough; -// static u8 *march_opt = CFLAGS_OPT; - -enum { +#ifndef MAX_PARAMS_NUM + #define MAX_PARAMS_NUM 2048 +#endif + +/* Global declarations */ + +typedef enum { + + PARAM_MISS, // not matched + PARAM_SCAN, // scan only + PARAM_KEEP, // kept as-is + PARAM_DROP, // ignored + +} param_st; + +typedef enum { INSTRUMENT_DEFAULT = 0, INSTRUMENT_CLASSIC = 1, @@ -80,7 +79,20 @@ enum { INSTRUMENT_OPT_CTX_K = 64, INSTRUMENT_OPT_CODECOV = 128, -}; +} instrument_mode_id; + +typedef enum { + + UNSET = 0, + LTO = 1, + LLVM = 2, + GCC_PLUGIN = 3, + GCC = 4, + CLANG = 5 + +} compiler_mode_id; + +static u8 cwd[4096]; char instrument_mode_string[18][18] = { @@ -105,17 +117,6 @@ char instrument_mode_string[18][18] = { }; -enum { - - UNSET = 0, - LTO = 1, - LLVM = 2, - GCC_PLUGIN = 3, - GCC = 4, - CLANG = 5 - -}; - char compiler_mode_string[7][12] = { "AUTOSELECT", "LLVM-LTO", "LLVM", "GCC_PLUGIN", @@ -123,6 +124,18 @@ char compiler_mode_string[7][12] = { }; +u8 *instrument_mode_2str(instrument_mode_id i) { + + return instrument_mode_string[i]; + +} + +u8 *compiler_mode_2str(compiler_mode_id i) { + + return compiler_mode_string[i]; + +} + u8 *getthecwd() { if (getcwd(cwd, sizeof(cwd)) == NULL) { @@ -136,26 +149,228 @@ u8 *getthecwd() { } -/* Try to find a specific runtime we need, returns NULL on fail. */ +typedef struct aflcc_state { + + u8 **cc_params; /* Parameters passed to the real CC */ + u32 cc_par_cnt; /* Param count, including argv0 */ + + u8 *argv0; /* Original argv0 (by strdup) */ + u8 *callname; /* Executable file argv0 indicated */ + + u8 debug; + + u8 compiler_mode, plusplus_mode, lto_mode; + + u8 *lto_flag; + + u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k; + + u8 cmplog_mode; + + u8 have_instr_env, have_gcc, have_llvm, have_gcc_plugin, have_lto, + have_optimized_pcguard, have_instr_list; + + u8 fortify_set, asan_set, x_set, bit_mode, preprocessor_only, have_unroll, + have_o, have_pic, have_c, shared_linking, partial_linking, non_dash; + + // u8 *march_opt; + u8 need_aflpplib; + int passthrough; + + u8 use_stdin; /* dummy */ + u8 *argvnull; /* dummy */ + +} aflcc_state_t; + +void aflcc_state_init(aflcc_state_t *, u8 *argv0); + +/* Try to find a specific runtime we need, the path to obj would be + allocated and returned. Otherwise it returns NULL on fail. */ +u8 *find_object(aflcc_state_t *, u8 *obj); + +void find_built_deps(aflcc_state_t *); + +static inline void limit_params(aflcc_state_t *aflcc, u32 add) { + + if (aflcc->cc_par_cnt + add >= MAX_PARAMS_NUM) + FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); + +} + +static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { + + aflcc->cc_params[aflcc->cc_par_cnt++] = param; + +} + +static inline void insert_object(aflcc_state_t *aflcc, u8 *obj, u8 *fmt, + u8 *msg) { + + u8 *_obj_path = find_object(aflcc, obj); + if (!_obj_path) { + + if (msg) + FATAL("%s", msg); + else + FATAL("Unable to find '%s'", obj); + + } else { + + if (fmt) { + + u8 *_obj_path_fmt = alloc_printf(fmt, _obj_path); + ck_free(_obj_path); + aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path_fmt; + + } else { + + aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path; + + } + + } + +} + +static inline void load_llvm_pass(aflcc_state_t *aflcc, u8 *pass) { + +#if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 + insert_param(aflcc, "-fexperimental-new-pass-manager"); + #endif + insert_object(aflcc, pass, "-fpass-plugin=%s", 0); +#else + insert_param(aflcc, "-Xclang"); + insert_param(aflcc, "-load"); + insert_param(aflcc, "-Xclang"); + insert_object(aflcc, pass, 0, 0); +#endif + +} + +static inline void debugf_args(int argc, char **argv) { + + DEBUGF("cd '%s';", getthecwd()); + for (int i = 0; i < argc; i++) + SAYF(" '%s'", argv[i]); + SAYF("\n"); + fflush(stdout); + fflush(stderr); + +} + +void compiler_mode_by_callname(aflcc_state_t *); +void compiler_mode_by_environ(aflcc_state_t *); +void compiler_mode_by_cmdline(aflcc_state_t *, int argc, char **argv); +void instrument_mode_by_environ(aflcc_state_t *); +void mode_final_checkout(aflcc_state_t *, int argc, char **argv); +void mode_notification(aflcc_state_t *); + +void add_real_argv0(aflcc_state_t *); + +void add_defs_common(aflcc_state_t *); +void add_defs_selective_instr(aflcc_state_t *); +void add_defs_persistent_mode(aflcc_state_t *); +void add_defs_fortify(aflcc_state_t *, u8); +void add_defs_lsan_ctrl(aflcc_state_t *); + +param_st parse_fsanitize(aflcc_state_t *, u8 *, u8); +void add_sanitizers(aflcc_state_t *, char **envp); +void add_optimized_pcguard(aflcc_state_t *); +void add_native_pcguard(aflcc_state_t *); + +void add_assembler(aflcc_state_t *); +void add_gcc_plugin(aflcc_state_t *); + +param_st parse_misc_params(aflcc_state_t *, u8 *, u8); +void add_misc_params(aflcc_state_t *); + +param_st parse_linking_params(aflcc_state_t *, u8 *, u8, u8 *skip_next, + char **argv); + +void add_lto_linker(aflcc_state_t *); +void add_lto_passes(aflcc_state_t *); +void add_runtime(aflcc_state_t *); + +/* Working state */ + +void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { + + // Default NULL/0 is a good start + memset(aflcc, 0, sizeof(aflcc_state_t)); + + aflcc->cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *)); + aflcc->cc_par_cnt = 1; + + aflcc->lto_flag = AFL_CLANG_FLTO; + + // aflcc->march_opt = CFLAGS_OPT; + + /* callname & if C++ mode */ + + aflcc->argv0 = ck_strdup(argv0); + + char *cname = NULL; + + if ((cname = strrchr(aflcc->argv0, '/')) != NULL) { + + cname++; + + } else { + + cname = aflcc->argv0; + + } + + aflcc->callname = cname; + + if (strlen(cname) > 2 && (strncmp(cname + strlen(cname) - 2, "++", 2) == 0 || + strstr(cname, "-g++") != NULL)) { + + aflcc->plusplus_mode = 1; + + } + + /* debug */ + + if (getenv("AFL_DEBUG")) { + + aflcc->debug = 1; + if (strcmp(getenv("AFL_DEBUG"), "0") == 0) unsetenv("AFL_DEBUG"); + + } else if (getenv("AFL_QUIET")) { + + be_quiet = 1; + + } + + if ((getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) && (!aflcc->debug)) { + + be_quiet = 1; + + } + +} /* in find_object() we look here: - 1. if obj_path is already set we look there first - 2. then we check the $AFL_PATH environment variable location if set - 3. next we check argv[0] if it has path information and use it + 1. firstly we check the $AFL_PATH environment variable location if set + 2. next we check argv[0] if it has path information and use it a) we also check ../lib/afl - 4. if 3. failed we check /proc (only Linux, Android, NetBSD, DragonFly, and + 3. if 2. failed we check /proc (only Linux, Android, NetBSD, DragonFly, and FreeBSD with procfs) a) and check here in ../lib/afl too - 5. we look into the AFL_PATH define (usually /usr/local/lib/afl) - 6. we finally try the current directory + 4. we look into the AFL_PATH define (usually /usr/local/lib/afl) + 5. we finally try the current directory if all these attempts fail - we return NULL and the caller has to decide - what to do. + what to do. Otherwise the path to obj would be allocated and returned. */ -static u8 *find_object(u8 *obj, u8 *argv0) { +u8 *find_object(aflcc_state_t *aflcc, u8 *obj) { + + u8 *argv0 = aflcc->argv0; u8 *afl_path = getenv("AFL_PATH"); u8 *slash = NULL, *tmp; @@ -164,14 +379,9 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", afl_path, obj); - if (debug) DEBUGF("Trying %s\n", tmp); - - if (!access(tmp, R_OK)) { - - obj_path = afl_path; - return tmp; + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); @@ -190,11 +400,11 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", dir, obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); if (!access(tmp, R_OK)) { - obj_path = dir; + ck_free(dir); return tmp; } @@ -202,12 +412,10 @@ static u8 *find_object(u8 *obj, u8 *argv0) { ck_free(tmp); tmp = alloc_printf("%s/../lib/afl/%s", dir, obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); if (!access(tmp, R_OK)) { - u8 *dir2 = alloc_printf("%s/../lib/afl", dir); - obj_path = dir2; ck_free(dir); return tmp; @@ -247,26 +455,16 @@ static u8 *find_object(u8 *obj, u8 *argv0) { *slash = 0; tmp = alloc_printf("%s/%s", exepath, obj); - if (!access(tmp, R_OK)) { - - u8 *dir = alloc_printf("%s", exepath); - obj_path = dir; - return tmp; - - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); tmp = alloc_printf("%s/../lib/afl/%s", exepath, obj); - if (debug) DEBUGF("Trying %s\n", tmp); - - if (!access(tmp, R_OK)) { + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - u8 *dir = alloc_printf("%s/../lib/afl/", exepath); - obj_path = dir; - return tmp; + if (!access(tmp, R_OK)) { return tmp; } - } + ck_free(tmp); } @@ -283,1844 +481,1911 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", AFL_PATH, obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - if (!access(tmp, R_OK)) { - - obj_path = AFL_PATH; - return tmp; - - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); - tmp = alloc_printf("./%s", obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - if (!access(tmp, R_OK)) { - - obj_path = "."; - return tmp; - - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); - if (debug) DEBUGF("Trying ... giving up\n"); + if (aflcc->debug) DEBUGF("Trying ... giving up\n"); return NULL; } -void parse_fsanitize(char *string) { +void find_built_deps(aflcc_state_t *aflcc) { - char *p, *ptr = string + strlen("-fsanitize="); - char *new = malloc(strlen(string) + 1); - char *tmp = malloc(strlen(ptr) + 1); - u32 count = 0, len, ende = 0; + char *ptr = NULL; - if (!new || !tmp) { FATAL("could not acquire memory"); } - strcpy(new, "-fsanitize="); + if ((ptr = find_object(aflcc, "as")) != NULL) { - do { + aflcc->have_gcc = 1; + ck_free(ptr); - p = strchr(ptr, ','); - if (!p) { + } - p = ptr + strlen(ptr) + 1; - ende = 1; + if ((ptr = find_object(aflcc, "SanitizerCoveragePCGUARD.so")) != NULL) { - } + aflcc->have_optimized_pcguard = 1; + ck_free(ptr); - len = p - ptr; - if (len) { + } - strncpy(tmp, ptr, len); - tmp[len] = 0; - // fprintf(stderr, "Found: %s\n", tmp); - ptr += len + 1; - if (*tmp) { +#if (LLVM_MAJOR >= 3) - u32 copy = 1; - if (!strcmp(tmp, "fuzzer")) { + if ((ptr = find_object(aflcc, "SanitizerCoverageLTO.so")) != NULL) { - need_aflpplib = 1; - copy = 0; + aflcc->have_lto = 1; + ck_free(ptr); - } else if (!strncmp(tmp, "fuzzer", 6)) { + } - copy = 0; + if ((ptr = find_object(aflcc, "cmplog-routines-pass.so")) != NULL) { - } + aflcc->have_llvm = 1; + ck_free(ptr); - if (copy) { + } - if (count) { strcat(new, ","); } - strcat(new, tmp); - ++count; +#endif - } +#ifdef __ANDROID__ + aflcc->have_llvm = 1; +#endif - } + if ((ptr = find_object(aflcc, "afl-gcc-pass.so")) != NULL) { - } else { + aflcc->have_gcc_plugin = 1; + ck_free(ptr); - ptr++; /*fprintf(stderr, "NO!\n"); */ + } - } +#if !defined(__ANDROID__) && !defined(ANDROID) + ptr = find_object(aflcc, "afl-compiler-rt.o"); - } while (!ende); + if (!ptr) { - strcpy(string, new); - // fprintf(stderr, "string: %s\n", string); - // fprintf(stderr, "new: %s\n", new); + FATAL( + "Unable to find 'afl-compiler-rt.o'. Please set the AFL_PATH " + "environment variable."); -} + } -static u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, - shared_linking = 0, preprocessor_only = 0, have_unroll = 0, - have_o = 0, have_pic = 0, have_c = 0, partial_linking = 0, - non_dash = 0; + if (aflcc->debug) { DEBUGF("rt=%s\n", ptr); } -#ifndef MAX_PARAMS_NUM - #define MAX_PARAMS_NUM 2048 + ck_free(ptr); #endif -static void process_params(u32 argc, char **argv) { +} - if (cc_par_cnt + argc >= MAX_PARAMS_NUM) { +/* compiler_mode & instrument_mode selecting */ - FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); +void compiler_mode_by_callname(aflcc_state_t *aflcc) { - } + if (strncmp(aflcc->callname, "afl-clang-fast", 14) == 0) { - // reset - have_instr_list = 0; - have_c = 0; + /* afl-clang-fast is always created there by makefile + just like afl-clang, burdened with special purposes: + - If llvm-config is not available (i.e. LLVM_MAJOR is 0), + or too old, it falls back to LLVM-NATIVE mode and let + the actual compiler complain if doesn't work. + - Otherwise try default llvm instruments except LTO. + */ +#if (LLVM_MAJOR >= 3) + aflcc->compiler_mode = LLVM; +#else + aflcc->compiler_mode = CLANG; +#endif - if (lto_mode && argc > 1) { + } else - u32 idx; - for (idx = 1; idx < argc; idx++) { +#if (LLVM_MAJOR >= 3) - if (!strncasecmp(argv[idx], "-fpic", 5)) { have_pic = 1; } + if (strncmp(aflcc->callname, "afl-clang-lto", 13) == 0 || - } + strncmp(aflcc->callname, "afl-lto", 7) == 0) { - } + aflcc->compiler_mode = LTO; - // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]); + } else - /* Process the argument list. */ +#endif - u8 skip_next = 0; - while (--argc) { + if (strncmp(aflcc->callname, "afl-gcc-fast", 12) == 0 || - u8 *cur = *(++argv); + strncmp(aflcc->callname, "afl-g++-fast", 12) == 0) { - if (skip_next) { + aflcc->compiler_mode = GCC_PLUGIN; - skip_next = 0; - continue; + } else if (strncmp(aflcc->callname, "afl-gcc", 7) == 0 || - } + strncmp(aflcc->callname, "afl-g++", 7) == 0) { - if (cur[0] != '-') { non_dash = 1; } - if (!strncmp(cur, "--afl", 5)) continue; + aflcc->compiler_mode = GCC; - if (lto_mode && !strncmp(cur, "-flto=thin", 10)) { + } else if (strcmp(aflcc->callname, "afl-clang") == 0 || - FATAL( - "afl-clang-lto cannot work with -flto=thin. Switch to -flto=full or " - "use afl-clang-fast!"); + strcmp(aflcc->callname, "afl-clang++") == 0) { - } + aflcc->compiler_mode = CLANG; - if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue; - if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue; - if (!strncmp(cur, "-fno-unroll", 11)) continue; - if (strstr(cur, "afl-compiler-rt") || strstr(cur, "afl-llvm-rt")) continue; - if (!strcmp(cur, "-Wl,-z,defs") || !strcmp(cur, "-Wl,--no-undefined") || - !strcmp(cur, "--no-undefined")) { + } - continue; +} - } +void compiler_mode_by_environ(aflcc_state_t *aflcc) { - if (compiler_mode == GCC_PLUGIN && !strcmp(cur, "-pipe")) { continue; } + if (getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) { - if (!strcmp(cur, "-z") || !strcmp(cur, "-Wl,-z")) { + aflcc->passthrough = 1; - u8 *param = *(argv + 1); - if (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs")) { + } - skip_next = 1; - continue; + char *ptr = getenv("AFL_CC_COMPILER"); - } + if (!ptr) { return; } - } + if (aflcc->compiler_mode) { - if ((compiler_mode == GCC || compiler_mode == GCC_PLUGIN) && - !strncmp(cur, "-stdlib=", 8)) { + if (!be_quiet) { - if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); } - continue; + WARNF( + "\"AFL_CC_COMPILER\" is set but a specific compiler was already " + "selected by command line parameter or symlink, ignoring the " + "environment variable!"); } - if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) { + } else { - have_instr_list = 1; + if (strncasecmp(ptr, "LTO", 3) == 0) { - } + aflcc->compiler_mode = LTO; - if (!strncmp(cur, "-fsanitize=", strlen("-fsanitize=")) && - strchr(cur, ',')) { + } else if (strncasecmp(ptr, "LLVM", 4) == 0) { - parse_fsanitize(cur); - if (!cur || strlen(cur) <= strlen("-fsanitize=")) { continue; } + aflcc->compiler_mode = LLVM; - } else if ((!strncmp(cur, "-fsanitize=fuzzer-", + } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || - strlen("-fsanitize=fuzzer-")) || - !strncmp(cur, "-fsanitize-coverage", - strlen("-fsanitize-coverage"))) && - (strncmp(cur, "sanitize-coverage-allow", - strlen("sanitize-coverage-allow")) && - strncmp(cur, "sanitize-coverage-deny", - strlen("sanitize-coverage-deny")) && - instrument_mode != INSTRUMENT_LLVMNATIVE)) { + strncasecmp(ptr, "GCC-P", 5) == 0 || + strncasecmp(ptr, "GCCP", 4) == 0) { - if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); } - continue; + aflcc->compiler_mode = GCC_PLUGIN; - } + } else if (strcasecmp(ptr, "GCC") == 0) { - if (need_aflpplib || !strcmp(cur, "-fsanitize=fuzzer")) { + aflcc->compiler_mode = GCC; - u8 *afllib = find_object("libAFLDriver.a", argv[0]); + } else if (strcasecmp(ptr, "CLANG") == 0) { - if (!be_quiet) { + aflcc->compiler_mode = CLANG; - OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); + } else - } + FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr); - if (!afllib) { + } - if (!be_quiet) { +} - WARNF( - "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " - "the flags - this will fail!"); +// If it can be inferred, instrument_mode would also be set +void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { - } + char *ptr = NULL; - } else { + for (int i = 1; i < argc; i++) { - cc_params[cc_par_cnt++] = afllib; + if (strncmp(argv[i], "--afl", 5) == 0) { -#ifdef __APPLE__ - cc_params[cc_par_cnt++] = "-undefined"; - cc_params[cc_par_cnt++] = "dynamic_lookup"; -#endif - - } + if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) { - if (need_aflpplib) { + aflcc->passthrough = 1; + argv[i] = "-g"; // we have to overwrite it, -g is always good + continue; - need_aflpplib = 0; + } - } else { + if (aflcc->compiler_mode && !be_quiet) { - continue; + WARNF( + "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " + "symlink compiler selection!"); } - } + ptr = argv[i]; + ptr += 5; + while (*ptr == '-') + ptr++; - if (!strcmp(cur, "-m32")) bit_mode = 32; - if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32; - if (!strcmp(cur, "-m64")) bit_mode = 64; + if (strncasecmp(ptr, "LTO", 3) == 0) { - if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory")) - asan_set = 1; + aflcc->compiler_mode = LTO; - if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; + } else if (strncasecmp(ptr, "LLVM", 4) == 0) { - if (!strcmp(cur, "-x")) x_set = 1; - if (!strcmp(cur, "-E")) preprocessor_only = 1; - if (!strcmp(cur, "-shared")) shared_linking = 1; - if (!strcmp(cur, "-dynamiclib")) shared_linking = 1; - if (!strcmp(cur, "--target=wasm32-wasi")) passthrough = 1; - if (!strcmp(cur, "-Wl,-r")) partial_linking = 1; - if (!strcmp(cur, "-Wl,-i")) partial_linking = 1; - if (!strcmp(cur, "-Wl,--relocatable")) partial_linking = 1; - if (!strcmp(cur, "-r")) partial_linking = 1; - if (!strcmp(cur, "--relocatable")) partial_linking = 1; - if (!strcmp(cur, "-c")) have_c = 1; + aflcc->compiler_mode = LLVM; - if (!strncmp(cur, "-O", 2)) have_o = 1; - if (!strncmp(cur, "-funroll-loop", 13)) have_unroll = 1; + } else if (strncasecmp(ptr, "PCGUARD", 7) == 0 || - if (*cur == '@') { + strncasecmp(ptr, "PC-GUARD", 8) == 0) { - // response file support. - // we have two choices - move everything to the command line or - // rewrite the response files to temporary files and delete them - // afterwards. We choose the first for easiness. - // We do *not* support quotes in the rsp files to cope with spaces in - // filenames etc! If you need that then send a patch! - u8 *filename = cur + 1; - if (debug) { DEBUGF("response file=%s\n", filename); } - FILE *f = fopen(filename, "r"); - struct stat st; + aflcc->compiler_mode = LLVM; + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - // Check not found or empty? let the compiler complain if so. - if (!f || fstat(fileno(f), &st) < 0 || st.st_size < 1) { + } else if (strcasecmp(ptr, "INSTRIM") == 0 || - cc_params[cc_par_cnt++] = cur; - continue; + strcasecmp(ptr, "CFG") == 0) { - } + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and " + "PCGUARD (default in afl-cc).\n"); - u8 *tmpbuf = malloc(st.st_size + 2), *ptr; - char **args = malloc(sizeof(char *) * (st.st_size >> 1)); - int count = 1, cont = 0, cont_act = 0; + } else if (strcasecmp(ptr, "AFL") == 0 || - while (fgets(tmpbuf, st.st_size + 1, f)) { + strcasecmp(ptr, "CLASSIC") == 0) { - ptr = tmpbuf; - // fprintf(stderr, "1: %s\n", ptr); - // no leading whitespace - while (isspace(*ptr)) { + aflcc->compiler_mode = LLVM; + aflcc->instrument_mode = INSTRUMENT_CLASSIC; - ++ptr; - cont_act = 0; + } else if (strcasecmp(ptr, "LLVMNATIVE") == 0 || - } + strcasecmp(ptr, "NATIVE") == 0 || + strcasecmp(ptr, "LLVM-NATIVE") == 0) { - // no comments, no empty lines - if (*ptr == '#' || *ptr == '\n' || !*ptr) { continue; } - // remove LF - if (ptr[strlen(ptr) - 1] == '\n') { ptr[strlen(ptr) - 1] = 0; } - // remove CR - if (*ptr && ptr[strlen(ptr) - 1] == '\r') { ptr[strlen(ptr) - 1] = 0; } - // handle \ at end of line - if (*ptr && ptr[strlen(ptr) - 1] == '\\') { + aflcc->compiler_mode = LLVM; + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - cont = 1; - ptr[strlen(ptr) - 1] = 0; + } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || - } + strncasecmp(ptr, "GCC-P", 5) == 0 || + strncasecmp(ptr, "GCCP", 4) == 0) { - // fprintf(stderr, "2: %s\n", ptr); + aflcc->compiler_mode = GCC_PLUGIN; - // remove whitespace at end - while (*ptr && isspace(ptr[strlen(ptr) - 1])) { + } else if (strcasecmp(ptr, "GCC") == 0) { - ptr[strlen(ptr) - 1] = 0; - cont = 0; + aflcc->compiler_mode = GCC; - } + } else if (strncasecmp(ptr, "CLANG", 5) == 0) { - // fprintf(stderr, "3: %s\n", ptr); - if (*ptr) { + aflcc->compiler_mode = CLANG; - do { + } else - u8 *value = ptr; - while (*ptr && !isspace(*ptr)) { + FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); - ++ptr; + } - } + } - while (*ptr && isspace(*ptr)) { +} - *ptr++ = 0; +static void instrument_mode_old_environ(aflcc_state_t *aflcc) { - } + if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || + getenv("INSTRIM_LIB")) { - if (cont_act) { + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD " + "(default in afl-cc).\n"); - u32 len = strlen(args[count - 1]) + strlen(value) + 1; - u8 *tmp = malloc(len); - snprintf(tmp, len, "%s%s", args[count - 1], value); - free(args[count - 1]); - args[count - 1] = tmp; - cont_act = 0; + } - } else { + if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") || + getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC")) { - args[count++] = strdup(value); + if (aflcc->instrument_mode == 0) + aflcc->instrument_mode = INSTRUMENT_PCGUARD; + else if (aflcc->instrument_mode != INSTRUMENT_PCGUARD) + FATAL("you cannot set AFL_LLVM_INSTRUMENT and AFL_TRACE_PC together"); - } + } - } while (*ptr); + if (getenv("AFL_LLVM_CTX")) aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX; + if (getenv("AFL_LLVM_CALLER")) + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - } + if (getenv("AFL_LLVM_NGRAM_SIZE")) { - if (cont) { + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_NGRAM; + aflcc->ngram_size = atoi(getenv("AFL_LLVM_NGRAM_SIZE")); + if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX) + FATAL( + "NGRAM instrumentation mode must be between 2 and NGRAM_SIZE_MAX " + "(%u)", + NGRAM_SIZE_MAX); - cont_act = 1; - cont = 0; + } - } + if (getenv("AFL_LLVM_CTX_K")) { - } + aflcc->ctx_k = atoi(getenv("AFL_LLVM_CTX_K")); + if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K) + FATAL("K-CTX instrumentation mode must be between 1 and CTX_MAX_K (%u)", + CTX_MAX_K); + if (aflcc->ctx_k == 1) { - if (count) { process_params(count, args); } + setenv("AFL_LLVM_CALLER", "1", 1); + unsetenv("AFL_LLVM_CTX_K"); + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - // we cannot free args[] - free(tmpbuf); + } else { - continue; + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX_K; } - cc_params[cc_par_cnt++] = cur; - } } -/* Copy argv to cc_params, making the necessary edits. */ - -static void edit_params(u32 argc, char **argv, char **envp) { +// compiler_mode would also be set if depended by the instrument_mode +static void instrument_mode_new_environ(aflcc_state_t *aflcc) { - cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *)); + if (!getenv("AFL_LLVM_INSTRUMENT")) { return; } - for (u32 c = 1; c < argc; ++c) { + u8 *ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;"); - if (!strcmp(argv[c], "-c")) have_c = 1; - if (!strncmp(argv[c], "-fsanitize-coverage-", 20) && - strstr(argv[c], "list=")) { + while (ptr2) { - have_instr_list = 1; - - } + if (strncasecmp(ptr2, "afl", strlen("afl")) == 0 || + strncasecmp(ptr2, "classic", strlen("classic")) == 0) { - } + if (aflcc->instrument_mode == INSTRUMENT_LTO) { - if (lto_mode) { + aflcc->instrument_mode = INSTRUMENT_CLASSIC; + aflcc->lto_mode = 1; - if (lto_flag[0] != '-') - FATAL( - "Using afl-clang-lto is not possible because Makefile magic did not " - "identify the correct -flto flag"); - else - compiler_mode = LTO; + } else if (!aflcc->instrument_mode || - } + aflcc->instrument_mode == INSTRUMENT_AFL) { - if (plusplus_mode) { + aflcc->instrument_mode = INSTRUMENT_AFL; - u8 *alt_cxx = getenv("AFL_CXX"); + } else { - if (!alt_cxx) { + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); - if (compiler_mode >= GCC_PLUGIN) { + } - if (compiler_mode == GCC) { + } - alt_cxx = clang_mode ? "clang++" : "g++"; + if (strncasecmp(ptr2, "pc-guard", strlen("pc-guard")) == 0 || + strncasecmp(ptr2, "pcguard", strlen("pcguard")) == 0) { - } else if (compiler_mode == CLANG) { + if (!aflcc->instrument_mode || + aflcc->instrument_mode == INSTRUMENT_PCGUARD) - alt_cxx = "clang++"; + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - } else { + else + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); - alt_cxx = "g++"; + } - } + if (strncasecmp(ptr2, "llvmnative", strlen("llvmnative")) == 0 || + strncasecmp(ptr2, "llvm-native", strlen("llvm-native")) == 0 || + strncasecmp(ptr2, "native", strlen("native")) == 0) { - } else { + if (!aflcc->instrument_mode || + aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) - if (USE_BINDIR) - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", - LLVM_BINDIR); - else - snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANGPP_BIN); - alt_cxx = llvm_fullpath; + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - } + else + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); } - cc_params[0] = alt_cxx; - - } else { + if (strncasecmp(ptr2, "llvmcodecov", strlen("llvmcodecov")) == 0 || + strncasecmp(ptr2, "llvm-codecov", strlen("llvm-codecov")) == 0) { - u8 *alt_cc = getenv("AFL_CC"); + if (!aflcc->instrument_mode || + aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) { - if (!alt_cc) { + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CODECOV; - if (compiler_mode >= GCC_PLUGIN) { + } else { - if (compiler_mode == GCC) { + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); - alt_cc = clang_mode ? "clang" : "gcc"; + } - } else if (compiler_mode == CLANG) { + } - alt_cc = "clang"; + if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 || + strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) { - } else { + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and " + "PCGUARD (default in afl-cc).\n"); - alt_cc = "gcc"; + } - } + if (strncasecmp(ptr2, "lto", strlen("lto")) == 0) { - } else { + aflcc->lto_mode = 1; + if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_LTO) - if (USE_BINDIR) - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", - LLVM_BINDIR); - else - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s", CLANG_BIN); - alt_cc = llvm_fullpath; + aflcc->instrument_mode = INSTRUMENT_LTO; - } + else + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); } - cc_params[0] = alt_cc; - - } + if (strcasecmp(ptr2, "gcc") == 0) { - if (compiler_mode == GCC || compiler_mode == CLANG) { + if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_GCC) - cc_params[cc_par_cnt++] = "-B"; - cc_params[cc_par_cnt++] = obj_path; + aflcc->instrument_mode = INSTRUMENT_GCC; - if (clang_mode || compiler_mode == CLANG) { + else if (aflcc->instrument_mode != INSTRUMENT_GCC) + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); - cc_params[cc_par_cnt++] = "-no-integrated-as"; + aflcc->compiler_mode = GCC; } - } + if (strcasecmp(ptr2, "clang") == 0) { - if (compiler_mode == GCC_PLUGIN) { + if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_CLANG) - char *fplugin_arg; + aflcc->instrument_mode = INSTRUMENT_CLANG; - if (cmplog_mode) { + else if (aflcc->instrument_mode != INSTRUMENT_CLANG) + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); - fplugin_arg = - alloc_printf("-fplugin=%s/afl-gcc-cmplog-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; - fplugin_arg = - alloc_printf("-fplugin=%s/afl-gcc-cmptrs-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; + aflcc->compiler_mode = CLANG; } - fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; - cc_params[cc_par_cnt++] = "-fno-if-conversion"; - cc_params[cc_par_cnt++] = "-fno-if-conversion2"; - - } + if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || + strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || + strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { - if (compiler_mode == LLVM || compiler_mode == LTO) { + u8 *ptr3 = ptr2; + while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) + ptr3++; - cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument"; + if (!*ptr3) { - if (lto_mode && have_instr_env) { + if ((ptr3 = getenv("AFL_LLVM_CTX_K")) == NULL) + FATAL( + "you must set the K-CTX K with (e.g. for value 2) " + "AFL_LLVM_INSTRUMENT=ctx-2"); -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = alloc_printf( - "-fpass-plugin=%s/afl-llvm-lto-instrumentlist.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-lto-instrumentlist.so", obj_path); -#endif + } - } + aflcc->ctx_k = atoi(ptr3); + if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K) + FATAL( + "K-CTX instrumentation option must be between 1 and CTX_MAX_K " + "(%u)", + CTX_MAX_K); - if (getenv("AFL_LLVM_DICT2FILE")) { + if (aflcc->ctx_k == 1) { -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/afl-llvm-dict2file.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-dict2file.so", obj_path); -#endif + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; + setenv("AFL_LLVM_CALLER", "1", 1); + unsetenv("AFL_LLVM_CTX_K"); - } + } else { - // laf - if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) { + aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_CTX_K); + u8 *ptr4 = alloc_printf("%u", aflcc->ctx_k); + setenv("AFL_LLVM_CTX_K", ptr4, 1); -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/split-switches-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/split-switches-pass.so", obj_path); -#endif + } } - if (getenv("LAF_TRANSFORM_COMPARES") || - getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { + if (strcasecmp(ptr2, "ctx") == 0) { -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/compare-transform-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/compare-transform-pass.so", obj_path); -#endif + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX; + setenv("AFL_LLVM_CTX", "1", 1); } - if (getenv("LAF_SPLIT_COMPARES") || getenv("AFL_LLVM_LAF_SPLIT_COMPARES") || - getenv("AFL_LLVM_LAF_SPLIT_FLOATS")) { + if (strncasecmp(ptr2, "caller", strlen("caller")) == 0) { -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/split-compares-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/split-compares-pass.so", obj_path); -#endif + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; + setenv("AFL_LLVM_CALLER", "1", 1); } - // /laf + if (strncasecmp(ptr2, "ngram", strlen("ngram")) == 0) { - unsetenv("AFL_LD"); - unsetenv("AFL_LD_CALLER"); + u8 *ptr3 = ptr2 + strlen("ngram"); + while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) { - if (cmplog_mode) { + ptr3++; - cc_params[cc_par_cnt++] = "-fno-inline"; + } -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/cmplog-switches-pass.so", obj_path); - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/split-switches-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-switches-pass.so", obj_path); + if (!*ptr3) { - // reuse split switches from laf - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/split-switches-pass.so", obj_path); -#endif + if ((ptr3 = getenv("AFL_LLVM_NGRAM_SIZE")) == NULL) + FATAL( + "you must set the NGRAM size with (e.g. for value 2) " + "AFL_LLVM_INSTRUMENT=ngram-2"); - } + } - // #if LLVM_MAJOR >= 13 - // // Use the old pass manager in LLVM 14 which the AFL++ passes still - // use. cc_params[cc_par_cnt++] = "-flegacy-pass-manager"; - // #endif + aflcc->ngram_size = atoi(ptr3); - if (lto_mode && !have_c) { + if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX) { - u8 *ld_path = NULL; - if (getenv("AFL_REAL_LD")) { + FATAL( + "NGRAM instrumentation option must be between 2 and " + "NGRAM_SIZE_MAX (%u)", + NGRAM_SIZE_MAX); - ld_path = strdup(getenv("AFL_REAL_LD")); + } - } else { + aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_NGRAM); + u8 *ptr4 = alloc_printf("%u", aflcc->ngram_size); + setenv("AFL_LLVM_NGRAM_SIZE", ptr4, 1); - ld_path = strdup(AFL_REAL_LD); + } - } + ptr2 = strtok(NULL, ":,;"); - if (!ld_path || !*ld_path) { + } - if (ld_path) { +} - // Freeing empty string - free(ld_path); +void instrument_mode_by_environ(aflcc_state_t *aflcc) { - } + if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST") || + getenv("AFL_LLVM_ALLOWLIST") || getenv("AFL_LLVM_DENYLIST") || + getenv("AFL_LLVM_BLOCKLIST")) { - ld_path = strdup("ld.lld"); + aflcc->have_instr_env = 1; - } + } - if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } -#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 - cc_params[cc_par_cnt++] = alloc_printf("--ld-path=%s", ld_path); -#else - cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", ld_path); -#endif - free(ld_path); - -#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15 - // The NewPM implementation only works fully since LLVM 15. - cc_params[cc_par_cnt++] = alloc_printf( - "-Wl,--load-pass-plugin=%s/SanitizerCoverageLTO.so", obj_path); -#elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13 - cc_params[cc_par_cnt++] = "-Wl,--lto-legacy-pass-manager"; - cc_params[cc_par_cnt++] = - alloc_printf("-Wl,-mllvm=-load=%s/SanitizerCoverageLTO.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-fno-experimental-new-pass-manager"; - cc_params[cc_par_cnt++] = - alloc_printf("-Wl,-mllvm=-load=%s/SanitizerCoverageLTO.so", obj_path); -#endif + if (aflcc->have_instr_env && getenv("AFL_DONT_OPTIMIZE") && !be_quiet) { - cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; - cc_params[cc_par_cnt++] = lto_flag; + WARNF( + "AFL_LLVM_ALLOWLIST/DENYLIST and AFL_DONT_OPTIMIZE cannot be combined " + "for file matching, only function matching!"); - } else { + } - if (instrument_mode == INSTRUMENT_PCGUARD) { + instrument_mode_old_environ(aflcc); + instrument_mode_new_environ(aflcc); -#if LLVM_MAJOR >= 13 - #if defined __ANDROID__ || ANDROID - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; - instrument_mode = INSTRUMENT_LLVMNATIVE; - #else - if (have_instr_list) { - - if (!be_quiet) - SAYF( - "Using unoptimized trace-pc-guard, due usage of " - "-fsanitize-coverage-allow/denylist, you can use " - "AFL_LLVM_ALLOWLIST/AFL_LLMV_DENYLIST instead.\n"); - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; - instrument_mode = INSTRUMENT_LLVMNATIVE; - - } else { - - #if LLVM_MAJOR >= 13 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = alloc_printf( - "-fpass-plugin=%s/SanitizerCoveragePCGUARD.so", obj_path); - #else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/SanitizerCoveragePCGUARD.so", obj_path); - #endif +} - } +static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) { - #endif -#else - #if LLVM_MAJOR >= 4 - if (!be_quiet) - SAYF( - "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " - "enhanced version.\n"); - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; - instrument_mode = INSTRUMENT_LLVMNATIVE; - #else - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); - #endif -#endif + if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER)) { - } else if (instrument_mode == INSTRUMENT_LLVMNATIVE) { + FATAL("you cannot set CTX and CALLER together"); -#if LLVM_MAJOR >= 4 - if (instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { + } - #if LLVM_MAJOR >= 6 - cc_params[cc_par_cnt++] = - "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"; - #else - FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); - #endif + if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { - } else { + FATAL("you cannot set CTX and K-CTX together"); - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; + } - } + if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) && + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { -#else - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); -#endif + FATAL("you cannot set CALLER and K-CTX together"); - } else { + } -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/afl-llvm-pass.so", obj_path); -#else + if (aflcc->instrument_opt_mode && aflcc->compiler_mode != LLVM) + FATAL("CTX, CALLER and NGRAM can only be used in LLVM mode"); - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path); -#endif + if (aflcc->instrument_opt_mode && + aflcc->instrument_opt_mode != INSTRUMENT_OPT_CODECOV && + aflcc->instrument_mode != INSTRUMENT_CLASSIC) + FATAL( + "CALLER, CTX and NGRAM instrumentation options can only be used with " + "the LLVM CLASSIC instrumentation mode."); - } +} - } +void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { - if (cmplog_mode) { + if (aflcc->instrument_opt_mode && + aflcc->instrument_mode == INSTRUMENT_DEFAULT && + (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == UNSET)) { -#if LLVM_MAJOR >= 11 - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = alloc_printf( - "-fpass-plugin=%s/cmplog-instructions-pass.so", obj_path); - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/cmplog-routines-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-instructions-pass.so", obj_path); - - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-routines-pass.so", obj_path); -#endif + aflcc->instrument_mode = INSTRUMENT_CLASSIC; + aflcc->compiler_mode = LLVM; - } + } - if (getenv("AFL_LLVM_INJECTIONS_ALL") || - getenv("AFL_LLVM_INJECTIONS_SQL") || - getenv("AFL_LLVM_INJECTIONS_LDAP") || - getenv("AFL_LLVM_INJECTIONS_XSS")) { + if (!aflcc->compiler_mode) { -#if LLVM_MAJOR >= 11 - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/injection-pass.so", obj_path); + // lto is not a default because outside of afl-cc RANLIB and AR have to + // be set to LLVM versions so this would work + if (aflcc->have_llvm) + aflcc->compiler_mode = LLVM; + else if (aflcc->have_gcc_plugin) + aflcc->compiler_mode = GCC_PLUGIN; + else if (aflcc->have_gcc) +#ifdef __APPLE__ + // on OSX clang masquerades as GCC + aflcc->compiler_mode = CLANG; #else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = alloc_printf("%s/injection-pass.so", obj_path); + aflcc->compiler_mode = GCC; #endif - - } - - // cc_params[cc_par_cnt++] = "-Qunused-arguments"; + else if (aflcc->have_lto) + aflcc->compiler_mode = LTO; + else + FATAL("no compiler mode available"); } - /* Inspect the command line parameters. */ - - process_params(argc, argv); - - if (!have_pic) { + if (aflcc->compiler_mode == GCC) { aflcc->instrument_mode = INSTRUMENT_GCC; } - cc_params[cc_par_cnt++] = "-fPIC"; - have_pic = 1; + if (aflcc->compiler_mode == CLANG) { - } + /* if our PCGUARD implementation is not available then silently switch to + native LLVM PCGUARD. Or classic asm instrument is explicitly preferred. */ + if (!aflcc->have_optimized_pcguard && + (aflcc->instrument_mode == INSTRUMENT_DEFAULT || + aflcc->instrument_mode == INSTRUMENT_PCGUARD)) { - if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC && - !getenv("AFL_LLVM_NO_RPATH")) { + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - // in case LLVM is installed not via a package manager or "make install" - // e.g. compiled download or compiled from github then its ./lib directory - // might not be in the search path. Add it if so. - const char *libdir = LLVM_LIBDIR; - if (plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && - strncmp(libdir, "/lib", 4)) { + } else { - u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR); - cc_params[cc_par_cnt++] = libdir_opt; + aflcc->instrument_mode = INSTRUMENT_CLANG; + setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as } } - if (getenv("AFL_HARDEN")) { - - cc_params[cc_par_cnt++] = "-fstack-protector-all"; - - if (!fortify_set) cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2"; + if (aflcc->compiler_mode == LTO) { - } + if (aflcc->instrument_mode == 0 || + aflcc->instrument_mode == INSTRUMENT_LTO || + aflcc->instrument_mode == INSTRUMENT_CFG || + aflcc->instrument_mode == INSTRUMENT_PCGUARD) { - if (!asan_set) { + aflcc->lto_mode = 1; + // force CFG + // if (!aflcc->instrument_mode) { - if (getenv("AFL_USE_ASAN")) { + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); + // } - if (getenv("AFL_HARDEN")) - FATAL("ASAN and AFL_HARDEN are mutually exclusive"); + } else if (aflcc->instrument_mode == INSTRUMENT_CLASSIC) { - cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; - cc_params[cc_par_cnt++] = "-fsanitize=address"; + aflcc->lto_mode = 1; - } else if (getenv("AFL_USE_MSAN")) { + } else { - if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); + if (!be_quiet) { - if (getenv("AFL_HARDEN")) - FATAL("MSAN and AFL_HARDEN are mutually exclusive"); + WARNF("afl-clang-lto called with mode %s, using that mode instead", + instrument_mode_2str(aflcc->instrument_mode)); - cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; - cc_params[cc_par_cnt++] = "-fsanitize=memory"; + } } } - if (getenv("AFL_USE_UBSAN")) { + if (aflcc->instrument_mode == 0 && aflcc->compiler_mode < GCC_PLUGIN) { - cc_params[cc_par_cnt++] = "-fsanitize=undefined"; - cc_params[cc_par_cnt++] = "-fsanitize-undefined-trap-on-error"; - cc_params[cc_par_cnt++] = "-fno-sanitize-recover=all"; - cc_params[cc_par_cnt++] = "-fno-omit-frame-pointer"; +#if LLVM_MAJOR >= 7 + #if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) + if (aflcc->have_instr_env) { - } + aflcc->instrument_mode = INSTRUMENT_AFL; + if (!be_quiet) { - if (getenv("AFL_USE_TSAN")) { + WARNF( + "Switching to classic instrumentation because " + "AFL_LLVM_ALLOWLIST/DENYLIST does not work with PCGUARD < 10.0.1."); - cc_params[cc_par_cnt++] = "-fsanitize=thread"; - cc_params[cc_par_cnt++] = "-fno-omit-frame-pointer"; + } - } + } else - if (getenv("AFL_USE_LSAN")) { + #endif + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - cc_params[cc_par_cnt++] = "-fsanitize=leak"; - cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; - cc_params[cc_par_cnt++] = - "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) " - "_exit(23); }"; - cc_params[cc_par_cnt++] = "-D__AFL_LSAN_OFF()=__lsan_disable();"; - cc_params[cc_par_cnt++] = "-D__AFL_LSAN_ON()=__lsan_enable();"; +#else + aflcc->instrument_mode = INSTRUMENT_AFL; +#endif } - if (getenv("AFL_USE_CFISAN")) { - - if (compiler_mode == GCC_PLUGIN || compiler_mode == GCC) { - - cc_params[cc_par_cnt++] = "-fcf-protection=full"; + if (!aflcc->instrument_opt_mode && aflcc->lto_mode && + aflcc->instrument_mode == INSTRUMENT_CFG) { - } else { - - if (!lto_mode) { + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - uint32_t i = 0, found = 0; - while (envp[i] != NULL && !found) - if (strncmp("-flto", envp[i++], 5) == 0) found = 1; - if (!found) cc_params[cc_par_cnt++] = "-flto"; + } - } +#ifndef AFL_CLANG_FLTO + if (aflcc->lto_mode) + FATAL( + "instrumentation mode LTO specified but LLVM support not available " + "(requires LLVM 11 or higher)"); +#endif - cc_params[cc_par_cnt++] = "-fsanitize=cfi"; - cc_params[cc_par_cnt++] = "-fvisibility=hidden"; + if (aflcc->lto_mode) { - } + if (aflcc->lto_flag[0] != '-') + FATAL( + "Using afl-clang-lto is not possible because Makefile magic did not " + "identify the correct -flto flag"); + else + aflcc->compiler_mode = LTO; } - if (!getenv("AFL_DONT_OPTIMIZE")) { - - cc_params[cc_par_cnt++] = "-g"; - if (!have_o) cc_params[cc_par_cnt++] = "-O3"; - if (!have_unroll) cc_params[cc_par_cnt++] = "-funroll-loops"; - // if (strlen(march_opt) > 1 && march_opt[0] == '-') - // cc_params[cc_par_cnt++] = march_opt; + if (getenv("AFL_LLVM_SKIP_NEVERZERO") && getenv("AFL_LLVM_NOT_ZERO")) + FATAL( + "AFL_LLVM_NOT_ZERO and AFL_LLVM_SKIP_NEVERZERO can not be set " + "together"); - } +#if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) - if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || - getenv("LAF_TRANSFORM_COMPARES") || getenv("AFL_LLVM_LAF_ALL") || - lto_mode) { + if (aflcc->instrument_mode == INSTRUMENT_PCGUARD && aflcc->have_instr_env) { - cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-bcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; - cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; + FATAL( + "Instrumentation type PCGUARD does not support " + "AFL_LLVM_ALLOWLIST/DENYLIST! Use LLVM 10.0.1+ instead."); } -#if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ - if (!have_c) cc_params[cc_par_cnt++] = "-lrt"; #endif - cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1"; - cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"; - - /* As documented in instrumentation/README.persistent_mode.md, deferred - forkserver initialization and persistent mode are not available in afl-gcc - and afl-clang. */ - if (compiler_mode != GCC && compiler_mode != CLANG) { - - cc_params[cc_par_cnt++] = "-D__AFL_HAVE_MANUAL_CONTROL=1"; + instrument_opt_mode_exclude(aflcc); - /* When the user tries to use persistent or deferred forkserver modes by - appending a single line to the program, we want to reliably inject a - signature into the binary (to be picked up by afl-fuzz) and we want - to call a function from the runtime .o file. This is unnecessarily - painful for three reasons: - - 1) We need to convince the compiler not to optimize out the signature. - This is done with __attribute__((used)). - - 2) We need to convince the linker, when called with -Wl,--gc-sections, - not to do the same. This is done by forcing an assignment to a - 'volatile' pointer. + u8 *ptr2; - 3) We need to declare __afl_persistent_loop() in the global namespace, - but doing this within a method in a class is hard - :: and extern "C" - are forbidden and __attribute__((alias(...))) doesn't work. Hence the - __asm__ aliasing trick. + if ((ptr2 = getenv("AFL_LLVM_DICT2FILE")) != NULL && *ptr2 != '/') + FATAL("AFL_LLVM_DICT2FILE must be set to an absolute file path"); - */ + if (getenv("AFL_LLVM_LAF_ALL")) { - cc_params[cc_par_cnt++] = - "-D__AFL_FUZZ_INIT()=" - "int __afl_sharedmem_fuzzing = 1;" - "extern unsigned int *__afl_fuzz_len;" - "extern unsigned char *__afl_fuzz_ptr;" - "unsigned char __afl_fuzz_alt[1048576];" - "unsigned char *__afl_fuzz_alt_ptr = __afl_fuzz_alt;"; + setenv("AFL_LLVM_LAF_SPLIT_SWITCHES", "1", 1); + setenv("AFL_LLVM_LAF_SPLIT_COMPARES", "1", 1); + setenv("AFL_LLVM_LAF_SPLIT_FLOATS", "1", 1); + setenv("AFL_LLVM_LAF_TRANSFORM_COMPARES", "1", 1); } - if (plusplus_mode) { + aflcc->cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") || + getenv("AFL_GCC_CMPLOG"); - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" - "extern \"C\" void __afl_coverage_discard();" - "extern \"C\" void __afl_coverage_skip();" - "extern \"C\" void __afl_coverage_on();" - "extern \"C\" void __afl_coverage_off();"; +} - } else { +void mode_notification(aflcc_state_t *aflcc) { - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" - "void __afl_coverage_discard();" - "void __afl_coverage_skip();" - "void __afl_coverage_on();" - "void __afl_coverage_off();"; + char *ptr2 = alloc_printf(" + NGRAM-%u", aflcc->ngram_size); + char *ptr3 = alloc_printf(" + K-CTX-%u", aflcc->ctx_k); - } + char *ptr1 = alloc_printf( + "%s%s%s%s%s", instrument_mode_2str(aflcc->instrument_mode), + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) ? " + CTX" : "", + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) ? " + CALLER" : "", + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_NGRAM) ? ptr2 : "", + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K) ? ptr3 : ""); - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " - "1;"; - cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_ON()=__afl_coverage_on()"; - cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_OFF()=__afl_coverage_off()"; - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE_DISCARD()=__afl_coverage_discard()"; - cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_SKIP()=__afl_coverage_skip()"; - cc_params[cc_par_cnt++] = - "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : " - "__afl_fuzz_alt_ptr)"; - cc_params[cc_par_cnt++] = - "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : " - "(*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1048576)) == 0xffffffff " - "? 0 : *__afl_fuzz_len)"; + ck_free(ptr2); + ck_free(ptr3); - if (compiler_mode != GCC && compiler_mode != CLANG) { + if ((isatty(2) && !be_quiet) || aflcc->debug) { - cc_params[cc_par_cnt++] = - "-D__AFL_LOOP(_A)=" - "({ static volatile const char *_B __attribute__((used,unused)); " - " _B = (const char*)\"" PERSIST_SIG - "\"; " - "extern int __afl_connected;" -#ifdef __APPLE__ - "__attribute__((visibility(\"default\"))) " - "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " -#else - "__attribute__((visibility(\"default\"))) " - "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " -#endif /* ^__APPLE__ */ - // if afl is connected, we run _A times, else once. - "_L(__afl_connected ? _A : 1); })"; - - cc_params[cc_par_cnt++] = - "-D__AFL_INIT()=" - "do { static volatile const char *_A __attribute__((used,unused)); " - " _A = (const char*)\"" DEFER_SIG - "\"; " -#ifdef __APPLE__ - "__attribute__((visibility(\"default\"))) " - "void _I(void) __asm__(\"___afl_manual_init\"); " -#else - "__attribute__((visibility(\"default\"))) " - "void _I(void) __asm__(\"__afl_manual_init\"); " -#endif /* ^__APPLE__ */ - "_I(); } while (0)"; + SAYF(cCYA + "afl-cc" VERSION cRST + " by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: %s-%s\n", + compiler_mode_2str(aflcc->compiler_mode), ptr1); } - if (x_set) { - - cc_params[cc_par_cnt++] = "-x"; - cc_params[cc_par_cnt++] = "none"; - - } + ck_free(ptr1); - // prevent unnecessary build errors - if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC) { + if (!be_quiet && + (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG)) { - cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument"; + WARNF( + "You are using outdated instrumentation, install LLVM and/or " + "gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast " + "instead!"); } - if (preprocessor_only || have_c || !non_dash) { +} - /* In the preprocessor_only case (-E), we are not actually compiling at - all but requesting the compiler to output preprocessed sources only. - We must not add the runtime in this case because the compiler will - simply output its binary content back on stdout, breaking any build - systems that rely on a separate source preprocessing step. */ - cc_params[cc_par_cnt] = NULL; - return; +void add_real_argv0(aflcc_state_t *aflcc) { - } + static u8 llvm_fullpath[PATH_MAX]; -#ifndef __ANDROID__ + if (aflcc->plusplus_mode) { - if (compiler_mode != GCC && compiler_mode != CLANG) { + u8 *alt_cxx = getenv("AFL_CXX"); - switch (bit_mode) { + if (!alt_cxx) { - case 0: - if (!shared_linking && !partial_linking) - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-compiler-rt.o", obj_path); - if (lto_mode) - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-rt-lto.o", obj_path); - break; + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { - case 32: - if (!shared_linking && !partial_linking) { + alt_cxx = "g++"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-compiler-rt-32.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m32 is not supported by your compiler"); + } else if (aflcc->compiler_mode == CLANG) { - } + alt_cxx = "clang++"; - if (lto_mode) { + } else { - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-rt-lto-32.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m32 is not supported by your compiler"); + if (USE_BINDIR) + snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", + LLVM_BINDIR); + else + snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANGPP_BIN); + alt_cxx = llvm_fullpath; - } + } - break; + } - case 64: - if (!shared_linking && !partial_linking) { + aflcc->cc_params[0] = alt_cxx; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-compiler-rt-64.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m64 is not supported by your compiler"); + } else { - } + u8 *alt_cc = getenv("AFL_CC"); - if (lto_mode) { + if (!alt_cc) { - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-rt-lto-64.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m64 is not supported by your compiler"); + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { - } + alt_cc = "gcc"; - break; + } else if (aflcc->compiler_mode == CLANG) { - } + alt_cc = "clang"; - #if !defined(__APPLE__) && !defined(__sun) - if (!shared_linking && !partial_linking) - cc_params[cc_par_cnt++] = - alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path); - #endif + } else { - #if defined(__APPLE__) - if (shared_linking || partial_linking) { + if (USE_BINDIR) + snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", + LLVM_BINDIR); + else + snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN); + alt_cc = llvm_fullpath; - cc_params[cc_par_cnt++] = "-Wl,-U"; - cc_params[cc_par_cnt++] = "-Wl,___afl_area_ptr"; - cc_params[cc_par_cnt++] = "-Wl,-U"; - cc_params[cc_par_cnt++] = "-Wl,___sanitizer_cov_trace_pc_guard_init"; + } } - #endif + aflcc->cc_params[0] = alt_cc; } - #if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ - cc_params[cc_par_cnt++] = "-lrt"; - #endif - -#endif - - cc_params[cc_par_cnt] = NULL; - } -/* Main entry point */ +/* Macro defs for the preprocessor */ -int main(int argc, char **argv, char **envp) { +void add_defs_common(aflcc_state_t *aflcc) { - int i; - char *callname = argv[0], *ptr = NULL; + insert_param(aflcc, "-D__AFL_COMPILER=1"); + insert_param(aflcc, "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"); - if (getenv("AFL_DEBUG")) { +} - debug = 1; - if (strcmp(getenv("AFL_DEBUG"), "0") == 0) unsetenv("AFL_DEBUG"); +/* See instrumentation/README.instrument_list.md# + 2-selective-instrumentation-with-_afl_coverage-directives */ +void add_defs_selective_instr(aflcc_state_t *aflcc) { - } else if (getenv("AFL_QUIET")) + if (aflcc->plusplus_mode) { - be_quiet = 1; + insert_param(aflcc, + "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" + "extern \"C\" void __afl_coverage_discard();" + "extern \"C\" void __afl_coverage_skip();" + "extern \"C\" void __afl_coverage_on();" + "extern \"C\" void __afl_coverage_off();"); - if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST") || - getenv("AFL_LLVM_ALLOWLIST") || getenv("AFL_LLVM_DENYLIST") || - getenv("AFL_LLVM_BLOCKLIST")) { + } else { - have_instr_env = 1; + insert_param(aflcc, + "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" + "void __afl_coverage_discard();" + "void __afl_coverage_skip();" + "void __afl_coverage_on();" + "void __afl_coverage_off();"); } - if (getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) { + insert_param( + aflcc, + "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " + "1;"); + insert_param(aflcc, "-D__AFL_COVERAGE_ON()=__afl_coverage_on()"); + insert_param(aflcc, "-D__AFL_COVERAGE_OFF()=__afl_coverage_off()"); + insert_param(aflcc, "-D__AFL_COVERAGE_DISCARD()=__afl_coverage_discard()"); + insert_param(aflcc, "-D__AFL_COVERAGE_SKIP()=__afl_coverage_skip()"); - passthrough = 1; - if (!debug) { be_quiet = 1; } +} - } +/* As documented in instrumentation/README.persistent_mode.md, deferred + forkserver initialization and persistent mode are not available in afl-gcc + and afl-clang. */ +void add_defs_persistent_mode(aflcc_state_t *aflcc) { - if ((ptr = strrchr(callname, '/')) != NULL) callname = ptr + 1; - argvnull = (u8 *)argv[0]; - check_environment_vars(envp); + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) return; - if ((ptr = find_object("as", argv[0])) != NULL) { + insert_param(aflcc, "-D__AFL_HAVE_MANUAL_CONTROL=1"); - have_gcc = 1; - ck_free(ptr); + /* When the user tries to use persistent or deferred forkserver modes by + appending a single line to the program, we want to reliably inject a + signature into the binary (to be picked up by afl-fuzz) and we want + to call a function from the runtime .o file. This is unnecessarily + painful for three reasons: - } + 1) We need to convince the compiler not to optimize out the signature. + This is done with __attribute__((used)). -#if (LLVM_MAJOR >= 3) + 2) We need to convince the linker, when called with -Wl,--gc-sections, + not to do the same. This is done by forcing an assignment to a + 'volatile' pointer. - if ((ptr = find_object("SanitizerCoverageLTO.so", argv[0])) != NULL) { + 3) We need to declare __afl_persistent_loop() in the global namespace, + but doing this within a method in a class is hard - :: and extern "C" + are forbidden and __attribute__((alias(...))) doesn't work. Hence the + __asm__ aliasing trick. - have_lto = 1; - ck_free(ptr); + */ - } + insert_param(aflcc, + "-D__AFL_FUZZ_INIT()=" + "int __afl_sharedmem_fuzzing = 1;" + "extern unsigned int *__afl_fuzz_len;" + "extern unsigned char *__afl_fuzz_ptr;" + "unsigned char __afl_fuzz_alt[1048576];" + "unsigned char *__afl_fuzz_alt_ptr = __afl_fuzz_alt;"); - if ((ptr = find_object("cmplog-routines-pass.so", argv[0])) != NULL) { + insert_param(aflcc, + "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : " + "__afl_fuzz_alt_ptr)"); - have_llvm = 1; - ck_free(ptr); + insert_param( + aflcc, + "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : " + "(*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1048576)) == 0xffffffff " + "? 0 : *__afl_fuzz_len)"); + + insert_param( + aflcc, + "-D__AFL_LOOP(_A)=" + "({ static volatile const char *_B __attribute__((used,unused)); " + " _B = (const char*)\"" PERSIST_SIG + "\"; " + "extern int __afl_connected;" +#ifdef __APPLE__ + "__attribute__((visibility(\"default\"))) " + "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " +#else + "__attribute__((visibility(\"default\"))) " + "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " +#endif /* ^__APPLE__ */ + // if afl is connected, we run _A times, else once. + "_L(__afl_connected ? _A : 1); })"); + + insert_param( + aflcc, + "-D__AFL_INIT()=" + "do { static volatile const char *_A __attribute__((used,unused)); " + " _A = (const char*)\"" DEFER_SIG + "\"; " +#ifdef __APPLE__ + "__attribute__((visibility(\"default\"))) " + "void _I(void) __asm__(\"___afl_manual_init\"); " +#else + "__attribute__((visibility(\"default\"))) " + "void _I(void) __asm__(\"__afl_manual_init\"); " +#endif /* ^__APPLE__ */ + "_I(); } while (0)"); - } +} -#endif +/* Control _FORTIFY_SOURCE */ +void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { -#ifdef __ANDROID__ - have_llvm = 1; -#endif + switch (action) { - if ((ptr = find_object("afl-gcc-pass.so", argv[0])) != NULL) { + case 1: + insert_param(aflcc, "-D_FORTIFY_SOURCE=1"); + break; - have_gcc_plugin = 1; - ck_free(ptr); + case 2: + insert_param(aflcc, "-D_FORTIFY_SOURCE=2"); + break; + + default: // OFF + insert_param(aflcc, "-U_FORTIFY_SOURCE"); + break; } -#if (LLVM_MAJOR >= 3) +} - if (strncmp(callname, "afl-clang-fast", 14) == 0) { +void add_defs_lsan_ctrl(aflcc_state_t *aflcc) { - compiler_mode = LLVM; + insert_param(aflcc, "-includesanitizer/lsan_interface.h"); + insert_param( + aflcc, + "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) " + "_exit(23); }"); + insert_param(aflcc, "-D__AFL_LSAN_OFF()=__lsan_disable();"); + insert_param(aflcc, "-D__AFL_LSAN_ON()=__lsan_enable();"); - } else if (strncmp(callname, "afl-clang-lto", 13) == 0 || +} - strncmp(callname, "afl-lto", 7) == 0) { +/* About fsanitize (including PCGUARD features) */ - compiler_mode = LTO; +/* For input "-fsanitize=...", it: - } else + 1. may have various OOB traps :) if ... doesn't contain ',' or + the input has bad syntax such as "-fsantiz=," + 2. strips any fuzzer* in ... and writes back (may result in "-fsanitize=") + 3. rets 1 if exactly "fuzzer" found, otherwise rets 0 +*/ +static u8 fsanitize_fuzzer_comma(char *string) { -#endif - if (strncmp(callname, "afl-gcc-fast", 12) == 0 || + u8 detect_single_fuzzer = 0; + + char *p, *ptr = string + strlen("-fsanitize="); + // ck_alloc will check alloc failure + char *new = ck_alloc(strlen(string) + 1); + char *tmp = ck_alloc(strlen(ptr) + 1); + u32 count = 0, len, ende = 0; - strncmp(callname, "afl-g++-fast", 12) == 0) { + strcpy(new, "-fsanitize="); + + do { + + p = strchr(ptr, ','); + if (!p) { - compiler_mode = GCC_PLUGIN; + p = ptr + strlen(ptr) + 1; + ende = 1; - } else if (strncmp(callname, "afl-gcc", 7) == 0 || + } - strncmp(callname, "afl-g++", 7) == 0) { + len = p - ptr; + if (len) { - compiler_mode = GCC; + strncpy(tmp, ptr, len); + tmp[len] = 0; + // fprintf(stderr, "Found: %s\n", tmp); + ptr += len + 1; + if (*tmp) { - } else if (strcmp(callname, "afl-clang") == 0 || + u32 copy = 1; + if (!strcmp(tmp, "fuzzer")) { - strcmp(callname, "afl-clang++") == 0) { + detect_single_fuzzer = 1; + copy = 0; - compiler_mode = CLANG; + } else if (!strncmp(tmp, "fuzzer", 6)) { - } + copy = 0; - if ((ptr = getenv("AFL_CC_COMPILER"))) { + } - if (compiler_mode) { + if (copy) { - if (!be_quiet) { + if (count) { strcat(new, ","); } + strcat(new, tmp); + ++count; - WARNF( - "\"AFL_CC_COMPILER\" is set but a specific compiler was already " - "selected by command line parameter or symlink, ignoring the " - "environment variable!"); + } } } else { - if (strncasecmp(ptr, "LTO", 3) == 0) { + ptr++; - compiler_mode = LTO; + } - } else if (strncasecmp(ptr, "LLVM", 4) == 0) { + } while (!ende); - compiler_mode = LLVM; + strcpy(string, new); + // fprintf(stderr, "string: %s\n", string); + // fprintf(stderr, "new: %s\n", new); - } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || + ck_free(tmp); + ck_free(new); - strncasecmp(ptr, "GCC-P", 5) == 0 || - strncasecmp(ptr, "GCCP", 4) == 0) { + return detect_single_fuzzer; - compiler_mode = GCC_PLUGIN; +} - } else if (strcasecmp(ptr, "GCC") == 0) { +param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { - compiler_mode = GCC; + param_st final_ = PARAM_MISS; - } else + if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && + strstr(cur_argv, "list=")) { + + if (scan) { + + aflcc->have_instr_list = 1; + final_ = PARAM_SCAN; + + } else { - FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr); + final_ = PARAM_KEEP; // may be set to DROP next } } - if (strcmp(callname, "afl-clang") == 0 || - strcmp(callname, "afl-clang++") == 0) { + if (!strcmp(cur_argv, "-fsanitize=fuzzer")) { - clang_mode = 1; - compiler_mode = CLANG; + if (scan) { - if (strcmp(callname, "afl-clang++") == 0) { plusplus_mode = 1; } + aflcc->need_aflpplib = 1; + final_ = PARAM_SCAN; - } + } else { - for (i = 1; i < argc; i++) { + final_ = PARAM_DROP; - if (strncmp(argv[i], "--afl", 5) == 0) { + } - if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) { + } else if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize=")) && - passthrough = 1; - argv[i] = "-g"; // we have to overwrite it, -g is always good - continue; + strchr(cur_argv, ',') && + !strstr(cur_argv, "=,")) { // avoid OOB errors - } + if (scan) { - if (compiler_mode && !be_quiet) { + u8 *cur_argv_ = ck_strdup(cur_argv); - WARNF( - "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " - "symlink compiler selection!"); + if (fsanitize_fuzzer_comma(cur_argv_)) { + + aflcc->need_aflpplib = 1; + final_ = PARAM_SCAN; } - ptr = argv[i]; - ptr += 5; - while (*ptr == '-') - ptr++; + ck_free(cur_argv_); - if (strncasecmp(ptr, "LTO", 3) == 0) { + } else { - compiler_mode = LTO; + fsanitize_fuzzer_comma(cur_argv); + if (!cur_argv || strlen(cur_argv) <= strlen("-fsanitize=")) + final_ = PARAM_DROP; // this means it only has "fuzzer" previously. - } else if (strncasecmp(ptr, "LLVM", 4) == 0) { + } - compiler_mode = LLVM; + } else if ((!strncmp(cur_argv, "-fsanitize=fuzzer-", - } else if (strncasecmp(ptr, "PCGUARD", 7) == 0 || + strlen("-fsanitize=fuzzer-")) || + !strncmp(cur_argv, "-fsanitize-coverage", + strlen("-fsanitize-coverage"))) && + (strncmp(cur_argv, "sanitize-coverage-allow", + strlen("sanitize-coverage-allow")) && + strncmp(cur_argv, "sanitize-coverage-deny", + strlen("sanitize-coverage-deny")) && + aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE)) { - strncasecmp(ptr, "PC-GUARD", 8) == 0) { + if (scan) { - compiler_mode = LLVM; - instrument_mode = INSTRUMENT_PCGUARD; + final_ = PARAM_SCAN; - } else if (strcasecmp(ptr, "INSTRIM") == 0 || + } else { - strcasecmp(ptr, "CFG") == 0) { + if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } + final_ = PARAM_DROP; - FATAL( - "InsTrim instrumentation was removed. Use a modern LLVM and " - "PCGUARD (default in afl-cc).\n"); + } - } else if (strcasecmp(ptr, "AFL") == 0 || + } - strcasecmp(ptr, "CLASSIC") == 0) { + if (!strcmp(cur_argv, "-fsanitize=address") || + !strcmp(cur_argv, "-fsanitize=memory")) { - compiler_mode = LLVM; - instrument_mode = INSTRUMENT_CLASSIC; + if (scan) { - } else if (strcasecmp(ptr, "LLVMNATIVE") == 0 || + // "-fsanitize=undefined,address" may be un-treated, but it's OK. + aflcc->asan_set = 1; + final_ = PARAM_SCAN; - strcasecmp(ptr, "NATIVE") == 0 || - strcasecmp(ptr, "LLVM-NATIVE") == 0) { + } else { - compiler_mode = LLVM; - instrument_mode = INSTRUMENT_LLVMNATIVE; + // It's impossible that final_ is PARAM_DROP before, + // so no checks are needed here. + final_ = PARAM_KEEP; - } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || + } - strncasecmp(ptr, "GCC-P", 5) == 0 || - strncasecmp(ptr, "GCCP", 4) == 0) { + } - compiler_mode = GCC_PLUGIN; + if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); - } else if (strcasecmp(ptr, "GCC") == 0) { + return final_; - compiler_mode = GCC; +} - } else if (strncasecmp(ptr, "CLANG", 5) == 0) { +void add_sanitizers(aflcc_state_t *aflcc, char **envp) { - compiler_mode = CLANG; + if (!aflcc->asan_set) { - } else + if (getenv("AFL_USE_ASAN")) { - FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); + if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); - } + if (getenv("AFL_HARDEN")) + FATAL("ASAN and AFL_HARDEN are mutually exclusive"); - } + add_defs_fortify(aflcc, 0); + insert_param(aflcc, "-fsanitize=address"); - if (strlen(callname) > 2 && - (strncmp(callname + strlen(callname) - 2, "++", 2) == 0 || - strstr(callname, "-g++") != NULL)) - plusplus_mode = 1; + } else if (getenv("AFL_USE_MSAN")) { - if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") || - getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC")) { + if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); - if (instrument_mode == 0) - instrument_mode = INSTRUMENT_PCGUARD; - else if (instrument_mode != INSTRUMENT_PCGUARD) - FATAL("you cannot set AFL_LLVM_INSTRUMENT and AFL_TRACE_PC together"); + if (getenv("AFL_HARDEN")) + FATAL("MSAN and AFL_HARDEN are mutually exclusive"); + + add_defs_fortify(aflcc, 0); + insert_param(aflcc, "-fsanitize=memory"); + + } } - if (have_instr_env && getenv("AFL_DONT_OPTIMIZE") && !be_quiet) { + if (getenv("AFL_USE_UBSAN")) { - WARNF( - "AFL_LLVM_ALLOWLIST/DENYLIST and AFL_DONT_OPTIMIZE cannot be combined " - "for file matching, only function matching!"); + insert_param(aflcc, "-fsanitize=undefined"); + insert_param(aflcc, "-fsanitize-undefined-trap-on-error"); + insert_param(aflcc, "-fno-sanitize-recover=all"); + insert_param(aflcc, "-fno-omit-frame-pointer"); } - if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || - getenv("INSTRIM_LIB")) { + if (getenv("AFL_USE_TSAN")) { - FATAL( - "InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD " - "(default in afl-cc).\n"); + insert_param(aflcc, "-fsanitize=thread"); + insert_param(aflcc, "-fno-omit-frame-pointer"); } - if (getenv("AFL_LLVM_CTX")) instrument_opt_mode |= INSTRUMENT_OPT_CTX; - if (getenv("AFL_LLVM_CALLER")) instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - - if (getenv("AFL_LLVM_NGRAM_SIZE")) { + if (getenv("AFL_USE_LSAN")) { - instrument_opt_mode |= INSTRUMENT_OPT_NGRAM; - ngram_size = atoi(getenv("AFL_LLVM_NGRAM_SIZE")); - if (ngram_size < 2 || ngram_size > NGRAM_SIZE_MAX) - FATAL( - "NGRAM instrumentation mode must be between 2 and NGRAM_SIZE_MAX " - "(%u)", - NGRAM_SIZE_MAX); + insert_param(aflcc, "-fsanitize=leak"); + add_defs_lsan_ctrl(aflcc); } - if (getenv("AFL_LLVM_CTX_K")) { + if (getenv("AFL_USE_CFISAN")) { - ctx_k = atoi(getenv("AFL_LLVM_CTX_K")); - if (ctx_k < 1 || ctx_k > CTX_MAX_K) - FATAL("K-CTX instrumentation mode must be between 1 and CTX_MAX_K (%u)", - CTX_MAX_K); - if (ctx_k == 1) { + if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) { - setenv("AFL_LLVM_CALLER", "1", 1); - unsetenv("AFL_LLVM_CTX_K"); - instrument_opt_mode |= INSTRUMENT_OPT_CALLER; + insert_param(aflcc, "-fcf-protection=full"); } else { - instrument_opt_mode |= INSTRUMENT_OPT_CTX_K; + if (!aflcc->lto_mode) { + + uint32_t i = 0, found = 0; + while (envp[i] != NULL && !found) + if (strncmp("-flto", envp[i++], 5) == 0) found = 1; + if (!found) insert_param(aflcc, "-flto"); + + } + + insert_param(aflcc, "-fsanitize=cfi"); + insert_param(aflcc, "-fvisibility=hidden"); } } - if (getenv("AFL_LLVM_INSTRUMENT")) { +} - u8 *ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;"); +void add_native_pcguard(aflcc_state_t *aflcc) { - while (ptr2) { + /* If llvm-config doesn't figure out LLVM_MAJOR, just + go on anyway and let compiler complain if doesn't work. */ - if (strncasecmp(ptr2, "afl", strlen("afl")) == 0 || - strncasecmp(ptr2, "classic", strlen("classic")) == 0) { + if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { - if (instrument_mode == INSTRUMENT_LTO) { +#if LLVM_MAJOR > 0 && LLVM_MAJOR < 6 + FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); +#else + #if LLVM_MAJOR == 0 + WARNF( + "pcguard instrumentation with pc-table requires LLVM 6.0.1+" + " otherwise the compiler will fail"); + #endif + insert_param(aflcc, + "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); +#endif - instrument_mode = INSTRUMENT_CLASSIC; - lto_mode = 1; + } else { - } else if (!instrument_mode || instrument_mode == INSTRUMENT_AFL) { +#if LLVM_MAJOR > 0 && LLVM_MAJOR < 4 + FATAL("pcguard instrumentation requires LLVM 4.0.1+"); +#else + #if LLVM_MAJOR == 0 + WARNF( + "pcguard instrumentation requires LLVM 4.0.1+" + " otherwise the compiler will fail"); + #endif + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); +#endif - instrument_mode = INSTRUMENT_AFL; + } - } else { +} - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); +void add_optimized_pcguard(aflcc_state_t *aflcc) { - } +#if LLVM_MAJOR >= 13 + #if defined __ANDROID__ || ANDROID - } + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - if (strncasecmp(ptr2, "pc-guard", strlen("pc-guard")) == 0 || - strncasecmp(ptr2, "pcguard", strlen("pcguard")) == 0) { + #else - if (!instrument_mode || instrument_mode == INSTRUMENT_PCGUARD) - instrument_mode = INSTRUMENT_PCGUARD; - else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + if (aflcc->have_instr_list) { - } + if (!be_quiet) + SAYF( + "Using unoptimized trace-pc-guard, due usage of " + "-fsanitize-coverage-allow/denylist, you can use " + "AFL_LLVM_ALLOWLIST/AFL_LLMV_DENYLIST instead.\n"); - if (strncasecmp(ptr2, "llvmnative", strlen("llvmnative")) == 0 || - strncasecmp(ptr2, "llvm-native", strlen("llvm-native")) == 0 || - strncasecmp(ptr2, "native", strlen("native")) == 0) { + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - if (!instrument_mode || instrument_mode == INSTRUMENT_LLVMNATIVE) - instrument_mode = INSTRUMENT_LLVMNATIVE; - else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + } else { - } + /* Since LLVM_MAJOR >= 13 we use new pass manager */ + #if LLVM_MAJOR < 16 + insert_param(aflcc, "-fexperimental-new-pass-manager"); + #endif + insert_object(aflcc, "SanitizerCoveragePCGUARD.so", "-fpass-plugin=%s", 0); - if (strncasecmp(ptr2, "llvmcodecov", strlen("llvmcodecov")) == 0 || - strncasecmp(ptr2, "llvm-codecov", strlen("llvm-codecov")) == 0) { + } - if (!instrument_mode || instrument_mode == INSTRUMENT_LLVMNATIVE) { + #endif // defined __ANDROID__ || ANDROID +#else // LLVM_MAJOR < 13 + #if LLVM_MAJOR >= 4 - instrument_mode = INSTRUMENT_LLVMNATIVE; - instrument_opt_mode |= INSTRUMENT_OPT_CODECOV; + if (!be_quiet) + SAYF( + "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " + "enhanced version.\n"); + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - } else { + #else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + FATAL("pcguard instrumentation requires LLVM 4.0.1+"); - } + #endif +#endif - } +} - if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 || - strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) { +/* Linking behaviors */ - FATAL( - "InsTrim instrumentation was removed. Use a modern LLVM and " - "PCGUARD (default in afl-cc).\n"); +param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, + u8 *skip_next, char **argv) { - } + if (aflcc->lto_mode && !strncmp(cur_argv, "-flto=thin", 10)) { - if (strncasecmp(ptr2, "lto", strlen("lto")) == 0) { + FATAL( + "afl-clang-lto cannot work with -flto=thin. Switch to -flto=full or " + "use afl-clang-fast!"); - lto_mode = 1; - if (!instrument_mode || instrument_mode == INSTRUMENT_LTO) - instrument_mode = INSTRUMENT_LTO; - else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + } - } + param_st final_ = PARAM_MISS; - if (strcasecmp(ptr2, "gcc") == 0) { + if (!strcmp(cur_argv, "-shared") || !strcmp(cur_argv, "-dynamiclib")) { - if (!instrument_mode || instrument_mode == INSTRUMENT_GCC) - instrument_mode = INSTRUMENT_GCC; - else if (instrument_mode != INSTRUMENT_GCC) - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); - compiler_mode = GCC; + if (scan) { - } + aflcc->shared_linking = 1; + final_ = PARAM_SCAN; - if (strcasecmp(ptr2, "clang") == 0) { + } else { - if (!instrument_mode || instrument_mode == INSTRUMENT_CLANG) - instrument_mode = INSTRUMENT_CLANG; - else if (instrument_mode != INSTRUMENT_CLANG) - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); - compiler_mode = CLANG; + final_ = PARAM_KEEP; - } + } - if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || - strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || - strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { + } else if (!strcmp(cur_argv, "-Wl,-r") || !strcmp(cur_argv, "-Wl,-i") || - u8 *ptr3 = ptr2; - while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) - ptr3++; + !strcmp(cur_argv, "-Wl,--relocatable") || + !strcmp(cur_argv, "-r") || !strcmp(cur_argv, "--relocatable")) { - if (!*ptr3) { + if (scan) { - if ((ptr3 = getenv("AFL_LLVM_CTX_K")) == NULL) - FATAL( - "you must set the K-CTX K with (e.g. for value 2) " - "AFL_LLVM_INSTRUMENT=ctx-2"); + aflcc->partial_linking = 1; + final_ = PARAM_SCAN; - } + } else { - ctx_k = atoi(ptr3); - if (ctx_k < 1 || ctx_k > CTX_MAX_K) - FATAL( - "K-CTX instrumentation option must be between 1 and CTX_MAX_K " - "(%u)", - CTX_MAX_K); + final_ = PARAM_KEEP; - if (ctx_k == 1) { + } - instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - setenv("AFL_LLVM_CALLER", "1", 1); - unsetenv("AFL_LLVM_CTX_K"); + } else if (!strncmp(cur_argv, "-fuse-ld=", 9) || - } else { + !strncmp(cur_argv, "--ld-path=", 10)) { - instrument_opt_mode |= (INSTRUMENT_OPT_CTX_K); - u8 *ptr4 = alloc_printf("%u", ctx_k); - setenv("AFL_LLVM_CTX_K", ptr4, 1); + if (scan) { - } + final_ = PARAM_SCAN; - } + } else { - if (strcasecmp(ptr2, "ctx") == 0) { + if (aflcc->lto_mode) + final_ = PARAM_DROP; + else + final_ = PARAM_KEEP; - instrument_opt_mode |= INSTRUMENT_OPT_CTX; - setenv("AFL_LLVM_CTX", "1", 1); + } - } + } else if (!strcmp(cur_argv, "-Wl,-z,defs") || - if (strncasecmp(ptr2, "caller", strlen("caller")) == 0) { + !strcmp(cur_argv, "-Wl,--no-undefined") || + !strcmp(cur_argv, "--no-undefined") || + strstr(cur_argv, "afl-compiler-rt") || + strstr(cur_argv, "afl-llvm-rt")) { - instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - setenv("AFL_LLVM_CALLER", "1", 1); + if (scan) { - } + final_ = PARAM_SCAN; - if (strncasecmp(ptr2, "ngram", strlen("ngram")) == 0) { + } else { - u8 *ptr3 = ptr2 + strlen("ngram"); - while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) - ptr3++; + final_ = PARAM_DROP; - if (!*ptr3) { + } - if ((ptr3 = getenv("AFL_LLVM_NGRAM_SIZE")) == NULL) - FATAL( - "you must set the NGRAM size with (e.g. for value 2) " - "AFL_LLVM_INSTRUMENT=ngram-2"); + } else if (!strcmp(cur_argv, "-z") || !strcmp(cur_argv, "-Wl,-z")) { - } + u8 *param = *(argv + 1); + if (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs")) { - ngram_size = atoi(ptr3); - if (ngram_size < 2 || ngram_size > NGRAM_SIZE_MAX) - FATAL( - "NGRAM instrumentation option must be between 2 and " - "NGRAM_SIZE_MAX (%u)", - NGRAM_SIZE_MAX); - instrument_opt_mode |= (INSTRUMENT_OPT_NGRAM); - u8 *ptr4 = alloc_printf("%u", ngram_size); - setenv("AFL_LLVM_NGRAM_SIZE", ptr4, 1); + *skip_next = 1; - } + if (scan) { - ptr2 = strtok(NULL, ":,;"); + final_ = PARAM_SCAN; - } + } else { - } + final_ = PARAM_DROP; - if ((instrument_opt_mode & INSTRUMENT_OPT_CTX) && - (instrument_opt_mode & INSTRUMENT_OPT_CALLER)) { + } - FATAL("you cannot set CTX and CALLER together"); + } } - if ((instrument_opt_mode & INSTRUMENT_OPT_CTX) && - (instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { + if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); - FATAL("you cannot set CTX and K-CTX together"); + return final_; - } +} - if ((instrument_opt_mode & INSTRUMENT_OPT_CALLER) && - (instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { +void add_lto_linker(aflcc_state_t *aflcc) { - FATAL("you cannot set CALLER and K-CTX together"); + unsetenv("AFL_LD"); + unsetenv("AFL_LD_CALLER"); - } + u8 *ld_path = NULL; + if (getenv("AFL_REAL_LD")) { - if (instrument_opt_mode && instrument_mode == INSTRUMENT_DEFAULT && - (compiler_mode == LLVM || compiler_mode == UNSET)) { + ld_path = strdup(getenv("AFL_REAL_LD")); - instrument_mode = INSTRUMENT_CLASSIC; - compiler_mode = LLVM; + } else { + + ld_path = strdup(AFL_REAL_LD); } - if (!compiler_mode) { + if (!ld_path || !*ld_path) { - // lto is not a default because outside of afl-cc RANLIB and AR have to - // be set to LLVM versions so this would work - if (have_llvm) - compiler_mode = LLVM; - else if (have_gcc_plugin) - compiler_mode = GCC_PLUGIN; - else if (have_gcc) -#ifdef __APPLE__ - // on OSX clang masquerades as GCC - compiler_mode = CLANG; -#else - compiler_mode = GCC; -#endif - else if (have_lto) - compiler_mode = LTO; - else - FATAL("no compiler mode available"); + if (ld_path) { - } + // Freeing empty string + free(ld_path); - /* if our PCGUARD implementation is not available then silently switch to - native LLVM PCGUARD */ - if (compiler_mode == CLANG && - (instrument_mode == INSTRUMENT_DEFAULT || - instrument_mode == INSTRUMENT_PCGUARD) && - find_object("SanitizerCoveragePCGUARD.so", argv[0]) == NULL) { + } - instrument_mode = INSTRUMENT_LLVMNATIVE; + ld_path = strdup("ld.lld"); } - if (compiler_mode == GCC) { - - if (clang_mode) { - - instrument_mode = INSTRUMENT_CLANG; + if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } +#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 + insert_param(aflcc, alloc_printf("--ld-path=%s", ld_path)); +#else + insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); +#endif + free(ld_path); - } else { +} - instrument_mode = INSTRUMENT_GCC; +void add_lto_passes(aflcc_state_t *aflcc) { + +#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15 + // The NewPM implementation only works fully since LLVM 15. + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,--load-pass-plugin=%s", + 0); +#elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13 + insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); +#else + insert_param(aflcc, "-fno-experimental-new-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); +#endif + + insert_param(aflcc, "-Wl,--allow-multiple-definition"); + insert_param(aflcc, aflcc->lto_flag); + +} + +static void add_aflpplib(aflcc_state_t *aflcc) { + + if (!aflcc->need_aflpplib) return; + + u8 *afllib = find_object(aflcc, "libAFLDriver.a"); + + if (!be_quiet) { + + OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); + + } + + if (!afllib) { + + if (!be_quiet) { + + WARNF( + "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " + "the flags - this will fail!"); } + } else { + + insert_param(aflcc, afllib); + +#ifdef __APPLE__ + insert_param(aflcc, "-Wl,-undefined"); + insert_param(aflcc, "dynamic_lookup"); +#endif + + } + +} + +void add_runtime(aflcc_state_t *aflcc) { + + if (aflcc->preprocessor_only || aflcc->have_c || !aflcc->non_dash) { + + /* In the preprocessor_only case (-E), we are not actually compiling at + all but requesting the compiler to output preprocessed sources only. + We must not add the runtime in this case because the compiler will + simply output its binary content back on stdout, breaking any build + systems that rely on a separate source preprocessing step. */ + return; + + } + + if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC && + !getenv("AFL_LLVM_NO_RPATH")) { + + // in case LLVM is installed not via a package manager or "make install" + // e.g. compiled download or compiled from github then its ./lib directory + // might not be in the search path. Add it if so. + const char *libdir = LLVM_LIBDIR; + if (aflcc->plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && + strncmp(libdir, "/lib", 4)) { + + u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR); + insert_param(aflcc, libdir_opt); + + } + + } + +#ifndef __ANDROID__ + + #define M32_ERR_MSG "-m32 is not supported by your compiler" + #define M64_ERR_MSG "-m64 is not supported by your compiler" + + if (aflcc->compiler_mode != GCC && aflcc->compiler_mode != CLANG) { + + switch (aflcc->bit_mode) { + + case 0: + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "afl-compiler-rt.o", 0, 0); + if (aflcc->lto_mode) insert_object(aflcc, "afl-llvm-rt-lto.o", 0, 0); + break; + + case 32: + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "afl-compiler-rt-32.o", 0, M32_ERR_MSG); + if (aflcc->lto_mode) + insert_object(aflcc, "afl-llvm-rt-lto-32.o", 0, M32_ERR_MSG); + break; + + case 64: + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "afl-compiler-rt-64.o", 0, M64_ERR_MSG); + if (aflcc->lto_mode) + insert_object(aflcc, "afl-llvm-rt-lto-64.o", 0, M64_ERR_MSG); + break; + + } + + #if !defined(__APPLE__) && !defined(__sun) + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "dynamic_list.txt", "-Wl,--dynamic-list=%s", 0); + #endif + + #if defined(__APPLE__) + if (aflcc->shared_linking || aflcc->partial_linking) { + + insert_param(aflcc, "-Wl,-U"); + insert_param(aflcc, "-Wl,___afl_area_ptr"); + insert_param(aflcc, "-Wl,-U"); + insert_param(aflcc, "-Wl,___sanitizer_cov_trace_pc_guard_init"); + + } + + #endif + + } + +#endif + + add_aflpplib(aflcc); + +#if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ + insert_param(aflcc, "-Wl,-lrt"); +#endif + +} + +/* Misc */ + +void add_assembler(aflcc_state_t *aflcc) { + + u8 *afl_as = find_object(aflcc, "as"); + + if (!afl_as) FATAL("Cannot find 'as' (symlink to 'afl-as')."); + + u8 *slash = strrchr(afl_as, '/'); + if (slash) *slash = 0; + + insert_param(aflcc, "-B"); + insert_param(aflcc, afl_as); + + if (aflcc->compiler_mode == CLANG) insert_param(aflcc, "-no-integrated-as"); + +} + +void add_gcc_plugin(aflcc_state_t *aflcc) { + + if (aflcc->cmplog_mode) { + + insert_object(aflcc, "afl-gcc-cmplog-pass.so", "-fplugin=%s", 0); + insert_object(aflcc, "afl-gcc-cmptrs-pass.so", "-fplugin=%s", 0); + + } + + insert_object(aflcc, "afl-gcc-pass.so", "-fplugin=%s", 0); + + insert_param(aflcc, "-fno-if-conversion"); + insert_param(aflcc, "-fno-if-conversion2"); + +} + +void add_misc_params(aflcc_state_t *aflcc) { + + if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || + getenv("AFL_LLVM_LAF_ALL") || getenv("AFL_LLVM_CMPLOG") || + aflcc->lto_mode) { + + insert_param(aflcc, "-fno-builtin-strcmp"); + insert_param(aflcc, "-fno-builtin-strncmp"); + insert_param(aflcc, "-fno-builtin-strcasecmp"); + insert_param(aflcc, "-fno-builtin-strncasecmp"); + insert_param(aflcc, "-fno-builtin-memcmp"); + insert_param(aflcc, "-fno-builtin-bcmp"); + insert_param(aflcc, "-fno-builtin-strstr"); + insert_param(aflcc, "-fno-builtin-strcasestr"); + + } + + if (!aflcc->have_pic) { insert_param(aflcc, "-fPIC"); } + + if (getenv("AFL_HARDEN")) { + + insert_param(aflcc, "-fstack-protector-all"); + + if (!aflcc->fortify_set) add_defs_fortify(aflcc, 2); + + } + + if (!getenv("AFL_DONT_OPTIMIZE")) { + + insert_param(aflcc, "-g"); + if (!aflcc->have_o) insert_param(aflcc, "-O3"); + if (!aflcc->have_unroll) insert_param(aflcc, "-funroll-loops"); + // if (strlen(aflcc->march_opt) > 1 && aflcc->march_opt[0] == '-') + // insert_param(aflcc, aflcc->march_opt); + } - if (compiler_mode == CLANG) { + if (aflcc->x_set) { - instrument_mode = INSTRUMENT_CLANG; - setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as + insert_param(aflcc, "-x"); + insert_param(aflcc, "none"); } +} + +param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { + + param_st final_ = PARAM_MISS; + +// MACRO START +#define SCAN_KEEP(dst, src) \ + do { \ + \ + if (scan) { \ + \ + dst = src; \ + final_ = PARAM_SCAN; \ + \ + } else { \ + \ + final_ = PARAM_KEEP; \ + \ + } \ + \ + } while (0) + + // MACRO END + + if (!strncasecmp(cur_argv, "-fpic", 5)) { + + SCAN_KEEP(aflcc->have_pic, 1); + + } else if (cur_argv[0] != '-') { + + SCAN_KEEP(aflcc->non_dash, 1); + + } else if (!strcmp(cur_argv, "-m32") || + + !strcmp(cur_argv, "armv7a-linux-androideabi")) { + + SCAN_KEEP(aflcc->bit_mode, 32); + + } else if (!strcmp(cur_argv, "-m64")) { + + SCAN_KEEP(aflcc->bit_mode, 64); + + } else if (strstr(cur_argv, "FORTIFY_SOURCE")) { + + SCAN_KEEP(aflcc->fortify_set, 1); + + } else if (!strcmp(cur_argv, "-x")) { + + SCAN_KEEP(aflcc->x_set, 1); + + } else if (!strcmp(cur_argv, "-E")) { + + SCAN_KEEP(aflcc->preprocessor_only, 1); + + } else if (!strcmp(cur_argv, "--target=wasm32-wasi")) { + + SCAN_KEEP(aflcc->passthrough, 1); + + } else if (!strcmp(cur_argv, "-c")) { + + SCAN_KEEP(aflcc->have_c, 1); + + } else if (!strncmp(cur_argv, "-O", 2)) { + + SCAN_KEEP(aflcc->have_o, 1); + + } else if (!strncmp(cur_argv, "-funroll-loop", 13)) { + + SCAN_KEEP(aflcc->have_unroll, 1); + + } else if (!strncmp(cur_argv, "--afl", 5)) { + + if (scan) + final_ = PARAM_SCAN; + else + final_ = PARAM_DROP; + + } else if (!strncmp(cur_argv, "-fno-unroll", 11)) { + + if (scan) + final_ = PARAM_SCAN; + else + final_ = PARAM_DROP; + + } else if (!strcmp(cur_argv, "-pipe") && aflcc->compiler_mode == GCC_PLUGIN) { + + if (scan) + final_ = PARAM_SCAN; + else + final_ = PARAM_DROP; + + } else if (!strncmp(cur_argv, "-stdlib=", 8) && + + (aflcc->compiler_mode == GCC || + aflcc->compiler_mode == GCC_PLUGIN)) { + + if (scan) { + + final_ = PARAM_SCAN; + + } else { + + if (!be_quiet) WARNF("Found '%s' - stripping!", cur_argv); + final_ = PARAM_DROP; + + } + + } + +#undef SCAN_KEEP + + if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); + + return final_; + +} + +static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { + if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { printf("afl-cc" VERSION @@ -2168,16 +2433,18 @@ int main(int argc, char **argv, char **envp) { " [GCC/CLANG] simple gcc/clang: %s%s\n" " CLASSIC DEFAULT no no no no no " "no\n\n", - have_llvm ? "AVAILABLE" : "unavailable!", - compiler_mode == LLVM ? " [SELECTED]" : "", - have_llvm ? "AVAILABLE" : "unavailable!", - have_llvm ? "AVAILABLE" : "unavailable!", - have_lto ? "AVAILABLE" : "unavailable!", - compiler_mode == LTO ? " [SELECTED]" : "", - have_gcc_plugin ? "AVAILABLE" : "unavailable!", - compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", - have_gcc ? "AVAILABLE" : "unavailable!", - (compiler_mode == GCC || compiler_mode == CLANG) ? " [SELECTED]" : ""); + aflcc->have_llvm ? "AVAILABLE" : "unavailable!", + aflcc->compiler_mode == LLVM ? " [SELECTED]" : "", + aflcc->have_llvm ? "AVAILABLE" : "unavailable!", + aflcc->have_llvm ? "AVAILABLE" : "unavailable!", + aflcc->have_lto ? "AVAILABLE" : "unavailable!", + aflcc->compiler_mode == LTO ? " [SELECTED]" : "", + aflcc->have_gcc_plugin ? "AVAILABLE" : "unavailable!", + aflcc->compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", + aflcc->have_gcc ? "AVAILABLE" : "unavailable!", + (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) + ? " [SELECTED]" + : ""); SAYF( "Modes:\n" @@ -2266,7 +2533,7 @@ int main(int argc, char **argv, char **envp) { " AFL_USE_TSAN: activate thread sanitizer\n" " AFL_USE_LSAN: activate leak-checker sanitizer\n"); - if (have_gcc_plugin) + if (aflcc->have_gcc_plugin) SAYF( "\nGCC Plugin-specific environment variables:\n" " AFL_GCC_CMPLOG: log operands of comparisons (RedQueen mutator)\n" @@ -2282,7 +2549,7 @@ int main(int argc, char **argv, char **envp) { #define COUNTER_BEHAVIOUR \ " AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n" #endif - if (have_llvm) + if (aflcc->have_llvm) SAYF( "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment " "variables:\n" @@ -2310,7 +2577,7 @@ int main(int argc, char **argv, char **envp) { "instrument allow/\n" " deny listing (selective instrumentation)\n"); - if (have_llvm) + if (aflcc->have_llvm) SAYF( " AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen " "mutator)\n" @@ -2329,7 +2596,7 @@ int main(int argc, char **argv, char **envp) { "locations\n"); #ifdef AFL_CLANG_FLTO - if (have_lto) + if (aflcc->have_lto) SAYF( "\nLTO/afl-clang-lto specific environment variables:\n" " AFL_LLVM_MAP_ADDR: use a fixed coverage map address (speed), " @@ -2365,9 +2632,9 @@ int main(int argc, char **argv, char **envp) { "targets.\n\n"); #if (LLVM_MAJOR >= 3) - if (have_lto) + if (aflcc->have_lto) SAYF("afl-cc LTO with ld=%s %s\n", AFL_REAL_LD, AFL_CLANG_FLTO); - if (have_llvm) + if (aflcc->have_llvm) SAYF("afl-cc LLVM version %d using the binary path \"%s\".\n", LLVM_MAJOR, LLVM_BINDIR); #endif @@ -2406,205 +2673,350 @@ int main(int argc, char **argv, char **envp) { } - if (compiler_mode == LTO) { - - if (instrument_mode == 0 || instrument_mode == INSTRUMENT_LTO || - instrument_mode == INSTRUMENT_CFG || - instrument_mode == INSTRUMENT_PCGUARD) { +} - lto_mode = 1; - // force CFG - // if (!instrument_mode) { +static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, + char **argv) { - instrument_mode = INSTRUMENT_PCGUARD; - // ptr = instrument_mode_string[instrument_mode]; - // } + limit_params(aflcc, argc); - } else if (instrument_mode == INSTRUMENT_CLASSIC) { + // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]); - lto_mode = 1; + /* Process the argument list. */ - } else { + u8 skip_next = 0; + while (--argc) { - if (!be_quiet) { + u8 *cur = *(++argv); - WARNF("afl-clang-lto called with mode %s, using that mode instead", - instrument_mode_string[instrument_mode]); + if (skip_next > 0) { - } + skip_next--; + continue; } - } + if (PARAM_MISS != parse_misc_params(aflcc, cur, scan)) continue; - if (instrument_mode == 0 && compiler_mode < GCC_PLUGIN) { + if (PARAM_MISS != parse_fsanitize(aflcc, cur, scan)) continue; -#if LLVM_MAJOR >= 7 - #if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) - if (have_instr_env) { + if (PARAM_MISS != parse_linking_params(aflcc, cur, scan, &skip_next, argv)) + continue; - instrument_mode = INSTRUMENT_AFL; - if (!be_quiet) { + if (*cur == '@') { - WARNF( - "Switching to classic instrumentation because " - "AFL_LLVM_ALLOWLIST/DENYLIST does not work with PCGUARD < 10.0.1."); + // response file support. + // we have two choices - move everything to the command line or + // rewrite the response files to temporary files and delete them + // afterwards. We choose the first for easiness. + // We do *not* support quotes in the rsp files to cope with spaces in + // filenames etc! If you need that then send a patch! + u8 *filename = cur + 1; + if (aflcc->debug) { DEBUGF("response file=%s\n", filename); } + FILE *f = fopen(filename, "r"); + struct stat st; + + // Check not found or empty? let the compiler complain if so. + if (!f || fstat(fileno(f), &st) < 0 || st.st_size < 1) { + + if (!scan) insert_param(aflcc, cur); + continue; } - } else + u8 *tmpbuf = malloc(st.st_size + 2), *ptr; + char **args = malloc(sizeof(char *) * (st.st_size >> 1)); + int count = 1, cont = 0, cont_act = 0; - #endif - instrument_mode = INSTRUMENT_PCGUARD; + while (fgets(tmpbuf, st.st_size + 1, f)) { -#else - instrument_mode = INSTRUMENT_AFL; -#endif + ptr = tmpbuf; + // fprintf(stderr, "1: %s\n", ptr); + // no leading whitespace + while (isspace(*ptr)) { - } + ++ptr; + cont_act = 0; - if (instrument_opt_mode && compiler_mode != LLVM) - FATAL("CTX, CALLER and NGRAM can only be used in LLVM mode"); + } - if (!instrument_opt_mode) { + // no comments, no empty lines + if (*ptr == '#' || *ptr == '\n' || !*ptr) { continue; } + // remove LF + if (ptr[strlen(ptr) - 1] == '\n') { ptr[strlen(ptr) - 1] = 0; } + // remove CR + if (*ptr && ptr[strlen(ptr) - 1] == '\r') { ptr[strlen(ptr) - 1] = 0; } + // handle \ at end of line + if (*ptr && ptr[strlen(ptr) - 1] == '\\') { - if (lto_mode && instrument_mode == INSTRUMENT_CFG) - instrument_mode = INSTRUMENT_PCGUARD; - ptr = instrument_mode_string[instrument_mode]; + cont = 1; + ptr[strlen(ptr) - 1] = 0; - } else { + } - char *ptr2 = alloc_printf(" + NGRAM-%u", ngram_size); - char *ptr3 = alloc_printf(" + K-CTX-%u", ctx_k); + // fprintf(stderr, "2: %s\n", ptr); - ptr = alloc_printf( - "%s%s%s%s%s", instrument_mode_string[instrument_mode], - (instrument_opt_mode & INSTRUMENT_OPT_CTX) ? " + CTX" : "", - (instrument_opt_mode & INSTRUMENT_OPT_CALLER) ? " + CALLER" : "", - (instrument_opt_mode & INSTRUMENT_OPT_NGRAM) ? ptr2 : "", - (instrument_opt_mode & INSTRUMENT_OPT_CTX_K) ? ptr3 : ""); + // remove whitespace at end + while (*ptr && isspace(ptr[strlen(ptr) - 1])) { - ck_free(ptr2); - ck_free(ptr3); + ptr[strlen(ptr) - 1] = 0; + cont = 0; - } + } -#ifndef AFL_CLANG_FLTO - if (lto_mode) - FATAL( - "instrumentation mode LTO specified but LLVM support not available " - "(requires LLVM 11 or higher)"); -#endif + // fprintf(stderr, "3: %s\n", ptr); + if (*ptr) { - if (instrument_opt_mode && instrument_opt_mode != INSTRUMENT_OPT_CODECOV && - instrument_mode != INSTRUMENT_CLASSIC) - FATAL( - "CALLER, CTX and NGRAM instrumentation options can only be used with " - "the LLVM CLASSIC instrumentation mode."); + do { - if (getenv("AFL_LLVM_SKIP_NEVERZERO") && getenv("AFL_LLVM_NOT_ZERO")) - FATAL( - "AFL_LLVM_NOT_ZERO and AFL_LLVM_SKIP_NEVERZERO can not be set " - "together"); + u8 *value = ptr; + while (*ptr && !isspace(*ptr)) { -#if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) - if (instrument_mode == INSTRUMENT_PCGUARD && have_instr_env) { + ++ptr; - FATAL( - "Instrumentation type PCGUARD does not support " - "AFL_LLVM_ALLOWLIST/DENYLIST! Use LLVM 10.0.1+ instead."); + } - } + while (*ptr && isspace(*ptr)) { -#endif + *ptr++ = 0; - u8 *ptr2; + } - if ((ptr2 = getenv("AFL_LLVM_DICT2FILE")) != NULL && *ptr2 != '/') - FATAL("AFL_LLVM_DICT2FILE must be set to an absolute file path"); + if (cont_act) { - if ((isatty(2) && !be_quiet) || debug) { + u32 len = strlen(args[count - 1]) + strlen(value) + 1; + u8 *tmp = malloc(len); + snprintf(tmp, len, "%s%s", args[count - 1], value); + free(args[count - 1]); + args[count - 1] = tmp; + cont_act = 0; - SAYF(cCYA - "afl-cc" VERSION cRST - " by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: %s-%s\n", - compiler_mode_string[compiler_mode], ptr); + } else { - } + args[count++] = strdup(value); - if (!be_quiet && (compiler_mode == GCC || compiler_mode == CLANG)) { + } - WARNF( - "You are using outdated instrumentation, install LLVM and/or " - "gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast " - "instead!"); + } while (*ptr); + + } + + if (cont) { + + cont_act = 1; + cont = 0; + + } + + } + + if (count) { process_params(aflcc, scan, count, args); } + + // we cannot free args[] unless we don't need + // to keep any reference in cc_params + if (scan) { + + if (count) do { + + free(args[--count]); + + } while (count); + + free(args); + + } + + free(tmpbuf); + + continue; + + } + + if (!scan) insert_param(aflcc, cur); } - if (debug) { +} - DEBUGF("cd '%s';", getthecwd()); - for (i = 0; i < argc; i++) - SAYF(" '%s'", argv[i]); - SAYF("\n"); - fflush(stdout); - fflush(stderr); +/* Copy argv to cc_params, making the necessary edits. */ + +static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, + char **envp) { + + add_real_argv0(aflcc); + + // prevent unnecessary build errors + if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC) { + + insert_param(aflcc, "-Wno-unused-command-line-argument"); } - if (getenv("AFL_LLVM_LAF_ALL")) { + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) { - setenv("AFL_LLVM_LAF_SPLIT_SWITCHES", "1", 1); - setenv("AFL_LLVM_LAF_SPLIT_COMPARES", "1", 1); - setenv("AFL_LLVM_LAF_SPLIT_FLOATS", "1", 1); - setenv("AFL_LLVM_LAF_TRANSFORM_COMPARES", "1", 1); + add_assembler(aflcc); } - cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") || - getenv("AFL_GCC_CMPLOG"); + if (aflcc->compiler_mode == GCC_PLUGIN) { add_gcc_plugin(aflcc); } -#if !defined(__ANDROID__) && !defined(ANDROID) - ptr = find_object("afl-compiler-rt.o", argv[0]); + if (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == LTO) { - if (!ptr) { + if (aflcc->lto_mode && aflcc->have_instr_env) { - FATAL( - "Unable to find 'afl-compiler-rt.o'. Please set the AFL_PATH " - "environment variable."); + load_llvm_pass(aflcc, "afl-llvm-lto-instrumentlist.so"); - } + } - if (debug) { DEBUGF("rt=%s obj_path=%s\n", ptr, obj_path); } + if (getenv("AFL_LLVM_DICT2FILE")) { - ck_free(ptr); -#endif + load_llvm_pass(aflcc, "afl-llvm-dict2file.so"); - edit_params(argc, argv, envp); + } - if (debug) { + // laf + if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) { - DEBUGF("cd '%s';", getthecwd()); - for (i = 0; i < (s32)cc_par_cnt; i++) - SAYF(" '%s'", cc_params[i]); - SAYF("\n"); - fflush(stdout); - fflush(stderr); + load_llvm_pass(aflcc, "split-switches-pass.so"); + + } + + if (getenv("LAF_TRANSFORM_COMPARES") || + getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { + + load_llvm_pass(aflcc, "compare-transform-pass.so"); + + } + + if (getenv("LAF_SPLIT_COMPARES") || getenv("AFL_LLVM_LAF_SPLIT_COMPARES") || + getenv("AFL_LLVM_LAF_SPLIT_FLOATS")) { + + load_llvm_pass(aflcc, "split-compares-pass.so"); + + } + + // /laf + + if (aflcc->cmplog_mode) { + + insert_param(aflcc, "-fno-inline"); + + load_llvm_pass(aflcc, "cmplog-switches-pass.so"); + // reuse split switches from laf + load_llvm_pass(aflcc, "split-switches-pass.so"); + + } + + // #if LLVM_MAJOR >= 13 + // // Use the old pass manager in LLVM 14 which the AFL++ passes still + // use. insert_param(aflcc, "-flegacy-pass-manager"); + // #endif + + if (aflcc->lto_mode && !aflcc->have_c) { + + add_lto_linker(aflcc); + add_lto_passes(aflcc); + + } else { + + if (aflcc->instrument_mode == INSTRUMENT_PCGUARD) { + + add_optimized_pcguard(aflcc); + + } else if (aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) { + + add_native_pcguard(aflcc); + + } else { + + load_llvm_pass(aflcc, "afl-llvm-pass.so"); + + } + + } + + if (aflcc->cmplog_mode) { + + load_llvm_pass(aflcc, "cmplog-instructions-pass.so"); + load_llvm_pass(aflcc, "cmplog-routines-pass.so"); + + } + + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_SQL") || + getenv("AFL_LLVM_INJECTIONS_LDAP") || + getenv("AFL_LLVM_INJECTIONS_XSS")) { + + load_llvm_pass(aflcc, "injection-pass.so"); + + } + + // insert_param(aflcc, "-Qunused-arguments"); } - if (passthrough) { + /* Inspect the command line parameters. */ + + process_params(aflcc, 0, argc, argv); + + add_sanitizers(aflcc, envp); + + add_misc_params(aflcc); + + add_defs_common(aflcc); + add_defs_selective_instr(aflcc); + add_defs_persistent_mode(aflcc); + + add_runtime(aflcc); + + insert_param(aflcc, NULL); + +} + +/* Main entry point */ + +int main(int argc, char **argv, char **envp) { + + aflcc_state_t *aflcc = malloc(sizeof(aflcc_state_t)); + aflcc_state_init(aflcc, (u8 *)argv[0]); + + check_environment_vars(envp); + + find_built_deps(aflcc); + + compiler_mode_by_callname(aflcc); + compiler_mode_by_environ(aflcc); + compiler_mode_by_cmdline(aflcc, argc, argv); + + instrument_mode_by_environ(aflcc); + + mode_final_checkout(aflcc, argc, argv); + + process_params(aflcc, 1, argc, argv); + + maybe_usage(aflcc, argc, argv); + + mode_notification(aflcc); + + if (aflcc->debug) debugf_args(argc, argv); + + edit_params(aflcc, argc, argv, envp); + + if (aflcc->debug) + debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); + + if (aflcc->passthrough) { - argv[0] = cc_params[0]; - execvp(cc_params[0], (char **)argv); + argv[0] = aflcc->cc_params[0]; + execvp(aflcc->cc_params[0], (char **)argv); } else { - execvp(cc_params[0], (char **)cc_params); + execvp(aflcc->cc_params[0], (char **)aflcc->cc_params); } - FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); + FATAL("Oops, failed to execute '%s' - check your PATH", aflcc->cc_params[0]); return 0; From ee7d69b8175f31f2efb2b3bf15f2bbb29f61aa14 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 4 Jan 2024 15:44:28 +0100 Subject: [PATCH 281/357] changelog --- docs/Changelog.md | 6 +- include/envs.h | 319 ++++++++++++---------------------------------- 2 files changed, 88 insertions(+), 237 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index adc81d64a7..69a369e366 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,15 +9,17 @@ explore is slightly better now. - fixed minor issues in the mutation engine, thanks to @futhewo for reporting! + - afl-cc: + - large rewrite by @SonicStark which fixes a few corner cases, thanks! - instrumentation: - LLVM 18 support, thanks to @devnexen! - Injection (SQL, LDAP, XSS) feature now available, see `instrumentation/README.injections.md` how to activate/use/expand. - compcov/LAF-intel: - floating point splitting bug fix by @hexcoder - - due a bug in LLVM 17 integer splitting is disabled! + - due a bug in LLVM 17 integer splitting is disabled there! - when splitting floats was selected, integers were always split as well, - fixed to require AFL_LLVM_LAF_SPLIT_COMPARES as it should + fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should ### Version ++4.09c (release) diff --git a/include/envs.h b/include/envs.h index aa5c658e6a..0f645d23cf 100644 --- a/include/envs.h +++ b/include/envs.h @@ -16,255 +16,104 @@ static char *afl_environment_deprecated[] = { static char *afl_environment_variables[] = { - "AFL_ALIGNED_ALLOC", - "AFL_ALLOW_TMP", - "AFL_ANALYZE_HEX", - "AFL_AS", - "AFL_AUTORESUME", - "AFL_AS_FORCE_INSTRUMENT", - "AFL_BENCH_JUST_ONE", - "AFL_BENCH_UNTIL_CRASH", - "AFL_CAL_FAST", - "AFL_CC", - "AFL_CC_COMPILER", - "AFL_CMIN_ALLOW_ANY", - "AFL_CMIN_CRASHES_ONLY", - "AFL_CMPLOG_ONLY_NEW", - "AFL_CODE_END", - "AFL_CODE_START", - "AFL_COMPCOV_BINNAME", - "AFL_COMPCOV_LEVEL", - "AFL_CRASH_EXITCODE", - "AFL_CRASHING_SEEDS_AS_NEW_CRASH", - "AFL_CUSTOM_MUTATOR_LIBRARY", - "AFL_CUSTOM_MUTATOR_ONLY", - "AFL_CUSTOM_INFO_PROGRAM", - "AFL_CUSTOM_INFO_PROGRAM_ARGV", - "AFL_CUSTOM_INFO_PROGRAM_INPUT", - "AFL_CUSTOM_INFO_OUT", - "AFL_CXX", - "AFL_CYCLE_SCHEDULES", - "AFL_DEBUG", - "AFL_DEBUG_CHILD", - "AFL_DEBUG_GDB", - "AFL_DEBUG_UNICORN", - "AFL_DISABLE_TRIM", - "AFL_DISABLE_LLVM_INSTRUMENTATION", - "AFL_DONT_OPTIMIZE", - "AFL_DRIVER_STDERR_DUPLICATE_FILENAME", - "AFL_DUMB_FORKSRV", - "AFL_EARLY_FORKSERVER", - "AFL_ENTRYPOINT", - "AFL_EXIT_WHEN_DONE", - "AFL_EXIT_ON_TIME", - "AFL_EXIT_ON_SEED_ISSUES", - "AFL_FAST_CAL", - "AFL_FINAL_SYNC", - "AFL_FORCE_UI", - "AFL_FRIDA_DEBUG_MAPS", - "AFL_FRIDA_DRIVER_NO_HOOK", - "AFL_FRIDA_EXCLUDE_RANGES", - "AFL_FRIDA_INST_CACHE_SIZE", - "AFL_FRIDA_INST_COVERAGE_ABSOLUTE", - "AFL_FRIDA_INST_COVERAGE_FILE", - "AFL_FRIDA_INST_DEBUG_FILE", - "AFL_FRIDA_INST_INSN", - "AFL_FRIDA_INST_JIT", - "AFL_FRIDA_INST_NO_CACHE", - "AFL_FRIDA_INST_NO_DYNAMIC_LOAD", - "AFL_FRIDA_INST_NO_OPTIMIZE", - "AFL_FRIDA_INST_NO_PREFETCH", - "AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH", + "AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS", + "AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", + "AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CC_COMPILER", + "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY", "AFL_CMPLOG_ONLY_NEW", + "AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME", + "AFL_COMPCOV_LEVEL", "AFL_CRASH_EXITCODE", + "AFL_CRASHING_SEEDS_AS_NEW_CRASH", "AFL_CUSTOM_MUTATOR_LIBRARY", + "AFL_CUSTOM_MUTATOR_ONLY", "AFL_CUSTOM_INFO_PROGRAM", + "AFL_CUSTOM_INFO_PROGRAM_ARGV", "AFL_CUSTOM_INFO_PROGRAM_INPUT", + "AFL_CUSTOM_INFO_OUT", "AFL_CXX", "AFL_CYCLE_SCHEDULES", "AFL_DEBUG", + "AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", "AFL_DEBUG_UNICORN", "AFL_DISABLE_TRIM", + "AFL_DISABLE_LLVM_INSTRUMENTATION", "AFL_DONT_OPTIMIZE", + "AFL_DRIVER_STDERR_DUPLICATE_FILENAME", "AFL_DUMB_FORKSRV", + "AFL_EARLY_FORKSERVER", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", + "AFL_EXIT_ON_TIME", "AFL_EXIT_ON_SEED_ISSUES", "AFL_FAST_CAL", + "AFL_FINAL_SYNC", "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS", + "AFL_FRIDA_DRIVER_NO_HOOK", "AFL_FRIDA_EXCLUDE_RANGES", + "AFL_FRIDA_INST_CACHE_SIZE", "AFL_FRIDA_INST_COVERAGE_ABSOLUTE", + "AFL_FRIDA_INST_COVERAGE_FILE", "AFL_FRIDA_INST_DEBUG_FILE", + "AFL_FRIDA_INST_INSN", "AFL_FRIDA_INST_JIT", "AFL_FRIDA_INST_NO_CACHE", + "AFL_FRIDA_INST_NO_DYNAMIC_LOAD", "AFL_FRIDA_INST_NO_OPTIMIZE", + "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH", "AFL_FRIDA_INST_NO_SUPPRESS" "AFL_FRIDA_INST_RANGES", - "AFL_FRIDA_INST_REGS_FILE", - "AFL_FRIDA_INST_SEED", - "AFL_FRIDA_INST_TRACE", - "AFL_FRIDA_INST_TRACE_UNIQUE", - "AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE", - "AFL_FRIDA_JS_SCRIPT", - "AFL_FRIDA_OUTPUT_STDOUT", - "AFL_FRIDA_OUTPUT_STDERR", - "AFL_FRIDA_PERSISTENT_ADDR", - "AFL_FRIDA_PERSISTENT_CNT", - "AFL_FRIDA_PERSISTENT_DEBUG", - "AFL_FRIDA_PERSISTENT_HOOK", - "AFL_FRIDA_PERSISTENT_RET", - "AFL_FRIDA_STALKER_ADJACENT_BLOCKS", - "AFL_FRIDA_STALKER_IC_ENTRIES", - "AFL_FRIDA_STALKER_NO_BACKPATCH", - "AFL_FRIDA_STATS_FILE", - "AFL_FRIDA_STATS_INTERVAL", - "AFL_FRIDA_TRACEABLE", + "AFL_FRIDA_INST_REGS_FILE", "AFL_FRIDA_INST_SEED", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_INST_TRACE_UNIQUE", "AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE", + "AFL_FRIDA_JS_SCRIPT", "AFL_FRIDA_OUTPUT_STDOUT", "AFL_FRIDA_OUTPUT_STDERR", + "AFL_FRIDA_PERSISTENT_ADDR", "AFL_FRIDA_PERSISTENT_CNT", + "AFL_FRIDA_PERSISTENT_DEBUG", "AFL_FRIDA_PERSISTENT_HOOK", + "AFL_FRIDA_PERSISTENT_RET", "AFL_FRIDA_STALKER_ADJACENT_BLOCKS", + "AFL_FRIDA_STALKER_IC_ENTRIES", "AFL_FRIDA_STALKER_NO_BACKPATCH", + "AFL_FRIDA_STATS_FILE", "AFL_FRIDA_STATS_INTERVAL", "AFL_FRIDA_TRACEABLE", "AFL_FRIDA_VERBOSE", "AFL_FUZZER_ARGS", // oss-fuzz - "AFL_FUZZER_STATS_UPDATE_INTERVAL", - "AFL_GDB", - "AFL_GCC_ALLOWLIST", - "AFL_GCC_DENYLIST", - "AFL_GCC_BLOCKLIST", - "AFL_GCC_INSTRUMENT_FILE", - "AFL_GCC_OUT_OF_LINE", - "AFL_GCC_SKIP_NEVERZERO", - "AFL_GCJ", - "AFL_HANG_TMOUT", - "AFL_FORKSRV_INIT_TMOUT", - "AFL_HARDEN", - "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", - "AFL_IGNORE_PROBLEMS", - "AFL_IGNORE_PROBLEMS_COVERAGE", - "AFL_IGNORE_SEED_PROBLEMS", - "AFL_IGNORE_TIMEOUTS", - "AFL_IGNORE_UNKNOWN_ENVS", - "AFL_IMPORT_FIRST", - "AFL_INPUT_LEN_MIN", - "AFL_INPUT_LEN_MAX", - "AFL_INST_LIBS", - "AFL_INST_RATIO", - "AFL_KEEP_TIMEOUTS", - "AFL_KILL_SIGNAL", - "AFL_FORK_SERVER_KILL_SIGNAL", - "AFL_KEEP_TRACES", - "AFL_KEEP_ASSEMBLY", - "AFL_LD_HARD_FAIL", - "AFL_LD_LIMIT_MB", - "AFL_LD_NO_CALLOC_OVER", - "AFL_LD_PASSTHROUGH", - "AFL_REAL_LD", - "AFL_LD_PRELOAD", - "AFL_LD_VERBOSE", - "AFL_LLVM_ALLOWLIST", - "AFL_LLVM_DENYLIST", - "AFL_LLVM_BLOCKLIST", - "AFL_CMPLOG", - "AFL_LLVM_CMPLOG", - "AFL_GCC_CMPLOG", - "AFL_LLVM_INSTRIM", - "AFL_LLVM_CALLER", - "AFL_LLVM_CTX", - "AFL_LLVM_CTX_K", - "AFL_LLVM_DICT2FILE", - "AFL_LLVM_DICT2FILE_NO_MAIN", - "AFL_LLVM_DOCUMENT_IDS", - "AFL_LLVM_INSTRIM_LOOPHEAD", - "AFL_LLVM_INSTRUMENT", - "AFL_LLVM_LTO_AUTODICTIONARY", - "AFL_LLVM_AUTODICTIONARY", + "AFL_FUZZER_STATS_UPDATE_INTERVAL", "AFL_GDB", "AFL_GCC_ALLOWLIST", + "AFL_GCC_DENYLIST", "AFL_GCC_BLOCKLIST", "AFL_GCC_INSTRUMENT_FILE", + "AFL_GCC_OUT_OF_LINE", "AFL_GCC_SKIP_NEVERZERO", "AFL_GCJ", + "AFL_HANG_TMOUT", "AFL_FORKSRV_INIT_TMOUT", "AFL_HARDEN", + "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IGNORE_PROBLEMS", + "AFL_IGNORE_PROBLEMS_COVERAGE", "AFL_IGNORE_SEED_PROBLEMS", + "AFL_IGNORE_TIMEOUTS", "AFL_IGNORE_UNKNOWN_ENVS", "AFL_IMPORT_FIRST", + "AFL_INPUT_LEN_MIN", "AFL_INPUT_LEN_MAX", "AFL_INST_LIBS", "AFL_INST_RATIO", + "AFL_KEEP_TIMEOUTS", "AFL_KILL_SIGNAL", "AFL_FORK_SERVER_KILL_SIGNAL", + "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY", "AFL_LD_HARD_FAIL", + "AFL_LD_LIMIT_MB", "AFL_LD_NO_CALLOC_OVER", "AFL_LD_PASSTHROUGH", + "AFL_REAL_LD", "AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_ALLOWLIST", + "AFL_LLVM_DENYLIST", "AFL_LLVM_BLOCKLIST", "AFL_CMPLOG", "AFL_LLVM_CMPLOG", + "AFL_GCC_CMPLOG", "AFL_LLVM_INSTRIM", "AFL_LLVM_CALLER", "AFL_LLVM_CTX", + "AFL_LLVM_CTX_K", "AFL_LLVM_DICT2FILE", "AFL_LLVM_DICT2FILE_NO_MAIN", + "AFL_LLVM_DOCUMENT_IDS", "AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_INSTRUMENT", + "AFL_LLVM_LTO_AUTODICTIONARY", "AFL_LLVM_AUTODICTIONARY", "AFL_LLVM_SKIPSINGLEBLOCK", // Marker: ADD_TO_INJECTIONS - "AFL_LLVM_INJECTIONS_ALL", - "AFL_LLVM_INJECTIONS_SQL", - "AFL_LLVM_INJECTIONS_LDAP", - "AFL_LLVM_INJECTIONS_XSS", - "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", - "AFL_LLVM_LAF_SPLIT_COMPARES", - "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", - "AFL_LLVM_LAF_SPLIT_FLOATS", - "AFL_LLVM_LAF_SPLIT_SWITCHES", - "AFL_LLVM_LAF_ALL", - "AFL_LLVM_LAF_TRANSFORM_COMPARES", - "AFL_LLVM_MAP_ADDR", - "AFL_LLVM_MAP_DYNAMIC", - "AFL_LLVM_NGRAM_SIZE", - "AFL_NGRAM_SIZE", - "AFL_LLVM_NO_RPATH", - "AFL_LLVM_NOT_ZERO", - "AFL_LLVM_INSTRUMENT_FILE", - "AFL_LLVM_THREADSAFE_INST", - "AFL_LLVM_SKIP_NEVERZERO", - "AFL_NO_AFFINITY", - "AFL_TRY_AFFINITY", - "AFL_LLVM_LTO_DONTWRITEID", + "AFL_LLVM_INJECTIONS_ALL", "AFL_LLVM_INJECTIONS_SQL", + "AFL_LLVM_INJECTIONS_LDAP", "AFL_LLVM_INJECTIONS_XSS", + "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", "AFL_LLVM_LAF_SPLIT_COMPARES", + "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", "AFL_LLVM_LAF_SPLIT_FLOATS", + "AFL_LLVM_LAF_SPLIT_SWITCHES", "AFL_LLVM_LAF_ALL", + "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR", + "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE", + "AFL_LLVM_NO_RPATH", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_INSTRUMENT_FILE", + "AFL_LLVM_THREADSAFE_INST", "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", + "AFL_TRY_AFFINITY", "AFL_LLVM_LTO_DONTWRITEID", "AFL_LLVM_LTO_SKIPINIT" "AFL_LLVM_LTO_STARTID", - "AFL_FUZZER_LOOPCOUNT", - "AFL_NO_ARITH", - "AFL_NO_AUTODICT", - "AFL_NO_BUILTIN", + "AFL_FUZZER_LOOPCOUNT", "AFL_NO_ARITH", "AFL_NO_AUTODICT", "AFL_NO_BUILTIN", #if defined USE_COLOR && !defined ALWAYS_COLORED - "AFL_NO_COLOR", - "AFL_NO_COLOUR", + "AFL_NO_COLOR", "AFL_NO_COLOUR", #endif "AFL_NO_CPU_RED", "AFL_NO_CFG_FUZZING", // afl.rs rust crate option - "AFL_NO_CRASH_README", - "AFL_NO_FORKSRV", - "AFL_NO_UI", - "AFL_NO_PYTHON", - "AFL_NO_STARTUP_CALIBRATION", - "AFL_NO_WARN_INSTABILITY", - "AFL_UNTRACER_FILE", - "AFL_LLVM_USE_TRACE_PC", - "AFL_MAP_SIZE", - "AFL_MAPSIZE", + "AFL_NO_CRASH_README", "AFL_NO_FORKSRV", "AFL_NO_UI", "AFL_NO_PYTHON", + "AFL_NO_STARTUP_CALIBRATION", "AFL_NO_WARN_INSTABILITY", + "AFL_UNTRACER_FILE", "AFL_LLVM_USE_TRACE_PC", "AFL_MAP_SIZE", "AFL_MAPSIZE", "AFL_MAX_DET_EXTRAS", "AFL_NO_X86", // not really an env but we dont want to warn on it - "AFL_NOOPT", - "AFL_NYX_AUX_SIZE", - "AFL_NYX_DISABLE_SNAPSHOT_MODE", - "AFL_NYX_LOG", - "AFL_NYX_REUSE_SNAPSHOT", - "AFL_PASSTHROUGH", - "AFL_PATH", - "AFL_PERFORMANCE_FILE", - "AFL_PERSISTENT_RECORD", - "AFL_POST_PROCESS_KEEP_ORIGINAL", - "AFL_PRELOAD", - "AFL_TARGET_ENV", - "AFL_PYTHON_MODULE", - "AFL_QEMU_CUSTOM_BIN", - "AFL_QEMU_COMPCOV", - "AFL_QEMU_COMPCOV_DEBUG", - "AFL_QEMU_DEBUG_MAPS", - "AFL_QEMU_DISABLE_CACHE", - "AFL_QEMU_DRIVER_NO_HOOK", - "AFL_QEMU_FORCE_DFL", - "AFL_QEMU_PERSISTENT_ADDR", - "AFL_QEMU_PERSISTENT_CNT", - "AFL_QEMU_PERSISTENT_GPR", - "AFL_QEMU_PERSISTENT_HOOK", - "AFL_QEMU_PERSISTENT_MEM", - "AFL_QEMU_PERSISTENT_RET", - "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", - "AFL_QEMU_PERSISTENT_EXITS", - "AFL_QEMU_INST_RANGES", - "AFL_QEMU_EXCLUDE_RANGES", - "AFL_QEMU_SNAPSHOT", - "AFL_QEMU_TRACK_UNSTABLE", - "AFL_QUIET", - "AFL_RANDOM_ALLOC_CANARY", - "AFL_REAL_PATH", - "AFL_SHUFFLE_QUEUE", - "AFL_SKIP_BIN_CHECK", - "AFL_SKIP_CPUFREQ", - "AFL_SKIP_CRASHES", - "AFL_SKIP_OSSFUZZ", - "AFL_STATSD", - "AFL_STATSD_HOST", - "AFL_STATSD_PORT", - "AFL_STATSD_TAGS_FLAVOR", - "AFL_SYNC_TIME", - "AFL_TESTCACHE_SIZE", - "AFL_TESTCACHE_ENTRIES", - "AFL_TMIN_EXACT", - "AFL_TMPDIR", - "AFL_TOKEN_FILE", - "AFL_TRACE_PC", - "AFL_USE_ASAN", - "AFL_USE_MSAN", - "AFL_USE_TRACE_PC", - "AFL_USE_UBSAN", - "AFL_USE_TSAN", - "AFL_USE_CFISAN", - "AFL_USE_LSAN", - "AFL_WINE_PATH", - "AFL_NO_SNAPSHOT", - "AFL_EXPAND_HAVOC_NOW", - "AFL_USE_FASAN", - "AFL_USE_QASAN", - "AFL_PRINT_FILENAMES", - "AFL_PIZZA_MODE", - NULL + "AFL_NOOPT", "AFL_NYX_AUX_SIZE", "AFL_NYX_DISABLE_SNAPSHOT_MODE", + "AFL_NYX_LOG", "AFL_NYX_REUSE_SNAPSHOT", "AFL_PASSTHROUGH", "AFL_PATH", + "AFL_PERFORMANCE_FILE", "AFL_PERSISTENT_RECORD", + "AFL_POST_PROCESS_KEEP_ORIGINAL", "AFL_PRELOAD", "AFL_TARGET_ENV", + "AFL_PYTHON_MODULE", "AFL_QEMU_CUSTOM_BIN", "AFL_QEMU_COMPCOV", + "AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE", + "AFL_QEMU_DRIVER_NO_HOOK", "AFL_QEMU_FORCE_DFL", "AFL_QEMU_PERSISTENT_ADDR", + "AFL_QEMU_PERSISTENT_CNT", "AFL_QEMU_PERSISTENT_GPR", + "AFL_QEMU_PERSISTENT_HOOK", "AFL_QEMU_PERSISTENT_MEM", + "AFL_QEMU_PERSISTENT_RET", "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", + "AFL_QEMU_PERSISTENT_EXITS", "AFL_QEMU_INST_RANGES", + "AFL_QEMU_EXCLUDE_RANGES", "AFL_QEMU_SNAPSHOT", "AFL_QEMU_TRACK_UNSTABLE", + "AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH", + "AFL_SHUFFLE_QUEUE", "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ", + "AFL_SKIP_CRASHES", "AFL_SKIP_OSSFUZZ", "AFL_STATSD", "AFL_STATSD_HOST", + "AFL_STATSD_PORT", "AFL_STATSD_TAGS_FLAVOR", "AFL_SYNC_TIME", + "AFL_TESTCACHE_SIZE", "AFL_TESTCACHE_ENTRIES", "AFL_TMIN_EXACT", + "AFL_TMPDIR", "AFL_TOKEN_FILE", "AFL_TRACE_PC", "AFL_USE_ASAN", + "AFL_USE_MSAN", "AFL_USE_TRACE_PC", "AFL_USE_UBSAN", "AFL_USE_TSAN", + "AFL_USE_CFISAN", "AFL_USE_LSAN", "AFL_WINE_PATH", "AFL_NO_SNAPSHOT", + "AFL_EXPAND_HAVOC_NOW", "AFL_USE_FASAN", "AFL_USE_QASAN", + "AFL_PRINT_FILENAMES", "AFL_PIZZA_MODE", NULL }; From bb6d9cddd73e2954a3e9d30dc8f73f04e6d90ec3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 8 Jan 2024 16:28:11 +0100 Subject: [PATCH 282/357] update grammar mutator --- custom_mutators/grammar_mutator/GRAMMAR_VERSION | 2 +- custom_mutators/grammar_mutator/grammar_mutator | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index 2568c6a55c..4c291bf8b7 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -ff4e5a2 +9716f1092737be0f18e59a449070687a31c5f41e diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index ff4e5a265d..9716f10927 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit ff4e5a265daf5d88c4a636fb6a2c22b1d733db09 +Subproject commit 9716f1092737be0f18e59a449070687a31c5f41e From db65dc5a0b5174f6eb22befee6dbc703092ff168 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 9 Jan 2024 16:50:57 +0100 Subject: [PATCH 283/357] lto llvm 12+ --- GNUmakefile.llvm | 6 +++--- docs/Changelog.md | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index c704d772e9..7437130d54 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -51,7 +51,7 @@ LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9] LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_NEWER_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[6-9]' && echo 1 || echo 0 ) LLVM_13_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[3-9]' && echo 1 || echo 0 ) -LLVM_HAVE_LTO = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[1-9]' && echo 1 || echo 0 ) +LLVM_HAVE_LTO = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[2-9]' && echo 1 || echo 0 ) LLVM_BINDIR = $(shell $(LLVM_CONFIG) --bindir 2>/dev/null) LLVM_LIBDIR = $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) LLVM_STDCXX = gnu++11 @@ -95,12 +95,12 @@ ifeq "$(LLVM_NEWER_API)" "1" endif ifeq "$(LLVM_HAVE_LTO)" "1" - $(info [+] llvm_mode detected llvm 11+, enabling afl-lto LTO implementation) + $(info [+] llvm_mode detected llvm 12+, enabling afl-lto LTO implementation) LLVM_LTO = 1 endif ifeq "$(LLVM_LTO)" "0" - $(info [+] llvm_mode detected llvm < 11, afl-lto LTO will not be build.) + $(info [+] llvm_mode detected llvm < 12, afl-lto LTO will not be build.) endif ifeq "$(LLVM_APPLE_XCODE)" "1" diff --git a/docs/Changelog.md b/docs/Changelog.md index 69a369e366..7d3881342d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -11,6 +11,7 @@ reporting! - afl-cc: - large rewrite by @SonicStark which fixes a few corner cases, thanks! + - LTO mode now requires llvm 12+ - instrumentation: - LLVM 18 support, thanks to @devnexen! - Injection (SQL, LDAP, XSS) feature now available, see From f75778adfb0fbea570a94b43eff801eb6d996f79 Mon Sep 17 00:00:00 2001 From: Xeonacid Date: Thu, 11 Jan 2024 15:42:51 +0800 Subject: [PATCH 284/357] docs(custom_mutators): fix missing ':' (#1953) --- docs/custom_mutators.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index ce0a42dc63..73e3c8021b 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -73,7 +73,7 @@ def init(seed): def fuzz_count(buf): return cnt -def splice_optout() +def splice_optout(): pass def fuzz(buf, add_buf, max_size): From 4e9c6050d038c852db4f1a22fad2e8c678c9f053 Mon Sep 17 00:00:00 2001 From: Sonic <50692172+SonicStark@users.noreply.github.com> Date: Thu, 11 Jan 2024 18:44:40 +0800 Subject: [PATCH 285/357] Fix broken LTO mode and response file support (#1948) --- src/afl-cc.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 08348d2c0d..5ee19e42e1 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2059,7 +2059,6 @@ void add_lto_passes(aflcc_state_t *aflcc) { #endif insert_param(aflcc, "-Wl,--allow-multiple-definition"); - insert_param(aflcc, aflcc->lto_flag); } @@ -2295,10 +2294,6 @@ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { SCAN_KEEP(aflcc->have_pic, 1); - } else if (cur_argv[0] != '-') { - - SCAN_KEEP(aflcc->non_dash, 1); - } else if (!strcmp(cur_argv, "-m32") || !strcmp(cur_argv, "armv7a-linux-androideabi")) { @@ -2374,6 +2369,14 @@ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } + } else if (cur_argv[0] != '-') { + + /* It's a weak, loose pattern, with very different purpose + than others. We handle it at last, cautiously and robustly. */ + + if (scan && cur_argv[0] != '@') // response file support + aflcc->non_dash = 1; + } #undef SCAN_KEEP @@ -2912,10 +2915,16 @@ static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, // use. insert_param(aflcc, "-flegacy-pass-manager"); // #endif - if (aflcc->lto_mode && !aflcc->have_c) { + if (aflcc->lto_mode) { + + insert_param(aflcc, aflcc->lto_flag); + + if (!aflcc->have_c) { - add_lto_linker(aflcc); - add_lto_passes(aflcc); + add_lto_linker(aflcc); + add_lto_passes(aflcc); + + } } else { From 9d3c25ac8103d79217f89d79dcc7dc20873222f4 Mon Sep 17 00:00:00 2001 From: Nils Bars Date: Thu, 11 Jan 2024 11:45:26 +0100 Subject: [PATCH 286/357] Strip `-Wl,-no-undefined` during compilation (#1952) Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`. Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix). --- src/afl-cc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 5ee19e42e1..f39dfdcc59 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1962,8 +1962,8 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, } } else if (!strcmp(cur_argv, "-Wl,-z,defs") || - !strcmp(cur_argv, "-Wl,--no-undefined") || + !strcmp(cur_argv, "-Wl,-no-undefined") || !strcmp(cur_argv, "--no-undefined") || strstr(cur_argv, "afl-compiler-rt") || strstr(cur_argv, "afl-llvm-rt")) { @@ -3030,4 +3030,3 @@ int main(int argc, char **argv, char **envp) { return 0; } - From b99bbf671b7469a5aad29898fe28489004c4cbe7 Mon Sep 17 00:00:00 2001 From: Xeonacid Date: Thu, 11 Jan 2024 21:13:47 +0800 Subject: [PATCH 287/357] Remove dead code in write_to_testcase (#1955) The custom_mutators_count check in if case is duplicate with if condition. The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed. Signed-off-by: Xeonacid --- src/afl-fuzz-run.c | 41 +++++++++-------------------------------- 1 file changed, 9 insertions(+), 32 deletions(-) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 34a5ff8171..1ee8ebe76d 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -169,20 +169,16 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } - if (unlikely(afl->custom_mutators_count)) { - - LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - - if (el->afl_custom_fuzz_send) { + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - el->afl_custom_fuzz_send(el->data, *mem, new_size); - sent = 1; + if (el->afl_custom_fuzz_send) { - } + el->afl_custom_fuzz_send(el->data, *mem, new_size); + sent = 1; - }); + } - } + }); if (likely(!sent)) { @@ -203,7 +199,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } - } else { + } else { /* !afl->custom_mutators_count */ if (unlikely(len < afl->min_length && !fix)) { @@ -215,27 +211,8 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } - if (unlikely(afl->custom_mutators_count)) { - - LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - - if (el->afl_custom_fuzz_send) { - - el->afl_custom_fuzz_send(el->data, *mem, len); - sent = 1; - - } - - }); - - } - - if (likely(!sent)) { - - /* boring uncustom. */ - afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len); - - } + /* boring uncustom. */ + afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len); } From a4017406dc02e49dbc3820e3eb5bee5e15d7fed1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 12 Jan 2024 15:37:37 +0100 Subject: [PATCH 288/357] update qemuafl --- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/qemuafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 44ea53453a..b4e764b77c 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -a1321713c7 +e63c9af193 diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index b0abbe2e74..e63c9af193 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit b0abbe2e74ed74ff6ff25b5ea3110d27ba978001 +Subproject commit e63c9af1937c13163cd1bc8bc276101441cbe70a From 355dcf63205227c6f1d9534aceb5ea2eb60c3afc Mon Sep 17 00:00:00 2001 From: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com> Date: Fri, 12 Jan 2024 15:42:41 +0100 Subject: [PATCH 289/357] WIP: Add ability to generate drcov trace using QEMU backend (#1956) * Document new drcov QEMU plugin * Add link to lightkeeper for QEMU drcov file loading --------- Co-authored-by: Jean-Romain Garnier --- qemu_mode/README.md | 33 ++++++++++++++++++++++++++++++--- qemu_mode/build_qemu_support.sh | 4 +++- 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 9203873737..b78eb29701 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -193,12 +193,39 @@ Comparative measurements of execution speed or instrumentation coverage will be fairly meaningless if the optimization levels or instrumentation scopes don't match. -## 12) Other features +## 12) Coverage information + +Coverage information about a run of a target binary can be obtained using a +dedicated QEMU user mode plugin enabled at runtime: the `drcov.c` plugin +collects coverage information from the target binary and writes it in the Drcov +format. This file can then be loaded using tools such as +[lighthouse](https://github.com/gaasedelen/lighthouse), +[lightkeeper](https://github.com/WorksButNotTested/lightkeeper) or +[Cartographer](https://github.com/nccgroup/Cartographer). + +To compile the QEMU TCG plugins, run the following command from the `qemuafl` +directory: + +``` +make plugins +``` + +Plugins can be loaded using either the `QEMU_PLUGIN` environment variable or +using the `-plugin` option. For example: + +``` +afl-qemu-trace -plugin qemuafl/build/contrib/plugins/libdrcov.so,arg=filename=/tmp/target.drcov.trace +``` + +This would execute the target binary with the provided arguments and, once done, +would write coverage information at `/tmp/target.drcov.trace`. + +## 13) Other features With `AFL_QEMU_FORCE_DFL`, you force QEMU to ignore the registered signal handlers of the target. -## 13) Gotchas, feedback, bugs +## 14) Gotchas, feedback, bugs If you need to fix up checksums or do other cleanups on mutated test cases, see `afl_custom_post_process` in custom_mutators/examples/example.c for a viable @@ -217,7 +244,7 @@ program may be utilizing. In particular, it does not appear to have full support for AVX2/FMA3. Using binaries for older CPUs or recompiling them with `-march=core2`, can help. -## 14) Alternatives: static rewriting +## 15) Alternatives: static rewriting Statically rewriting binaries just once, instead of attempting to translate them at run time, can be a faster alternative. That said, static rewriting is fraught diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index f59cba78a0..3f8a88f2b3 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -132,7 +132,10 @@ echo "Building for CPU target $CPU_TARGET" # --enable-pie seems to give a couple of exec's a second performance # improvement, much to my surprise. Not sure how universal this is.. +# --enable-plugins allows loading TCG plugins at runtime, for example to obtain +# coverage information, and does not seem to negatively impact performance QEMU_CONF_FLAGS=" \ + --enable-plugins \ --audio-drv-list= \ --disable-blobs \ --disable-bochs \ @@ -162,7 +165,6 @@ QEMU_CONF_FLAGS=" \ --disable-numa \ --disable-opengl \ --disable-parallels \ - --disable-plugins \ --disable-qcow1 \ --disable-qed \ --disable-rbd \ From 46ef6a54e1395b3b03923848967e2b2eb7f37022 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 12 Jan 2024 15:43:09 +0100 Subject: [PATCH 290/357] code format --- src/afl-cc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/afl-cc.c b/src/afl-cc.c index f39dfdcc59..41cdc13ddb 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1962,6 +1962,7 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, } } else if (!strcmp(cur_argv, "-Wl,-z,defs") || + !strcmp(cur_argv, "-Wl,--no-undefined") || !strcmp(cur_argv, "-Wl,-no-undefined") || !strcmp(cur_argv, "--no-undefined") || @@ -3030,3 +3031,4 @@ int main(int argc, char **argv, char **envp) { return 0; } + From 68d883d4285b7adedb2cd87a034c28a76ce2aa8c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 12 Jan 2024 15:44:45 +0100 Subject: [PATCH 291/357] changelog --- docs/Changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 7d3881342d..76470bde44 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -21,6 +21,10 @@ - due a bug in LLVM 17 integer splitting is disabled there! - when splitting floats was selected, integers were always split as well, fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should + - qemu_mode: + - plugins are now activated by default and a new module is included that + produces drcov compatible traces for lighthouse/lightkeeper/... + thanks to @JRomainG to submitting! ### Version ++4.09c (release) From e9621db61cd8e5a12988315dae728c50af807c34 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 16 Jan 2024 09:22:43 +0100 Subject: [PATCH 292/357] sleep on uid != 0 afl-system-config --- afl-system-config | 1 + 1 file changed, 1 insertion(+) diff --git a/afl-system-config b/afl-system-config index c633e4e84b..7e2cb68810 100755 --- a/afl-system-config +++ b/afl-system-config @@ -25,6 +25,7 @@ echo "WARNING: this reduces the security of the system!" echo if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then echo "Warning: you need to be root to run this!" + sleep 1 # we do not exit as other mechanisms exist that allows to do this than # being root. let the errors speak for themselves. fi From 8412b17d799ee011507fa0bde21f3cb34fafad6a Mon Sep 17 00:00:00 2001 From: Sonic <50692172+SonicStark@users.noreply.github.com> Date: Thu, 18 Jan 2024 15:56:28 +0800 Subject: [PATCH 293/357] fix segv about skip_next, warn on unsupported cases of linking options (#1958) --- src/afl-cc.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 41cdc13ddb..748fbdfc64 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1982,7 +1982,7 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, } else if (!strcmp(cur_argv, "-z") || !strcmp(cur_argv, "-Wl,-z")) { u8 *param = *(argv + 1); - if (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs")) { + if (param && (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs"))) { *skip_next = 1; @@ -2000,6 +2000,64 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, } + // Try to warn user for some unsupported cases + if (scan && final_ == PARAM_MISS) { + + u8 *ptr_ = NULL; + + if (!strcmp(cur_argv, "-Xlinker") && (ptr_ = *(argv + 1))) { + + if (!strcmp(ptr_, "defs")) { + + WARNF("'-Xlinker' 'defs' detected. This may result in a bad link."); + + } else if (strstr(ptr_, "-no-undefined")) { + + WARNF( + "'-Xlinker' '%s' detected. The latter option may be dropped and " + "result in a bad link.", + ptr_); + + } + + } else if (!strncmp(cur_argv, "-Wl,", 4) && + + (u8 *)strrchr(cur_argv, ',') != (cur_argv + 3)) { + + ptr_ = cur_argv + 4; + + if (strstr(ptr_, "-shared") || strstr(ptr_, "-dynamiclib")) { + + WARNF( + "'%s': multiple link options after '-Wl,' may break shared " + "linking.", + ptr_); + + } + + if (strstr(ptr_, "-r,") || strstr(ptr_, "-i,") || strstr(ptr_, ",-r") || + strstr(ptr_, ",-i") || strstr(ptr_, "--relocatable")) { + + WARNF( + "'%s': multiple link options after '-Wl,' may break partial " + "linking.", + ptr_); + + } + + if (strstr(ptr_, "defs") || strstr(ptr_, "no-undefined")) { + + WARNF( + "'%s': multiple link options after '-Wl,' may enable report " + "unresolved symbol references and result in a bad link.", + ptr_); + + } + + } + + } + if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); return final_; From 046473acd5e8ff036beec6c4899128b3426e86bd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 18 Jan 2024 08:57:51 +0100 Subject: [PATCH 294/357] todos --- TODO.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/TODO.md b/TODO.md index 7cab71e8fe..50bd6d718b 100644 --- a/TODO.md +++ b/TODO.md @@ -9,6 +9,9 @@ - afl-fuzz multicore wrapper script - when trimming then perform crash detection - either -L0 and/or -p mmopt results in zero new coverage + - DYLD_NO_PIE=1 + - sudo nvram boot-args="no_aslr=1" + ## Should From 136febaf6855ac1e04c8ea4ecbcb84eb42de2143 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 18 Jan 2024 09:17:25 +0100 Subject: [PATCH 295/357] ensure afl-cc only allows available compiler modes --- src/afl-cc.c | 140 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 104 insertions(+), 36 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 748fbdfc64..3377b42f94 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -167,7 +167,7 @@ typedef struct aflcc_state { u8 cmplog_mode; - u8 have_instr_env, have_gcc, have_llvm, have_gcc_plugin, have_lto, + u8 have_instr_env, have_gcc, have_clang, have_llvm, have_gcc_plugin, have_lto, have_optimized_pcguard, have_instr_list; u8 fortify_set, asan_set, x_set, bit_mode, preprocessor_only, have_unroll, @@ -504,13 +504,20 @@ void find_built_deps(aflcc_state_t *aflcc) { char *ptr = NULL; +#if defined(__x86_64__) if ((ptr = find_object(aflcc, "as")) != NULL) { + #ifndef __APPLE__ + // on OSX clang masquerades as GCC aflcc->have_gcc = 1; + #endif + aflcc->have_clang = 1; ck_free(ptr); } +#endif + if ((ptr = find_object(aflcc, "SanitizerCoveragePCGUARD.so")) != NULL) { aflcc->have_optimized_pcguard = 1; @@ -604,12 +611,18 @@ void compiler_mode_by_callname(aflcc_state_t *aflcc) { aflcc->compiler_mode = GCC_PLUGIN; +#if defined(__x86_64__) + } else if (strncmp(aflcc->callname, "afl-gcc", 7) == 0 || strncmp(aflcc->callname, "afl-g++", 7) == 0) { aflcc->compiler_mode = GCC; +#endif + +#if defined(__x86_64__) + } else if (strcmp(aflcc->callname, "afl-clang") == 0 || strcmp(aflcc->callname, "afl-clang++") == 0) { @@ -618,6 +631,8 @@ void compiler_mode_by_callname(aflcc_state_t *aflcc) { } +#endif + } void compiler_mode_by_environ(aflcc_state_t *aflcc) { @@ -660,14 +675,22 @@ void compiler_mode_by_environ(aflcc_state_t *aflcc) { aflcc->compiler_mode = GCC_PLUGIN; +#if defined(__x86_64__) + } else if (strcasecmp(ptr, "GCC") == 0) { aflcc->compiler_mode = GCC; +#endif + +#if defined(__x86_64__) + } else if (strcasecmp(ptr, "CLANG") == 0) { aflcc->compiler_mode = CLANG; +#endif + } else FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr); @@ -751,14 +774,22 @@ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->compiler_mode = GCC_PLUGIN; +#if defined(__x86_64__) + } else if (strcasecmp(ptr, "GCC") == 0) { aflcc->compiler_mode = GCC; +#endif + +#if defined(__x86_64__) + } else if (strncasecmp(ptr, "CLANG", 5) == 0) { aflcc->compiler_mode = CLANG; +#endif + } else FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); @@ -929,6 +960,7 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } +#if defined(__x86_64__) if (strcasecmp(ptr2, "gcc") == 0) { if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_GCC) @@ -943,6 +975,9 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } +#endif + +#if defined(__x86_64__) if (strcasecmp(ptr2, "clang") == 0) { if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_CLANG) @@ -957,6 +992,8 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } +#endif + if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { @@ -1130,12 +1167,9 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { else if (aflcc->have_gcc_plugin) aflcc->compiler_mode = GCC_PLUGIN; else if (aflcc->have_gcc) -#ifdef __APPLE__ - // on OSX clang masquerades as GCC - aflcc->compiler_mode = CLANG; -#else aflcc->compiler_mode = GCC; -#endif + else if (aflcc->have_clang) + aflcc->compiler_mode = CLANG; else if (aflcc->have_lto) aflcc->compiler_mode = LTO; else @@ -1143,6 +1177,38 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { } + switch (aflcc->compiler_mode) { + + case GCC: + if (!aflcc->have_gcc) FATAL("afl-gcc not available on your platform!"); + break; + case CLANG: + if (!aflcc->have_clang) + FATAL("afl-clang not available on your platform!"); + break; + case LLVM: + if (!aflcc->have_llvm) + FATAL( + "LLVM mode is not available, please install LLVM 13+ and recompile " + "AFL++"); + break; + case GCC_PLUGIN: + if (!aflcc->have_gcc_plugin) + FATAL( + "GCC_PLUGIN mode is not available, install gcc plugin support and " + "recompile AFL++"); + break; + case LTO: + if (!aflcc->have_lto) + FATAL( + "LTO mode is not available, please install LLVM 13+ and lld of the " + "same version and recompile AFL++"); + break; + default: + FATAL("no compiler mode available"); + + } + if (aflcc->compiler_mode == GCC) { aflcc->instrument_mode = INSTRUMENT_GCC; } if (aflcc->compiler_mode == CLANG) { @@ -1217,7 +1283,7 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->instrument_mode = INSTRUMENT_PCGUARD; #else - aflcc->instrument_mode = INSTRUMENT_AFL; + aflcc->instrument_mode = INSTRUMENT_AFL; #endif } @@ -1491,8 +1557,8 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { "__attribute__((visibility(\"default\"))) " "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " #else - "__attribute__((visibility(\"default\"))) " - "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " + "__attribute__((visibility(\"default\"))) " + "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " #endif /* ^__APPLE__ */ // if afl is connected, we run _A times, else once. "_L(__afl_connected ? _A : 1); })"); @@ -1507,8 +1573,8 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { "__attribute__((visibility(\"default\"))) " "void _I(void) __asm__(\"___afl_manual_init\"); " #else - "__attribute__((visibility(\"default\"))) " - "void _I(void) __asm__(\"__afl_manual_init\"); " + "__attribute__((visibility(\"default\"))) " + "void _I(void) __asm__(\"__afl_manual_init\"); " #endif /* ^__APPLE__ */ "_I(); } while (0)"); @@ -1618,8 +1684,6 @@ static u8 fsanitize_fuzzer_comma(char *string) { } while (!ende); strcpy(string, new); - // fprintf(stderr, "string: %s\n", string); - // fprintf(stderr, "new: %s\n", new); ck_free(tmp); ck_free(new); @@ -1824,12 +1888,12 @@ void add_native_pcguard(aflcc_state_t *aflcc) { FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); #else #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation with pc-table requires LLVM 6.0.1+" - " otherwise the compiler will fail"); + WARNF( + "pcguard instrumentation with pc-table requires LLVM 6.0.1+" + " otherwise the compiler will fail"); #endif - insert_param(aflcc, - "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); + insert_param(aflcc, + "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); #endif } else { @@ -1838,11 +1902,11 @@ void add_native_pcguard(aflcc_state_t *aflcc) { FATAL("pcguard instrumentation requires LLVM 4.0.1+"); #else #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation requires LLVM 4.0.1+" - " otherwise the compiler will fail"); + WARNF( + "pcguard instrumentation requires LLVM 4.0.1+" + " otherwise the compiler will fail"); #endif - insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); #endif } @@ -1884,16 +1948,16 @@ void add_optimized_pcguard(aflcc_state_t *aflcc) { #else // LLVM_MAJOR < 13 #if LLVM_MAJOR >= 4 - if (!be_quiet) - SAYF( - "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " - "enhanced version.\n"); - insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); - aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; + if (!be_quiet) + SAYF( + "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " + "enhanced version.\n"); + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; #else - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); + FATAL("pcguard instrumentation requires LLVM 4.0.1+"); #endif #endif @@ -2097,7 +2161,7 @@ void add_lto_linker(aflcc_state_t *aflcc) { #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 insert_param(aflcc, alloc_printf("--ld-path=%s", ld_path)); #else - insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); + insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); #endif free(ld_path); @@ -2110,11 +2174,11 @@ void add_lto_passes(aflcc_state_t *aflcc) { insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,--load-pass-plugin=%s", 0); #elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13 - insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); - insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); + insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); #else - insert_param(aflcc, "-fno-experimental-new-pass-manager"); - insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); + insert_param(aflcc, "-fno-experimental-new-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); #endif insert_param(aflcc, "-Wl,--allow-multiple-definition"); @@ -2503,7 +2567,11 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->compiler_mode == LTO ? " [SELECTED]" : "", aflcc->have_gcc_plugin ? "AVAILABLE" : "unavailable!", aflcc->compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", - aflcc->have_gcc ? "AVAILABLE" : "unavailable!", + aflcc->have_gcc && aflcc->have_clang + ? "AVAILABLE" + : (aflcc->have_gcc + ? "GCC ONLY " + : (aflcc->have_clang ? "CLANG ONLY" : "unavailable!")), (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) ? " [SELECTED]" : ""); @@ -2708,7 +2776,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { SAYF("Compiled with shm_open support (adds -lrt when linking).\n"); #endif #else - SAYF("Compiled with shmat support.\n"); + SAYF("Compiled with shmat support.\n"); #endif SAYF("\n"); From 04219f98575847e9846b4ecf0de40dd92cd9d56c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 18 Jan 2024 09:28:56 +0100 Subject: [PATCH 296/357] update grammar mutator --- custom_mutators/grammar_mutator/GRAMMAR_VERSION | 2 +- custom_mutators/grammar_mutator/grammar_mutator | 2 +- docs/Changelog.md | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index 4c291bf8b7..2568c6a55c 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -9716f1092737be0f18e59a449070687a31c5f41e +ff4e5a2 diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index 9716f10927..ff4e5a265d 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit 9716f1092737be0f18e59a449070687a31c5f41e +Subproject commit ff4e5a265daf5d88c4a636fb6a2c22b1d733db09 diff --git a/docs/Changelog.md b/docs/Changelog.md index 76470bde44..c681c4e17c 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -25,6 +25,7 @@ - plugins are now activated by default and a new module is included that produces drcov compatible traces for lighthouse/lightkeeper/... thanks to @JRomainG to submitting! + - updated the custom grammar mutator ### Version ++4.09c (release) From 523ce154c3cda758f234cadf76c73663b21e105f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 18 Jan 2024 11:22:06 +0100 Subject: [PATCH 297/357] disable aslr on apple --- TODO.md | 3 --- afl-persistent-config | 8 ++++++++ src/afl-fuzz.c | 4 ++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/TODO.md b/TODO.md index 50bd6d718b..7cab71e8fe 100644 --- a/TODO.md +++ b/TODO.md @@ -9,9 +9,6 @@ - afl-fuzz multicore wrapper script - when trimming then perform crash detection - either -L0 and/or -p mmopt results in zero new coverage - - DYLD_NO_PIE=1 - - sudo nvram boot-args="no_aslr=1" - ## Should diff --git a/afl-persistent-config b/afl-persistent-config index d78db2860a..26be9d9f8c 100755 --- a/afl-persistent-config +++ b/afl-persistent-config @@ -38,6 +38,7 @@ fi echo PLATFORM=`uname -s` +ARCH=`uname -m` # check that we're on Mac if [[ "$PLATFORM" = "Darwin" ]] ; then @@ -87,6 +88,13 @@ if [[ "$PLATFORM" = "Darwin" ]] ; then EOF + if [[ "$ARCH" = "x86_64" ]]; then + echo "Disabling ASLR system wide" + nvram boot-args="no_aslr=1" + else + echo NOTICE: on ARM64 we do not know currently how to disable system wide ASLR, please report if you know how. + fi + echo echo "Reboot and enjoy your fuzzing" exit 0 diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 17949fd7b9..2d5787e804 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1812,6 +1812,10 @@ int main(int argc, char **argv_orig, char **envp) { check_cpu_governor(afl); #endif + #ifdef __APPLE__ + setenv("DYLD_NO_PIE", "1", 0); + #endif + if (getenv("LD_PRELOAD")) { WARNF( From e731a1c1ab48dbc9a70a9e5680f00aab307abfa1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 18 Jan 2024 12:01:26 +0100 Subject: [PATCH 298/357] fix for arm64 --- src/afl-cc.c | 58 ++++++++++++++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 3377b42f94..192c542325 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -629,10 +629,10 @@ void compiler_mode_by_callname(aflcc_state_t *aflcc) { aflcc->compiler_mode = CLANG; - } - #endif + } + } void compiler_mode_by_environ(aflcc_state_t *aflcc) { @@ -1283,7 +1283,7 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->instrument_mode = INSTRUMENT_PCGUARD; #else - aflcc->instrument_mode = INSTRUMENT_AFL; + aflcc->instrument_mode = INSTRUMENT_AFL; #endif } @@ -1557,8 +1557,8 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { "__attribute__((visibility(\"default\"))) " "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " #else - "__attribute__((visibility(\"default\"))) " - "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " + "__attribute__((visibility(\"default\"))) " + "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " #endif /* ^__APPLE__ */ // if afl is connected, we run _A times, else once. "_L(__afl_connected ? _A : 1); })"); @@ -1573,8 +1573,8 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { "__attribute__((visibility(\"default\"))) " "void _I(void) __asm__(\"___afl_manual_init\"); " #else - "__attribute__((visibility(\"default\"))) " - "void _I(void) __asm__(\"__afl_manual_init\"); " + "__attribute__((visibility(\"default\"))) " + "void _I(void) __asm__(\"__afl_manual_init\"); " #endif /* ^__APPLE__ */ "_I(); } while (0)"); @@ -1888,12 +1888,12 @@ void add_native_pcguard(aflcc_state_t *aflcc) { FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); #else #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation with pc-table requires LLVM 6.0.1+" - " otherwise the compiler will fail"); + WARNF( + "pcguard instrumentation with pc-table requires LLVM 6.0.1+" + " otherwise the compiler will fail"); #endif - insert_param(aflcc, - "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); + insert_param(aflcc, + "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); #endif } else { @@ -1902,11 +1902,11 @@ void add_native_pcguard(aflcc_state_t *aflcc) { FATAL("pcguard instrumentation requires LLVM 4.0.1+"); #else #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation requires LLVM 4.0.1+" - " otherwise the compiler will fail"); + WARNF( + "pcguard instrumentation requires LLVM 4.0.1+" + " otherwise the compiler will fail"); #endif - insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); #endif } @@ -1948,16 +1948,16 @@ void add_optimized_pcguard(aflcc_state_t *aflcc) { #else // LLVM_MAJOR < 13 #if LLVM_MAJOR >= 4 - if (!be_quiet) - SAYF( - "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " - "enhanced version.\n"); - insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); - aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; + if (!be_quiet) + SAYF( + "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " + "enhanced version.\n"); + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; #else - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); + FATAL("pcguard instrumentation requires LLVM 4.0.1+"); #endif #endif @@ -2161,7 +2161,7 @@ void add_lto_linker(aflcc_state_t *aflcc) { #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 insert_param(aflcc, alloc_printf("--ld-path=%s", ld_path)); #else - insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); + insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); #endif free(ld_path); @@ -2174,11 +2174,11 @@ void add_lto_passes(aflcc_state_t *aflcc) { insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,--load-pass-plugin=%s", 0); #elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13 - insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); - insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); + insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); #else - insert_param(aflcc, "-fno-experimental-new-pass-manager"); - insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); + insert_param(aflcc, "-fno-experimental-new-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); #endif insert_param(aflcc, "-Wl,--allow-multiple-definition"); @@ -2776,7 +2776,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { SAYF("Compiled with shm_open support (adds -lrt when linking).\n"); #endif #else - SAYF("Compiled with shmat support.\n"); + SAYF("Compiled with shmat support.\n"); #endif SAYF("\n"); From 0c054f520eda67b7bb15f95ca58c028e9b68131f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 18 Jan 2024 16:17:48 +0100 Subject: [PATCH 299/357] push to stable (#1960) * Output afl-clang-fast stuffs only if necessary (#1912) * afl-cc header * afl-cc common declarations - Add afl-cc-state.c - Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c - Use debugf_args in main - Modify execvp stuffs to fit new aflcc struct * afl-cc show usage * afl-cc mode selecting 1. compiler_mode by callname in argv[0] 2. compiler_mode by env "AFL_CC_COMPILER" 3. compiler_mode/instrument_mode by command line options "--afl-..." 4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT" 5. final checking steps 6. print "... - mode: %s-%s\n" 7. determine real argv[0] according to compiler_mode * afl-cc macro defs * afl-cc linking behaviors * afl-cc fsanitize behaviors * afl-cc misc * afl-cc body update * afl-cc all-in-one formated with custom-format.py * nits --------- Co-authored-by: vanhauser-thc * changelog * update grammar mutator * lto llvm 12+ * docs(custom_mutators): fix missing ':' (#1953) * Fix broken LTO mode and response file support (#1948) * Strip `-Wl,-no-undefined` during compilation (#1952) Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`. Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix). * Remove dead code in write_to_testcase (#1955) The custom_mutators_count check in if case is duplicate with if condition. The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed. Signed-off-by: Xeonacid * update qemuafl * WIP: Add ability to generate drcov trace using QEMU backend (#1956) * Document new drcov QEMU plugin * Add link to lightkeeper for QEMU drcov file loading --------- Co-authored-by: Jean-Romain Garnier * code format * changelog * sleep on uid != 0 afl-system-config * fix segv about skip_next, warn on unsupported cases of linking options (#1958) * todos * ensure afl-cc only allows available compiler modes * update grammar mutator * disable aslr on apple * fix for arm64 --------- Signed-off-by: Xeonacid Co-authored-by: Sonic <50692172+SonicStark@users.noreply.github.com> Co-authored-by: Xeonacid Co-authored-by: Nils Bars Co-authored-by: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com> Co-authored-by: Jean-Romain Garnier --- GNUmakefile.llvm | 6 +- afl-persistent-config | 8 + afl-system-config | 1 + docs/Changelog.md | 12 +- docs/custom_mutators.md | 2 +- include/envs.h | 319 +-- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/README.md | 33 +- qemu_mode/build_qemu_support.sh | 4 +- qemu_mode/qemuafl | 2 +- src/afl-cc.c | 3378 ++++++++++++++++++------------- src/afl-fuzz-run.c | 41 +- src/afl-fuzz.c | 4 + 13 files changed, 2118 insertions(+), 1694 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index c704d772e9..7437130d54 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -51,7 +51,7 @@ LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9] LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_NEWER_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[6-9]' && echo 1 || echo 0 ) LLVM_13_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[3-9]' && echo 1 || echo 0 ) -LLVM_HAVE_LTO = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[1-9]' && echo 1 || echo 0 ) +LLVM_HAVE_LTO = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[2-9]' && echo 1 || echo 0 ) LLVM_BINDIR = $(shell $(LLVM_CONFIG) --bindir 2>/dev/null) LLVM_LIBDIR = $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) LLVM_STDCXX = gnu++11 @@ -95,12 +95,12 @@ ifeq "$(LLVM_NEWER_API)" "1" endif ifeq "$(LLVM_HAVE_LTO)" "1" - $(info [+] llvm_mode detected llvm 11+, enabling afl-lto LTO implementation) + $(info [+] llvm_mode detected llvm 12+, enabling afl-lto LTO implementation) LLVM_LTO = 1 endif ifeq "$(LLVM_LTO)" "0" - $(info [+] llvm_mode detected llvm < 11, afl-lto LTO will not be build.) + $(info [+] llvm_mode detected llvm < 12, afl-lto LTO will not be build.) endif ifeq "$(LLVM_APPLE_XCODE)" "1" diff --git a/afl-persistent-config b/afl-persistent-config index d78db2860a..26be9d9f8c 100755 --- a/afl-persistent-config +++ b/afl-persistent-config @@ -38,6 +38,7 @@ fi echo PLATFORM=`uname -s` +ARCH=`uname -m` # check that we're on Mac if [[ "$PLATFORM" = "Darwin" ]] ; then @@ -87,6 +88,13 @@ if [[ "$PLATFORM" = "Darwin" ]] ; then EOF + if [[ "$ARCH" = "x86_64" ]]; then + echo "Disabling ASLR system wide" + nvram boot-args="no_aslr=1" + else + echo NOTICE: on ARM64 we do not know currently how to disable system wide ASLR, please report if you know how. + fi + echo echo "Reboot and enjoy your fuzzing" exit 0 diff --git a/afl-system-config b/afl-system-config index c633e4e84b..7e2cb68810 100755 --- a/afl-system-config +++ b/afl-system-config @@ -25,6 +25,7 @@ echo "WARNING: this reduces the security of the system!" echo if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then echo "Warning: you need to be root to run this!" + sleep 1 # we do not exit as other mechanisms exist that allows to do this than # being root. let the errors speak for themselves. fi diff --git a/docs/Changelog.md b/docs/Changelog.md index adc81d64a7..c681c4e17c 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,15 +9,23 @@ explore is slightly better now. - fixed minor issues in the mutation engine, thanks to @futhewo for reporting! + - afl-cc: + - large rewrite by @SonicStark which fixes a few corner cases, thanks! + - LTO mode now requires llvm 12+ - instrumentation: - LLVM 18 support, thanks to @devnexen! - Injection (SQL, LDAP, XSS) feature now available, see `instrumentation/README.injections.md` how to activate/use/expand. - compcov/LAF-intel: - floating point splitting bug fix by @hexcoder - - due a bug in LLVM 17 integer splitting is disabled! + - due a bug in LLVM 17 integer splitting is disabled there! - when splitting floats was selected, integers were always split as well, - fixed to require AFL_LLVM_LAF_SPLIT_COMPARES as it should + fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should + - qemu_mode: + - plugins are now activated by default and a new module is included that + produces drcov compatible traces for lighthouse/lightkeeper/... + thanks to @JRomainG to submitting! + - updated the custom grammar mutator ### Version ++4.09c (release) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index ce0a42dc63..73e3c8021b 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -73,7 +73,7 @@ def init(seed): def fuzz_count(buf): return cnt -def splice_optout() +def splice_optout(): pass def fuzz(buf, add_buf, max_size): diff --git a/include/envs.h b/include/envs.h index aa5c658e6a..0f645d23cf 100644 --- a/include/envs.h +++ b/include/envs.h @@ -16,255 +16,104 @@ static char *afl_environment_deprecated[] = { static char *afl_environment_variables[] = { - "AFL_ALIGNED_ALLOC", - "AFL_ALLOW_TMP", - "AFL_ANALYZE_HEX", - "AFL_AS", - "AFL_AUTORESUME", - "AFL_AS_FORCE_INSTRUMENT", - "AFL_BENCH_JUST_ONE", - "AFL_BENCH_UNTIL_CRASH", - "AFL_CAL_FAST", - "AFL_CC", - "AFL_CC_COMPILER", - "AFL_CMIN_ALLOW_ANY", - "AFL_CMIN_CRASHES_ONLY", - "AFL_CMPLOG_ONLY_NEW", - "AFL_CODE_END", - "AFL_CODE_START", - "AFL_COMPCOV_BINNAME", - "AFL_COMPCOV_LEVEL", - "AFL_CRASH_EXITCODE", - "AFL_CRASHING_SEEDS_AS_NEW_CRASH", - "AFL_CUSTOM_MUTATOR_LIBRARY", - "AFL_CUSTOM_MUTATOR_ONLY", - "AFL_CUSTOM_INFO_PROGRAM", - "AFL_CUSTOM_INFO_PROGRAM_ARGV", - "AFL_CUSTOM_INFO_PROGRAM_INPUT", - "AFL_CUSTOM_INFO_OUT", - "AFL_CXX", - "AFL_CYCLE_SCHEDULES", - "AFL_DEBUG", - "AFL_DEBUG_CHILD", - "AFL_DEBUG_GDB", - "AFL_DEBUG_UNICORN", - "AFL_DISABLE_TRIM", - "AFL_DISABLE_LLVM_INSTRUMENTATION", - "AFL_DONT_OPTIMIZE", - "AFL_DRIVER_STDERR_DUPLICATE_FILENAME", - "AFL_DUMB_FORKSRV", - "AFL_EARLY_FORKSERVER", - "AFL_ENTRYPOINT", - "AFL_EXIT_WHEN_DONE", - "AFL_EXIT_ON_TIME", - "AFL_EXIT_ON_SEED_ISSUES", - "AFL_FAST_CAL", - "AFL_FINAL_SYNC", - "AFL_FORCE_UI", - "AFL_FRIDA_DEBUG_MAPS", - "AFL_FRIDA_DRIVER_NO_HOOK", - "AFL_FRIDA_EXCLUDE_RANGES", - "AFL_FRIDA_INST_CACHE_SIZE", - "AFL_FRIDA_INST_COVERAGE_ABSOLUTE", - "AFL_FRIDA_INST_COVERAGE_FILE", - "AFL_FRIDA_INST_DEBUG_FILE", - "AFL_FRIDA_INST_INSN", - "AFL_FRIDA_INST_JIT", - "AFL_FRIDA_INST_NO_CACHE", - "AFL_FRIDA_INST_NO_DYNAMIC_LOAD", - "AFL_FRIDA_INST_NO_OPTIMIZE", - "AFL_FRIDA_INST_NO_PREFETCH", - "AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH", + "AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS", + "AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", + "AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CC_COMPILER", + "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY", "AFL_CMPLOG_ONLY_NEW", + "AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME", + "AFL_COMPCOV_LEVEL", "AFL_CRASH_EXITCODE", + "AFL_CRASHING_SEEDS_AS_NEW_CRASH", "AFL_CUSTOM_MUTATOR_LIBRARY", + "AFL_CUSTOM_MUTATOR_ONLY", "AFL_CUSTOM_INFO_PROGRAM", + "AFL_CUSTOM_INFO_PROGRAM_ARGV", "AFL_CUSTOM_INFO_PROGRAM_INPUT", + "AFL_CUSTOM_INFO_OUT", "AFL_CXX", "AFL_CYCLE_SCHEDULES", "AFL_DEBUG", + "AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", "AFL_DEBUG_UNICORN", "AFL_DISABLE_TRIM", + "AFL_DISABLE_LLVM_INSTRUMENTATION", "AFL_DONT_OPTIMIZE", + "AFL_DRIVER_STDERR_DUPLICATE_FILENAME", "AFL_DUMB_FORKSRV", + "AFL_EARLY_FORKSERVER", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", + "AFL_EXIT_ON_TIME", "AFL_EXIT_ON_SEED_ISSUES", "AFL_FAST_CAL", + "AFL_FINAL_SYNC", "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS", + "AFL_FRIDA_DRIVER_NO_HOOK", "AFL_FRIDA_EXCLUDE_RANGES", + "AFL_FRIDA_INST_CACHE_SIZE", "AFL_FRIDA_INST_COVERAGE_ABSOLUTE", + "AFL_FRIDA_INST_COVERAGE_FILE", "AFL_FRIDA_INST_DEBUG_FILE", + "AFL_FRIDA_INST_INSN", "AFL_FRIDA_INST_JIT", "AFL_FRIDA_INST_NO_CACHE", + "AFL_FRIDA_INST_NO_DYNAMIC_LOAD", "AFL_FRIDA_INST_NO_OPTIMIZE", + "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_NO_PREFETCH_BACKPATCH", "AFL_FRIDA_INST_NO_SUPPRESS" "AFL_FRIDA_INST_RANGES", - "AFL_FRIDA_INST_REGS_FILE", - "AFL_FRIDA_INST_SEED", - "AFL_FRIDA_INST_TRACE", - "AFL_FRIDA_INST_TRACE_UNIQUE", - "AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE", - "AFL_FRIDA_JS_SCRIPT", - "AFL_FRIDA_OUTPUT_STDOUT", - "AFL_FRIDA_OUTPUT_STDERR", - "AFL_FRIDA_PERSISTENT_ADDR", - "AFL_FRIDA_PERSISTENT_CNT", - "AFL_FRIDA_PERSISTENT_DEBUG", - "AFL_FRIDA_PERSISTENT_HOOK", - "AFL_FRIDA_PERSISTENT_RET", - "AFL_FRIDA_STALKER_ADJACENT_BLOCKS", - "AFL_FRIDA_STALKER_IC_ENTRIES", - "AFL_FRIDA_STALKER_NO_BACKPATCH", - "AFL_FRIDA_STATS_FILE", - "AFL_FRIDA_STATS_INTERVAL", - "AFL_FRIDA_TRACEABLE", + "AFL_FRIDA_INST_REGS_FILE", "AFL_FRIDA_INST_SEED", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_INST_TRACE_UNIQUE", "AFL_FRIDA_INST_UNSTABLE_COVERAGE_FILE", + "AFL_FRIDA_JS_SCRIPT", "AFL_FRIDA_OUTPUT_STDOUT", "AFL_FRIDA_OUTPUT_STDERR", + "AFL_FRIDA_PERSISTENT_ADDR", "AFL_FRIDA_PERSISTENT_CNT", + "AFL_FRIDA_PERSISTENT_DEBUG", "AFL_FRIDA_PERSISTENT_HOOK", + "AFL_FRIDA_PERSISTENT_RET", "AFL_FRIDA_STALKER_ADJACENT_BLOCKS", + "AFL_FRIDA_STALKER_IC_ENTRIES", "AFL_FRIDA_STALKER_NO_BACKPATCH", + "AFL_FRIDA_STATS_FILE", "AFL_FRIDA_STATS_INTERVAL", "AFL_FRIDA_TRACEABLE", "AFL_FRIDA_VERBOSE", "AFL_FUZZER_ARGS", // oss-fuzz - "AFL_FUZZER_STATS_UPDATE_INTERVAL", - "AFL_GDB", - "AFL_GCC_ALLOWLIST", - "AFL_GCC_DENYLIST", - "AFL_GCC_BLOCKLIST", - "AFL_GCC_INSTRUMENT_FILE", - "AFL_GCC_OUT_OF_LINE", - "AFL_GCC_SKIP_NEVERZERO", - "AFL_GCJ", - "AFL_HANG_TMOUT", - "AFL_FORKSRV_INIT_TMOUT", - "AFL_HARDEN", - "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", - "AFL_IGNORE_PROBLEMS", - "AFL_IGNORE_PROBLEMS_COVERAGE", - "AFL_IGNORE_SEED_PROBLEMS", - "AFL_IGNORE_TIMEOUTS", - "AFL_IGNORE_UNKNOWN_ENVS", - "AFL_IMPORT_FIRST", - "AFL_INPUT_LEN_MIN", - "AFL_INPUT_LEN_MAX", - "AFL_INST_LIBS", - "AFL_INST_RATIO", - "AFL_KEEP_TIMEOUTS", - "AFL_KILL_SIGNAL", - "AFL_FORK_SERVER_KILL_SIGNAL", - "AFL_KEEP_TRACES", - "AFL_KEEP_ASSEMBLY", - "AFL_LD_HARD_FAIL", - "AFL_LD_LIMIT_MB", - "AFL_LD_NO_CALLOC_OVER", - "AFL_LD_PASSTHROUGH", - "AFL_REAL_LD", - "AFL_LD_PRELOAD", - "AFL_LD_VERBOSE", - "AFL_LLVM_ALLOWLIST", - "AFL_LLVM_DENYLIST", - "AFL_LLVM_BLOCKLIST", - "AFL_CMPLOG", - "AFL_LLVM_CMPLOG", - "AFL_GCC_CMPLOG", - "AFL_LLVM_INSTRIM", - "AFL_LLVM_CALLER", - "AFL_LLVM_CTX", - "AFL_LLVM_CTX_K", - "AFL_LLVM_DICT2FILE", - "AFL_LLVM_DICT2FILE_NO_MAIN", - "AFL_LLVM_DOCUMENT_IDS", - "AFL_LLVM_INSTRIM_LOOPHEAD", - "AFL_LLVM_INSTRUMENT", - "AFL_LLVM_LTO_AUTODICTIONARY", - "AFL_LLVM_AUTODICTIONARY", + "AFL_FUZZER_STATS_UPDATE_INTERVAL", "AFL_GDB", "AFL_GCC_ALLOWLIST", + "AFL_GCC_DENYLIST", "AFL_GCC_BLOCKLIST", "AFL_GCC_INSTRUMENT_FILE", + "AFL_GCC_OUT_OF_LINE", "AFL_GCC_SKIP_NEVERZERO", "AFL_GCJ", + "AFL_HANG_TMOUT", "AFL_FORKSRV_INIT_TMOUT", "AFL_HARDEN", + "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IGNORE_PROBLEMS", + "AFL_IGNORE_PROBLEMS_COVERAGE", "AFL_IGNORE_SEED_PROBLEMS", + "AFL_IGNORE_TIMEOUTS", "AFL_IGNORE_UNKNOWN_ENVS", "AFL_IMPORT_FIRST", + "AFL_INPUT_LEN_MIN", "AFL_INPUT_LEN_MAX", "AFL_INST_LIBS", "AFL_INST_RATIO", + "AFL_KEEP_TIMEOUTS", "AFL_KILL_SIGNAL", "AFL_FORK_SERVER_KILL_SIGNAL", + "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY", "AFL_LD_HARD_FAIL", + "AFL_LD_LIMIT_MB", "AFL_LD_NO_CALLOC_OVER", "AFL_LD_PASSTHROUGH", + "AFL_REAL_LD", "AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_ALLOWLIST", + "AFL_LLVM_DENYLIST", "AFL_LLVM_BLOCKLIST", "AFL_CMPLOG", "AFL_LLVM_CMPLOG", + "AFL_GCC_CMPLOG", "AFL_LLVM_INSTRIM", "AFL_LLVM_CALLER", "AFL_LLVM_CTX", + "AFL_LLVM_CTX_K", "AFL_LLVM_DICT2FILE", "AFL_LLVM_DICT2FILE_NO_MAIN", + "AFL_LLVM_DOCUMENT_IDS", "AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_INSTRUMENT", + "AFL_LLVM_LTO_AUTODICTIONARY", "AFL_LLVM_AUTODICTIONARY", "AFL_LLVM_SKIPSINGLEBLOCK", // Marker: ADD_TO_INJECTIONS - "AFL_LLVM_INJECTIONS_ALL", - "AFL_LLVM_INJECTIONS_SQL", - "AFL_LLVM_INJECTIONS_LDAP", - "AFL_LLVM_INJECTIONS_XSS", - "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", - "AFL_LLVM_LAF_SPLIT_COMPARES", - "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", - "AFL_LLVM_LAF_SPLIT_FLOATS", - "AFL_LLVM_LAF_SPLIT_SWITCHES", - "AFL_LLVM_LAF_ALL", - "AFL_LLVM_LAF_TRANSFORM_COMPARES", - "AFL_LLVM_MAP_ADDR", - "AFL_LLVM_MAP_DYNAMIC", - "AFL_LLVM_NGRAM_SIZE", - "AFL_NGRAM_SIZE", - "AFL_LLVM_NO_RPATH", - "AFL_LLVM_NOT_ZERO", - "AFL_LLVM_INSTRUMENT_FILE", - "AFL_LLVM_THREADSAFE_INST", - "AFL_LLVM_SKIP_NEVERZERO", - "AFL_NO_AFFINITY", - "AFL_TRY_AFFINITY", - "AFL_LLVM_LTO_DONTWRITEID", + "AFL_LLVM_INJECTIONS_ALL", "AFL_LLVM_INJECTIONS_SQL", + "AFL_LLVM_INJECTIONS_LDAP", "AFL_LLVM_INJECTIONS_XSS", + "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", "AFL_LLVM_LAF_SPLIT_COMPARES", + "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", "AFL_LLVM_LAF_SPLIT_FLOATS", + "AFL_LLVM_LAF_SPLIT_SWITCHES", "AFL_LLVM_LAF_ALL", + "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR", + "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE", + "AFL_LLVM_NO_RPATH", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_INSTRUMENT_FILE", + "AFL_LLVM_THREADSAFE_INST", "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", + "AFL_TRY_AFFINITY", "AFL_LLVM_LTO_DONTWRITEID", "AFL_LLVM_LTO_SKIPINIT" "AFL_LLVM_LTO_STARTID", - "AFL_FUZZER_LOOPCOUNT", - "AFL_NO_ARITH", - "AFL_NO_AUTODICT", - "AFL_NO_BUILTIN", + "AFL_FUZZER_LOOPCOUNT", "AFL_NO_ARITH", "AFL_NO_AUTODICT", "AFL_NO_BUILTIN", #if defined USE_COLOR && !defined ALWAYS_COLORED - "AFL_NO_COLOR", - "AFL_NO_COLOUR", + "AFL_NO_COLOR", "AFL_NO_COLOUR", #endif "AFL_NO_CPU_RED", "AFL_NO_CFG_FUZZING", // afl.rs rust crate option - "AFL_NO_CRASH_README", - "AFL_NO_FORKSRV", - "AFL_NO_UI", - "AFL_NO_PYTHON", - "AFL_NO_STARTUP_CALIBRATION", - "AFL_NO_WARN_INSTABILITY", - "AFL_UNTRACER_FILE", - "AFL_LLVM_USE_TRACE_PC", - "AFL_MAP_SIZE", - "AFL_MAPSIZE", + "AFL_NO_CRASH_README", "AFL_NO_FORKSRV", "AFL_NO_UI", "AFL_NO_PYTHON", + "AFL_NO_STARTUP_CALIBRATION", "AFL_NO_WARN_INSTABILITY", + "AFL_UNTRACER_FILE", "AFL_LLVM_USE_TRACE_PC", "AFL_MAP_SIZE", "AFL_MAPSIZE", "AFL_MAX_DET_EXTRAS", "AFL_NO_X86", // not really an env but we dont want to warn on it - "AFL_NOOPT", - "AFL_NYX_AUX_SIZE", - "AFL_NYX_DISABLE_SNAPSHOT_MODE", - "AFL_NYX_LOG", - "AFL_NYX_REUSE_SNAPSHOT", - "AFL_PASSTHROUGH", - "AFL_PATH", - "AFL_PERFORMANCE_FILE", - "AFL_PERSISTENT_RECORD", - "AFL_POST_PROCESS_KEEP_ORIGINAL", - "AFL_PRELOAD", - "AFL_TARGET_ENV", - "AFL_PYTHON_MODULE", - "AFL_QEMU_CUSTOM_BIN", - "AFL_QEMU_COMPCOV", - "AFL_QEMU_COMPCOV_DEBUG", - "AFL_QEMU_DEBUG_MAPS", - "AFL_QEMU_DISABLE_CACHE", - "AFL_QEMU_DRIVER_NO_HOOK", - "AFL_QEMU_FORCE_DFL", - "AFL_QEMU_PERSISTENT_ADDR", - "AFL_QEMU_PERSISTENT_CNT", - "AFL_QEMU_PERSISTENT_GPR", - "AFL_QEMU_PERSISTENT_HOOK", - "AFL_QEMU_PERSISTENT_MEM", - "AFL_QEMU_PERSISTENT_RET", - "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", - "AFL_QEMU_PERSISTENT_EXITS", - "AFL_QEMU_INST_RANGES", - "AFL_QEMU_EXCLUDE_RANGES", - "AFL_QEMU_SNAPSHOT", - "AFL_QEMU_TRACK_UNSTABLE", - "AFL_QUIET", - "AFL_RANDOM_ALLOC_CANARY", - "AFL_REAL_PATH", - "AFL_SHUFFLE_QUEUE", - "AFL_SKIP_BIN_CHECK", - "AFL_SKIP_CPUFREQ", - "AFL_SKIP_CRASHES", - "AFL_SKIP_OSSFUZZ", - "AFL_STATSD", - "AFL_STATSD_HOST", - "AFL_STATSD_PORT", - "AFL_STATSD_TAGS_FLAVOR", - "AFL_SYNC_TIME", - "AFL_TESTCACHE_SIZE", - "AFL_TESTCACHE_ENTRIES", - "AFL_TMIN_EXACT", - "AFL_TMPDIR", - "AFL_TOKEN_FILE", - "AFL_TRACE_PC", - "AFL_USE_ASAN", - "AFL_USE_MSAN", - "AFL_USE_TRACE_PC", - "AFL_USE_UBSAN", - "AFL_USE_TSAN", - "AFL_USE_CFISAN", - "AFL_USE_LSAN", - "AFL_WINE_PATH", - "AFL_NO_SNAPSHOT", - "AFL_EXPAND_HAVOC_NOW", - "AFL_USE_FASAN", - "AFL_USE_QASAN", - "AFL_PRINT_FILENAMES", - "AFL_PIZZA_MODE", - NULL + "AFL_NOOPT", "AFL_NYX_AUX_SIZE", "AFL_NYX_DISABLE_SNAPSHOT_MODE", + "AFL_NYX_LOG", "AFL_NYX_REUSE_SNAPSHOT", "AFL_PASSTHROUGH", "AFL_PATH", + "AFL_PERFORMANCE_FILE", "AFL_PERSISTENT_RECORD", + "AFL_POST_PROCESS_KEEP_ORIGINAL", "AFL_PRELOAD", "AFL_TARGET_ENV", + "AFL_PYTHON_MODULE", "AFL_QEMU_CUSTOM_BIN", "AFL_QEMU_COMPCOV", + "AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE", + "AFL_QEMU_DRIVER_NO_HOOK", "AFL_QEMU_FORCE_DFL", "AFL_QEMU_PERSISTENT_ADDR", + "AFL_QEMU_PERSISTENT_CNT", "AFL_QEMU_PERSISTENT_GPR", + "AFL_QEMU_PERSISTENT_HOOK", "AFL_QEMU_PERSISTENT_MEM", + "AFL_QEMU_PERSISTENT_RET", "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", + "AFL_QEMU_PERSISTENT_EXITS", "AFL_QEMU_INST_RANGES", + "AFL_QEMU_EXCLUDE_RANGES", "AFL_QEMU_SNAPSHOT", "AFL_QEMU_TRACK_UNSTABLE", + "AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH", + "AFL_SHUFFLE_QUEUE", "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ", + "AFL_SKIP_CRASHES", "AFL_SKIP_OSSFUZZ", "AFL_STATSD", "AFL_STATSD_HOST", + "AFL_STATSD_PORT", "AFL_STATSD_TAGS_FLAVOR", "AFL_SYNC_TIME", + "AFL_TESTCACHE_SIZE", "AFL_TESTCACHE_ENTRIES", "AFL_TMIN_EXACT", + "AFL_TMPDIR", "AFL_TOKEN_FILE", "AFL_TRACE_PC", "AFL_USE_ASAN", + "AFL_USE_MSAN", "AFL_USE_TRACE_PC", "AFL_USE_UBSAN", "AFL_USE_TSAN", + "AFL_USE_CFISAN", "AFL_USE_LSAN", "AFL_WINE_PATH", "AFL_NO_SNAPSHOT", + "AFL_EXPAND_HAVOC_NOW", "AFL_USE_FASAN", "AFL_USE_QASAN", + "AFL_PRINT_FILENAMES", "AFL_PIZZA_MODE", NULL }; diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 44ea53453a..b4e764b77c 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -a1321713c7 +e63c9af193 diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 9203873737..b78eb29701 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -193,12 +193,39 @@ Comparative measurements of execution speed or instrumentation coverage will be fairly meaningless if the optimization levels or instrumentation scopes don't match. -## 12) Other features +## 12) Coverage information + +Coverage information about a run of a target binary can be obtained using a +dedicated QEMU user mode plugin enabled at runtime: the `drcov.c` plugin +collects coverage information from the target binary and writes it in the Drcov +format. This file can then be loaded using tools such as +[lighthouse](https://github.com/gaasedelen/lighthouse), +[lightkeeper](https://github.com/WorksButNotTested/lightkeeper) or +[Cartographer](https://github.com/nccgroup/Cartographer). + +To compile the QEMU TCG plugins, run the following command from the `qemuafl` +directory: + +``` +make plugins +``` + +Plugins can be loaded using either the `QEMU_PLUGIN` environment variable or +using the `-plugin` option. For example: + +``` +afl-qemu-trace -plugin qemuafl/build/contrib/plugins/libdrcov.so,arg=filename=/tmp/target.drcov.trace +``` + +This would execute the target binary with the provided arguments and, once done, +would write coverage information at `/tmp/target.drcov.trace`. + +## 13) Other features With `AFL_QEMU_FORCE_DFL`, you force QEMU to ignore the registered signal handlers of the target. -## 13) Gotchas, feedback, bugs +## 14) Gotchas, feedback, bugs If you need to fix up checksums or do other cleanups on mutated test cases, see `afl_custom_post_process` in custom_mutators/examples/example.c for a viable @@ -217,7 +244,7 @@ program may be utilizing. In particular, it does not appear to have full support for AVX2/FMA3. Using binaries for older CPUs or recompiling them with `-march=core2`, can help. -## 14) Alternatives: static rewriting +## 15) Alternatives: static rewriting Statically rewriting binaries just once, instead of attempting to translate them at run time, can be a faster alternative. That said, static rewriting is fraught diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index f59cba78a0..3f8a88f2b3 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -132,7 +132,10 @@ echo "Building for CPU target $CPU_TARGET" # --enable-pie seems to give a couple of exec's a second performance # improvement, much to my surprise. Not sure how universal this is.. +# --enable-plugins allows loading TCG plugins at runtime, for example to obtain +# coverage information, and does not seem to negatively impact performance QEMU_CONF_FLAGS=" \ + --enable-plugins \ --audio-drv-list= \ --disable-blobs \ --disable-bochs \ @@ -162,7 +165,6 @@ QEMU_CONF_FLAGS=" \ --disable-numa \ --disable-opengl \ --disable-parallels \ - --disable-plugins \ --disable-qcow1 \ --disable-qed \ --disable-rbd \ diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index b0abbe2e74..e63c9af193 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit b0abbe2e74ed74ff6ff25b5ea3110d27ba978001 +Subproject commit e63c9af1937c13163cd1bc8bc276101441cbe70a diff --git a/src/afl-cc.c b/src/afl-cc.c index 54c733c9ce..192c542325 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -47,23 +47,22 @@ #define LLVM_MINOR 0 #endif -static u8 *obj_path; /* Path to runtime libraries */ -static u8 **cc_params; /* Parameters passed to the real CC */ -static u32 cc_par_cnt = 1; /* Param count, including argv0 */ -static u8 clang_mode; /* Invoked as afl-clang*? */ -static u8 llvm_fullpath[PATH_MAX]; -static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode; -static u8 compiler_mode, plusplus_mode, have_instr_env = 0, need_aflpplib = 0; -static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0; -static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull; -static u8 debug; -static u8 cwd[4096]; -static u8 cmplog_mode; -u8 use_stdin; /* dummy */ -static int passthrough; -// static u8 *march_opt = CFLAGS_OPT; - -enum { +#ifndef MAX_PARAMS_NUM + #define MAX_PARAMS_NUM 2048 +#endif + +/* Global declarations */ + +typedef enum { + + PARAM_MISS, // not matched + PARAM_SCAN, // scan only + PARAM_KEEP, // kept as-is + PARAM_DROP, // ignored + +} param_st; + +typedef enum { INSTRUMENT_DEFAULT = 0, INSTRUMENT_CLASSIC = 1, @@ -80,7 +79,20 @@ enum { INSTRUMENT_OPT_CTX_K = 64, INSTRUMENT_OPT_CODECOV = 128, -}; +} instrument_mode_id; + +typedef enum { + + UNSET = 0, + LTO = 1, + LLVM = 2, + GCC_PLUGIN = 3, + GCC = 4, + CLANG = 5 + +} compiler_mode_id; + +static u8 cwd[4096]; char instrument_mode_string[18][18] = { @@ -105,17 +117,6 @@ char instrument_mode_string[18][18] = { }; -enum { - - UNSET = 0, - LTO = 1, - LLVM = 2, - GCC_PLUGIN = 3, - GCC = 4, - CLANG = 5 - -}; - char compiler_mode_string[7][12] = { "AUTOSELECT", "LLVM-LTO", "LLVM", "GCC_PLUGIN", @@ -123,6 +124,18 @@ char compiler_mode_string[7][12] = { }; +u8 *instrument_mode_2str(instrument_mode_id i) { + + return instrument_mode_string[i]; + +} + +u8 *compiler_mode_2str(compiler_mode_id i) { + + return compiler_mode_string[i]; + +} + u8 *getthecwd() { if (getcwd(cwd, sizeof(cwd)) == NULL) { @@ -136,26 +149,228 @@ u8 *getthecwd() { } -/* Try to find a specific runtime we need, returns NULL on fail. */ +typedef struct aflcc_state { + + u8 **cc_params; /* Parameters passed to the real CC */ + u32 cc_par_cnt; /* Param count, including argv0 */ + + u8 *argv0; /* Original argv0 (by strdup) */ + u8 *callname; /* Executable file argv0 indicated */ + + u8 debug; + + u8 compiler_mode, plusplus_mode, lto_mode; + + u8 *lto_flag; + + u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k; + + u8 cmplog_mode; + + u8 have_instr_env, have_gcc, have_clang, have_llvm, have_gcc_plugin, have_lto, + have_optimized_pcguard, have_instr_list; + + u8 fortify_set, asan_set, x_set, bit_mode, preprocessor_only, have_unroll, + have_o, have_pic, have_c, shared_linking, partial_linking, non_dash; + + // u8 *march_opt; + u8 need_aflpplib; + int passthrough; + + u8 use_stdin; /* dummy */ + u8 *argvnull; /* dummy */ + +} aflcc_state_t; + +void aflcc_state_init(aflcc_state_t *, u8 *argv0); + +/* Try to find a specific runtime we need, the path to obj would be + allocated and returned. Otherwise it returns NULL on fail. */ +u8 *find_object(aflcc_state_t *, u8 *obj); + +void find_built_deps(aflcc_state_t *); + +static inline void limit_params(aflcc_state_t *aflcc, u32 add) { + + if (aflcc->cc_par_cnt + add >= MAX_PARAMS_NUM) + FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); + +} + +static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { + + aflcc->cc_params[aflcc->cc_par_cnt++] = param; + +} + +static inline void insert_object(aflcc_state_t *aflcc, u8 *obj, u8 *fmt, + u8 *msg) { + + u8 *_obj_path = find_object(aflcc, obj); + if (!_obj_path) { + + if (msg) + FATAL("%s", msg); + else + FATAL("Unable to find '%s'", obj); + + } else { + + if (fmt) { + + u8 *_obj_path_fmt = alloc_printf(fmt, _obj_path); + ck_free(_obj_path); + aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path_fmt; + + } else { + + aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path; + + } + + } + +} + +static inline void load_llvm_pass(aflcc_state_t *aflcc, u8 *pass) { + +#if LLVM_MAJOR >= 11 /* use new pass manager */ + #if LLVM_MAJOR < 16 + insert_param(aflcc, "-fexperimental-new-pass-manager"); + #endif + insert_object(aflcc, pass, "-fpass-plugin=%s", 0); +#else + insert_param(aflcc, "-Xclang"); + insert_param(aflcc, "-load"); + insert_param(aflcc, "-Xclang"); + insert_object(aflcc, pass, 0, 0); +#endif + +} + +static inline void debugf_args(int argc, char **argv) { + + DEBUGF("cd '%s';", getthecwd()); + for (int i = 0; i < argc; i++) + SAYF(" '%s'", argv[i]); + SAYF("\n"); + fflush(stdout); + fflush(stderr); + +} + +void compiler_mode_by_callname(aflcc_state_t *); +void compiler_mode_by_environ(aflcc_state_t *); +void compiler_mode_by_cmdline(aflcc_state_t *, int argc, char **argv); +void instrument_mode_by_environ(aflcc_state_t *); +void mode_final_checkout(aflcc_state_t *, int argc, char **argv); +void mode_notification(aflcc_state_t *); + +void add_real_argv0(aflcc_state_t *); + +void add_defs_common(aflcc_state_t *); +void add_defs_selective_instr(aflcc_state_t *); +void add_defs_persistent_mode(aflcc_state_t *); +void add_defs_fortify(aflcc_state_t *, u8); +void add_defs_lsan_ctrl(aflcc_state_t *); + +param_st parse_fsanitize(aflcc_state_t *, u8 *, u8); +void add_sanitizers(aflcc_state_t *, char **envp); +void add_optimized_pcguard(aflcc_state_t *); +void add_native_pcguard(aflcc_state_t *); + +void add_assembler(aflcc_state_t *); +void add_gcc_plugin(aflcc_state_t *); + +param_st parse_misc_params(aflcc_state_t *, u8 *, u8); +void add_misc_params(aflcc_state_t *); + +param_st parse_linking_params(aflcc_state_t *, u8 *, u8, u8 *skip_next, + char **argv); + +void add_lto_linker(aflcc_state_t *); +void add_lto_passes(aflcc_state_t *); +void add_runtime(aflcc_state_t *); + +/* Working state */ + +void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { + + // Default NULL/0 is a good start + memset(aflcc, 0, sizeof(aflcc_state_t)); + + aflcc->cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *)); + aflcc->cc_par_cnt = 1; + + aflcc->lto_flag = AFL_CLANG_FLTO; + + // aflcc->march_opt = CFLAGS_OPT; + + /* callname & if C++ mode */ + + aflcc->argv0 = ck_strdup(argv0); + + char *cname = NULL; + + if ((cname = strrchr(aflcc->argv0, '/')) != NULL) { + + cname++; + + } else { + + cname = aflcc->argv0; + + } + + aflcc->callname = cname; + + if (strlen(cname) > 2 && (strncmp(cname + strlen(cname) - 2, "++", 2) == 0 || + strstr(cname, "-g++") != NULL)) { + + aflcc->plusplus_mode = 1; + + } + + /* debug */ + + if (getenv("AFL_DEBUG")) { + + aflcc->debug = 1; + if (strcmp(getenv("AFL_DEBUG"), "0") == 0) unsetenv("AFL_DEBUG"); + + } else if (getenv("AFL_QUIET")) { + + be_quiet = 1; + + } + + if ((getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) && (!aflcc->debug)) { + + be_quiet = 1; + + } + +} /* in find_object() we look here: - 1. if obj_path is already set we look there first - 2. then we check the $AFL_PATH environment variable location if set - 3. next we check argv[0] if it has path information and use it + 1. firstly we check the $AFL_PATH environment variable location if set + 2. next we check argv[0] if it has path information and use it a) we also check ../lib/afl - 4. if 3. failed we check /proc (only Linux, Android, NetBSD, DragonFly, and + 3. if 2. failed we check /proc (only Linux, Android, NetBSD, DragonFly, and FreeBSD with procfs) a) and check here in ../lib/afl too - 5. we look into the AFL_PATH define (usually /usr/local/lib/afl) - 6. we finally try the current directory + 4. we look into the AFL_PATH define (usually /usr/local/lib/afl) + 5. we finally try the current directory if all these attempts fail - we return NULL and the caller has to decide - what to do. + what to do. Otherwise the path to obj would be allocated and returned. */ -static u8 *find_object(u8 *obj, u8 *argv0) { +u8 *find_object(aflcc_state_t *aflcc, u8 *obj) { + + u8 *argv0 = aflcc->argv0; u8 *afl_path = getenv("AFL_PATH"); u8 *slash = NULL, *tmp; @@ -164,14 +379,9 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", afl_path, obj); - if (debug) DEBUGF("Trying %s\n", tmp); - - if (!access(tmp, R_OK)) { - - obj_path = afl_path; - return tmp; + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); @@ -190,11 +400,11 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", dir, obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); if (!access(tmp, R_OK)) { - obj_path = dir; + ck_free(dir); return tmp; } @@ -202,12 +412,10 @@ static u8 *find_object(u8 *obj, u8 *argv0) { ck_free(tmp); tmp = alloc_printf("%s/../lib/afl/%s", dir, obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); if (!access(tmp, R_OK)) { - u8 *dir2 = alloc_printf("%s/../lib/afl", dir); - obj_path = dir2; ck_free(dir); return tmp; @@ -247,26 +455,16 @@ static u8 *find_object(u8 *obj, u8 *argv0) { *slash = 0; tmp = alloc_printf("%s/%s", exepath, obj); - if (!access(tmp, R_OK)) { - - u8 *dir = alloc_printf("%s", exepath); - obj_path = dir; - return tmp; - - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); tmp = alloc_printf("%s/../lib/afl/%s", exepath, obj); - if (debug) DEBUGF("Trying %s\n", tmp); - - if (!access(tmp, R_OK)) { + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - u8 *dir = alloc_printf("%s/../lib/afl/", exepath); - obj_path = dir; - return tmp; + if (!access(tmp, R_OK)) { return tmp; } - } + ck_free(tmp); } @@ -283,1843 +481,2036 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", AFL_PATH, obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - if (!access(tmp, R_OK)) { - - obj_path = AFL_PATH; - return tmp; - - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); - tmp = alloc_printf("./%s", obj); - if (debug) DEBUGF("Trying %s\n", tmp); + if (aflcc->debug) DEBUGF("Trying %s\n", tmp); - if (!access(tmp, R_OK)) { - - obj_path = "."; - return tmp; - - } + if (!access(tmp, R_OK)) { return tmp; } ck_free(tmp); - if (debug) DEBUGF("Trying ... giving up\n"); + if (aflcc->debug) DEBUGF("Trying ... giving up\n"); return NULL; } -void parse_fsanitize(char *string) { +void find_built_deps(aflcc_state_t *aflcc) { - char *p, *ptr = string + strlen("-fsanitize="); - char *new = malloc(strlen(string) + 1); - char *tmp = malloc(strlen(ptr) + 1); - u32 count = 0, len, ende = 0; + char *ptr = NULL; - if (!new || !tmp) { FATAL("could not acquire memory"); } - strcpy(new, "-fsanitize="); +#if defined(__x86_64__) + if ((ptr = find_object(aflcc, "as")) != NULL) { - do { + #ifndef __APPLE__ + // on OSX clang masquerades as GCC + aflcc->have_gcc = 1; + #endif + aflcc->have_clang = 1; + ck_free(ptr); - p = strchr(ptr, ','); - if (!p) { + } - p = ptr + strlen(ptr) + 1; - ende = 1; +#endif - } + if ((ptr = find_object(aflcc, "SanitizerCoveragePCGUARD.so")) != NULL) { - len = p - ptr; - if (len) { + aflcc->have_optimized_pcguard = 1; + ck_free(ptr); - strncpy(tmp, ptr, len); - tmp[len] = 0; - // fprintf(stderr, "Found: %s\n", tmp); - ptr += len + 1; - if (*tmp) { + } - u32 copy = 1; - if (!strcmp(tmp, "fuzzer")) { +#if (LLVM_MAJOR >= 3) - need_aflpplib = 1; - copy = 0; + if ((ptr = find_object(aflcc, "SanitizerCoverageLTO.so")) != NULL) { - } else if (!strncmp(tmp, "fuzzer", 6)) { + aflcc->have_lto = 1; + ck_free(ptr); - copy = 0; + } - } + if ((ptr = find_object(aflcc, "cmplog-routines-pass.so")) != NULL) { - if (copy) { + aflcc->have_llvm = 1; + ck_free(ptr); - if (count) { strcat(new, ","); } - strcat(new, tmp); - ++count; + } - } +#endif - } +#ifdef __ANDROID__ + aflcc->have_llvm = 1; +#endif - } else { + if ((ptr = find_object(aflcc, "afl-gcc-pass.so")) != NULL) { - ptr++; /*fprintf(stderr, "NO!\n"); */ + aflcc->have_gcc_plugin = 1; + ck_free(ptr); - } + } - } while (!ende); +#if !defined(__ANDROID__) && !defined(ANDROID) + ptr = find_object(aflcc, "afl-compiler-rt.o"); - strcpy(string, new); - // fprintf(stderr, "string: %s\n", string); - // fprintf(stderr, "new: %s\n", new); + if (!ptr) { -} + FATAL( + "Unable to find 'afl-compiler-rt.o'. Please set the AFL_PATH " + "environment variable."); -static u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, - shared_linking = 0, preprocessor_only = 0, have_unroll = 0, - have_o = 0, have_pic = 0, have_c = 0, partial_linking = 0, - non_dash = 0; + } -#ifndef MAX_PARAMS_NUM - #define MAX_PARAMS_NUM 2048 + if (aflcc->debug) { DEBUGF("rt=%s\n", ptr); } + + ck_free(ptr); #endif -static void process_params(u32 argc, char **argv) { +} - if (cc_par_cnt + argc >= MAX_PARAMS_NUM) { +/* compiler_mode & instrument_mode selecting */ - FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); +void compiler_mode_by_callname(aflcc_state_t *aflcc) { - } + if (strncmp(aflcc->callname, "afl-clang-fast", 14) == 0) { - // reset - have_instr_list = 0; - have_c = 0; + /* afl-clang-fast is always created there by makefile + just like afl-clang, burdened with special purposes: + - If llvm-config is not available (i.e. LLVM_MAJOR is 0), + or too old, it falls back to LLVM-NATIVE mode and let + the actual compiler complain if doesn't work. + - Otherwise try default llvm instruments except LTO. + */ +#if (LLVM_MAJOR >= 3) + aflcc->compiler_mode = LLVM; +#else + aflcc->compiler_mode = CLANG; +#endif - if (lto_mode && argc > 1) { + } else - u32 idx; - for (idx = 1; idx < argc; idx++) { +#if (LLVM_MAJOR >= 3) - if (!strncasecmp(argv[idx], "-fpic", 5)) { have_pic = 1; } + if (strncmp(aflcc->callname, "afl-clang-lto", 13) == 0 || - } + strncmp(aflcc->callname, "afl-lto", 7) == 0) { - } + aflcc->compiler_mode = LTO; - // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]); + } else - /* Process the argument list. */ +#endif - u8 skip_next = 0; - while (--argc) { + if (strncmp(aflcc->callname, "afl-gcc-fast", 12) == 0 || - u8 *cur = *(++argv); + strncmp(aflcc->callname, "afl-g++-fast", 12) == 0) { - if (skip_next) { + aflcc->compiler_mode = GCC_PLUGIN; - skip_next = 0; - continue; +#if defined(__x86_64__) - } + } else if (strncmp(aflcc->callname, "afl-gcc", 7) == 0 || - if (cur[0] != '-') { non_dash = 1; } - if (!strncmp(cur, "--afl", 5)) continue; + strncmp(aflcc->callname, "afl-g++", 7) == 0) { - if (lto_mode && !strncmp(cur, "-flto=thin", 10)) { + aflcc->compiler_mode = GCC; - FATAL( - "afl-clang-lto cannot work with -flto=thin. Switch to -flto=full or " - "use afl-clang-fast!"); +#endif - } +#if defined(__x86_64__) - if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue; - if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue; - if (!strncmp(cur, "-fno-unroll", 11)) continue; - if (strstr(cur, "afl-compiler-rt") || strstr(cur, "afl-llvm-rt")) continue; - if (!strcmp(cur, "-Wl,-z,defs") || !strcmp(cur, "-Wl,--no-undefined") || - !strcmp(cur, "--no-undefined")) { + } else if (strcmp(aflcc->callname, "afl-clang") == 0 || - continue; + strcmp(aflcc->callname, "afl-clang++") == 0) { - } + aflcc->compiler_mode = CLANG; + +#endif - if (compiler_mode == GCC_PLUGIN && !strcmp(cur, "-pipe")) { continue; } + } - if (!strcmp(cur, "-z") || !strcmp(cur, "-Wl,-z")) { +} - u8 *param = *(argv + 1); - if (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs")) { +void compiler_mode_by_environ(aflcc_state_t *aflcc) { - skip_next = 1; - continue; + if (getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) { - } + aflcc->passthrough = 1; - } + } - if ((compiler_mode == GCC || compiler_mode == GCC_PLUGIN) && - !strncmp(cur, "-stdlib=", 8)) { + char *ptr = getenv("AFL_CC_COMPILER"); - if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); } - continue; + if (!ptr) { return; } - } + if (aflcc->compiler_mode) { - if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) { + if (!be_quiet) { - have_instr_list = 1; + WARNF( + "\"AFL_CC_COMPILER\" is set but a specific compiler was already " + "selected by command line parameter or symlink, ignoring the " + "environment variable!"); } - if (!strncmp(cur, "-fsanitize=", strlen("-fsanitize=")) && - strchr(cur, ',')) { + } else { - parse_fsanitize(cur); - if (!cur || strlen(cur) <= strlen("-fsanitize=")) { continue; } + if (strncasecmp(ptr, "LTO", 3) == 0) { - } else if ((!strncmp(cur, "-fsanitize=fuzzer-", + aflcc->compiler_mode = LTO; - strlen("-fsanitize=fuzzer-")) || - !strncmp(cur, "-fsanitize-coverage", - strlen("-fsanitize-coverage"))) && - (strncmp(cur, "sanitize-coverage-allow", - strlen("sanitize-coverage-allow")) && - strncmp(cur, "sanitize-coverage-deny", - strlen("sanitize-coverage-deny")) && - instrument_mode != INSTRUMENT_LLVMNATIVE)) { + } else if (strncasecmp(ptr, "LLVM", 4) == 0) { - if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); } - continue; + aflcc->compiler_mode = LLVM; - } + } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || - if (need_aflpplib || !strcmp(cur, "-fsanitize=fuzzer")) { + strncasecmp(ptr, "GCC-P", 5) == 0 || + strncasecmp(ptr, "GCCP", 4) == 0) { - u8 *afllib = find_object("libAFLDriver.a", argv[0]); + aflcc->compiler_mode = GCC_PLUGIN; - if (!be_quiet) { +#if defined(__x86_64__) - OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); + } else if (strcasecmp(ptr, "GCC") == 0) { - } + aflcc->compiler_mode = GCC; - if (!afllib) { +#endif - if (!be_quiet) { +#if defined(__x86_64__) - WARNF( - "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " - "the flags - this will fail!"); + } else if (strcasecmp(ptr, "CLANG") == 0) { - } + aflcc->compiler_mode = CLANG; - } else { - - cc_params[cc_par_cnt++] = afllib; - -#ifdef __APPLE__ - cc_params[cc_par_cnt++] = "-undefined"; - cc_params[cc_par_cnt++] = "dynamic_lookup"; #endif - } + } else - if (need_aflpplib) { + FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr); - need_aflpplib = 0; + } - } else { +} - continue; +// If it can be inferred, instrument_mode would also be set +void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { - } + char *ptr = NULL; - } + for (int i = 1; i < argc; i++) { - if (!strcmp(cur, "-m32")) bit_mode = 32; - if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32; - if (!strcmp(cur, "-m64")) bit_mode = 64; + if (strncmp(argv[i], "--afl", 5) == 0) { - if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory")) - asan_set = 1; + if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) { - if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; + aflcc->passthrough = 1; + argv[i] = "-g"; // we have to overwrite it, -g is always good + continue; - if (!strcmp(cur, "-x")) x_set = 1; - if (!strcmp(cur, "-E")) preprocessor_only = 1; - if (!strcmp(cur, "-shared")) shared_linking = 1; - if (!strcmp(cur, "-dynamiclib")) shared_linking = 1; - if (!strcmp(cur, "--target=wasm32-wasi")) passthrough = 1; - if (!strcmp(cur, "-Wl,-r")) partial_linking = 1; - if (!strcmp(cur, "-Wl,-i")) partial_linking = 1; - if (!strcmp(cur, "-Wl,--relocatable")) partial_linking = 1; - if (!strcmp(cur, "-r")) partial_linking = 1; - if (!strcmp(cur, "--relocatable")) partial_linking = 1; - if (!strcmp(cur, "-c")) have_c = 1; + } - if (!strncmp(cur, "-O", 2)) have_o = 1; - if (!strncmp(cur, "-funroll-loop", 13)) have_unroll = 1; + if (aflcc->compiler_mode && !be_quiet) { - if (*cur == '@') { + WARNF( + "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " + "symlink compiler selection!"); - // response file support. - // we have two choices - move everything to the command line or - // rewrite the response files to temporary files and delete them - // afterwards. We choose the first for easiness. - // We do *not* support quotes in the rsp files to cope with spaces in - // filenames etc! If you need that then send a patch! - u8 *filename = cur + 1; - if (debug) { DEBUGF("response file=%s\n", filename); } - FILE *f = fopen(filename, "r"); - struct stat st; + } - // Check not found or empty? let the compiler complain if so. - if (!f || fstat(fileno(f), &st) < 0 || st.st_size < 1) { + ptr = argv[i]; + ptr += 5; + while (*ptr == '-') + ptr++; - cc_params[cc_par_cnt++] = cur; - continue; + if (strncasecmp(ptr, "LTO", 3) == 0) { - } + aflcc->compiler_mode = LTO; - u8 *tmpbuf = malloc(st.st_size + 2), *ptr; - char **args = malloc(sizeof(char *) * (st.st_size >> 1)); - int count = 1, cont = 0, cont_act = 0; + } else if (strncasecmp(ptr, "LLVM", 4) == 0) { - while (fgets(tmpbuf, st.st_size + 1, f)) { + aflcc->compiler_mode = LLVM; - ptr = tmpbuf; - // fprintf(stderr, "1: %s\n", ptr); - // no leading whitespace - while (isspace(*ptr)) { + } else if (strncasecmp(ptr, "PCGUARD", 7) == 0 || - ++ptr; - cont_act = 0; + strncasecmp(ptr, "PC-GUARD", 8) == 0) { - } + aflcc->compiler_mode = LLVM; + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - // no comments, no empty lines - if (*ptr == '#' || *ptr == '\n' || !*ptr) { continue; } - // remove LF - if (ptr[strlen(ptr) - 1] == '\n') { ptr[strlen(ptr) - 1] = 0; } - // remove CR - if (*ptr && ptr[strlen(ptr) - 1] == '\r') { ptr[strlen(ptr) - 1] = 0; } - // handle \ at end of line - if (*ptr && ptr[strlen(ptr) - 1] == '\\') { + } else if (strcasecmp(ptr, "INSTRIM") == 0 || - cont = 1; - ptr[strlen(ptr) - 1] = 0; + strcasecmp(ptr, "CFG") == 0) { - } + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and " + "PCGUARD (default in afl-cc).\n"); - // fprintf(stderr, "2: %s\n", ptr); + } else if (strcasecmp(ptr, "AFL") == 0 || - // remove whitespace at end - while (*ptr && isspace(ptr[strlen(ptr) - 1])) { + strcasecmp(ptr, "CLASSIC") == 0) { - ptr[strlen(ptr) - 1] = 0; - cont = 0; + aflcc->compiler_mode = LLVM; + aflcc->instrument_mode = INSTRUMENT_CLASSIC; - } + } else if (strcasecmp(ptr, "LLVMNATIVE") == 0 || - // fprintf(stderr, "3: %s\n", ptr); - if (*ptr) { + strcasecmp(ptr, "NATIVE") == 0 || + strcasecmp(ptr, "LLVM-NATIVE") == 0) { - do { + aflcc->compiler_mode = LLVM; + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - u8 *value = ptr; - while (*ptr && !isspace(*ptr)) { + } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || - ++ptr; + strncasecmp(ptr, "GCC-P", 5) == 0 || + strncasecmp(ptr, "GCCP", 4) == 0) { - } + aflcc->compiler_mode = GCC_PLUGIN; - while (*ptr && isspace(*ptr)) { +#if defined(__x86_64__) - *ptr++ = 0; + } else if (strcasecmp(ptr, "GCC") == 0) { - } + aflcc->compiler_mode = GCC; - if (cont_act) { +#endif - u32 len = strlen(args[count - 1]) + strlen(value) + 1; - u8 *tmp = malloc(len); - snprintf(tmp, len, "%s%s", args[count - 1], value); - free(args[count - 1]); - args[count - 1] = tmp; - cont_act = 0; +#if defined(__x86_64__) - } else { + } else if (strncasecmp(ptr, "CLANG", 5) == 0) { - args[count++] = strdup(value); + aflcc->compiler_mode = CLANG; - } +#endif - } while (*ptr); + } else - } + FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); - if (cont) { + } - cont_act = 1; - cont = 0; + } - } +} - } +static void instrument_mode_old_environ(aflcc_state_t *aflcc) { - if (count) { process_params(count, args); } + if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || + getenv("INSTRIM_LIB")) { - // we cannot free args[] - free(tmpbuf); + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD " + "(default in afl-cc).\n"); - continue; + } - } + if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") || + getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC")) { - cc_params[cc_par_cnt++] = cur; + if (aflcc->instrument_mode == 0) + aflcc->instrument_mode = INSTRUMENT_PCGUARD; + else if (aflcc->instrument_mode != INSTRUMENT_PCGUARD) + FATAL("you cannot set AFL_LLVM_INSTRUMENT and AFL_TRACE_PC together"); } -} - -/* Copy argv to cc_params, making the necessary edits. */ + if (getenv("AFL_LLVM_CTX")) aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX; + if (getenv("AFL_LLVM_CALLER")) + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; -static void edit_params(u32 argc, char **argv, char **envp) { + if (getenv("AFL_LLVM_NGRAM_SIZE")) { - cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *)); + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_NGRAM; + aflcc->ngram_size = atoi(getenv("AFL_LLVM_NGRAM_SIZE")); + if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX) + FATAL( + "NGRAM instrumentation mode must be between 2 and NGRAM_SIZE_MAX " + "(%u)", + NGRAM_SIZE_MAX); - for (u32 c = 1; c < argc; ++c) { + } - if (!strcmp(argv[c], "-c")) have_c = 1; - if (!strncmp(argv[c], "-fsanitize-coverage-", 20) && - strstr(argv[c], "list=")) { + if (getenv("AFL_LLVM_CTX_K")) { - have_instr_list = 1; + aflcc->ctx_k = atoi(getenv("AFL_LLVM_CTX_K")); + if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K) + FATAL("K-CTX instrumentation mode must be between 1 and CTX_MAX_K (%u)", + CTX_MAX_K); + if (aflcc->ctx_k == 1) { - } + setenv("AFL_LLVM_CALLER", "1", 1); + unsetenv("AFL_LLVM_CTX_K"); + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - } + } else { - if (lto_mode) { + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX_K; - if (lto_flag[0] != '-') - FATAL( - "Using afl-clang-lto is not possible because Makefile magic did not " - "identify the correct -flto flag"); - else - compiler_mode = LTO; + } } - if (plusplus_mode) { +} - u8 *alt_cxx = getenv("AFL_CXX"); +// compiler_mode would also be set if depended by the instrument_mode +static void instrument_mode_new_environ(aflcc_state_t *aflcc) { - if (!alt_cxx) { + if (!getenv("AFL_LLVM_INSTRUMENT")) { return; } - if (compiler_mode >= GCC_PLUGIN) { + u8 *ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;"); - if (compiler_mode == GCC) { + while (ptr2) { - alt_cxx = clang_mode ? "clang++" : "g++"; + if (strncasecmp(ptr2, "afl", strlen("afl")) == 0 || + strncasecmp(ptr2, "classic", strlen("classic")) == 0) { - } else if (compiler_mode == CLANG) { + if (aflcc->instrument_mode == INSTRUMENT_LTO) { - alt_cxx = "clang++"; + aflcc->instrument_mode = INSTRUMENT_CLASSIC; + aflcc->lto_mode = 1; - } else { + } else if (!aflcc->instrument_mode || - alt_cxx = "g++"; + aflcc->instrument_mode == INSTRUMENT_AFL) { - } + aflcc->instrument_mode = INSTRUMENT_AFL; } else { - if (USE_BINDIR) - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", - LLVM_BINDIR); - else - snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANGPP_BIN); - alt_cxx = llvm_fullpath; + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); } } - cc_params[0] = alt_cxx; + if (strncasecmp(ptr2, "pc-guard", strlen("pc-guard")) == 0 || + strncasecmp(ptr2, "pcguard", strlen("pcguard")) == 0) { - } else { + if (!aflcc->instrument_mode || + aflcc->instrument_mode == INSTRUMENT_PCGUARD) - u8 *alt_cc = getenv("AFL_CC"); + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - if (!alt_cc) { + else + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); + + } - if (compiler_mode >= GCC_PLUGIN) { + if (strncasecmp(ptr2, "llvmnative", strlen("llvmnative")) == 0 || + strncasecmp(ptr2, "llvm-native", strlen("llvm-native")) == 0 || + strncasecmp(ptr2, "native", strlen("native")) == 0) { - if (compiler_mode == GCC) { + if (!aflcc->instrument_mode || + aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) - alt_cc = clang_mode ? "clang" : "gcc"; + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - } else if (compiler_mode == CLANG) { + else + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); - alt_cc = "clang"; + } - } else { + if (strncasecmp(ptr2, "llvmcodecov", strlen("llvmcodecov")) == 0 || + strncasecmp(ptr2, "llvm-codecov", strlen("llvm-codecov")) == 0) { - alt_cc = "gcc"; + if (!aflcc->instrument_mode || + aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) { - } + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CODECOV; } else { - if (USE_BINDIR) - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", - LLVM_BINDIR); - else - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s", CLANG_BIN); - alt_cc = llvm_fullpath; + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); } } - cc_params[0] = alt_cc; + if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 || + strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) { - } + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and " + "PCGUARD (default in afl-cc).\n"); + + } - if (compiler_mode == GCC || compiler_mode == CLANG) { + if (strncasecmp(ptr2, "lto", strlen("lto")) == 0) { - cc_params[cc_par_cnt++] = "-B"; - cc_params[cc_par_cnt++] = obj_path; + aflcc->lto_mode = 1; + if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_LTO) - if (clang_mode || compiler_mode == CLANG) { + aflcc->instrument_mode = INSTRUMENT_LTO; - cc_params[cc_par_cnt++] = "-no-integrated-as"; + else + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); } - } +#if defined(__x86_64__) + if (strcasecmp(ptr2, "gcc") == 0) { - if (compiler_mode == GCC_PLUGIN) { + if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_GCC) - char *fplugin_arg; + aflcc->instrument_mode = INSTRUMENT_GCC; - if (cmplog_mode) { + else if (aflcc->instrument_mode != INSTRUMENT_GCC) + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); - fplugin_arg = - alloc_printf("-fplugin=%s/afl-gcc-cmplog-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; - fplugin_arg = - alloc_printf("-fplugin=%s/afl-gcc-cmptrs-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; + aflcc->compiler_mode = GCC; } - fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; - cc_params[cc_par_cnt++] = "-fno-if-conversion"; - cc_params[cc_par_cnt++] = "-fno-if-conversion2"; +#endif - } +#if defined(__x86_64__) + if (strcasecmp(ptr2, "clang") == 0) { - if (compiler_mode == LLVM || compiler_mode == LTO) { + if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_CLANG) - cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument"; + aflcc->instrument_mode = INSTRUMENT_CLANG; - if (lto_mode && have_instr_env) { + else if (aflcc->instrument_mode != INSTRUMENT_CLANG) + FATAL("main instrumentation mode already set with %s", + instrument_mode_2str(aflcc->instrument_mode)); -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = alloc_printf( - "-fpass-plugin=%s/afl-llvm-lto-instrumentlist.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-lto-instrumentlist.so", obj_path); -#endif + aflcc->compiler_mode = CLANG; } - if (getenv("AFL_LLVM_DICT2FILE")) { - -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/afl-llvm-dict2file.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-dict2file.so", obj_path); #endif - } + if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || + strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || + strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { - // laf - if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) { + u8 *ptr3 = ptr2; + while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) + ptr3++; -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/split-switches-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/split-switches-pass.so", obj_path); -#endif + if (!*ptr3) { - } + if ((ptr3 = getenv("AFL_LLVM_CTX_K")) == NULL) + FATAL( + "you must set the K-CTX K with (e.g. for value 2) " + "AFL_LLVM_INSTRUMENT=ctx-2"); - if (getenv("LAF_TRANSFORM_COMPARES") || - getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { + } -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/compare-transform-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/compare-transform-pass.so", obj_path); -#endif + aflcc->ctx_k = atoi(ptr3); + if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K) + FATAL( + "K-CTX instrumentation option must be between 1 and CTX_MAX_K " + "(%u)", + CTX_MAX_K); - } + if (aflcc->ctx_k == 1) { - if (getenv("LAF_SPLIT_COMPARES") || getenv("AFL_LLVM_LAF_SPLIT_COMPARES") || - getenv("AFL_LLVM_LAF_SPLIT_FLOATS")) { + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; + setenv("AFL_LLVM_CALLER", "1", 1); + unsetenv("AFL_LLVM_CTX_K"); -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/split-compares-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/split-compares-pass.so", obj_path); -#endif + } else { - } + aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_CTX_K); + u8 *ptr4 = alloc_printf("%u", aflcc->ctx_k); + setenv("AFL_LLVM_CTX_K", ptr4, 1); - // /laf + } - unsetenv("AFL_LD"); - unsetenv("AFL_LD_CALLER"); + } - if (cmplog_mode) { + if (strcasecmp(ptr2, "ctx") == 0) { - cc_params[cc_par_cnt++] = "-fno-inline"; + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX; + setenv("AFL_LLVM_CTX", "1", 1); -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/cmplog-switches-pass.so", obj_path); - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/split-switches-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-switches-pass.so", obj_path); + } - // reuse split switches from laf - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/split-switches-pass.so", obj_path); -#endif + if (strncasecmp(ptr2, "caller", strlen("caller")) == 0) { + + aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; + setenv("AFL_LLVM_CALLER", "1", 1); } - // #if LLVM_MAJOR >= 13 - // // Use the old pass manager in LLVM 14 which the AFL++ passes still - // use. cc_params[cc_par_cnt++] = "-flegacy-pass-manager"; - // #endif + if (strncasecmp(ptr2, "ngram", strlen("ngram")) == 0) { - if (lto_mode && !have_c) { + u8 *ptr3 = ptr2 + strlen("ngram"); + while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) { - u8 *ld_path = NULL; - if (getenv("AFL_REAL_LD")) { + ptr3++; - ld_path = strdup(getenv("AFL_REAL_LD")); + } - } else { + if (!*ptr3) { - ld_path = strdup(AFL_REAL_LD); + if ((ptr3 = getenv("AFL_LLVM_NGRAM_SIZE")) == NULL) + FATAL( + "you must set the NGRAM size with (e.g. for value 2) " + "AFL_LLVM_INSTRUMENT=ngram-2"); } - if (!ld_path || !*ld_path) { + aflcc->ngram_size = atoi(ptr3); - if (ld_path) { + if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX) { - // Freeing empty string - free(ld_path); + FATAL( + "NGRAM instrumentation option must be between 2 and " + "NGRAM_SIZE_MAX (%u)", + NGRAM_SIZE_MAX); - } + } - ld_path = strdup("ld.lld"); + aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_NGRAM); + u8 *ptr4 = alloc_printf("%u", aflcc->ngram_size); + setenv("AFL_LLVM_NGRAM_SIZE", ptr4, 1); - } + } - if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } -#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 - cc_params[cc_par_cnt++] = alloc_printf("--ld-path=%s", ld_path); -#else - cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", ld_path); -#endif - free(ld_path); + ptr2 = strtok(NULL, ":,;"); -#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15 - // The NewPM implementation only works fully since LLVM 15. - cc_params[cc_par_cnt++] = alloc_printf( - "-Wl,--load-pass-plugin=%s/SanitizerCoverageLTO.so", obj_path); -#elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13 - cc_params[cc_par_cnt++] = "-Wl,--lto-legacy-pass-manager"; - cc_params[cc_par_cnt++] = - alloc_printf("-Wl,-mllvm=-load=%s/SanitizerCoverageLTO.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-fno-experimental-new-pass-manager"; - cc_params[cc_par_cnt++] = - alloc_printf("-Wl,-mllvm=-load=%s/SanitizerCoverageLTO.so", obj_path); -#endif - - cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; - cc_params[cc_par_cnt++] = lto_flag; - - } else { - - if (instrument_mode == INSTRUMENT_PCGUARD) { - -#if LLVM_MAJOR >= 13 - #if defined __ANDROID__ || ANDROID - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; - instrument_mode = INSTRUMENT_LLVMNATIVE; - #else - if (have_instr_list) { - - if (!be_quiet) - SAYF( - "Using unoptimized trace-pc-guard, due usage of " - "-fsanitize-coverage-allow/denylist, you can use " - "AFL_LLVM_ALLOWLIST/AFL_LLMV_DENYLIST instead.\n"); - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; - instrument_mode = INSTRUMENT_LLVMNATIVE; - - } else { - - #if LLVM_MAJOR >= 13 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = alloc_printf( - "-fpass-plugin=%s/SanitizerCoveragePCGUARD.so", obj_path); - #else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/SanitizerCoveragePCGUARD.so", obj_path); - #endif - - } - - #endif -#else - #if LLVM_MAJOR >= 4 - if (!be_quiet) - SAYF( - "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " - "enhanced version.\n"); - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; - instrument_mode = INSTRUMENT_LLVMNATIVE; - #else - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); - #endif -#endif - - } else if (instrument_mode == INSTRUMENT_LLVMNATIVE) { - -#if LLVM_MAJOR >= 4 - if (instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { - - #if LLVM_MAJOR >= 6 - cc_params[cc_par_cnt++] = - "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"; - #else - FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); - #endif + } - } else { +} - cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; +void instrument_mode_by_environ(aflcc_state_t *aflcc) { - } + if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST") || + getenv("AFL_LLVM_ALLOWLIST") || getenv("AFL_LLVM_DENYLIST") || + getenv("AFL_LLVM_BLOCKLIST")) { -#else - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); -#endif + aflcc->have_instr_env = 1; - } else { + } -#if LLVM_MAJOR >= 11 /* use new pass manager */ - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/afl-llvm-pass.so", obj_path); -#else + if (aflcc->have_instr_env && getenv("AFL_DONT_OPTIMIZE") && !be_quiet) { - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path); -#endif + WARNF( + "AFL_LLVM_ALLOWLIST/DENYLIST and AFL_DONT_OPTIMIZE cannot be combined " + "for file matching, only function matching!"); - } + } - } + instrument_mode_old_environ(aflcc); + instrument_mode_new_environ(aflcc); - if (cmplog_mode) { +} -#if LLVM_MAJOR >= 11 - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = alloc_printf( - "-fpass-plugin=%s/cmplog-instructions-pass.so", obj_path); - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/cmplog-routines-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-instructions-pass.so", obj_path); - - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-routines-pass.so", obj_path); -#endif +static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) { - } + if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER)) { - if (getenv("AFL_LLVM_INJECTIONS_ALL") || - getenv("AFL_LLVM_INJECTIONS_SQL") || - getenv("AFL_LLVM_INJECTIONS_LDAP") || - getenv("AFL_LLVM_INJECTIONS_XSS")) { + FATAL("you cannot set CTX and CALLER together"); -#if LLVM_MAJOR >= 11 - #if LLVM_MAJOR < 16 - cc_params[cc_par_cnt++] = "-fexperimental-new-pass-manager"; - #endif - cc_params[cc_par_cnt++] = - alloc_printf("-fpass-plugin=%s/injection-pass.so", obj_path); -#else - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = alloc_printf("%s/injection-pass.so", obj_path); -#endif + } - } + if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { - // cc_params[cc_par_cnt++] = "-Qunused-arguments"; + FATAL("you cannot set CTX and K-CTX together"); } - /* Inspect the command line parameters. */ + if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) && + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { - process_params(argc, argv); + FATAL("you cannot set CALLER and K-CTX together"); - if (!have_pic) { + } - cc_params[cc_par_cnt++] = "-fPIC"; - have_pic = 1; + if (aflcc->instrument_opt_mode && aflcc->compiler_mode != LLVM) + FATAL("CTX, CALLER and NGRAM can only be used in LLVM mode"); - } + if (aflcc->instrument_opt_mode && + aflcc->instrument_opt_mode != INSTRUMENT_OPT_CODECOV && + aflcc->instrument_mode != INSTRUMENT_CLASSIC) + FATAL( + "CALLER, CTX and NGRAM instrumentation options can only be used with " + "the LLVM CLASSIC instrumentation mode."); - if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC && - !getenv("AFL_LLVM_NO_RPATH")) { +} - // in case LLVM is installed not via a package manager or "make install" - // e.g. compiled download or compiled from github then its ./lib directory - // might not be in the search path. Add it if so. - const char *libdir = LLVM_LIBDIR; - if (plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && - strncmp(libdir, "/lib", 4)) { +void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { - u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR); - cc_params[cc_par_cnt++] = libdir_opt; + if (aflcc->instrument_opt_mode && + aflcc->instrument_mode == INSTRUMENT_DEFAULT && + (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == UNSET)) { - } + aflcc->instrument_mode = INSTRUMENT_CLASSIC; + aflcc->compiler_mode = LLVM; } - if (getenv("AFL_HARDEN")) { - - cc_params[cc_par_cnt++] = "-fstack-protector-all"; + if (!aflcc->compiler_mode) { - if (!fortify_set) cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2"; + // lto is not a default because outside of afl-cc RANLIB and AR have to + // be set to LLVM versions so this would work + if (aflcc->have_llvm) + aflcc->compiler_mode = LLVM; + else if (aflcc->have_gcc_plugin) + aflcc->compiler_mode = GCC_PLUGIN; + else if (aflcc->have_gcc) + aflcc->compiler_mode = GCC; + else if (aflcc->have_clang) + aflcc->compiler_mode = CLANG; + else if (aflcc->have_lto) + aflcc->compiler_mode = LTO; + else + FATAL("no compiler mode available"); } - if (!asan_set) { + switch (aflcc->compiler_mode) { - if (getenv("AFL_USE_ASAN")) { + case GCC: + if (!aflcc->have_gcc) FATAL("afl-gcc not available on your platform!"); + break; + case CLANG: + if (!aflcc->have_clang) + FATAL("afl-clang not available on your platform!"); + break; + case LLVM: + if (!aflcc->have_llvm) + FATAL( + "LLVM mode is not available, please install LLVM 13+ and recompile " + "AFL++"); + break; + case GCC_PLUGIN: + if (!aflcc->have_gcc_plugin) + FATAL( + "GCC_PLUGIN mode is not available, install gcc plugin support and " + "recompile AFL++"); + break; + case LTO: + if (!aflcc->have_lto) + FATAL( + "LTO mode is not available, please install LLVM 13+ and lld of the " + "same version and recompile AFL++"); + break; + default: + FATAL("no compiler mode available"); - if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); + } - if (getenv("AFL_HARDEN")) - FATAL("ASAN and AFL_HARDEN are mutually exclusive"); + if (aflcc->compiler_mode == GCC) { aflcc->instrument_mode = INSTRUMENT_GCC; } - cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; - cc_params[cc_par_cnt++] = "-fsanitize=address"; + if (aflcc->compiler_mode == CLANG) { - } else if (getenv("AFL_USE_MSAN")) { + /* if our PCGUARD implementation is not available then silently switch to + native LLVM PCGUARD. Or classic asm instrument is explicitly preferred. */ + if (!aflcc->have_optimized_pcguard && + (aflcc->instrument_mode == INSTRUMENT_DEFAULT || + aflcc->instrument_mode == INSTRUMENT_PCGUARD)) { - if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - if (getenv("AFL_HARDEN")) - FATAL("MSAN and AFL_HARDEN are mutually exclusive"); + } else { - cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; - cc_params[cc_par_cnt++] = "-fsanitize=memory"; + aflcc->instrument_mode = INSTRUMENT_CLANG; + setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as } } - if (getenv("AFL_USE_UBSAN")) { + if (aflcc->compiler_mode == LTO) { - cc_params[cc_par_cnt++] = "-fsanitize=undefined"; - cc_params[cc_par_cnt++] = "-fsanitize-undefined-trap-on-error"; - cc_params[cc_par_cnt++] = "-fno-sanitize-recover=all"; - cc_params[cc_par_cnt++] = "-fno-omit-frame-pointer"; + if (aflcc->instrument_mode == 0 || + aflcc->instrument_mode == INSTRUMENT_LTO || + aflcc->instrument_mode == INSTRUMENT_CFG || + aflcc->instrument_mode == INSTRUMENT_PCGUARD) { - } + aflcc->lto_mode = 1; + // force CFG + // if (!aflcc->instrument_mode) { - if (getenv("AFL_USE_TSAN")) { + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - cc_params[cc_par_cnt++] = "-fsanitize=thread"; - cc_params[cc_par_cnt++] = "-fno-omit-frame-pointer"; + // } - } + } else if (aflcc->instrument_mode == INSTRUMENT_CLASSIC) { - if (getenv("AFL_USE_LSAN")) { + aflcc->lto_mode = 1; - cc_params[cc_par_cnt++] = "-fsanitize=leak"; - cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; - cc_params[cc_par_cnt++] = - "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) " - "_exit(23); }"; - cc_params[cc_par_cnt++] = "-D__AFL_LSAN_OFF()=__lsan_disable();"; - cc_params[cc_par_cnt++] = "-D__AFL_LSAN_ON()=__lsan_enable();"; + } else { - } + if (!be_quiet) { - if (getenv("AFL_USE_CFISAN")) { + WARNF("afl-clang-lto called with mode %s, using that mode instead", + instrument_mode_2str(aflcc->instrument_mode)); - if (compiler_mode == GCC_PLUGIN || compiler_mode == GCC) { + } - cc_params[cc_par_cnt++] = "-fcf-protection=full"; + } - } else { + } - if (!lto_mode) { + if (aflcc->instrument_mode == 0 && aflcc->compiler_mode < GCC_PLUGIN) { - uint32_t i = 0, found = 0; - while (envp[i] != NULL && !found) - if (strncmp("-flto", envp[i++], 5) == 0) found = 1; - if (!found) cc_params[cc_par_cnt++] = "-flto"; +#if LLVM_MAJOR >= 7 + #if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) + if (aflcc->have_instr_env) { - } + aflcc->instrument_mode = INSTRUMENT_AFL; + if (!be_quiet) { - cc_params[cc_par_cnt++] = "-fsanitize=cfi"; - cc_params[cc_par_cnt++] = "-fvisibility=hidden"; + WARNF( + "Switching to classic instrumentation because " + "AFL_LLVM_ALLOWLIST/DENYLIST does not work with PCGUARD < 10.0.1."); - } + } - } + } else - if (!getenv("AFL_DONT_OPTIMIZE")) { + #endif + aflcc->instrument_mode = INSTRUMENT_PCGUARD; - cc_params[cc_par_cnt++] = "-g"; - if (!have_o) cc_params[cc_par_cnt++] = "-O3"; - if (!have_unroll) cc_params[cc_par_cnt++] = "-funroll-loops"; - // if (strlen(march_opt) > 1 && march_opt[0] == '-') - // cc_params[cc_par_cnt++] = march_opt; +#else + aflcc->instrument_mode = INSTRUMENT_AFL; +#endif } - if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || - getenv("LAF_TRANSFORM_COMPARES") || getenv("AFL_LLVM_LAF_ALL") || - lto_mode) { + if (!aflcc->instrument_opt_mode && aflcc->lto_mode && + aflcc->instrument_mode == INSTRUMENT_CFG) { - cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-bcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; - cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; + aflcc->instrument_mode = INSTRUMENT_PCGUARD; } -#if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ - if (!have_c) cc_params[cc_par_cnt++] = "-lrt"; +#ifndef AFL_CLANG_FLTO + if (aflcc->lto_mode) + FATAL( + "instrumentation mode LTO specified but LLVM support not available " + "(requires LLVM 11 or higher)"); #endif - cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1"; - cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"; + if (aflcc->lto_mode) { - /* As documented in instrumentation/README.persistent_mode.md, deferred - forkserver initialization and persistent mode are not available in afl-gcc - and afl-clang. */ - if (compiler_mode != GCC && compiler_mode != CLANG) { + if (aflcc->lto_flag[0] != '-') + FATAL( + "Using afl-clang-lto is not possible because Makefile magic did not " + "identify the correct -flto flag"); + else + aflcc->compiler_mode = LTO; - cc_params[cc_par_cnt++] = "-D__AFL_HAVE_MANUAL_CONTROL=1"; + } - /* When the user tries to use persistent or deferred forkserver modes by - appending a single line to the program, we want to reliably inject a - signature into the binary (to be picked up by afl-fuzz) and we want - to call a function from the runtime .o file. This is unnecessarily - painful for three reasons: + if (getenv("AFL_LLVM_SKIP_NEVERZERO") && getenv("AFL_LLVM_NOT_ZERO")) + FATAL( + "AFL_LLVM_NOT_ZERO and AFL_LLVM_SKIP_NEVERZERO can not be set " + "together"); - 1) We need to convince the compiler not to optimize out the signature. - This is done with __attribute__((used)). +#if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) - 2) We need to convince the linker, when called with -Wl,--gc-sections, - not to do the same. This is done by forcing an assignment to a - 'volatile' pointer. + if (aflcc->instrument_mode == INSTRUMENT_PCGUARD && aflcc->have_instr_env) { - 3) We need to declare __afl_persistent_loop() in the global namespace, - but doing this within a method in a class is hard - :: and extern "C" - are forbidden and __attribute__((alias(...))) doesn't work. Hence the - __asm__ aliasing trick. + FATAL( + "Instrumentation type PCGUARD does not support " + "AFL_LLVM_ALLOWLIST/DENYLIST! Use LLVM 10.0.1+ instead."); - */ + } - cc_params[cc_par_cnt++] = - "-D__AFL_FUZZ_INIT()=" - "int __afl_sharedmem_fuzzing = 1;" - "extern unsigned int *__afl_fuzz_len;" - "extern unsigned char *__afl_fuzz_ptr;" - "unsigned char __afl_fuzz_alt[1048576];" - "unsigned char *__afl_fuzz_alt_ptr = __afl_fuzz_alt;"; +#endif - } + instrument_opt_mode_exclude(aflcc); - if (plusplus_mode) { + u8 *ptr2; - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" - "extern \"C\" void __afl_coverage_discard();" - "extern \"C\" void __afl_coverage_skip();" - "extern \"C\" void __afl_coverage_on();" - "extern \"C\" void __afl_coverage_off();"; + if ((ptr2 = getenv("AFL_LLVM_DICT2FILE")) != NULL && *ptr2 != '/') + FATAL("AFL_LLVM_DICT2FILE must be set to an absolute file path"); - } else { + if (getenv("AFL_LLVM_LAF_ALL")) { - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" - "void __afl_coverage_discard();" - "void __afl_coverage_skip();" - "void __afl_coverage_on();" - "void __afl_coverage_off();"; + setenv("AFL_LLVM_LAF_SPLIT_SWITCHES", "1", 1); + setenv("AFL_LLVM_LAF_SPLIT_COMPARES", "1", 1); + setenv("AFL_LLVM_LAF_SPLIT_FLOATS", "1", 1); + setenv("AFL_LLVM_LAF_TRANSFORM_COMPARES", "1", 1); } - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " - "1;"; - cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_ON()=__afl_coverage_on()"; - cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_OFF()=__afl_coverage_off()"; - cc_params[cc_par_cnt++] = - "-D__AFL_COVERAGE_DISCARD()=__afl_coverage_discard()"; - cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_SKIP()=__afl_coverage_skip()"; - cc_params[cc_par_cnt++] = - "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : " - "__afl_fuzz_alt_ptr)"; - cc_params[cc_par_cnt++] = - "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : " - "(*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1048576)) == 0xffffffff " - "? 0 : *__afl_fuzz_len)"; + aflcc->cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") || + getenv("AFL_GCC_CMPLOG"); - if (compiler_mode != GCC && compiler_mode != CLANG) { +} - cc_params[cc_par_cnt++] = - "-D__AFL_LOOP(_A)=" - "({ static volatile const char *_B __attribute__((used,unused)); " - " _B = (const char*)\"" PERSIST_SIG - "\"; " - "extern int __afl_connected;" -#ifdef __APPLE__ - "__attribute__((visibility(\"default\"))) " - "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " -#else - "__attribute__((visibility(\"default\"))) " - "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " -#endif /* ^__APPLE__ */ - // if afl is connected, we run _A times, else once. - "_L(__afl_connected ? _A : 1); })"; - - cc_params[cc_par_cnt++] = - "-D__AFL_INIT()=" - "do { static volatile const char *_A __attribute__((used,unused)); " - " _A = (const char*)\"" DEFER_SIG - "\"; " -#ifdef __APPLE__ - "__attribute__((visibility(\"default\"))) " - "void _I(void) __asm__(\"___afl_manual_init\"); " -#else - "__attribute__((visibility(\"default\"))) " - "void _I(void) __asm__(\"__afl_manual_init\"); " -#endif /* ^__APPLE__ */ - "_I(); } while (0)"; +void mode_notification(aflcc_state_t *aflcc) { - } + char *ptr2 = alloc_printf(" + NGRAM-%u", aflcc->ngram_size); + char *ptr3 = alloc_printf(" + K-CTX-%u", aflcc->ctx_k); + + char *ptr1 = alloc_printf( + "%s%s%s%s%s", instrument_mode_2str(aflcc->instrument_mode), + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) ? " + CTX" : "", + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) ? " + CALLER" : "", + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_NGRAM) ? ptr2 : "", + (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K) ? ptr3 : ""); - if (x_set) { + ck_free(ptr2); + ck_free(ptr3); - cc_params[cc_par_cnt++] = "-x"; - cc_params[cc_par_cnt++] = "none"; + if ((isatty(2) && !be_quiet) || aflcc->debug) { + + SAYF(cCYA + "afl-cc" VERSION cRST + " by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: %s-%s\n", + compiler_mode_2str(aflcc->compiler_mode), ptr1); } - // prevent unnecessary build errors - if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC) { + ck_free(ptr1); + + if (!be_quiet && + (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG)) { - cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument"; + WARNF( + "You are using outdated instrumentation, install LLVM and/or " + "gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast " + "instead!"); } - if (preprocessor_only || have_c || !non_dash) { +} - /* In the preprocessor_only case (-E), we are not actually compiling at - all but requesting the compiler to output preprocessed sources only. - We must not add the runtime in this case because the compiler will - simply output its binary content back on stdout, breaking any build - systems that rely on a separate source preprocessing step. */ - cc_params[cc_par_cnt] = NULL; - return; +void add_real_argv0(aflcc_state_t *aflcc) { - } + static u8 llvm_fullpath[PATH_MAX]; -#ifndef __ANDROID__ + if (aflcc->plusplus_mode) { - if (compiler_mode != GCC && compiler_mode != CLANG) { + u8 *alt_cxx = getenv("AFL_CXX"); - switch (bit_mode) { + if (!alt_cxx) { - case 0: - if (!shared_linking && !partial_linking) - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-compiler-rt.o", obj_path); - if (lto_mode) - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-rt-lto.o", obj_path); - break; + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { - case 32: - if (!shared_linking && !partial_linking) { + alt_cxx = "g++"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-compiler-rt-32.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m32 is not supported by your compiler"); + } else if (aflcc->compiler_mode == CLANG) { - } + alt_cxx = "clang++"; - if (lto_mode) { + } else { - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-rt-lto-32.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m32 is not supported by your compiler"); + if (USE_BINDIR) + snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", + LLVM_BINDIR); + else + snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANGPP_BIN); + alt_cxx = llvm_fullpath; - } + } - break; + } - case 64: - if (!shared_linking && !partial_linking) { + aflcc->cc_params[0] = alt_cxx; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-compiler-rt-64.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m64 is not supported by your compiler"); + } else { - } + u8 *alt_cc = getenv("AFL_CC"); - if (lto_mode) { + if (!alt_cc) { - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-rt-lto-64.o", obj_path); - if (access(cc_params[cc_par_cnt - 1], R_OK)) - FATAL("-m64 is not supported by your compiler"); + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { - } + alt_cc = "gcc"; - break; + } else if (aflcc->compiler_mode == CLANG) { - } + alt_cc = "clang"; - #if !defined(__APPLE__) && !defined(__sun) - if (!shared_linking && !partial_linking) - cc_params[cc_par_cnt++] = - alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path); - #endif + } else { - #if defined(__APPLE__) - if (shared_linking || partial_linking) { + if (USE_BINDIR) + snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", + LLVM_BINDIR); + else + snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN); + alt_cc = llvm_fullpath; - cc_params[cc_par_cnt++] = "-Wl,-U"; - cc_params[cc_par_cnt++] = "-Wl,___afl_area_ptr"; - cc_params[cc_par_cnt++] = "-Wl,-U"; - cc_params[cc_par_cnt++] = "-Wl,___sanitizer_cov_trace_pc_guard_init"; + } } - #endif + aflcc->cc_params[0] = alt_cc; } - #if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ - cc_params[cc_par_cnt++] = "-lrt"; - #endif +} -#endif +/* Macro defs for the preprocessor */ - cc_params[cc_par_cnt] = NULL; +void add_defs_common(aflcc_state_t *aflcc) { + + insert_param(aflcc, "-D__AFL_COMPILER=1"); + insert_param(aflcc, "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"); } -/* Main entry point */ +/* See instrumentation/README.instrument_list.md# + 2-selective-instrumentation-with-_afl_coverage-directives */ +void add_defs_selective_instr(aflcc_state_t *aflcc) { -int main(int argc, char **argv, char **envp) { + if (aflcc->plusplus_mode) { - int i; - char *callname = argv[0], *ptr = NULL; + insert_param(aflcc, + "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" + "extern \"C\" void __afl_coverage_discard();" + "extern \"C\" void __afl_coverage_skip();" + "extern \"C\" void __afl_coverage_on();" + "extern \"C\" void __afl_coverage_off();"); - if (getenv("AFL_DEBUG")) { + } else { - debug = 1; - if (strcmp(getenv("AFL_DEBUG"), "0") == 0) unsetenv("AFL_DEBUG"); + insert_param(aflcc, + "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" + "void __afl_coverage_discard();" + "void __afl_coverage_skip();" + "void __afl_coverage_on();" + "void __afl_coverage_off();"); - } else if (getenv("AFL_QUIET")) + } - be_quiet = 1; + insert_param( + aflcc, + "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " + "1;"); + insert_param(aflcc, "-D__AFL_COVERAGE_ON()=__afl_coverage_on()"); + insert_param(aflcc, "-D__AFL_COVERAGE_OFF()=__afl_coverage_off()"); + insert_param(aflcc, "-D__AFL_COVERAGE_DISCARD()=__afl_coverage_discard()"); + insert_param(aflcc, "-D__AFL_COVERAGE_SKIP()=__afl_coverage_skip()"); - if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST") || - getenv("AFL_LLVM_ALLOWLIST") || getenv("AFL_LLVM_DENYLIST") || - getenv("AFL_LLVM_BLOCKLIST")) { +} - have_instr_env = 1; +/* As documented in instrumentation/README.persistent_mode.md, deferred + forkserver initialization and persistent mode are not available in afl-gcc + and afl-clang. */ +void add_defs_persistent_mode(aflcc_state_t *aflcc) { - } + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) return; - if (getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) { + insert_param(aflcc, "-D__AFL_HAVE_MANUAL_CONTROL=1"); - passthrough = 1; - if (!debug) { be_quiet = 1; } + /* When the user tries to use persistent or deferred forkserver modes by + appending a single line to the program, we want to reliably inject a + signature into the binary (to be picked up by afl-fuzz) and we want + to call a function from the runtime .o file. This is unnecessarily + painful for three reasons: - } + 1) We need to convince the compiler not to optimize out the signature. + This is done with __attribute__((used)). - if ((ptr = strrchr(callname, '/')) != NULL) callname = ptr + 1; - argvnull = (u8 *)argv[0]; - check_environment_vars(envp); + 2) We need to convince the linker, when called with -Wl,--gc-sections, + not to do the same. This is done by forcing an assignment to a + 'volatile' pointer. - if ((ptr = find_object("as", argv[0])) != NULL) { + 3) We need to declare __afl_persistent_loop() in the global namespace, + but doing this within a method in a class is hard - :: and extern "C" + are forbidden and __attribute__((alias(...))) doesn't work. Hence the + __asm__ aliasing trick. - have_gcc = 1; - ck_free(ptr); + */ - } + insert_param(aflcc, + "-D__AFL_FUZZ_INIT()=" + "int __afl_sharedmem_fuzzing = 1;" + "extern unsigned int *__afl_fuzz_len;" + "extern unsigned char *__afl_fuzz_ptr;" + "unsigned char __afl_fuzz_alt[1048576];" + "unsigned char *__afl_fuzz_alt_ptr = __afl_fuzz_alt;"); -#if (LLVM_MAJOR >= 3) + insert_param(aflcc, + "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : " + "__afl_fuzz_alt_ptr)"); - if ((ptr = find_object("SanitizerCoverageLTO.so", argv[0])) != NULL) { + insert_param( + aflcc, + "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : " + "(*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1048576)) == 0xffffffff " + "? 0 : *__afl_fuzz_len)"); + + insert_param( + aflcc, + "-D__AFL_LOOP(_A)=" + "({ static volatile const char *_B __attribute__((used,unused)); " + " _B = (const char*)\"" PERSIST_SIG + "\"; " + "extern int __afl_connected;" +#ifdef __APPLE__ + "__attribute__((visibility(\"default\"))) " + "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " +#else + "__attribute__((visibility(\"default\"))) " + "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); " +#endif /* ^__APPLE__ */ + // if afl is connected, we run _A times, else once. + "_L(__afl_connected ? _A : 1); })"); + + insert_param( + aflcc, + "-D__AFL_INIT()=" + "do { static volatile const char *_A __attribute__((used,unused)); " + " _A = (const char*)\"" DEFER_SIG + "\"; " +#ifdef __APPLE__ + "__attribute__((visibility(\"default\"))) " + "void _I(void) __asm__(\"___afl_manual_init\"); " +#else + "__attribute__((visibility(\"default\"))) " + "void _I(void) __asm__(\"__afl_manual_init\"); " +#endif /* ^__APPLE__ */ + "_I(); } while (0)"); - have_lto = 1; - ck_free(ptr); +} - } +/* Control _FORTIFY_SOURCE */ +void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { - if ((ptr = find_object("cmplog-routines-pass.so", argv[0])) != NULL) { + switch (action) { - have_llvm = 1; - ck_free(ptr); + case 1: + insert_param(aflcc, "-D_FORTIFY_SOURCE=1"); + break; - } + case 2: + insert_param(aflcc, "-D_FORTIFY_SOURCE=2"); + break; -#endif + default: // OFF + insert_param(aflcc, "-U_FORTIFY_SOURCE"); + break; -#ifdef __ANDROID__ - have_llvm = 1; -#endif + } - if ((ptr = find_object("afl-gcc-pass.so", argv[0])) != NULL) { +} - have_gcc_plugin = 1; - ck_free(ptr); +void add_defs_lsan_ctrl(aflcc_state_t *aflcc) { - } + insert_param(aflcc, "-includesanitizer/lsan_interface.h"); + insert_param( + aflcc, + "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) " + "_exit(23); }"); + insert_param(aflcc, "-D__AFL_LSAN_OFF()=__lsan_disable();"); + insert_param(aflcc, "-D__AFL_LSAN_ON()=__lsan_enable();"); -#if (LLVM_MAJOR >= 3) +} - if (strncmp(callname, "afl-clang-fast", 14) == 0) { +/* About fsanitize (including PCGUARD features) */ - compiler_mode = LLVM; +/* For input "-fsanitize=...", it: - } else if (strncmp(callname, "afl-clang-lto", 13) == 0 || + 1. may have various OOB traps :) if ... doesn't contain ',' or + the input has bad syntax such as "-fsantiz=," + 2. strips any fuzzer* in ... and writes back (may result in "-fsanitize=") + 3. rets 1 if exactly "fuzzer" found, otherwise rets 0 +*/ +static u8 fsanitize_fuzzer_comma(char *string) { - strncmp(callname, "afl-lto", 7) == 0) { + u8 detect_single_fuzzer = 0; - compiler_mode = LTO; + char *p, *ptr = string + strlen("-fsanitize="); + // ck_alloc will check alloc failure + char *new = ck_alloc(strlen(string) + 1); + char *tmp = ck_alloc(strlen(ptr) + 1); + u32 count = 0, len, ende = 0; - } else + strcpy(new, "-fsanitize="); -#endif - if (strncmp(callname, "afl-gcc-fast", 12) == 0 || + do { - strncmp(callname, "afl-g++-fast", 12) == 0) { + p = strchr(ptr, ','); + if (!p) { - compiler_mode = GCC_PLUGIN; + p = ptr + strlen(ptr) + 1; + ende = 1; - } else if (strncmp(callname, "afl-gcc", 7) == 0 || + } - strncmp(callname, "afl-g++", 7) == 0) { + len = p - ptr; + if (len) { - compiler_mode = GCC; + strncpy(tmp, ptr, len); + tmp[len] = 0; + // fprintf(stderr, "Found: %s\n", tmp); + ptr += len + 1; + if (*tmp) { - } else if (strcmp(callname, "afl-clang") == 0 || + u32 copy = 1; + if (!strcmp(tmp, "fuzzer")) { - strcmp(callname, "afl-clang++") == 0) { + detect_single_fuzzer = 1; + copy = 0; - compiler_mode = CLANG; + } else if (!strncmp(tmp, "fuzzer", 6)) { - } + copy = 0; - if ((ptr = getenv("AFL_CC_COMPILER"))) { + } - if (compiler_mode) { + if (copy) { - if (!be_quiet) { + if (count) { strcat(new, ","); } + strcat(new, tmp); + ++count; - WARNF( - "\"AFL_CC_COMPILER\" is set but a specific compiler was already " - "selected by command line parameter or symlink, ignoring the " - "environment variable!"); + } } } else { - if (strncasecmp(ptr, "LTO", 3) == 0) { + ptr++; - compiler_mode = LTO; + } - } else if (strncasecmp(ptr, "LLVM", 4) == 0) { + } while (!ende); - compiler_mode = LLVM; + strcpy(string, new); - } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || + ck_free(tmp); + ck_free(new); - strncasecmp(ptr, "GCC-P", 5) == 0 || - strncasecmp(ptr, "GCCP", 4) == 0) { + return detect_single_fuzzer; - compiler_mode = GCC_PLUGIN; +} - } else if (strcasecmp(ptr, "GCC") == 0) { +param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { - compiler_mode = GCC; + param_st final_ = PARAM_MISS; - } else + if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && + strstr(cur_argv, "list=")) { + + if (scan) { + + aflcc->have_instr_list = 1; + final_ = PARAM_SCAN; + + } else { - FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr); + final_ = PARAM_KEEP; // may be set to DROP next } } - if (strcmp(callname, "afl-clang") == 0 || - strcmp(callname, "afl-clang++") == 0) { + if (!strcmp(cur_argv, "-fsanitize=fuzzer")) { - clang_mode = 1; - compiler_mode = CLANG; + if (scan) { - if (strcmp(callname, "afl-clang++") == 0) { plusplus_mode = 1; } + aflcc->need_aflpplib = 1; + final_ = PARAM_SCAN; - } + } else { - for (i = 1; i < argc; i++) { + final_ = PARAM_DROP; - if (strncmp(argv[i], "--afl", 5) == 0) { + } - if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) { + } else if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize=")) && - passthrough = 1; - argv[i] = "-g"; // we have to overwrite it, -g is always good - continue; + strchr(cur_argv, ',') && + !strstr(cur_argv, "=,")) { // avoid OOB errors - } + if (scan) { - if (compiler_mode && !be_quiet) { + u8 *cur_argv_ = ck_strdup(cur_argv); - WARNF( - "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " - "symlink compiler selection!"); + if (fsanitize_fuzzer_comma(cur_argv_)) { + + aflcc->need_aflpplib = 1; + final_ = PARAM_SCAN; } - ptr = argv[i]; - ptr += 5; - while (*ptr == '-') - ptr++; + ck_free(cur_argv_); - if (strncasecmp(ptr, "LTO", 3) == 0) { + } else { - compiler_mode = LTO; + fsanitize_fuzzer_comma(cur_argv); + if (!cur_argv || strlen(cur_argv) <= strlen("-fsanitize=")) + final_ = PARAM_DROP; // this means it only has "fuzzer" previously. - } else if (strncasecmp(ptr, "LLVM", 4) == 0) { + } - compiler_mode = LLVM; + } else if ((!strncmp(cur_argv, "-fsanitize=fuzzer-", - } else if (strncasecmp(ptr, "PCGUARD", 7) == 0 || + strlen("-fsanitize=fuzzer-")) || + !strncmp(cur_argv, "-fsanitize-coverage", + strlen("-fsanitize-coverage"))) && + (strncmp(cur_argv, "sanitize-coverage-allow", + strlen("sanitize-coverage-allow")) && + strncmp(cur_argv, "sanitize-coverage-deny", + strlen("sanitize-coverage-deny")) && + aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE)) { - strncasecmp(ptr, "PC-GUARD", 8) == 0) { + if (scan) { - compiler_mode = LLVM; - instrument_mode = INSTRUMENT_PCGUARD; + final_ = PARAM_SCAN; - } else if (strcasecmp(ptr, "INSTRIM") == 0 || + } else { - strcasecmp(ptr, "CFG") == 0) { + if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } + final_ = PARAM_DROP; - FATAL( - "InsTrim instrumentation was removed. Use a modern LLVM and " - "PCGUARD (default in afl-cc).\n"); + } - } else if (strcasecmp(ptr, "AFL") == 0 || + } - strcasecmp(ptr, "CLASSIC") == 0) { + if (!strcmp(cur_argv, "-fsanitize=address") || + !strcmp(cur_argv, "-fsanitize=memory")) { - compiler_mode = LLVM; - instrument_mode = INSTRUMENT_CLASSIC; + if (scan) { - } else if (strcasecmp(ptr, "LLVMNATIVE") == 0 || + // "-fsanitize=undefined,address" may be un-treated, but it's OK. + aflcc->asan_set = 1; + final_ = PARAM_SCAN; - strcasecmp(ptr, "NATIVE") == 0 || - strcasecmp(ptr, "LLVM-NATIVE") == 0) { + } else { - compiler_mode = LLVM; - instrument_mode = INSTRUMENT_LLVMNATIVE; + // It's impossible that final_ is PARAM_DROP before, + // so no checks are needed here. + final_ = PARAM_KEEP; - } else if (strncasecmp(ptr, "GCC_P", 5) == 0 || + } - strncasecmp(ptr, "GCC-P", 5) == 0 || - strncasecmp(ptr, "GCCP", 4) == 0) { + } - compiler_mode = GCC_PLUGIN; + if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); - } else if (strcasecmp(ptr, "GCC") == 0) { + return final_; - compiler_mode = GCC; +} - } else if (strncasecmp(ptr, "CLANG", 5) == 0) { +void add_sanitizers(aflcc_state_t *aflcc, char **envp) { - compiler_mode = CLANG; + if (!aflcc->asan_set) { - } else + if (getenv("AFL_USE_ASAN")) { - FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); + if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); - } + if (getenv("AFL_HARDEN")) + FATAL("ASAN and AFL_HARDEN are mutually exclusive"); - } + add_defs_fortify(aflcc, 0); + insert_param(aflcc, "-fsanitize=address"); - if (strlen(callname) > 2 && - (strncmp(callname + strlen(callname) - 2, "++", 2) == 0 || - strstr(callname, "-g++") != NULL)) - plusplus_mode = 1; + } else if (getenv("AFL_USE_MSAN")) { - if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") || - getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC")) { + if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); - if (instrument_mode == 0) - instrument_mode = INSTRUMENT_PCGUARD; - else if (instrument_mode != INSTRUMENT_PCGUARD) - FATAL("you cannot set AFL_LLVM_INSTRUMENT and AFL_TRACE_PC together"); + if (getenv("AFL_HARDEN")) + FATAL("MSAN and AFL_HARDEN are mutually exclusive"); + + add_defs_fortify(aflcc, 0); + insert_param(aflcc, "-fsanitize=memory"); + + } } - if (have_instr_env && getenv("AFL_DONT_OPTIMIZE") && !be_quiet) { + if (getenv("AFL_USE_UBSAN")) { - WARNF( - "AFL_LLVM_ALLOWLIST/DENYLIST and AFL_DONT_OPTIMIZE cannot be combined " - "for file matching, only function matching!"); + insert_param(aflcc, "-fsanitize=undefined"); + insert_param(aflcc, "-fsanitize-undefined-trap-on-error"); + insert_param(aflcc, "-fno-sanitize-recover=all"); + insert_param(aflcc, "-fno-omit-frame-pointer"); } - if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || - getenv("INSTRIM_LIB")) { + if (getenv("AFL_USE_TSAN")) { - FATAL( - "InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD " - "(default in afl-cc).\n"); + insert_param(aflcc, "-fsanitize=thread"); + insert_param(aflcc, "-fno-omit-frame-pointer"); } - if (getenv("AFL_LLVM_CTX")) instrument_opt_mode |= INSTRUMENT_OPT_CTX; - if (getenv("AFL_LLVM_CALLER")) instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - - if (getenv("AFL_LLVM_NGRAM_SIZE")) { + if (getenv("AFL_USE_LSAN")) { - instrument_opt_mode |= INSTRUMENT_OPT_NGRAM; - ngram_size = atoi(getenv("AFL_LLVM_NGRAM_SIZE")); - if (ngram_size < 2 || ngram_size > NGRAM_SIZE_MAX) - FATAL( - "NGRAM instrumentation mode must be between 2 and NGRAM_SIZE_MAX " - "(%u)", - NGRAM_SIZE_MAX); + insert_param(aflcc, "-fsanitize=leak"); + add_defs_lsan_ctrl(aflcc); } - if (getenv("AFL_LLVM_CTX_K")) { + if (getenv("AFL_USE_CFISAN")) { - ctx_k = atoi(getenv("AFL_LLVM_CTX_K")); - if (ctx_k < 1 || ctx_k > CTX_MAX_K) - FATAL("K-CTX instrumentation mode must be between 1 and CTX_MAX_K (%u)", - CTX_MAX_K); - if (ctx_k == 1) { + if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) { - setenv("AFL_LLVM_CALLER", "1", 1); - unsetenv("AFL_LLVM_CTX_K"); - instrument_opt_mode |= INSTRUMENT_OPT_CALLER; + insert_param(aflcc, "-fcf-protection=full"); } else { - instrument_opt_mode |= INSTRUMENT_OPT_CTX_K; + if (!aflcc->lto_mode) { + + uint32_t i = 0, found = 0; + while (envp[i] != NULL && !found) + if (strncmp("-flto", envp[i++], 5) == 0) found = 1; + if (!found) insert_param(aflcc, "-flto"); + + } + + insert_param(aflcc, "-fsanitize=cfi"); + insert_param(aflcc, "-fvisibility=hidden"); } } - if (getenv("AFL_LLVM_INSTRUMENT")) { +} - u8 *ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;"); +void add_native_pcguard(aflcc_state_t *aflcc) { - while (ptr2) { + /* If llvm-config doesn't figure out LLVM_MAJOR, just + go on anyway and let compiler complain if doesn't work. */ - if (strncasecmp(ptr2, "afl", strlen("afl")) == 0 || - strncasecmp(ptr2, "classic", strlen("classic")) == 0) { + if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { - if (instrument_mode == INSTRUMENT_LTO) { +#if LLVM_MAJOR > 0 && LLVM_MAJOR < 6 + FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); +#else + #if LLVM_MAJOR == 0 + WARNF( + "pcguard instrumentation with pc-table requires LLVM 6.0.1+" + " otherwise the compiler will fail"); + #endif + insert_param(aflcc, + "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); +#endif - instrument_mode = INSTRUMENT_CLASSIC; - lto_mode = 1; + } else { - } else if (!instrument_mode || instrument_mode == INSTRUMENT_AFL) { +#if LLVM_MAJOR > 0 && LLVM_MAJOR < 4 + FATAL("pcguard instrumentation requires LLVM 4.0.1+"); +#else + #if LLVM_MAJOR == 0 + WARNF( + "pcguard instrumentation requires LLVM 4.0.1+" + " otherwise the compiler will fail"); + #endif + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); +#endif - instrument_mode = INSTRUMENT_AFL; + } - } else { +} - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); +void add_optimized_pcguard(aflcc_state_t *aflcc) { - } +#if LLVM_MAJOR >= 13 + #if defined __ANDROID__ || ANDROID - } + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - if (strncasecmp(ptr2, "pc-guard", strlen("pc-guard")) == 0 || - strncasecmp(ptr2, "pcguard", strlen("pcguard")) == 0) { + #else - if (!instrument_mode || instrument_mode == INSTRUMENT_PCGUARD) - instrument_mode = INSTRUMENT_PCGUARD; - else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + if (aflcc->have_instr_list) { - } + if (!be_quiet) + SAYF( + "Using unoptimized trace-pc-guard, due usage of " + "-fsanitize-coverage-allow/denylist, you can use " + "AFL_LLVM_ALLOWLIST/AFL_LLMV_DENYLIST instead.\n"); - if (strncasecmp(ptr2, "llvmnative", strlen("llvmnative")) == 0 || - strncasecmp(ptr2, "llvm-native", strlen("llvm-native")) == 0 || - strncasecmp(ptr2, "native", strlen("native")) == 0) { + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - if (!instrument_mode || instrument_mode == INSTRUMENT_LLVMNATIVE) - instrument_mode = INSTRUMENT_LLVMNATIVE; - else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + } else { - } + /* Since LLVM_MAJOR >= 13 we use new pass manager */ + #if LLVM_MAJOR < 16 + insert_param(aflcc, "-fexperimental-new-pass-manager"); + #endif + insert_object(aflcc, "SanitizerCoveragePCGUARD.so", "-fpass-plugin=%s", 0); - if (strncasecmp(ptr2, "llvmcodecov", strlen("llvmcodecov")) == 0 || - strncasecmp(ptr2, "llvm-codecov", strlen("llvm-codecov")) == 0) { + } - if (!instrument_mode || instrument_mode == INSTRUMENT_LLVMNATIVE) { + #endif // defined __ANDROID__ || ANDROID +#else // LLVM_MAJOR < 13 + #if LLVM_MAJOR >= 4 - instrument_mode = INSTRUMENT_LLVMNATIVE; - instrument_opt_mode |= INSTRUMENT_OPT_CODECOV; + if (!be_quiet) + SAYF( + "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " + "enhanced version.\n"); + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); + aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; - } else { + #else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + FATAL("pcguard instrumentation requires LLVM 4.0.1+"); - } + #endif +#endif - } +} - if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 || - strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) { +/* Linking behaviors */ - FATAL( - "InsTrim instrumentation was removed. Use a modern LLVM and " - "PCGUARD (default in afl-cc).\n"); +param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, + u8 *skip_next, char **argv) { - } + if (aflcc->lto_mode && !strncmp(cur_argv, "-flto=thin", 10)) { - if (strncasecmp(ptr2, "lto", strlen("lto")) == 0) { + FATAL( + "afl-clang-lto cannot work with -flto=thin. Switch to -flto=full or " + "use afl-clang-fast!"); - lto_mode = 1; - if (!instrument_mode || instrument_mode == INSTRUMENT_LTO) - instrument_mode = INSTRUMENT_LTO; - else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + } - } + param_st final_ = PARAM_MISS; - if (strcasecmp(ptr2, "gcc") == 0) { + if (!strcmp(cur_argv, "-shared") || !strcmp(cur_argv, "-dynamiclib")) { - if (!instrument_mode || instrument_mode == INSTRUMENT_GCC) - instrument_mode = INSTRUMENT_GCC; - else if (instrument_mode != INSTRUMENT_GCC) - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); - compiler_mode = GCC; + if (scan) { - } + aflcc->shared_linking = 1; + final_ = PARAM_SCAN; - if (strcasecmp(ptr2, "clang") == 0) { + } else { - if (!instrument_mode || instrument_mode == INSTRUMENT_CLANG) - instrument_mode = INSTRUMENT_CLANG; - else if (instrument_mode != INSTRUMENT_CLANG) - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); - compiler_mode = CLANG; + final_ = PARAM_KEEP; - } + } - if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || - strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || - strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { + } else if (!strcmp(cur_argv, "-Wl,-r") || !strcmp(cur_argv, "-Wl,-i") || - u8 *ptr3 = ptr2; - while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) - ptr3++; + !strcmp(cur_argv, "-Wl,--relocatable") || + !strcmp(cur_argv, "-r") || !strcmp(cur_argv, "--relocatable")) { - if (!*ptr3) { + if (scan) { - if ((ptr3 = getenv("AFL_LLVM_CTX_K")) == NULL) - FATAL( - "you must set the K-CTX K with (e.g. for value 2) " - "AFL_LLVM_INSTRUMENT=ctx-2"); + aflcc->partial_linking = 1; + final_ = PARAM_SCAN; - } + } else { - ctx_k = atoi(ptr3); - if (ctx_k < 1 || ctx_k > CTX_MAX_K) - FATAL( - "K-CTX instrumentation option must be between 1 and CTX_MAX_K " - "(%u)", - CTX_MAX_K); + final_ = PARAM_KEEP; - if (ctx_k == 1) { + } - instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - setenv("AFL_LLVM_CALLER", "1", 1); - unsetenv("AFL_LLVM_CTX_K"); + } else if (!strncmp(cur_argv, "-fuse-ld=", 9) || - } else { + !strncmp(cur_argv, "--ld-path=", 10)) { - instrument_opt_mode |= (INSTRUMENT_OPT_CTX_K); - u8 *ptr4 = alloc_printf("%u", ctx_k); - setenv("AFL_LLVM_CTX_K", ptr4, 1); + if (scan) { - } + final_ = PARAM_SCAN; - } + } else { - if (strcasecmp(ptr2, "ctx") == 0) { + if (aflcc->lto_mode) + final_ = PARAM_DROP; + else + final_ = PARAM_KEEP; - instrument_opt_mode |= INSTRUMENT_OPT_CTX; - setenv("AFL_LLVM_CTX", "1", 1); + } - } + } else if (!strcmp(cur_argv, "-Wl,-z,defs") || - if (strncasecmp(ptr2, "caller", strlen("caller")) == 0) { + !strcmp(cur_argv, "-Wl,--no-undefined") || + !strcmp(cur_argv, "-Wl,-no-undefined") || + !strcmp(cur_argv, "--no-undefined") || + strstr(cur_argv, "afl-compiler-rt") || + strstr(cur_argv, "afl-llvm-rt")) { - instrument_opt_mode |= INSTRUMENT_OPT_CALLER; - setenv("AFL_LLVM_CALLER", "1", 1); + if (scan) { - } + final_ = PARAM_SCAN; - if (strncasecmp(ptr2, "ngram", strlen("ngram")) == 0) { + } else { - u8 *ptr3 = ptr2 + strlen("ngram"); - while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) - ptr3++; + final_ = PARAM_DROP; - if (!*ptr3) { + } - if ((ptr3 = getenv("AFL_LLVM_NGRAM_SIZE")) == NULL) - FATAL( - "you must set the NGRAM size with (e.g. for value 2) " - "AFL_LLVM_INSTRUMENT=ngram-2"); + } else if (!strcmp(cur_argv, "-z") || !strcmp(cur_argv, "-Wl,-z")) { - } + u8 *param = *(argv + 1); + if (param && (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs"))) { - ngram_size = atoi(ptr3); - if (ngram_size < 2 || ngram_size > NGRAM_SIZE_MAX) - FATAL( - "NGRAM instrumentation option must be between 2 and " - "NGRAM_SIZE_MAX (%u)", - NGRAM_SIZE_MAX); - instrument_opt_mode |= (INSTRUMENT_OPT_NGRAM); - u8 *ptr4 = alloc_printf("%u", ngram_size); - setenv("AFL_LLVM_NGRAM_SIZE", ptr4, 1); + *skip_next = 1; - } + if (scan) { - ptr2 = strtok(NULL, ":,;"); + final_ = PARAM_SCAN; - } + } else { - } + final_ = PARAM_DROP; - if ((instrument_opt_mode & INSTRUMENT_OPT_CTX) && - (instrument_opt_mode & INSTRUMENT_OPT_CALLER)) { + } - FATAL("you cannot set CTX and CALLER together"); + } } - if ((instrument_opt_mode & INSTRUMENT_OPT_CTX) && - (instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { + // Try to warn user for some unsupported cases + if (scan && final_ == PARAM_MISS) { - FATAL("you cannot set CTX and K-CTX together"); + u8 *ptr_ = NULL; - } + if (!strcmp(cur_argv, "-Xlinker") && (ptr_ = *(argv + 1))) { - if ((instrument_opt_mode & INSTRUMENT_OPT_CALLER) && - (instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { + if (!strcmp(ptr_, "defs")) { - FATAL("you cannot set CALLER and K-CTX together"); + WARNF("'-Xlinker' 'defs' detected. This may result in a bad link."); - } + } else if (strstr(ptr_, "-no-undefined")) { - if (instrument_opt_mode && instrument_mode == INSTRUMENT_DEFAULT && - (compiler_mode == LLVM || compiler_mode == UNSET)) { + WARNF( + "'-Xlinker' '%s' detected. The latter option may be dropped and " + "result in a bad link.", + ptr_); - instrument_mode = INSTRUMENT_CLASSIC; - compiler_mode = LLVM; + } - } + } else if (!strncmp(cur_argv, "-Wl,", 4) && - if (!compiler_mode) { + (u8 *)strrchr(cur_argv, ',') != (cur_argv + 3)) { - // lto is not a default because outside of afl-cc RANLIB and AR have to - // be set to LLVM versions so this would work - if (have_llvm) - compiler_mode = LLVM; - else if (have_gcc_plugin) - compiler_mode = GCC_PLUGIN; - else if (have_gcc) -#ifdef __APPLE__ - // on OSX clang masquerades as GCC - compiler_mode = CLANG; -#else - compiler_mode = GCC; -#endif - else if (have_lto) - compiler_mode = LTO; - else - FATAL("no compiler mode available"); + ptr_ = cur_argv + 4; - } + if (strstr(ptr_, "-shared") || strstr(ptr_, "-dynamiclib")) { - /* if our PCGUARD implementation is not available then silently switch to - native LLVM PCGUARD */ - if (compiler_mode == CLANG && - (instrument_mode == INSTRUMENT_DEFAULT || - instrument_mode == INSTRUMENT_PCGUARD) && - find_object("SanitizerCoveragePCGUARD.so", argv[0]) == NULL) { + WARNF( + "'%s': multiple link options after '-Wl,' may break shared " + "linking.", + ptr_); - instrument_mode = INSTRUMENT_LLVMNATIVE; + } - } + if (strstr(ptr_, "-r,") || strstr(ptr_, "-i,") || strstr(ptr_, ",-r") || + strstr(ptr_, ",-i") || strstr(ptr_, "--relocatable")) { - if (compiler_mode == GCC) { + WARNF( + "'%s': multiple link options after '-Wl,' may break partial " + "linking.", + ptr_); - if (clang_mode) { + } - instrument_mode = INSTRUMENT_CLANG; + if (strstr(ptr_, "defs") || strstr(ptr_, "no-undefined")) { - } else { + WARNF( + "'%s': multiple link options after '-Wl,' may enable report " + "unresolved symbol references and result in a bad link.", + ptr_); - instrument_mode = INSTRUMENT_GCC; + } } } - if (compiler_mode == CLANG) { + if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); - instrument_mode = INSTRUMENT_CLANG; - setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as + return final_; - } +} + +void add_lto_linker(aflcc_state_t *aflcc) { + + unsetenv("AFL_LD"); + unsetenv("AFL_LD_CALLER"); + + u8 *ld_path = NULL; + if (getenv("AFL_REAL_LD")) { + + ld_path = strdup(getenv("AFL_REAL_LD")); + + } else { + + ld_path = strdup(AFL_REAL_LD); + + } + + if (!ld_path || !*ld_path) { + + if (ld_path) { + + // Freeing empty string + free(ld_path); + + } + + ld_path = strdup("ld.lld"); + + } + + if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } +#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 + insert_param(aflcc, alloc_printf("--ld-path=%s", ld_path)); +#else + insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); +#endif + free(ld_path); + +} + +void add_lto_passes(aflcc_state_t *aflcc) { + +#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15 + // The NewPM implementation only works fully since LLVM 15. + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,--load-pass-plugin=%s", + 0); +#elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13 + insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); +#else + insert_param(aflcc, "-fno-experimental-new-pass-manager"); + insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); +#endif + + insert_param(aflcc, "-Wl,--allow-multiple-definition"); + +} + +static void add_aflpplib(aflcc_state_t *aflcc) { + + if (!aflcc->need_aflpplib) return; + + u8 *afllib = find_object(aflcc, "libAFLDriver.a"); + + if (!be_quiet) { + + OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); + + } + + if (!afllib) { + + if (!be_quiet) { + + WARNF( + "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " + "the flags - this will fail!"); + + } + + } else { + + insert_param(aflcc, afllib); + +#ifdef __APPLE__ + insert_param(aflcc, "-Wl,-undefined"); + insert_param(aflcc, "dynamic_lookup"); +#endif + + } + +} + +void add_runtime(aflcc_state_t *aflcc) { + + if (aflcc->preprocessor_only || aflcc->have_c || !aflcc->non_dash) { + + /* In the preprocessor_only case (-E), we are not actually compiling at + all but requesting the compiler to output preprocessed sources only. + We must not add the runtime in this case because the compiler will + simply output its binary content back on stdout, breaking any build + systems that rely on a separate source preprocessing step. */ + return; + + } + + if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC && + !getenv("AFL_LLVM_NO_RPATH")) { + + // in case LLVM is installed not via a package manager or "make install" + // e.g. compiled download or compiled from github then its ./lib directory + // might not be in the search path. Add it if so. + const char *libdir = LLVM_LIBDIR; + if (aflcc->plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && + strncmp(libdir, "/lib", 4)) { + + u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR); + insert_param(aflcc, libdir_opt); + + } + + } + +#ifndef __ANDROID__ + + #define M32_ERR_MSG "-m32 is not supported by your compiler" + #define M64_ERR_MSG "-m64 is not supported by your compiler" + + if (aflcc->compiler_mode != GCC && aflcc->compiler_mode != CLANG) { + + switch (aflcc->bit_mode) { + + case 0: + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "afl-compiler-rt.o", 0, 0); + if (aflcc->lto_mode) insert_object(aflcc, "afl-llvm-rt-lto.o", 0, 0); + break; + + case 32: + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "afl-compiler-rt-32.o", 0, M32_ERR_MSG); + if (aflcc->lto_mode) + insert_object(aflcc, "afl-llvm-rt-lto-32.o", 0, M32_ERR_MSG); + break; + + case 64: + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "afl-compiler-rt-64.o", 0, M64_ERR_MSG); + if (aflcc->lto_mode) + insert_object(aflcc, "afl-llvm-rt-lto-64.o", 0, M64_ERR_MSG); + break; + + } + + #if !defined(__APPLE__) && !defined(__sun) + if (!aflcc->shared_linking && !aflcc->partial_linking) + insert_object(aflcc, "dynamic_list.txt", "-Wl,--dynamic-list=%s", 0); + #endif + + #if defined(__APPLE__) + if (aflcc->shared_linking || aflcc->partial_linking) { + + insert_param(aflcc, "-Wl,-U"); + insert_param(aflcc, "-Wl,___afl_area_ptr"); + insert_param(aflcc, "-Wl,-U"); + insert_param(aflcc, "-Wl,___sanitizer_cov_trace_pc_guard_init"); + + } + + #endif + + } + +#endif + + add_aflpplib(aflcc); + +#if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ + insert_param(aflcc, "-Wl,-lrt"); +#endif + +} + +/* Misc */ + +void add_assembler(aflcc_state_t *aflcc) { + + u8 *afl_as = find_object(aflcc, "as"); + + if (!afl_as) FATAL("Cannot find 'as' (symlink to 'afl-as')."); + + u8 *slash = strrchr(afl_as, '/'); + if (slash) *slash = 0; + + insert_param(aflcc, "-B"); + insert_param(aflcc, afl_as); + + if (aflcc->compiler_mode == CLANG) insert_param(aflcc, "-no-integrated-as"); + +} + +void add_gcc_plugin(aflcc_state_t *aflcc) { + + if (aflcc->cmplog_mode) { + + insert_object(aflcc, "afl-gcc-cmplog-pass.so", "-fplugin=%s", 0); + insert_object(aflcc, "afl-gcc-cmptrs-pass.so", "-fplugin=%s", 0); + + } + + insert_object(aflcc, "afl-gcc-pass.so", "-fplugin=%s", 0); + + insert_param(aflcc, "-fno-if-conversion"); + insert_param(aflcc, "-fno-if-conversion2"); + +} + +void add_misc_params(aflcc_state_t *aflcc) { + + if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || + getenv("AFL_LLVM_LAF_ALL") || getenv("AFL_LLVM_CMPLOG") || + aflcc->lto_mode) { + + insert_param(aflcc, "-fno-builtin-strcmp"); + insert_param(aflcc, "-fno-builtin-strncmp"); + insert_param(aflcc, "-fno-builtin-strcasecmp"); + insert_param(aflcc, "-fno-builtin-strncasecmp"); + insert_param(aflcc, "-fno-builtin-memcmp"); + insert_param(aflcc, "-fno-builtin-bcmp"); + insert_param(aflcc, "-fno-builtin-strstr"); + insert_param(aflcc, "-fno-builtin-strcasestr"); + + } + + if (!aflcc->have_pic) { insert_param(aflcc, "-fPIC"); } + + if (getenv("AFL_HARDEN")) { + + insert_param(aflcc, "-fstack-protector-all"); + + if (!aflcc->fortify_set) add_defs_fortify(aflcc, 2); + + } + + if (!getenv("AFL_DONT_OPTIMIZE")) { + + insert_param(aflcc, "-g"); + if (!aflcc->have_o) insert_param(aflcc, "-O3"); + if (!aflcc->have_unroll) insert_param(aflcc, "-funroll-loops"); + // if (strlen(aflcc->march_opt) > 1 && aflcc->march_opt[0] == '-') + // insert_param(aflcc, aflcc->march_opt); + + } + + if (aflcc->x_set) { + + insert_param(aflcc, "-x"); + insert_param(aflcc, "none"); + + } + +} + +param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { + + param_st final_ = PARAM_MISS; + +// MACRO START +#define SCAN_KEEP(dst, src) \ + do { \ + \ + if (scan) { \ + \ + dst = src; \ + final_ = PARAM_SCAN; \ + \ + } else { \ + \ + final_ = PARAM_KEEP; \ + \ + } \ + \ + } while (0) + + // MACRO END + + if (!strncasecmp(cur_argv, "-fpic", 5)) { + + SCAN_KEEP(aflcc->have_pic, 1); + + } else if (!strcmp(cur_argv, "-m32") || + + !strcmp(cur_argv, "armv7a-linux-androideabi")) { + + SCAN_KEEP(aflcc->bit_mode, 32); + + } else if (!strcmp(cur_argv, "-m64")) { + + SCAN_KEEP(aflcc->bit_mode, 64); + + } else if (strstr(cur_argv, "FORTIFY_SOURCE")) { + + SCAN_KEEP(aflcc->fortify_set, 1); + + } else if (!strcmp(cur_argv, "-x")) { + + SCAN_KEEP(aflcc->x_set, 1); + + } else if (!strcmp(cur_argv, "-E")) { + + SCAN_KEEP(aflcc->preprocessor_only, 1); + + } else if (!strcmp(cur_argv, "--target=wasm32-wasi")) { + + SCAN_KEEP(aflcc->passthrough, 1); + + } else if (!strcmp(cur_argv, "-c")) { + + SCAN_KEEP(aflcc->have_c, 1); + + } else if (!strncmp(cur_argv, "-O", 2)) { + + SCAN_KEEP(aflcc->have_o, 1); + + } else if (!strncmp(cur_argv, "-funroll-loop", 13)) { + + SCAN_KEEP(aflcc->have_unroll, 1); + + } else if (!strncmp(cur_argv, "--afl", 5)) { + + if (scan) + final_ = PARAM_SCAN; + else + final_ = PARAM_DROP; + + } else if (!strncmp(cur_argv, "-fno-unroll", 11)) { + + if (scan) + final_ = PARAM_SCAN; + else + final_ = PARAM_DROP; + + } else if (!strcmp(cur_argv, "-pipe") && aflcc->compiler_mode == GCC_PLUGIN) { + + if (scan) + final_ = PARAM_SCAN; + else + final_ = PARAM_DROP; + + } else if (!strncmp(cur_argv, "-stdlib=", 8) && + + (aflcc->compiler_mode == GCC || + aflcc->compiler_mode == GCC_PLUGIN)) { + + if (scan) { + + final_ = PARAM_SCAN; + + } else { + + if (!be_quiet) WARNF("Found '%s' - stripping!", cur_argv); + final_ = PARAM_DROP; + + } + + } else if (cur_argv[0] != '-') { + + /* It's a weak, loose pattern, with very different purpose + than others. We handle it at last, cautiously and robustly. */ + + if (scan && cur_argv[0] != '@') // response file support + aflcc->non_dash = 1; + + } + +#undef SCAN_KEEP + + if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); + + return final_; + +} + +static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { @@ -2168,16 +2559,22 @@ int main(int argc, char **argv, char **envp) { " [GCC/CLANG] simple gcc/clang: %s%s\n" " CLASSIC DEFAULT no no no no no " "no\n\n", - have_llvm ? "AVAILABLE" : "unavailable!", - compiler_mode == LLVM ? " [SELECTED]" : "", - have_llvm ? "AVAILABLE" : "unavailable!", - have_llvm ? "AVAILABLE" : "unavailable!", - have_lto ? "AVAILABLE" : "unavailable!", - compiler_mode == LTO ? " [SELECTED]" : "", - have_gcc_plugin ? "AVAILABLE" : "unavailable!", - compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", - have_gcc ? "AVAILABLE" : "unavailable!", - (compiler_mode == GCC || compiler_mode == CLANG) ? " [SELECTED]" : ""); + aflcc->have_llvm ? "AVAILABLE" : "unavailable!", + aflcc->compiler_mode == LLVM ? " [SELECTED]" : "", + aflcc->have_llvm ? "AVAILABLE" : "unavailable!", + aflcc->have_llvm ? "AVAILABLE" : "unavailable!", + aflcc->have_lto ? "AVAILABLE" : "unavailable!", + aflcc->compiler_mode == LTO ? " [SELECTED]" : "", + aflcc->have_gcc_plugin ? "AVAILABLE" : "unavailable!", + aflcc->compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", + aflcc->have_gcc && aflcc->have_clang + ? "AVAILABLE" + : (aflcc->have_gcc + ? "GCC ONLY " + : (aflcc->have_clang ? "CLANG ONLY" : "unavailable!")), + (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) + ? " [SELECTED]" + : ""); SAYF( "Modes:\n" @@ -2266,7 +2663,7 @@ int main(int argc, char **argv, char **envp) { " AFL_USE_TSAN: activate thread sanitizer\n" " AFL_USE_LSAN: activate leak-checker sanitizer\n"); - if (have_gcc_plugin) + if (aflcc->have_gcc_plugin) SAYF( "\nGCC Plugin-specific environment variables:\n" " AFL_GCC_CMPLOG: log operands of comparisons (RedQueen mutator)\n" @@ -2282,7 +2679,7 @@ int main(int argc, char **argv, char **envp) { #define COUNTER_BEHAVIOUR \ " AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n" #endif - if (have_llvm) + if (aflcc->have_llvm) SAYF( "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment " "variables:\n" @@ -2310,7 +2707,7 @@ int main(int argc, char **argv, char **envp) { "instrument allow/\n" " deny listing (selective instrumentation)\n"); - if (have_llvm) + if (aflcc->have_llvm) SAYF( " AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen " "mutator)\n" @@ -2329,7 +2726,7 @@ int main(int argc, char **argv, char **envp) { "locations\n"); #ifdef AFL_CLANG_FLTO - if (have_lto) + if (aflcc->have_lto) SAYF( "\nLTO/afl-clang-lto specific environment variables:\n" " AFL_LLVM_MAP_ADDR: use a fixed coverage map address (speed), " @@ -2365,9 +2762,9 @@ int main(int argc, char **argv, char **envp) { "targets.\n\n"); #if (LLVM_MAJOR >= 3) - if (have_lto) + if (aflcc->have_lto) SAYF("afl-cc LTO with ld=%s %s\n", AFL_REAL_LD, AFL_CLANG_FLTO); - if (have_llvm) + if (aflcc->have_llvm) SAYF("afl-cc LLVM version %d using the binary path \"%s\".\n", LLVM_MAJOR, LLVM_BINDIR); #endif @@ -2406,205 +2803,356 @@ int main(int argc, char **argv, char **envp) { } - if (compiler_mode == LTO) { +} - if (instrument_mode == 0 || instrument_mode == INSTRUMENT_LTO || - instrument_mode == INSTRUMENT_CFG || - instrument_mode == INSTRUMENT_PCGUARD) { +static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, + char **argv) { - lto_mode = 1; - // force CFG - // if (!instrument_mode) { + limit_params(aflcc, argc); - instrument_mode = INSTRUMENT_PCGUARD; - // ptr = instrument_mode_string[instrument_mode]; - // } - - } else if (instrument_mode == INSTRUMENT_CLASSIC) { + // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]); - lto_mode = 1; + /* Process the argument list. */ - } else { + u8 skip_next = 0; + while (--argc) { - if (!be_quiet) { + u8 *cur = *(++argv); - WARNF("afl-clang-lto called with mode %s, using that mode instead", - instrument_mode_string[instrument_mode]); + if (skip_next > 0) { - } + skip_next--; + continue; } - } + if (PARAM_MISS != parse_misc_params(aflcc, cur, scan)) continue; - if (instrument_mode == 0 && compiler_mode < GCC_PLUGIN) { + if (PARAM_MISS != parse_fsanitize(aflcc, cur, scan)) continue; -#if LLVM_MAJOR >= 7 - #if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) - if (have_instr_env) { + if (PARAM_MISS != parse_linking_params(aflcc, cur, scan, &skip_next, argv)) + continue; - instrument_mode = INSTRUMENT_AFL; - if (!be_quiet) { + if (*cur == '@') { - WARNF( - "Switching to classic instrumentation because " - "AFL_LLVM_ALLOWLIST/DENYLIST does not work with PCGUARD < 10.0.1."); + // response file support. + // we have two choices - move everything to the command line or + // rewrite the response files to temporary files and delete them + // afterwards. We choose the first for easiness. + // We do *not* support quotes in the rsp files to cope with spaces in + // filenames etc! If you need that then send a patch! + u8 *filename = cur + 1; + if (aflcc->debug) { DEBUGF("response file=%s\n", filename); } + FILE *f = fopen(filename, "r"); + struct stat st; + + // Check not found or empty? let the compiler complain if so. + if (!f || fstat(fileno(f), &st) < 0 || st.st_size < 1) { + + if (!scan) insert_param(aflcc, cur); + continue; } - } else + u8 *tmpbuf = malloc(st.st_size + 2), *ptr; + char **args = malloc(sizeof(char *) * (st.st_size >> 1)); + int count = 1, cont = 0, cont_act = 0; - #endif - instrument_mode = INSTRUMENT_PCGUARD; + while (fgets(tmpbuf, st.st_size + 1, f)) { -#else - instrument_mode = INSTRUMENT_AFL; -#endif + ptr = tmpbuf; + // fprintf(stderr, "1: %s\n", ptr); + // no leading whitespace + while (isspace(*ptr)) { - } + ++ptr; + cont_act = 0; - if (instrument_opt_mode && compiler_mode != LLVM) - FATAL("CTX, CALLER and NGRAM can only be used in LLVM mode"); + } - if (!instrument_opt_mode) { + // no comments, no empty lines + if (*ptr == '#' || *ptr == '\n' || !*ptr) { continue; } + // remove LF + if (ptr[strlen(ptr) - 1] == '\n') { ptr[strlen(ptr) - 1] = 0; } + // remove CR + if (*ptr && ptr[strlen(ptr) - 1] == '\r') { ptr[strlen(ptr) - 1] = 0; } + // handle \ at end of line + if (*ptr && ptr[strlen(ptr) - 1] == '\\') { - if (lto_mode && instrument_mode == INSTRUMENT_CFG) - instrument_mode = INSTRUMENT_PCGUARD; - ptr = instrument_mode_string[instrument_mode]; + cont = 1; + ptr[strlen(ptr) - 1] = 0; - } else { + } - char *ptr2 = alloc_printf(" + NGRAM-%u", ngram_size); - char *ptr3 = alloc_printf(" + K-CTX-%u", ctx_k); + // fprintf(stderr, "2: %s\n", ptr); - ptr = alloc_printf( - "%s%s%s%s%s", instrument_mode_string[instrument_mode], - (instrument_opt_mode & INSTRUMENT_OPT_CTX) ? " + CTX" : "", - (instrument_opt_mode & INSTRUMENT_OPT_CALLER) ? " + CALLER" : "", - (instrument_opt_mode & INSTRUMENT_OPT_NGRAM) ? ptr2 : "", - (instrument_opt_mode & INSTRUMENT_OPT_CTX_K) ? ptr3 : ""); + // remove whitespace at end + while (*ptr && isspace(ptr[strlen(ptr) - 1])) { - ck_free(ptr2); - ck_free(ptr3); + ptr[strlen(ptr) - 1] = 0; + cont = 0; - } + } -#ifndef AFL_CLANG_FLTO - if (lto_mode) - FATAL( - "instrumentation mode LTO specified but LLVM support not available " - "(requires LLVM 11 or higher)"); -#endif + // fprintf(stderr, "3: %s\n", ptr); + if (*ptr) { - if (instrument_opt_mode && instrument_opt_mode != INSTRUMENT_OPT_CODECOV && - instrument_mode != INSTRUMENT_CLASSIC) - FATAL( - "CALLER, CTX and NGRAM instrumentation options can only be used with " - "the LLVM CLASSIC instrumentation mode."); + do { - if (getenv("AFL_LLVM_SKIP_NEVERZERO") && getenv("AFL_LLVM_NOT_ZERO")) - FATAL( - "AFL_LLVM_NOT_ZERO and AFL_LLVM_SKIP_NEVERZERO can not be set " - "together"); + u8 *value = ptr; + while (*ptr && !isspace(*ptr)) { -#if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) - if (instrument_mode == INSTRUMENT_PCGUARD && have_instr_env) { + ++ptr; - FATAL( - "Instrumentation type PCGUARD does not support " - "AFL_LLVM_ALLOWLIST/DENYLIST! Use LLVM 10.0.1+ instead."); + } - } + while (*ptr && isspace(*ptr)) { -#endif + *ptr++ = 0; - u8 *ptr2; + } - if ((ptr2 = getenv("AFL_LLVM_DICT2FILE")) != NULL && *ptr2 != '/') - FATAL("AFL_LLVM_DICT2FILE must be set to an absolute file path"); + if (cont_act) { - if ((isatty(2) && !be_quiet) || debug) { + u32 len = strlen(args[count - 1]) + strlen(value) + 1; + u8 *tmp = malloc(len); + snprintf(tmp, len, "%s%s", args[count - 1], value); + free(args[count - 1]); + args[count - 1] = tmp; + cont_act = 0; - SAYF(cCYA - "afl-cc" VERSION cRST - " by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: %s-%s\n", - compiler_mode_string[compiler_mode], ptr); + } else { - } + args[count++] = strdup(value); - if (!be_quiet && (compiler_mode == GCC || compiler_mode == CLANG)) { + } - WARNF( - "You are using outdated instrumentation, install LLVM and/or " - "gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast " - "instead!"); + } while (*ptr); + + } + + if (cont) { + + cont_act = 1; + cont = 0; + + } + + } + + if (count) { process_params(aflcc, scan, count, args); } + + // we cannot free args[] unless we don't need + // to keep any reference in cc_params + if (scan) { + + if (count) do { + + free(args[--count]); + + } while (count); + + free(args); + + } + + free(tmpbuf); + + continue; + + } + + if (!scan) insert_param(aflcc, cur); } - if (debug) { +} - DEBUGF("cd '%s';", getthecwd()); - for (i = 0; i < argc; i++) - SAYF(" '%s'", argv[i]); - SAYF("\n"); - fflush(stdout); - fflush(stderr); +/* Copy argv to cc_params, making the necessary edits. */ + +static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, + char **envp) { + + add_real_argv0(aflcc); + + // prevent unnecessary build errors + if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC) { + + insert_param(aflcc, "-Wno-unused-command-line-argument"); } - if (getenv("AFL_LLVM_LAF_ALL")) { + if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) { - setenv("AFL_LLVM_LAF_SPLIT_SWITCHES", "1", 1); - setenv("AFL_LLVM_LAF_SPLIT_COMPARES", "1", 1); - setenv("AFL_LLVM_LAF_SPLIT_FLOATS", "1", 1); - setenv("AFL_LLVM_LAF_TRANSFORM_COMPARES", "1", 1); + add_assembler(aflcc); } - cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") || - getenv("AFL_GCC_CMPLOG"); + if (aflcc->compiler_mode == GCC_PLUGIN) { add_gcc_plugin(aflcc); } -#if !defined(__ANDROID__) && !defined(ANDROID) - ptr = find_object("afl-compiler-rt.o", argv[0]); + if (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == LTO) { - if (!ptr) { + if (aflcc->lto_mode && aflcc->have_instr_env) { - FATAL( - "Unable to find 'afl-compiler-rt.o'. Please set the AFL_PATH " - "environment variable."); + load_llvm_pass(aflcc, "afl-llvm-lto-instrumentlist.so"); - } + } - if (debug) { DEBUGF("rt=%s obj_path=%s\n", ptr, obj_path); } + if (getenv("AFL_LLVM_DICT2FILE")) { - ck_free(ptr); -#endif + load_llvm_pass(aflcc, "afl-llvm-dict2file.so"); - edit_params(argc, argv, envp); + } - if (debug) { + // laf + if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) { - DEBUGF("cd '%s';", getthecwd()); - for (i = 0; i < (s32)cc_par_cnt; i++) - SAYF(" '%s'", cc_params[i]); - SAYF("\n"); - fflush(stdout); - fflush(stderr); + load_llvm_pass(aflcc, "split-switches-pass.so"); + + } + + if (getenv("LAF_TRANSFORM_COMPARES") || + getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { + + load_llvm_pass(aflcc, "compare-transform-pass.so"); + + } + + if (getenv("LAF_SPLIT_COMPARES") || getenv("AFL_LLVM_LAF_SPLIT_COMPARES") || + getenv("AFL_LLVM_LAF_SPLIT_FLOATS")) { + + load_llvm_pass(aflcc, "split-compares-pass.so"); + + } + + // /laf + + if (aflcc->cmplog_mode) { + + insert_param(aflcc, "-fno-inline"); + + load_llvm_pass(aflcc, "cmplog-switches-pass.so"); + // reuse split switches from laf + load_llvm_pass(aflcc, "split-switches-pass.so"); + + } + + // #if LLVM_MAJOR >= 13 + // // Use the old pass manager in LLVM 14 which the AFL++ passes still + // use. insert_param(aflcc, "-flegacy-pass-manager"); + // #endif + + if (aflcc->lto_mode) { + + insert_param(aflcc, aflcc->lto_flag); + + if (!aflcc->have_c) { + + add_lto_linker(aflcc); + add_lto_passes(aflcc); + + } + + } else { + + if (aflcc->instrument_mode == INSTRUMENT_PCGUARD) { + + add_optimized_pcguard(aflcc); + + } else if (aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) { + + add_native_pcguard(aflcc); + + } else { + + load_llvm_pass(aflcc, "afl-llvm-pass.so"); + + } + + } + + if (aflcc->cmplog_mode) { + + load_llvm_pass(aflcc, "cmplog-instructions-pass.so"); + load_llvm_pass(aflcc, "cmplog-routines-pass.so"); + + } + + if (getenv("AFL_LLVM_INJECTIONS_ALL") || + getenv("AFL_LLVM_INJECTIONS_SQL") || + getenv("AFL_LLVM_INJECTIONS_LDAP") || + getenv("AFL_LLVM_INJECTIONS_XSS")) { + + load_llvm_pass(aflcc, "injection-pass.so"); + + } + + // insert_param(aflcc, "-Qunused-arguments"); } - if (passthrough) { + /* Inspect the command line parameters. */ + + process_params(aflcc, 0, argc, argv); + + add_sanitizers(aflcc, envp); + + add_misc_params(aflcc); + + add_defs_common(aflcc); + add_defs_selective_instr(aflcc); + add_defs_persistent_mode(aflcc); + + add_runtime(aflcc); + + insert_param(aflcc, NULL); + +} + +/* Main entry point */ + +int main(int argc, char **argv, char **envp) { + + aflcc_state_t *aflcc = malloc(sizeof(aflcc_state_t)); + aflcc_state_init(aflcc, (u8 *)argv[0]); + + check_environment_vars(envp); + + find_built_deps(aflcc); + + compiler_mode_by_callname(aflcc); + compiler_mode_by_environ(aflcc); + compiler_mode_by_cmdline(aflcc, argc, argv); + + instrument_mode_by_environ(aflcc); + + mode_final_checkout(aflcc, argc, argv); + + process_params(aflcc, 1, argc, argv); + + maybe_usage(aflcc, argc, argv); + + mode_notification(aflcc); + + if (aflcc->debug) debugf_args(argc, argv); + + edit_params(aflcc, argc, argv, envp); + + if (aflcc->debug) + debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); + + if (aflcc->passthrough) { - argv[0] = cc_params[0]; - execvp(cc_params[0], (char **)argv); + argv[0] = aflcc->cc_params[0]; + execvp(aflcc->cc_params[0], (char **)argv); } else { - execvp(cc_params[0], (char **)cc_params); + execvp(aflcc->cc_params[0], (char **)aflcc->cc_params); } - FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); + FATAL("Oops, failed to execute '%s' - check your PATH", aflcc->cc_params[0]); return 0; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 34a5ff8171..1ee8ebe76d 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -169,20 +169,16 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } - if (unlikely(afl->custom_mutators_count)) { - - LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - - if (el->afl_custom_fuzz_send) { + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - el->afl_custom_fuzz_send(el->data, *mem, new_size); - sent = 1; + if (el->afl_custom_fuzz_send) { - } + el->afl_custom_fuzz_send(el->data, *mem, new_size); + sent = 1; - }); + } - } + }); if (likely(!sent)) { @@ -203,7 +199,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } - } else { + } else { /* !afl->custom_mutators_count */ if (unlikely(len < afl->min_length && !fix)) { @@ -215,27 +211,8 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } - if (unlikely(afl->custom_mutators_count)) { - - LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - - if (el->afl_custom_fuzz_send) { - - el->afl_custom_fuzz_send(el->data, *mem, len); - sent = 1; - - } - - }); - - } - - if (likely(!sent)) { - - /* boring uncustom. */ - afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len); - - } + /* boring uncustom. */ + afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 17949fd7b9..2d5787e804 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1812,6 +1812,10 @@ int main(int argc, char **argv_orig, char **envp) { check_cpu_governor(afl); #endif + #ifdef __APPLE__ + setenv("DYLD_NO_PIE", "1", 0); + #endif + if (getenv("LD_PRELOAD")) { WARNF( From cefc9a00bfdd789261157874236399e95c244907 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 18 Jan 2024 17:12:09 +0100 Subject: [PATCH 300/357] help selective instrumentation --- instrumentation/SanitizerCoveragePCGUARD.so.cc | 7 +++++++ instrumentation/afl-llvm-common.cc | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index aae04bb1a3..f88ce12696 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -627,6 +627,13 @@ void ModuleSanitizerCoverageAFL::instrumentFunction( } + if (debug) { + + fprintf(stderr, "SanitizerCoveragePCGUARD: instrumenting %s in %s\n", + F.getName().str().c_str(), F.getParent()->getName().str().c_str()); + + } + InjectCoverage(F, BlocksToInstrument, IsLeafFunc); // InjectTraceForCmp(F, CmpTraceTargets); // InjectTraceForSwitch(F, SwitchTraceTargets); diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 96952bd6c4..8e9e78008e 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -201,7 +201,7 @@ void initInstrumentList() { if (debug) DEBUGF("loaded allowlist with %zu file and %zu function entries\n", - allowListFiles.size(), allowListFunctions.size()); + allowListFiles.size() / 4, allowListFunctions.size() / 4); } @@ -276,7 +276,7 @@ void initInstrumentList() { if (debug) DEBUGF("loaded denylist with %zu file and %zu function entries\n", - denyListFiles.size(), denyListFunctions.size()); + denyListFiles.size() / 4, denyListFunctions.size() / 4); } From 660b697ed9d1d14987ffba4bf80ad4cbe6f29f95 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 19 Jan 2024 10:28:39 +0100 Subject: [PATCH 301/357] typos --- src/afl-cc.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 192c542325..cda964df2a 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1180,11 +1180,11 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { switch (aflcc->compiler_mode) { case GCC: - if (!aflcc->have_gcc) FATAL("afl-gcc not available on your platform!"); + if (!aflcc->have_gcc) FATAL("afl-gcc is not available on your platform!"); break; case CLANG: if (!aflcc->have_clang) - FATAL("afl-clang not available on your platform!"); + FATAL("afl-clang is not available on your platform!"); break; case LLVM: if (!aflcc->have_llvm) @@ -2538,11 +2538,11 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { "MODES: NCC PERSIST DICT LAF " "CMPLOG SELECT\n" " [LLVM] LLVM: %s%s\n" - " PCGUARD %s yes yes module yes yes " + " PCGUARD %s yes yes module yes yes " "yes\n" - " NATIVE AVAILABLE no yes no no " + " NATIVE AVAILABLE no yes no no " "part. yes\n" - " CLASSIC %s no yes module yes yes " + " CLASSIC %s no yes module yes yes " "yes\n" " - NORMAL\n" " - CALLER\n" From a518c4d75c15e2e0cb8633361a0162eb70c7965b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 19 Jan 2024 11:53:44 +0100 Subject: [PATCH 302/357] macos --- afl-cmin | 6 +++- docs/Changelog.md | 1 + test/test-basic.sh | 69 ++++++++++++++++++++++++++-------------------- test/test-llvm.sh | 28 +++++++++++-------- 4 files changed, 62 insertions(+), 42 deletions(-) diff --git a/afl-cmin b/afl-cmin index 566f157d92..4aaf3953f4 100755 --- a/afl-cmin +++ b/afl-cmin @@ -1,11 +1,15 @@ #!/usr/bin/env sh +SYS=$(uname -s) +test "$SYS" = "Darwin" && { + echo Error: afl-cmin does not work on Apple currently. please use afl-cmin.bash instead. + exit 1 +} export AFL_QUIET=1 export ASAN_OPTIONS=detect_leaks=0 THISPATH=`dirname ${0}` export PATH="${THISPATH}:$PATH" awk -f - -- ${@+"$@"} <<'EOF' #!/usr/bin/awk -f - # awk script to minimize a test corpus of input files # # based on afl-cmin bash script written by Michal Zalewski diff --git a/docs/Changelog.md b/docs/Changelog.md index c681c4e17c..ad0f7a5a49 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -26,6 +26,7 @@ produces drcov compatible traces for lighthouse/lightkeeper/... thanks to @JRomainG to submitting! - updated the custom grammar mutator + - document afl-cmin does not work on macOS ### Version ++4.09c (release) diff --git a/test/test-basic.sh b/test/test-basic.sh index 61ad4b7c19..7005d3cee1 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -2,6 +2,7 @@ . ./test-pre.sh +OS=$(uname -s) AFL_GCC=afl-gcc $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" @@ -61,7 +62,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } # now we want to be sure that afl-fuzz is working # make sure crash reporter is disabled on Mac OS X - (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + (test "$OS" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" true }) || { @@ -84,16 +85,20 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } echo 000000000000000000000000 > in/in2 echo 111 > in/in3 - mkdir -p in2 - ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? - CNT=`ls in2/* 2>/dev/null | wc -l` - case "$CNT" in - *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; - *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 - ;; - esac - rm -f in2/in* + test "$OS" = "Darwin" && { + $ECHO "$GREY[*] afl-cmin not available on macOS, cannot test afl-cmin" + } || { + mkdir -p in2 + ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? + CNT=`ls in2/* 2>/dev/null | wc -l` + case "$CNT" in + *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; + *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + ;; + esac + rm -f in2/in* + } export AFL_QUIET=1 if command -v bash >/dev/null ; then { ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null @@ -182,7 +187,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } # now we want to be sure that afl-fuzz is working # make sure crash reporter is disabled on Mac OS X - (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + (test "$OS" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" true }) || { @@ -204,25 +209,29 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } } echo 000000000000000000000000 > in/in2 - echo AAA > in/in3 - mkdir -p in2 - ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? - CNT=`ls in2/* 2>/dev/null | wc -l` - case "$CNT" in - *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; - \ *1|1) { # allow leading whitecase for portability - test -s in2/* && $ECHO "$YELLOW[?] afl-cmin did minimize to one testcase. This can be a bug or due compiler optimization." - test -s in2/* || { - $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 + echo AAA > in/in2 + test "$OS" = "Darwin" && { + $ECHO "$GREY[*] afl-cmin not available on macOS, cannot test afl-cmin" + } || { + mkdir -p in2 + ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? + CNT=`ls in2/* 2>/dev/null | wc -l` + case "$CNT" in + *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; + \ *1|1) { # allow leading whitecase for portability + test -s in2/* && $ECHO "$YELLOW[?] afl-cmin did minimize to one testcase. This can be a bug or due compiler optimization." + test -s in2/* || { + $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + } } - } - ;; - *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 - ;; - esac - rm -f in2/in* + ;; + *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + ;; + esac + rm -f in2/in* + } export AFL_QUIET=1 if command -v bash >/dev/null ; then { ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 95e43b1c0d..53bbd7b4d5 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -2,6 +2,8 @@ . ./test-pre.sh +OS=$(uname -s) + $ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 @@ -123,7 +125,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } # now we want to be sure that afl-fuzz is working # make sure crash reporter is disabled on Mac OS X - (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + (test "$OS" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" CODE=1 true @@ -146,18 +148,22 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } } test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" || { + mkdir -p in2 echo 000000000000000000000000 > in/in2 echo 111 > in/in3 - mkdir -p in2 - ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? - CNT=`ls in2/* 2>/dev/null | wc -l` - case "$CNT" in - *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; - *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 - ;; - esac - rm -f in2/in* + test "$OS" = "Darwin" && { + $ECHO "$GREY[*] afl-cmin not available on macOS, cannot test afl-cmin" + } || { + ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? + CNT=`ls in2/* 2>/dev/null | wc -l` + case "$CNT" in + *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; + *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + ;; + esac + rm -f in2/in* + } export AFL_QUIET=1 if type bash >/dev/null ; then { ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null From de561b730a810dce4589745442474e8ee8024275 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 19 Jan 2024 12:20:33 +0100 Subject: [PATCH 303/357] add compiler test script --- test/test-compilers.sh | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100755 test/test-compilers.sh diff --git a/test/test-compilers.sh b/test/test-compilers.sh new file mode 100755 index 0000000000..628af42328 --- /dev/null +++ b/test/test-compilers.sh @@ -0,0 +1,7 @@ +#!/bin/sh +echo Testing compilers ... +for cc in afl-cc afl-gcc afl-clang afl-clang-fast afl-clang-lto afl-gcc-fast; do + test -e ../$cc && { ../$cc -o t ../test-instr.c >/dev/null 2<&1 || echo Failing: $cc ; } || echo Missing: $cc +done +rm -f t +echo Done! From ab0823cd3bd0bf59e6fd1b29484e1529d055776b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 19 Jan 2024 15:51:57 +0100 Subject: [PATCH 304/357] apple fixes --- src/afl-cc.c | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index cda964df2a..5cbd964e28 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -611,26 +611,18 @@ void compiler_mode_by_callname(aflcc_state_t *aflcc) { aflcc->compiler_mode = GCC_PLUGIN; -#if defined(__x86_64__) - } else if (strncmp(aflcc->callname, "afl-gcc", 7) == 0 || strncmp(aflcc->callname, "afl-g++", 7) == 0) { aflcc->compiler_mode = GCC; -#endif - -#if defined(__x86_64__) - } else if (strcmp(aflcc->callname, "afl-clang") == 0 || strcmp(aflcc->callname, "afl-clang++") == 0) { aflcc->compiler_mode = CLANG; -#endif - } } @@ -675,22 +667,14 @@ void compiler_mode_by_environ(aflcc_state_t *aflcc) { aflcc->compiler_mode = GCC_PLUGIN; -#if defined(__x86_64__) - } else if (strcasecmp(ptr, "GCC") == 0) { aflcc->compiler_mode = GCC; -#endif - -#if defined(__x86_64__) - } else if (strcasecmp(ptr, "CLANG") == 0) { aflcc->compiler_mode = CLANG; -#endif - } else FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr); @@ -774,22 +758,14 @@ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->compiler_mode = GCC_PLUGIN; -#if defined(__x86_64__) - } else if (strcasecmp(ptr, "GCC") == 0) { aflcc->compiler_mode = GCC; -#endif - -#if defined(__x86_64__) - } else if (strncasecmp(ptr, "CLANG", 5) == 0) { aflcc->compiler_mode = CLANG; -#endif - } else FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); @@ -960,7 +936,6 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } -#if defined(__x86_64__) if (strcasecmp(ptr2, "gcc") == 0) { if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_GCC) @@ -975,9 +950,6 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } -#endif - -#if defined(__x86_64__) if (strcasecmp(ptr2, "clang") == 0) { if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_CLANG) @@ -992,8 +964,6 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } -#endif - if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { From 3046c80cd5c3d17a1d38f3243ce997c1ede72613 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Sat, 20 Jan 2024 23:09:19 +0100 Subject: [PATCH 305/357] bump nyx submodules (#1963) --- nyx_mode/LIBNYX_VERSION | 2 +- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- nyx_mode/libnyx | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION index da3939adcf..9aae19be63 100644 --- a/nyx_mode/LIBNYX_VERSION +++ b/nyx_mode/LIBNYX_VERSION @@ -1 +1 @@ -512058a +6833d23 diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 02a6f2aed3..1def26f83e 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 02a6f2aed360cfe76bb3d788dafe517c350d74e5 +Subproject commit 1def26f83e83556d767754581fa52081ffb54b09 diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index 4f58054c20..cac32d4184 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -02a6f2aed3 +1def26f83e diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx index 512058a68d..6833d236df 160000 --- a/nyx_mode/libnyx +++ b/nyx_mode/libnyx @@ -1 +1 @@ -Subproject commit 512058a68d58b1a90a4e3971b526a955559735bf +Subproject commit 6833d236dfe785a8a23d8c8d79e74c99fa635004 From 9cefc4d3d48f6bfddc63e29cf4256c8382fc59d7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 22 Jan 2024 10:52:22 +0100 Subject: [PATCH 306/357] fix docs --- docs/resources/1_instrument_target.drawio.svg | 2 +- instrumentation/README.lto.md | 12 ++++++------ src/afl-fuzz.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/resources/1_instrument_target.drawio.svg b/docs/resources/1_instrument_target.drawio.svg index af6ac397ad..c93fa2b8c9 100644 --- a/docs/resources/1_instrument_target.drawio.svg +++ b/docs/resources/1_instrument_target.drawio.svg @@ -1,4 +1,4 @@ -
Instrument target
Instrument target
Required task
Required task
Optional task
Optional task
Select compiler

LTO mode
(clang/clang++ 11+)

LLVM mode
(clang/clang++ 3.8+)

GCC_PLUGIN mode
(gcc 5+)

GCC/CLANG mode
(other)
Select compiler...
Select options

Select options depending on
the compiler:

COMPCOV
(only LLVM & LTO)

CmpLog
(only LLVM & LTO)

selective instrumentation
(LTO, LLVM, GCC_PLUGIN)
Select options...
Select sanitizer

Max. one sanitizer type each
in a fuzzing campaign:

ASAN
CFISAN
LSAN
MSAN
TSAN
UBSAN
Select sanitizer...
Compile target source code

Compile target source code depending on the build system:

configure
CMake
Meson Build System
other
Compile target source code...
Modify target

Create a fuzzing harness
by hand for better efficiency.
Modify target...Viewer does not support full SVG 1.1 \ No newline at end of file +
Instrument target
Instrument target
Required task
Required task
Optional task
Optional task
Select compiler

LTO mode
(clang/clang++ 12+)

LLVM mode
(clang/clang++ 3.8+)

GCC_PLUGIN mode
(gcc 5+)

GCC/CLANG mode
(other)
Select compiler...
Select options

Select options depending on
the compiler:

COMPCOV
(only LLVM & LTO)

CmpLog
(only LLVM & LTO)

selective instrumentation
(LTO, LLVM, GCC_PLUGIN)
Select options...
Select sanitizer

Max. one sanitizer type each
in a fuzzing campaign:

ASAN
CFISAN
LSAN
MSAN
TSAN
UBSAN
Select sanitizer...
Compile target source code

Compile target source code depending on the build system:

configure
CMake
Meson Build System
other
Compile target source code...
Modify target

Create a fuzzing harness
by hand for better efficiency.
Modify target...Viewer does not support full SVG 1.1 \ No newline at end of file diff --git a/instrumentation/README.lto.md b/instrumentation/README.lto.md index df59cc2a01..bd479c269d 100644 --- a/instrumentation/README.lto.md +++ b/instrumentation/README.lto.md @@ -2,7 +2,7 @@ ## TL;DR: -This version requires a LLVM 11 or newer. +This version requires a LLVM 12 or newer. 1. Use afl-clang-lto/afl-clang-lto++ because the resulting binaries run slightly faster and give better coverage. @@ -10,7 +10,7 @@ This version requires a LLVM 11 or newer. 2. You can use it together with COMPCOV, COMPLOG and the instrument file listing features. -3. It only works with LLVM 11 or newer. +3. It only works with LLVM 12 or newer. 4. AUTODICTIONARY feature (see below) @@ -60,7 +60,7 @@ AUTODICTIONARY: 11 strings found [+] Instrumented 12071 locations with no collisions (on average 1046 collisions would be in afl-gcc/afl-clang-fast) (non-hardened mode). ``` -## Getting LLVM 11+ +## Getting LLVM 12+ ### Installing llvm @@ -73,7 +73,7 @@ chmod +x llvm.sh sudo ./llvm.sh 15 all ``` -LLVM 11 to 16 should be available in all current Linux repositories. +LLVM 12 to 18 should be available in all current Linux repositories. ## How to build afl-clang-lto @@ -277,7 +277,7 @@ AS=llvm-as ... afl-clang-lto is still work in progress. Known issues: -* Anything that LLVM 11+ cannot compile, afl-clang-lto cannot compile either - +* Anything that LLVM 12+ cannot compile, afl-clang-lto cannot compile either - obviously. * Anything that does not compile with LTO, afl-clang-lto cannot compile either - obviously. @@ -319,7 +319,7 @@ Still more problems came up though as this only works without bugs from LLVM 9 onwards, and with high optimization the link optimization ruins the instrumented control flow graph. -This is all now fixed with LLVM 11+. The llvm's own linker is now able to load +This is all now fixed with LLVM 12+. The llvm's own linker is now able to load passes and this bypasses all problems we had. Happy end :) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 2d5787e804..5aec072ec0 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -165,7 +165,7 @@ static void usage(u8 *argv0, int more_help) { "\n" "Mutator settings:\n" - " -a - target input format, \"text\" or \"binary\" (default: " + " -a type - target input format, \"text\" or \"binary\" (default: " "generic)\n" " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " From 33a129e00cbfcc0f979880270e01cbf58400c75a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 22 Jan 2024 11:01:30 +0100 Subject: [PATCH 307/357] update changelog --- docs/Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index ad0f7a5a49..9accb9da19 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -25,6 +25,7 @@ - plugins are now activated by default and a new module is included that produces drcov compatible traces for lighthouse/lightkeeper/... thanks to @JRomainG to submitting! + - updated Nyx checkout (fixes a bug) - updated the custom grammar mutator - document afl-cmin does not work on macOS From 243c6640a8fbad68bca6d1305659d646db499d7e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 23 Jan 2024 18:30:13 +0100 Subject: [PATCH 308/357] update grammar mutator --- custom_mutators/grammar_mutator/GRAMMAR_VERSION | 2 +- custom_mutators/grammar_mutator/grammar_mutator | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index 2568c6a55c..3a019448a9 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -ff4e5a2 +5ed4f8d diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index ff4e5a265d..5ed4f8d6e6 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit ff4e5a265daf5d88c4a636fb6a2c22b1d733db09 +Subproject commit 5ed4f8d6e6524df9670af6b411b13031833d67d2 From 227c1a7002dcb1042e4a02ec1f060bf408913b8c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 23 Jan 2024 19:55:35 +0100 Subject: [PATCH 309/357] improve compiler test script --- test/test-compilers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-compilers.sh b/test/test-compilers.sh index 628af42328..b47cf38d5d 100755 --- a/test/test-compilers.sh +++ b/test/test-compilers.sh @@ -1,7 +1,7 @@ #!/bin/sh echo Testing compilers ... for cc in afl-cc afl-gcc afl-clang afl-clang-fast afl-clang-lto afl-gcc-fast; do - test -e ../$cc && { ../$cc -o t ../test-instr.c >/dev/null 2<&1 || echo Failing: $cc ; } || echo Missing: $cc + test -e ../$cc && { { ../$cc -o t ../test-instr.c >/dev/null 2<&1 && echo Success: $cc ; } || echo Failing: $cc ; } || echo Missing: $cc done rm -f t echo Done! From d5812786f30f03ad162643a0e21c945f8ffd14d3 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 24 Jan 2024 17:54:57 +0100 Subject: [PATCH 310/357] gcc asan workaround (#1966) --- src/afl-cc.c | 176 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 138 insertions(+), 38 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 5cbd964e28..ec25bf9de8 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -170,8 +170,10 @@ typedef struct aflcc_state { u8 have_instr_env, have_gcc, have_clang, have_llvm, have_gcc_plugin, have_lto, have_optimized_pcguard, have_instr_list; - u8 fortify_set, asan_set, x_set, bit_mode, preprocessor_only, have_unroll, - have_o, have_pic, have_c, shared_linking, partial_linking, non_dash; + u8 fortify_set, x_set, bit_mode, preprocessor_only, have_unroll, have_o, + have_pic, have_c, shared_linking, partial_linking, non_dash, have_fp, + have_flto, have_hidden, have_fortify, have_fcf, have_staticasan, + have_asan, have_msan, have_ubsan, have_lsan, have_tsan, have_cfisan; // u8 *march_opt; u8 need_aflpplib; @@ -1553,6 +1555,8 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { /* Control _FORTIFY_SOURCE */ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { + if (aflcc->have_fortify) { return; } + switch (action) { case 1: @@ -1666,6 +1670,42 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; + if (strstr(cur_argv, "=address") || strstr(cur_argv, ",address")) { + + aflcc->have_asan = 1; + + } + + if (strstr(cur_argv, "=memory") || strstr(cur_argv, ",memory")) { + + aflcc->have_msan = 1; + + } + + if (strstr(cur_argv, "=undefined") || strstr(cur_argv, ",undefined")) { + + aflcc->have_ubsan = 1; + + } + + if (strstr(cur_argv, "=thread") || strstr(cur_argv, ",thread")) { + + aflcc->have_tsan = 1; + + } + + if (strstr(cur_argv, "=leak") || strstr(cur_argv, ",leak")) { + + aflcc->have_lsan = 1; + + } + + if (strstr(cur_argv, "=cfi") || strstr(cur_argv, ",cfi")) { + + aflcc->have_cfisan = 1; + + } + if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && strstr(cur_argv, "list=")) { @@ -1745,19 +1785,14 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } - if (!strcmp(cur_argv, "-fsanitize=address") || - !strcmp(cur_argv, "-fsanitize=memory")) { + if (final_ == PARAM_MISS) { if (scan) { - // "-fsanitize=undefined,address" may be un-treated, but it's OK. - aflcc->asan_set = 1; final_ = PARAM_SCAN; } else { - // It's impossible that final_ is PARAM_DROP before, - // so no checks are needed here. final_ = PARAM_KEEP; } @@ -1772,74 +1807,113 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { void add_sanitizers(aflcc_state_t *aflcc, char **envp) { - if (!aflcc->asan_set) { + if (getenv("AFL_USE_ASAN") || aflcc->have_asan) { + + if (getenv("AFL_USE_MSAN") || aflcc->have_msan) + FATAL("ASAN and MSAN are mutually exclusive"); - if (getenv("AFL_USE_ASAN")) { + if (getenv("AFL_HARDEN")) + FATAL("ASAN and AFL_HARDEN are mutually exclusive"); - if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); + if (aflcc->compiler_mode == GCC_PLUGIN && !aflcc->have_staticasan) { - if (getenv("AFL_HARDEN")) - FATAL("ASAN and AFL_HARDEN are mutually exclusive"); + insert_param(aflcc, "-static-libasan"); - add_defs_fortify(aflcc, 0); - insert_param(aflcc, "-fsanitize=address"); + } - } else if (getenv("AFL_USE_MSAN")) { + add_defs_fortify(aflcc, 0); + if (!aflcc->have_asan) { insert_param(aflcc, "-fsanitize=address"); } + aflcc->have_asan = 1; - if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); + } else if (getenv("AFL_USE_MSAN") || aflcc->have_msan) { - if (getenv("AFL_HARDEN")) - FATAL("MSAN and AFL_HARDEN are mutually exclusive"); + if (getenv("AFL_USE_ASAN") || aflcc->have_asan) + FATAL("ASAN and MSAN are mutually exclusive"); - add_defs_fortify(aflcc, 0); - insert_param(aflcc, "-fsanitize=memory"); + if (getenv("AFL_HARDEN")) + FATAL("MSAN and AFL_HARDEN are mutually exclusive"); - } + add_defs_fortify(aflcc, 0); + insert_param(aflcc, "-fsanitize=memory"); + aflcc->have_msan = 1; } - if (getenv("AFL_USE_UBSAN")) { + if (getenv("AFL_USE_UBSAN") || aflcc->have_ubsan) { + + if (!aflcc->have_ubsan) { + + insert_param(aflcc, "-fsanitize=undefined"); + insert_param(aflcc, "-fsanitize-undefined-trap-on-error"); + insert_param(aflcc, "-fno-sanitize-recover=all"); + + } + + if (!aflcc->have_fp) { + + insert_param(aflcc, "-fno-omit-frame-pointer"); + aflcc->have_fp = 1; + + } - insert_param(aflcc, "-fsanitize=undefined"); - insert_param(aflcc, "-fsanitize-undefined-trap-on-error"); - insert_param(aflcc, "-fno-sanitize-recover=all"); - insert_param(aflcc, "-fno-omit-frame-pointer"); + aflcc->have_ubsan = 1; } - if (getenv("AFL_USE_TSAN")) { + if (getenv("AFL_USE_TSAN") || aflcc->have_tsan) { + + if (!aflcc->have_fp) { + + insert_param(aflcc, "-fno-omit-frame-pointer"); + aflcc->have_fp = 1; + + } - insert_param(aflcc, "-fsanitize=thread"); - insert_param(aflcc, "-fno-omit-frame-pointer"); + if (!aflcc->have_tsan) { insert_param(aflcc, "-fsanitize=thread"); } + aflcc->have_tsan = 1; } - if (getenv("AFL_USE_LSAN")) { + if (getenv("AFL_USE_LSAN") && !aflcc->have_lsan) { insert_param(aflcc, "-fsanitize=leak"); add_defs_lsan_ctrl(aflcc); + aflcc->have_lsan = 1; } - if (getenv("AFL_USE_CFISAN")) { + if (getenv("AFL_USE_CFISAN") || aflcc->have_cfisan) { if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) { - insert_param(aflcc, "-fcf-protection=full"); + if (!aflcc->have_fcf) { insert_param(aflcc, "-fcf-protection=full"); } } else { - if (!aflcc->lto_mode) { + if (!aflcc->lto_mode && !aflcc->have_flto) { uint32_t i = 0, found = 0; - while (envp[i] != NULL && !found) + while (envp[i] != NULL && !found) { + if (strncmp("-flto", envp[i++], 5) == 0) found = 1; - if (!found) insert_param(aflcc, "-flto"); + + } + + if (!found) { insert_param(aflcc, "-flto"); } + aflcc->have_flto = 1; } - insert_param(aflcc, "-fsanitize=cfi"); - insert_param(aflcc, "-fvisibility=hidden"); + if (!aflcc->have_cfisan) { insert_param(aflcc, "-fsanitize=cfi"); } + + if (!aflcc->have_hidden) { + + insert_param(aflcc, "-fvisibility=hidden"); + aflcc->have_hidden = 1; + + } + + aflcc->have_cfisan = 1; } @@ -2417,6 +2491,32 @@ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { SCAN_KEEP(aflcc->have_c, 1); + } else if (!strcmp(cur_argv, "-static-libasan")) { + + SCAN_KEEP(aflcc->have_staticasan, 1); + + } else if (!strcmp(cur_argv, "-fno-omit-frame-pointer")) { + + SCAN_KEEP(aflcc->have_fp, 1); + + } else if (!strcmp(cur_argv, "-fvisibility=hidden")) { + + SCAN_KEEP(aflcc->have_hidden, 1); + + } else if (!strcmp(cur_argv, "-flto") || !strcmp(cur_argv, "-flto=full")) { + + SCAN_KEEP(aflcc->have_flto, 1); + + } else if (!strncmp(cur_argv, "-D_FORTIFY_SOURCE", + + strlen("-D_FORTIFY_SOURCE"))) { + + SCAN_KEEP(aflcc->have_fortify, 1); + + } else if (!strncmp(cur_argv, "-fcf-protection", strlen("-fcf-protection"))) { + + SCAN_KEEP(aflcc->have_cfisan, 1); + } else if (!strncmp(cur_argv, "-O", 2)) { SCAN_KEEP(aflcc->have_o, 1); From 8746b3e310ba6200e9e62fd6fabbba36edaa3811 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Jan 2024 18:06:02 +0100 Subject: [PATCH 311/357] fix github merge fuckup --- src/afl-cc.c | 503 +++------------------------------------------------ 1 file changed, 27 insertions(+), 476 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index dee90946e7..ec25bf9de8 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -650,7 +650,7 @@ void compiler_mode_by_environ(aflcc_state_t *aflcc) { "selected by command line parameter or symlink, ignoring the " "environment variable!"); - if (aflcc->compiler_mode) { + } } else { @@ -708,7 +708,7 @@ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " "symlink compiler selection!"); - char *ptr = NULL; + } ptr = argv[i]; ptr += 5; @@ -831,8 +831,7 @@ static void instrument_mode_old_environ(aflcc_state_t *aflcc) { aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX_K; - if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") || - getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC")) { + } } @@ -1005,26 +1004,21 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } - if ((ptr3 = getenv("AFL_LLVM_CTX_K")) == NULL) - FATAL( - "you must set the K-CTX K with (e.g. for value 2) " - "AFL_LLVM_INSTRUMENT=ctx-2"); + } if (strcasecmp(ptr2, "ctx") == 0) { aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX; setenv("AFL_LLVM_CTX", "1", 1); - if (aflcc->ctx_k == 1) { + } if (strncasecmp(ptr2, "caller", strlen("caller")) == 0) { aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; setenv("AFL_LLVM_CALLER", "1", 1); - aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_CTX_K); - u8 *ptr4 = alloc_printf("%u", aflcc->ctx_k); - setenv("AFL_LLVM_CTX_K", ptr4, 1); + } if (strncasecmp(ptr2, "ngram", strlen("ngram")) == 0) { @@ -1204,8 +1198,7 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->instrument_mode = INSTRUMENT_CLANG; setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as - aflcc->instrument_mode = INSTRUMENT_CLASSIC; - aflcc->compiler_mode = LLVM; + } } @@ -1265,7 +1258,7 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->instrument_mode = INSTRUMENT_AFL; #endif - if (!be_quiet) { + } if (!aflcc->instrument_opt_mode && aflcc->lto_mode && aflcc->instrument_mode == INSTRUMENT_CFG) { @@ -1290,7 +1283,7 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { else aflcc->compiler_mode = LTO; - } else + } if (getenv("AFL_LLVM_SKIP_NEVERZERO") && getenv("AFL_LLVM_NOT_ZERO")) FATAL( @@ -1364,18 +1357,10 @@ void mode_notification(aflcc_state_t *aflcc) { "gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast " "instead!"); - char *ptr2 = alloc_printf(" + NGRAM-%u", aflcc->ngram_size); - char *ptr3 = alloc_printf(" + K-CTX-%u", aflcc->ctx_k); - - char *ptr1 = alloc_printf( - "%s%s%s%s%s", instrument_mode_2str(aflcc->instrument_mode), - (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) ? " + CTX" : "", - (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) ? " + CALLER" : "", - (aflcc->instrument_opt_mode & INSTRUMENT_OPT_NGRAM) ? ptr2 : "", - (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K) ? ptr3 : ""); - } +} + void add_real_argv0(aflcc_state_t *aflcc) { static u8 llvm_fullpath[PATH_MAX]; @@ -1434,7 +1419,7 @@ void add_real_argv0(aflcc_state_t *aflcc) { } - alt_cc = "clang"; + } aflcc->cc_params[0] = alt_cc; @@ -1586,9 +1571,7 @@ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { insert_param(aflcc, "-U_FORTIFY_SOURCE"); break; - case 2: - insert_param(aflcc, "-D_FORTIFY_SOURCE=2"); - break; + } } @@ -1709,7 +1692,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { aflcc->have_tsan = 1; - } else { + } if (strstr(cur_argv, "=leak") || strstr(cur_argv, ",leak")) { @@ -1798,11 +1781,9 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } final_ = PARAM_DROP; - if (getenv("AFL_HARDEN")) - FATAL("ASAN and AFL_HARDEN are mutually exclusive"); + } - add_defs_fortify(aflcc, 0); - insert_param(aflcc, "-fsanitize=address"); + } if (final_ == PARAM_MISS) { @@ -1916,8 +1897,7 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { if (strncmp("-flto", envp[i++], 5) == 0) found = 1; - #endif -#endif + } if (!found) { insert_param(aflcc, "-flto"); } aflcc->have_flto = 1; @@ -1931,7 +1911,7 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { insert_param(aflcc, "-fvisibility=hidden"); aflcc->have_hidden = 1; - if (aflcc->lto_mode && !strncmp(cur_argv, "-flto=thin", 10)) { + } aflcc->have_cfisan = 1; @@ -2101,10 +2081,7 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, final_ = PARAM_SCAN; - WARNF( - "'%s': multiple link options after '-Wl,' may enable report " - "unresolved symbol references and result in a bad link.", - ptr_); + } else { final_ = PARAM_DROP; @@ -2129,392 +2106,8 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, } -} - -void add_lto_linker(aflcc_state_t *aflcc) { - - unsetenv("AFL_LD"); - unsetenv("AFL_LD_CALLER"); - - u8 *ld_path = NULL; - if (getenv("AFL_REAL_LD")) { - - ld_path = strdup(getenv("AFL_REAL_LD")); - - } else { - - ld_path = strdup(AFL_REAL_LD); - - } - - if (!ld_path || !*ld_path) { - - if (ld_path) { - - // Freeing empty string - free(ld_path); - - } - - ld_path = strdup("ld.lld"); - - } - - if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } -#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 - insert_param(aflcc, alloc_printf("--ld-path=%s", ld_path)); -#else - insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); -#endif - free(ld_path); - -} - -void add_lto_passes(aflcc_state_t *aflcc) { - -#if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15 - // The NewPM implementation only works fully since LLVM 15. - insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,--load-pass-plugin=%s", - 0); -#elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13 - insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); - insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); -#else - insert_param(aflcc, "-fno-experimental-new-pass-manager"); - insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); -#endif - - insert_param(aflcc, "-Wl,--allow-multiple-definition"); - -} - -static void add_aflpplib(aflcc_state_t *aflcc) { - - if (!aflcc->need_aflpplib) return; - - u8 *afllib = find_object(aflcc, "libAFLDriver.a"); - - if (!be_quiet) { - - OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); - - } - - if (!afllib) { - - if (!be_quiet) { - - WARNF( - "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " - "the flags - this will fail!"); - - } - - } else { - - insert_param(aflcc, afllib); - -#ifdef __APPLE__ - insert_param(aflcc, "-Wl,-undefined"); - insert_param(aflcc, "dynamic_lookup"); -#endif - - } - -} - -void add_runtime(aflcc_state_t *aflcc) { - - if (aflcc->preprocessor_only || aflcc->have_c || !aflcc->non_dash) { - - /* In the preprocessor_only case (-E), we are not actually compiling at - all but requesting the compiler to output preprocessed sources only. - We must not add the runtime in this case because the compiler will - simply output its binary content back on stdout, breaking any build - systems that rely on a separate source preprocessing step. */ - return; - - } - - if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC && - !getenv("AFL_LLVM_NO_RPATH")) { - - // in case LLVM is installed not via a package manager or "make install" - // e.g. compiled download or compiled from github then its ./lib directory - // might not be in the search path. Add it if so. - const char *libdir = LLVM_LIBDIR; - if (aflcc->plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && - strncmp(libdir, "/lib", 4)) { - - u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR); - insert_param(aflcc, libdir_opt); - - } - - } - -#ifndef __ANDROID__ - - #define M32_ERR_MSG "-m32 is not supported by your compiler" - #define M64_ERR_MSG "-m64 is not supported by your compiler" - - if (aflcc->compiler_mode != GCC && aflcc->compiler_mode != CLANG) { - - switch (aflcc->bit_mode) { - - case 0: - if (!aflcc->shared_linking && !aflcc->partial_linking) - insert_object(aflcc, "afl-compiler-rt.o", 0, 0); - if (aflcc->lto_mode) insert_object(aflcc, "afl-llvm-rt-lto.o", 0, 0); - break; - - case 32: - if (!aflcc->shared_linking && !aflcc->partial_linking) - insert_object(aflcc, "afl-compiler-rt-32.o", 0, M32_ERR_MSG); - if (aflcc->lto_mode) - insert_object(aflcc, "afl-llvm-rt-lto-32.o", 0, M32_ERR_MSG); - break; - - case 64: - if (!aflcc->shared_linking && !aflcc->partial_linking) - insert_object(aflcc, "afl-compiler-rt-64.o", 0, M64_ERR_MSG); - if (aflcc->lto_mode) - insert_object(aflcc, "afl-llvm-rt-lto-64.o", 0, M64_ERR_MSG); - break; - - } - - #if !defined(__APPLE__) && !defined(__sun) - if (!aflcc->shared_linking && !aflcc->partial_linking) - insert_object(aflcc, "dynamic_list.txt", "-Wl,--dynamic-list=%s", 0); - #endif - - #if defined(__APPLE__) - if (aflcc->shared_linking || aflcc->partial_linking) { - - insert_param(aflcc, "-Wl,-U"); - insert_param(aflcc, "-Wl,___afl_area_ptr"); - insert_param(aflcc, "-Wl,-U"); - insert_param(aflcc, "-Wl,___sanitizer_cov_trace_pc_guard_init"); - - } - - #endif - - } - -#endif - - add_aflpplib(aflcc); - -#if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ - insert_param(aflcc, "-Wl,-lrt"); -#endif - -} - -/* Misc */ - -void add_assembler(aflcc_state_t *aflcc) { - - u8 *afl_as = find_object(aflcc, "as"); - - if (!afl_as) FATAL("Cannot find 'as' (symlink to 'afl-as')."); - - u8 *slash = strrchr(afl_as, '/'); - if (slash) *slash = 0; - - insert_param(aflcc, "-B"); - insert_param(aflcc, afl_as); - - if (aflcc->compiler_mode == CLANG) insert_param(aflcc, "-no-integrated-as"); - -} - -void add_gcc_plugin(aflcc_state_t *aflcc) { - - if (aflcc->cmplog_mode) { - - insert_object(aflcc, "afl-gcc-cmplog-pass.so", "-fplugin=%s", 0); - insert_object(aflcc, "afl-gcc-cmptrs-pass.so", "-fplugin=%s", 0); - - } - - insert_object(aflcc, "afl-gcc-pass.so", "-fplugin=%s", 0); - - insert_param(aflcc, "-fno-if-conversion"); - insert_param(aflcc, "-fno-if-conversion2"); - -} - -void add_misc_params(aflcc_state_t *aflcc) { - - if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || - getenv("AFL_LLVM_LAF_ALL") || getenv("AFL_LLVM_CMPLOG") || - aflcc->lto_mode) { - - insert_param(aflcc, "-fno-builtin-strcmp"); - insert_param(aflcc, "-fno-builtin-strncmp"); - insert_param(aflcc, "-fno-builtin-strcasecmp"); - insert_param(aflcc, "-fno-builtin-strncasecmp"); - insert_param(aflcc, "-fno-builtin-memcmp"); - insert_param(aflcc, "-fno-builtin-bcmp"); - insert_param(aflcc, "-fno-builtin-strstr"); - insert_param(aflcc, "-fno-builtin-strcasestr"); - - } - - if (!aflcc->have_pic) { insert_param(aflcc, "-fPIC"); } - - if (getenv("AFL_HARDEN")) { - - insert_param(aflcc, "-fstack-protector-all"); - - if (!aflcc->fortify_set) add_defs_fortify(aflcc, 2); - - } - - if (!getenv("AFL_DONT_OPTIMIZE")) { - - insert_param(aflcc, "-g"); - if (!aflcc->have_o) insert_param(aflcc, "-O3"); - if (!aflcc->have_unroll) insert_param(aflcc, "-funroll-loops"); - // if (strlen(aflcc->march_opt) > 1 && aflcc->march_opt[0] == '-') - // insert_param(aflcc, aflcc->march_opt); - - } - - if (aflcc->x_set) { - - insert_param(aflcc, "-x"); - insert_param(aflcc, "none"); - - } - -} - -param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { - - param_st final_ = PARAM_MISS; - -// MACRO START -#define SCAN_KEEP(dst, src) \ - do { \ - \ - if (scan) { \ - \ - dst = src; \ - final_ = PARAM_SCAN; \ - \ - } else { \ - \ - final_ = PARAM_KEEP; \ - \ - } \ - \ - } while (0) - - // MACRO END - - if (!strncasecmp(cur_argv, "-fpic", 5)) { - - SCAN_KEEP(aflcc->have_pic, 1); - - } else if (!strcmp(cur_argv, "-m32") || - - !strcmp(cur_argv, "armv7a-linux-androideabi")) { - - SCAN_KEEP(aflcc->bit_mode, 32); - - } else if (!strcmp(cur_argv, "-m64")) { - - SCAN_KEEP(aflcc->bit_mode, 64); - - } else if (strstr(cur_argv, "FORTIFY_SOURCE")) { - - SCAN_KEEP(aflcc->fortify_set, 1); - - } else if (!strcmp(cur_argv, "-x")) { - - SCAN_KEEP(aflcc->x_set, 1); - - } else if (!strcmp(cur_argv, "-E")) { - - SCAN_KEEP(aflcc->preprocessor_only, 1); - - } else if (!strcmp(cur_argv, "--target=wasm32-wasi")) { - - SCAN_KEEP(aflcc->passthrough, 1); - - } else if (!strcmp(cur_argv, "-c")) { - - SCAN_KEEP(aflcc->have_c, 1); - - } else if (!strncmp(cur_argv, "-O", 2)) { - - SCAN_KEEP(aflcc->have_o, 1); - - } else if (!strncmp(cur_argv, "-funroll-loop", 13)) { - - SCAN_KEEP(aflcc->have_unroll, 1); - - } else if (!strncmp(cur_argv, "--afl", 5)) { - - if (scan) - final_ = PARAM_SCAN; - else - final_ = PARAM_DROP; - - } else if (!strncmp(cur_argv, "-fno-unroll", 11)) { - - if (scan) - final_ = PARAM_SCAN; - else - final_ = PARAM_DROP; - - } else if (!strcmp(cur_argv, "-pipe") && aflcc->compiler_mode == GCC_PLUGIN) { - - if (scan) - final_ = PARAM_SCAN; - else - final_ = PARAM_DROP; - - } else if (!strncmp(cur_argv, "-stdlib=", 8) && - - (aflcc->compiler_mode == GCC || - aflcc->compiler_mode == GCC_PLUGIN)) { - - if (scan) { - - final_ = PARAM_SCAN; - - } else { - - if (!be_quiet) WARNF("Found '%s' - stripping!", cur_argv); - final_ = PARAM_DROP; - - } - - } else if (cur_argv[0] != '-') { - - /* It's a weak, loose pattern, with very different purpose - than others. We handle it at last, cautiously and robustly. */ - - if (scan && cur_argv[0] != '@') // response file support - aflcc->non_dash = 1; - } -#undef SCAN_KEEP - - if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); - - return final_; - -} - -static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { - // Try to warn user for some unsupported cases if (scan && final_ == PARAM_MISS) { @@ -3435,6 +3028,14 @@ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, free(tmpbuf); + continue; + + } + + if (!scan) insert_param(aflcc, cur); + + } + } /* Copy argv to cc_params, making the necessary edits. */ @@ -3580,56 +3181,6 @@ static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, /* Main entry point */ -int main(int argc, char **argv, char **envp) { - - aflcc_state_t *aflcc = malloc(sizeof(aflcc_state_t)); - aflcc_state_init(aflcc, (u8 *)argv[0]); - - check_environment_vars(envp); - - find_built_deps(aflcc); - - compiler_mode_by_callname(aflcc); - compiler_mode_by_environ(aflcc); - compiler_mode_by_cmdline(aflcc, argc, argv); - - instrument_mode_by_environ(aflcc); - - mode_final_checkout(aflcc, argc, argv); - - process_params(aflcc, 1, argc, argv); - - maybe_usage(aflcc, argc, argv); - - mode_notification(aflcc); - - if (aflcc->debug) debugf_args(argc, argv); - - edit_params(aflcc, argc, argv, envp); - - if (aflcc->debug) - debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); - - /* Inspect the command line parameters. */ - - process_params(aflcc, 0, argc, argv); - - add_sanitizers(aflcc, envp); - - add_misc_params(aflcc); - - add_defs_common(aflcc); - add_defs_selective_instr(aflcc); - add_defs_persistent_mode(aflcc); - - add_runtime(aflcc); - - insert_param(aflcc, NULL); - -} - -/* Main entry point */ - int main(int argc, char **argv, char **envp) { aflcc_state_t *aflcc = malloc(sizeof(aflcc_state_t)); From ba28c4982b7fed33a22214537b4f8ffcc08286d4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Jan 2024 18:22:17 +0100 Subject: [PATCH 312/357] fix --- src/afl-cc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/afl-cc.c b/src/afl-cc.c index ec25bf9de8..ccbb4f8de2 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1572,6 +1572,8 @@ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { break; } + + aflcc->have_fortify = 1; } From d88c97ad2887962a8565473269057d39d75f998d Mon Sep 17 00:00:00 2001 From: Sonic <50692172+SonicStark@users.noreply.github.com> Date: Thu, 25 Jan 2024 16:57:50 +0800 Subject: [PATCH 313/357] Fix afl-cc (#1968) - Check if too many cmdline params here, each time before insert a new param. - Check if it is "-fsanitize=..." before we do sth. - Remove improper param_st transfer. --- src/afl-cc.c | 87 ++++++++++++++++++++-------------------------------- 1 file changed, 34 insertions(+), 53 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index ccbb4f8de2..174b3783ef 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -192,15 +192,11 @@ u8 *find_object(aflcc_state_t *, u8 *obj); void find_built_deps(aflcc_state_t *); -static inline void limit_params(aflcc_state_t *aflcc, u32 add) { +static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { - if (aflcc->cc_par_cnt + add >= MAX_PARAMS_NUM) + if (unlikely(aflcc->cc_par_cnt + 1 >= MAX_PARAMS_NUM)) FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); -} - -static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { - aflcc->cc_params[aflcc->cc_par_cnt++] = param; } @@ -1572,7 +1568,7 @@ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { break; } - + aflcc->have_fortify = 1; } @@ -1672,41 +1668,42 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; - if (strstr(cur_argv, "=address") || strstr(cur_argv, ",address")) { - - aflcc->have_asan = 1; - - } - - if (strstr(cur_argv, "=memory") || strstr(cur_argv, ",memory")) { - - aflcc->have_msan = 1; - - } - - if (strstr(cur_argv, "=undefined") || strstr(cur_argv, ",undefined")) { - - aflcc->have_ubsan = 1; - - } - - if (strstr(cur_argv, "=thread") || strstr(cur_argv, ",thread")) { - - aflcc->have_tsan = 1; +// MACRO START +#define HAVE_SANITIZER_SCAN_KEEP(v, k) \ + do { \ + \ + if (strstr(cur_argv, "=" STRINGIFY(k)) || \ + strstr(cur_argv, "," STRINGIFY(k))) { \ + \ + if (scan) { \ + \ + aflcc->have_##v = 1; \ + final_ = PARAM_SCAN; \ + \ + } else { \ + \ + final_ = PARAM_KEEP; \ + \ + } \ + \ + } \ + \ + } while (0) - } + // MACRO END - if (strstr(cur_argv, "=leak") || strstr(cur_argv, ",leak")) { + if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize="))) { - aflcc->have_lsan = 1; + HAVE_SANITIZER_SCAN_KEEP(asan, address); + HAVE_SANITIZER_SCAN_KEEP(msan, memory); + HAVE_SANITIZER_SCAN_KEEP(ubsan, undefined); + HAVE_SANITIZER_SCAN_KEEP(tsan, thread); + HAVE_SANITIZER_SCAN_KEEP(lsan, leak); + HAVE_SANITIZER_SCAN_KEEP(cfisan, cfi); } - if (strstr(cur_argv, "=cfi") || strstr(cur_argv, ",cfi")) { - - aflcc->have_cfisan = 1; - - } +#undef HAVE_SANITIZER_SCAN_KEEP if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && strstr(cur_argv, "list=")) { @@ -1718,7 +1715,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } else { - final_ = PARAM_KEEP; // may be set to DROP next + final_ = PARAM_KEEP; } @@ -1787,20 +1784,6 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } - if (final_ == PARAM_MISS) { - - if (scan) { - - final_ = PARAM_SCAN; - - } else { - - final_ = PARAM_KEEP; - - } - - } - if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); return final_; @@ -2880,8 +2863,6 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, char **argv) { - limit_params(aflcc, argc); - // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]); /* Process the argument list. */ From 2f9eeef60cdd4ad43f8066af78009acd660a426c Mon Sep 17 00:00:00 2001 From: "Christian Holler (:decoder)" Date: Fri, 26 Jan 2024 14:41:23 +0100 Subject: [PATCH 314/357] Avoid adding llvmnative instrumentation when linking rust sanitizer runtime (#1969) --- src/afl-cc.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 174b3783ef..6d8e1024a8 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -173,7 +173,8 @@ typedef struct aflcc_state { u8 fortify_set, x_set, bit_mode, preprocessor_only, have_unroll, have_o, have_pic, have_c, shared_linking, partial_linking, non_dash, have_fp, have_flto, have_hidden, have_fortify, have_fcf, have_staticasan, - have_asan, have_msan, have_ubsan, have_lsan, have_tsan, have_cfisan; + have_rust_asanrt, have_asan, have_msan, have_ubsan, have_lsan, have_tsan, + have_cfisan; // u8 *march_opt; u8 need_aflpplib; @@ -1908,6 +1909,14 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { void add_native_pcguard(aflcc_state_t *aflcc) { + /* If there is a rust ASan runtime on the command line, it is likely we're + * linking from rust and adding native flags requiring the sanitizer runtime + * will trigger native clang to add yet another runtime, causing linker + * errors. For now we shouldn't add instrumentation here, we're linking + * anyway. + */ + if (aflcc->have_rust_asanrt) { return; } + /* If llvm-config doesn't figure out LLVM_MAJOR, just go on anyway and let compiler complain if doesn't work. */ @@ -2480,6 +2489,10 @@ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { SCAN_KEEP(aflcc->have_staticasan, 1); + } else if (strstr(cur_argv, "librustc") && strstr(cur_argv, "_rt.asan.a")) { + + SCAN_KEEP(aflcc->have_rust_asanrt, 1); + } else if (!strcmp(cur_argv, "-fno-omit-frame-pointer")) { SCAN_KEEP(aflcc->have_fp, 1); From 58b80b68bc5538bad2cf4c858229111f58282424 Mon Sep 17 00:00:00 2001 From: "Christian Holler (:decoder)" Date: Fri, 26 Jan 2024 15:46:56 +0100 Subject: [PATCH 315/357] Dynamic instrumentation filtering for LLVM native (#1971) * Add two dynamic instrumentation filter methods to runtime * Always use pc-table with native pcguard * Add make_symbol_list.py and README --- instrumentation/afl-compiler-rt.o.c | 279 ++++++++++++++++++-- src/afl-cc.c | 26 +- utils/dynamic_covfilter/README.md | 55 ++++ utils/dynamic_covfilter/make_symbol_list.py | 73 +++++ 4 files changed, 393 insertions(+), 40 deletions(-) create mode 100644 utils/dynamic_covfilter/README.md create mode 100644 utils/dynamic_covfilter/make_symbol_list.py diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 39a762b671..8e55d6a0ac 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -22,6 +22,10 @@ #define __USE_GNU #endif #include + +__attribute__((weak)) void __sanitizer_symbolize_pc(void *, const char *fmt, + char *out_buf, + size_t out_buf_size); #endif #ifdef __ANDROID__ @@ -124,8 +128,8 @@ struct afl_module_info_t { uintptr_t base_address; // PC Guard start/stop - u32 start; - u32 stop; + u32 *start; + u32 *stop; // PC Table begin/end const uintptr_t *pcs_beg; @@ -147,6 +151,18 @@ afl_module_info_t *__afl_module_info = NULL; u32 __afl_pcmap_size = 0; uintptr_t *__afl_pcmap_ptr = NULL; + +typedef struct { + + uintptr_t start; + u32 len; + +} FilterPCEntry; + +u32 __afl_filter_pcs_size = 0; +FilterPCEntry *__afl_filter_pcs = NULL; +u8 *__afl_filter_pcs_module = NULL; + #endif // __AFL_CODE_COVERAGE /* 1 if we are running in afl, and the forkserver was started, else 0 */ @@ -1587,15 +1603,116 @@ void __sanitizer_cov_trace_pc_guard(uint32_t *guard) { } #ifdef __AFL_CODE_COVERAGE -void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, - const uintptr_t *pcs_end) { +void afl_read_pc_filter_file(const char *filter_file) { - if (__afl_debug) { + FILE *file; + char ch; + + file = fopen(filter_file, "r"); + if (file == NULL) { + + perror("Error opening file"); + return; + + } + + // Check how many PCs we expect to read + while ((ch = fgetc(file)) != EOF) { + + if (ch == '\n') { __afl_filter_pcs_size++; } + + } + + // Rewind to actually read the PCs + fseek(file, 0, SEEK_SET); + + __afl_filter_pcs = malloc(__afl_filter_pcs_size * sizeof(FilterPCEntry)); + if (!__afl_filter_pcs) { + + perror("Error allocating PC array"); + return; + + } + + for (size_t i = 0; i < __afl_filter_pcs_size; i++) { + + fscanf(file, "%lx", &(__afl_filter_pcs[i].start)); + ch = fgetc(file); // Read tab + fscanf(file, "%u", &(__afl_filter_pcs[i].len)); + ch = fgetc(file); // Read tab + + if (!__afl_filter_pcs_module) { + + // Read the module name and store it. + // TODO: We only support one module here right now although + // there is technically no reason to support multiple modules + // in one go. + size_t max_module_len = 255; + size_t i = 0; + __afl_filter_pcs_module = malloc(max_module_len); + while (i < max_module_len - 1 && + (__afl_filter_pcs_module[i] = fgetc(file)) != '\t') { + + ++i; + + } - fprintf(stderr, "DEBUG: __sanitizer_cov_pcs_init called\n"); + __afl_filter_pcs_module[i] = '\0'; + fprintf(stderr, "DEBUGXXX: Read module name %s\n", + __afl_filter_pcs_module); + + } + + while ((ch = fgetc(file)) != '\n' && ch != EOF) + ; + + } + + fclose(file); + +} + +u32 locate_in_pcs(uintptr_t needle, u32 *index) { + + size_t lower_bound = 0; + size_t upper_bound = __afl_filter_pcs_size - 1; + + while (lower_bound < __afl_filter_pcs_size && lower_bound <= upper_bound) { + + size_t current_index = lower_bound + (upper_bound - lower_bound) / 2; + + if (__afl_filter_pcs[current_index].start <= needle) { + + if (__afl_filter_pcs[current_index].start + + __afl_filter_pcs[current_index].len > + needle) { + + // Hit + *index = current_index; + return 1; + + } else { + + lower_bound = current_index + 1; + + } + + } else { + + if (!current_index) { break; } + upper_bound = current_index - 1; + + } } + return 0; + +} + +void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, + const uintptr_t *pcs_end) { + // If for whatever reason, we cannot get dlinfo here, then pc_guard_init also // couldn't get it and we'd end up attributing to the wrong module. Dl_info dlinfo; @@ -1608,6 +1725,16 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, } + if (__afl_debug) { + + fprintf( + stderr, + "DEBUG: (%u) __sanitizer_cov_pcs_init called for module %s with %ld " + "PCs\n", + getpid(), dlinfo.dli_fname, pcs_end - pcs_beg); + + } + afl_module_info_t *last_module_info = __afl_module_info; while (last_module_info && last_module_info->next) { @@ -1623,34 +1750,78 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, } + if (strcmp(dlinfo.dli_fname, last_module_info->name)) { + + // This can happen with modules being loaded after the forkserver + // where we decide to not track the module. In that case we must + // not track it here either. + fprintf( + stderr, + "WARNING: __sanitizer_cov_pcs_init module info mismatch: %s vs %s\n", + dlinfo.dli_fname, last_module_info->name); + return; + + } + last_module_info->pcs_beg = pcs_beg; last_module_info->pcs_end = pcs_end; + // This is a direct filter based on symbolizing inside the runtime. + // It should only be used with smaller binaries to avoid long startup + // times. Currently, this only supports a single token to scan for. + const char *pc_filter = getenv("AFL_PC_FILTER"); + + // This is a much faster PC filter based on pre-symbolized input data + // that is sorted for fast lookup through binary search. This method + // of filtering is suitable even for very large binaries. + const char *pc_filter_file = getenv("AFL_PC_FILTER_FILE"); + if (pc_filter_file && !__afl_filter_pcs) { + + afl_read_pc_filter_file(pc_filter_file); + + } + // Now update the pcmap. If this is the last module coming in, after all // pre-loaded code, then this will also map all of our delayed previous // modules. - - if (!__afl_pcmap_ptr) { return; } - + // for (afl_module_info_t *mod_info = __afl_module_info; mod_info; mod_info = mod_info->next) { if (mod_info->mapped) { continue; } + if (!mod_info->start) { + + fprintf(stderr, + "ERROR: __sanitizer_cov_pcs_init called with mod_info->start == " + "NULL (%s)\n", + mod_info->name); + abort(); + + } + PCTableEntry *start = (PCTableEntry *)(mod_info->pcs_beg); PCTableEntry *end = (PCTableEntry *)(mod_info->pcs_end); + if (!*mod_info->stop) { continue; } + u32 in_module_index = 0; while (start < end) { - if (mod_info->start + in_module_index >= __afl_map_size) { + if (*mod_info->start + in_module_index >= __afl_map_size) { - fprintf(stderr, "ERROR: __sanitizer_cov_pcs_init out of bounds?!\n"); + fprintf(stderr, + "ERROR: __sanitizer_cov_pcs_init out of bounds?! Start: %u " + "Stop: %u Map Size: %u (%s)\n", + *mod_info->start, *mod_info->stop, __afl_map_size, + mod_info->name); abort(); } + u32 orig_start_index = *mod_info->start; + uintptr_t PC = start->PC; // This is what `GetPreviousInstructionPc` in sanitizer runtime does @@ -1660,7 +1831,58 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, // Calculate relative offset in module PC = PC - mod_info->base_address; - __afl_pcmap_ptr[mod_info->start + in_module_index] = PC; + if (__afl_pcmap_ptr) { + + __afl_pcmap_ptr[orig_start_index + in_module_index] = PC; + + } + + if (pc_filter) { + + char PcDescr[1024]; + // This function is a part of the sanitizer run-time. + // To use it, link with AddressSanitizer or other sanitizer. + __sanitizer_symbolize_pc((void *)start->PC, "%p %F %L", PcDescr, + sizeof(PcDescr)); + + if (strstr(PcDescr, pc_filter)) { + + if (__afl_debug) + fprintf( + stderr, + "DEBUG: Selective instrumentation match: %s (PC %p Index %u)\n", + PcDescr, (void *)start->PC, + *(mod_info->start + in_module_index)); + // No change to guard needed + + } else { + + // Null out the guard to disable this edge + *(mod_info->start + in_module_index) = 0; + + } + + } + + if (__afl_filter_pcs && strstr(mod_info->name, __afl_filter_pcs_module)) { + + u32 result_index; + if (locate_in_pcs(PC, &result_index)) { + + if (__afl_debug) + fprintf(stderr, + "DEBUG: Selective instrumentation match: (PC %lx File " + "Index %u PC Index %u)\n", + PC, result_index, in_module_index); + + } else { + + // Null out the guard to disable this edge + *(mod_info->start + in_module_index) = 0; + + } + + } start++; in_module_index++; @@ -1671,8 +1893,10 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, if (__afl_debug) { - fprintf(stderr, "DEBUG: __sanitizer_cov_pcs_init initialized %u PCs\n", - in_module_index); + fprintf(stderr, + "DEBUG: __sanitizer_cov_pcs_init successfully mapped %s with %u " + "PCs\n", + mod_info->name, in_module_index); } @@ -1706,9 +1930,9 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { fprintf( stderr, "DEBUG: Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges) " - "after_fs=%u\n", + "after_fs=%u *start=%u\n", start, stop, (unsigned long)(stop - start), - __afl_already_initialized_forkserver); + __afl_already_initialized_forkserver, *start); } @@ -1740,8 +1964,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { mod_info->id = last_module_info ? last_module_info->id + 1 : 0; mod_info->name = strdup(dlinfo.dli_fname); mod_info->base_address = (uintptr_t)dlinfo.dli_fbase; - mod_info->start = 0; - mod_info->stop = 0; + mod_info->start = NULL; + mod_info->stop = NULL; mod_info->pcs_beg = NULL; mod_info->pcs_end = NULL; mod_info->mapped = 0; @@ -1757,8 +1981,12 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { } - fprintf(stderr, "[pcmap] Module: %s Base Address: %p\n", dlinfo.dli_fname, - dlinfo.dli_fbase); + if (__afl_debug) { + + fprintf(stderr, "[pcmap] Module: %s Base Address: %p\n", + dlinfo.dli_fname, dlinfo.dli_fbase); + + } } @@ -1861,12 +2089,17 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { #ifdef __AFL_CODE_COVERAGE if (mod_info) { - mod_info->start = *orig_start; - mod_info->stop = *(stop - 1); + if (!mod_info->start) { + + mod_info->start = orig_start; + mod_info->stop = stop - 1; + + } + if (__afl_debug) { fprintf(stderr, "DEBUG: [pcmap] Start Index: %u Stop Index: %u\n", - mod_info->start, mod_info->stop); + *(mod_info->start), *(mod_info->stop)); } diff --git a/src/afl-cc.c b/src/afl-cc.c index 6d8e1024a8..7348718880 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1920,35 +1920,27 @@ void add_native_pcguard(aflcc_state_t *aflcc) { /* If llvm-config doesn't figure out LLVM_MAJOR, just go on anyway and let compiler complain if doesn't work. */ - if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { - #if LLVM_MAJOR > 0 && LLVM_MAJOR < 6 - FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); + FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); #else #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation with pc-table requires LLVM 6.0.1+" - " otherwise the compiler will fail"); + WARNF( + "pcguard instrumentation with pc-table requires LLVM 6.0.1+" + " otherwise the compiler will fail"); #endif + if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); -#endif } else { -#if LLVM_MAJOR > 0 && LLVM_MAJOR < 4 - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); -#else - #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation requires LLVM 4.0.1+" - " otherwise the compiler will fail"); - #endif - insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); -#endif + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard,pc-table"); } +#endif + } void add_optimized_pcguard(aflcc_state_t *aflcc) { diff --git a/utils/dynamic_covfilter/README.md b/utils/dynamic_covfilter/README.md new file mode 100644 index 0000000000..a64836f1d5 --- /dev/null +++ b/utils/dynamic_covfilter/README.md @@ -0,0 +1,55 @@ +# Dynamic Instrumentation Filter + +Sometimes it can be beneficial to limit the instrumentation feedback to +specific code locations. It is possible to do so at compile-time by simply +not instrumenting any undesired locations. However, there are situations +where doing this dynamically without requiring a new build can be beneficial. +Especially when dealing with larger builds, it is much more convenient to +select the target code locations at runtime instead of doing so at build time. + +There are two ways of doing this in AFL++: + +## Simple Selection with `AFL_PC_FILTER` + +This approach requires a build with `AFL_INSTRUMENTATION=llvmnative` or +`llvmcodecov` as well as an AddressSanitizer build with debug information. + +By setting the environment variable `AFL_PC_FILTER` to a string, the runtime +symbolizer is enabled in the AFL++ runtime. At startup, the runtime will call +the `__sanitizer_symbolize_pc` API to resolve every PC in every loaded module. +The runtime then matches the result using `strstr` and disables the PC guard +if the symbolized PC does not contain the specified string. + +This approach has the benefit of being very easy to use. The downside is that +it causes significant startup delays with large binaries and that it requires +an AddressSanitizer build. + +This method has no additional runtime overhead after startup. + +## Selection using pre-symbolized data file with `AFL_PC_FILTER_FILE` + +To avoid large startup time delays, a specific module can be pre-symbolized +using the `make_symbol_list.py` script. This script outputs a sorted list of +functions with their respective relative offsets and lengths in the target +binary: + +`python3 make_symbol_list.py libxul.so > libxul.symbols.txt` + +The resulting list can be filtered, e.g. using grep: + +`grep -i "webgl" libxul.symbols.txt > libxul.webgl.symbols.txt` + +Finally, you can run with `AFL_PC_FILTER_FILE=libxul.webgl.symbols.txt` to +restrict instrumentation feedback to the given locations. This approach only +has a minimal startup time delay due to the implementation only using binary +search on the given file per PC rather than reading debug information for every +PC. It also works well with Nyx, where symbolizing is usually disabled for the +target process to avoid delays with frequent crashes. + +Similar to the previous method, This approach requires a build with +`AFL_INSTRUMENTATION=llvmnative` or `llvmcodecov` as well debug information. +However, it does not require the ASan runtime as it doesn't do the symbolizing +in process. Due to the way it maps PCs to symbols, it is less accurate when it +comes to includes and inlines (it assumes all PCs within a function belong to +that function and originate from the same file). For most purposes, this should +be a reasonable simplification to quickly process even the largest binaries. diff --git a/utils/dynamic_covfilter/make_symbol_list.py b/utils/dynamic_covfilter/make_symbol_list.py new file mode 100644 index 0000000000..d1dd6ab392 --- /dev/null +++ b/utils/dynamic_covfilter/make_symbol_list.py @@ -0,0 +1,73 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# Written by Christian Holler + +import json +import os +import sys +import subprocess + +if len(sys.argv) != 2: + print("Usage: %s binfile" % os.path.basename(sys.argv[0])) + sys.exit(1) + +binfile = sys.argv[1] + +addr2len = {} +addrs = [] + +output = subprocess.check_output(["objdump", "-t", binfile]).decode("utf-8") +for line in output.splitlines(): + line = line.replace("\t", " ") + components = [x for x in line.split(" ") if x] + if not components: + continue + try: + start_addr = int(components[0], 16) + except ValueError: + continue + + # Length has variable position in objdump output + length = None + for comp in components[1:]: + if len(comp) == 16: + try: + length = int(comp, 16) + break + except: + continue + + if length is None: + print("ERROR: Couldn't determine function section length: %s" % line) + + func = components[-1] + + addrs.append(start_addr) + addr2len[str(hex(start_addr))] = str(length) + +# The search implementation in the AFL runtime expects everything sorted. +addrs.sort() +addrs = [str(hex(addr)) for addr in addrs] + +# We symbolize in one go to speed things up with large binaries. +output = subprocess.check_output([ + "llvm-addr2line", + "--output-style=JSON", + "-f", "-C", "-a", "-e", + binfile], + input="\n".join(addrs).encode("utf-8")).decode("utf-8") + +output = output.strip().splitlines() +for line in output: + output = json.loads(line) + if "Symbol" in output and output["Address"] in addr2len: + final_output = [ + output["Address"], + addr2len[output["Address"]], + os.path.basename(output["ModuleName"]), + output["Symbol"][0]["FileName"], + output["Symbol"][0]["FunctionName"] + ] + print("\t".join(final_output)) From 1ffb1b6b2adaedbee7febc9f344c042fd25eae1a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 26 Jan 2024 16:58:17 +0100 Subject: [PATCH 316/357] changelog --- docs/Changelog.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 9accb9da19..38dbba8271 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -12,6 +12,7 @@ - afl-cc: - large rewrite by @SonicStark which fixes a few corner cases, thanks! - LTO mode now requires llvm 12+ + - workaround for ASAN with gcc_plugin mode - instrumentation: - LLVM 18 support, thanks to @devnexen! - Injection (SQL, LDAP, XSS) feature now available, see @@ -21,6 +22,8 @@ - due a bug in LLVM 17 integer splitting is disabled there! - when splitting floats was selected, integers were always split as well, fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should + - dynamic instrumentation filtering for LLVM NATIVE, thanks @Mozilla! + see utils/dynamic_covfilter/README.md - qemu_mode: - plugins are now activated by default and a new module is included that produces drcov compatible traces for lighthouse/lightkeeper/... From 4859b583ad48318cecfab7a43a7a11efcd7bb46f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 28 Jan 2024 15:11:15 +0100 Subject: [PATCH 317/357] todos --- TODO.md | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/TODO.md b/TODO.md index 7cab71e8fe..f2e3963f14 100644 --- a/TODO.md +++ b/TODO.md @@ -2,26 +2,21 @@ ## Must + - UI revamp + - hardened_usercopy=0 page_alloc.shuffle=0 + - add value_profile but only enable after 15 minutes without finds + - cmplog max len, cmplog max items envs? - adapt MOpt to new mutation engine - - Update afl->pending_not_fuzzed for MOpt - - cmplog rtn sanity check on fixed length? + no length 1 + - Update afl->pending_not_fuzzed for MOpt + - cmplog rtn sanity check on fixed length? currently we ignore the length - afl-showmap -f support - afl-fuzz multicore wrapper script - when trimming then perform crash detection - - either -L0 and/or -p mmopt results in zero new coverage + - problem: either -L0 and/or -p mmopt results in zero new coverage ## Should -<<<<<<< Updated upstream - - add value_profile but only enable after 15 minutes without finds? -======= - - afl-showmap -f support - - afl-fuzz multicore wrapper script - - UI revamp - - hardened_usercopy=0 page_alloc.shuffle=0 - - add value_profile but only enable after 15 minutes without finds ->>>>>>> Stashed changes - afl-crash-analysis - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values From 12ab9ebd321abf46da7505c7492d908e351347ce Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 30 Jan 2024 09:55:44 +0100 Subject: [PATCH 318/357] new forkserver check --- src/afl-forkserver.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 3f9bfa728d..c3c115a167 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1017,6 +1017,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (rlen == 4) { + if (memcmp((char*)status, "AFL", 3) == 0) { + + FATAL("Target uses the new forkserver model, you need to switch to a newer afl-fuzz too!"); + + } + if (!be_quiet) { OKF("All right - fork server is up."); } if (getenv("AFL_DEBUG")) { From d5b6c0f773178eb8890d0e7004c3c6d4931687fa Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 30 Jan 2024 11:01:49 +0100 Subject: [PATCH 319/357] fix --- src/afl-forkserver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index c3c115a167..214b4fe994 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1017,7 +1017,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (rlen == 4) { - if (memcmp((char*)status, "AFL", 3) == 0) { + if (status >= 0x41464c00 && status <= 0x41464cff) { FATAL("Target uses the new forkserver model, you need to switch to a newer afl-fuzz too!"); From 9604fe922ede9282a06a89b8d18d4de267aebd54 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 30 Jan 2024 15:06:34 +0100 Subject: [PATCH 320/357] nyx test for CI --- src/afl-fuzz-init.c | 6 ++++ src/afl-fuzz.c | 9 ++++++ test/test-all.sh | 2 ++ test/test-nyx-mode.sh | 69 +++++++++++++++++++++++++++++++++++++++++++ test/test-pre.sh | 2 +- 5 files changed, 87 insertions(+), 1 deletion(-) create mode 100755 test/test-nyx-mode.sh diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 3593291353..8ab44a3b56 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -124,6 +124,9 @@ void bind_to_free_cpu(afl_state_t *afl) { } WARNF("Not binding to a CPU core (AFL_NO_AFFINITY set)."); + #ifdef __linux__ + if (afl->fsrv.nyx_mode) { afl->fsrv.nyx_bind_cpu_id = 0; } + #endif return; } @@ -151,6 +154,9 @@ void bind_to_free_cpu(afl_state_t *afl) { } else { OKF("CPU binding request using -b %d successful.", afl->cpu_to_bind); + #ifdef __linux__ + if (afl->fsrv.nyx_mode) { afl->fsrv.nyx_bind_cpu_id = afl->cpu_to_bind; } + #endif } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5aec072ec0..8cf6c73583 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1915,6 +1915,15 @@ int main(int argc, char **argv_orig, char **envp) { bind_to_free_cpu(afl); #endif /* HAVE_AFFINITY */ + #ifdef __linux__ + if (afl->fsrv.nyx_mode && afl->fsrv.nyx_bind_cpu_id == 0xFFFFFFFF) { + + afl->fsrv.nyx_bind_cpu_id = 0; + + } + + #endif + #ifdef __HAIKU__ /* Prioritizes performance over power saving */ set_scheduler_mode(SCHEDULER_MODE_LOW_LATENCY); diff --git a/test/test-all.sh b/test/test-all.sh index 3cb692caf2..65cfb812a7 100755 --- a/test/test-all.sh +++ b/test/test-all.sh @@ -16,6 +16,8 @@ . ./test-frida-mode.sh +. ./test-nyx-mode.sh + . ./test-unicorn-mode.sh . ./test-custom-mutators.sh diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh new file mode 100755 index 0000000000..913a6d07c1 --- /dev/null +++ b/test/test-nyx-mode.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +. ./test-pre.sh + +$ECHO "$BLUE[*] Testing: nyx_mode" + +test -e ../libnyx.so && { + ../afl-cc -o test-instr ../test-instr.c >/dev/null 2>&1 + test -e test-instr && { + { + rm -rf nyx-test in out + $ECHO "$GREY[*] running nyx_packer" + python3 ../nyx_mode/packer/packer/nyx_packer.py \ + ./test-instr \ + nyx-test \ + afl \ + instrumentation \ + --fast_reload_mode \ + --purge > /dev/null 2>&1 + + test -e nyx-test/test-instr && { + + $ECHO "$GREY[*] running nyx_config_gen" + python3 ../nyx_mode/packer/packer/nyx_config_gen.py nyx-test Kernel > /dev/null 2>&1 + + test -e nyx-test/config.ron && { + sudo modprobe -r kvm-intel + sudo modprobe -r kvm + sudo modprobe kvm enable_vmware_backdoor=y + sudo modprobe kvm-intel + #cat /sys/module/kvm/parameters/enable_vmware_backdoor + + mkdir -p in + echo 00000 > in/in + $ECHO "$GREY[*] running afl-fuzz for nyx_mode, this will take approx 10 seconds" + { + AFL_DEBUG=1 ../afl-fuzz -i in -o out -V05 -X -- ./nyx-test >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with nyx_mode" + RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` + rm -rf errors nyx-test test-instr in out + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with nyx_mode" + CODE=1 + } + } || { + $ECHO "$RED[!] nyx_packer failed, likely install requirements not met." + CODE=1 + } + } || { + $ECHO "$RED[!] nyx_packer failed, likely install requirements not met." + CODE=1 + } + #rm -rf test-instr in out errors nyx-test + } + } || { + $ECHO "$RED[!] afl-cc compilation of test targets failed - what is going on??" + CODE=1 + } +} || { + $ECHO "$YELLOW[-] nyx_mode is not compiled, cannot test" + INCOMPLETE=1 +} + +. ./test-post.sh diff --git a/test/test-pre.sh b/test/test-pre.sh index 1ca9dfb57e..ce99641590 100755 --- a/test/test-pre.sh +++ b/test/test-pre.sh @@ -20,7 +20,7 @@ echo foobar | grep -qE 'asd|oob' 2>/dev/null || { echo Error: grep command does test -e ./test-all.sh || cd $(dirname $0) || exit 1 test -e ./test-all.sh || { echo Error: you must be in the test/ directory ; exit 1 ; } export AFL_PATH=`pwd`/.. -export AFL_NO_AFFINITY=1 # workaround for travis that fails for no avail cores +export AFL_TRY_AFFINITY=1 # workaround for travis that fails for no avail cores echo 1 > test.1 echo 1 > test.2 From 75af391408086ee0f1cd892dadb6df2fb16d05c3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 30 Jan 2024 15:14:02 +0100 Subject: [PATCH 321/357] improve nyx docs --- nyx_mode/README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/nyx_mode/README.md b/nyx_mode/README.md index aee9879ed4..7a2a8e6cdb 100644 --- a/nyx_mode/README.md +++ b/nyx_mode/README.md @@ -84,9 +84,17 @@ Then the final step: we generate the Nyx package configuration: python3 nyx_mode/packer/packer/nyx_config_gen.py PACKAGE-DIRECTORY Kernel ``` - ## Fuzzing with Nyx mode +Note that you need to load the kvm kernel modules for Nyx: +``` +sudo modprobe -r kvm-intel +sudo modprobe -r kvm +sudo modprobe kvm enable_vmware_backdoor=y +sudo modprobe kvm-intel +cat /sys/module/kvm/parameters/enable_vmware_backdoor | grep -q Y && echi OK || echo KVM module problem +``` + All the hard parts are done, fuzzing with Nyx mode is easy - just supply the `PACKAGE-DIRECTORY` as fuzzing target and specify the `-X` option to afl-fuzz: @@ -94,16 +102,8 @@ All the hard parts are done, fuzzing with Nyx mode is easy - just supply the afl-fuzz -i in -o out -X -- ./PACKAGE-DIRECTORY ``` -Most likely your first run will fail because the Linux modules have to be -specially set up, but afl-fuzz will tell you this on startup and how to rectify -the situation: - -``` -sudo modprobe -r kvm-intel # or kvm-amd for AMD processors -sudo modprobe -r kvm -sudo modprobe kvm enable_vmware_backdoor=y -sudo modprobe kvm-intel # or kvm-amd for AMD processors -``` +If you get a forkserver error upon starting then you did not load the Linux +kvm kernel modules, see above. If you want to fuzz in parallel (and you should!), then this has to be done in a special way: From 644e0694509d4019e6f5075c4b900d412f29df32 Mon Sep 17 00:00:00 2001 From: "Christian Holler (:decoder)" Date: Tue, 30 Jan 2024 15:30:18 +0100 Subject: [PATCH 322/357] Fixes to afl-cc and documentation (#1974) * Always compile with -ldl when building for CODE_COVERAGE When building with CODE_COVERAGE, the afl runtime contains code that calls `dladdr` which requires -ldl. Under most circumstances, clang already adds this (e.g. when building with pc-table), but there are some circumstances where it isn't added automatically. * Add visibility declaration to __afl_connected When building with hidden visibility, the use of __AFL_LOOP inside such code can cause linker errors due to __afl_connected being declared "hidden". * Update docs to clarify that CODE_COVERAGE=1 is required for dynamic_covfilter --- GNUmakefile | 4 ++++ src/afl-cc.c | 7 ++++++- utils/dynamic_covfilter/README.md | 7 ++++++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index b67f9c1595..be5b81462b 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -66,6 +66,10 @@ ifdef MSAN_BUILD override LDFLAGS += -fsanitize=memory endif +ifdef CODE_COVERAGE + override CFLAGS += -D__AFL_CODE_COVERAGE=1 +endif + ifeq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" "" ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=full -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" CFLAGS_FLTO ?= -flto=full diff --git a/src/afl-cc.c b/src/afl-cc.c index 7348718880..d11419b028 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1521,7 +1521,7 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { "({ static volatile const char *_B __attribute__((used,unused)); " " _B = (const char*)\"" PERSIST_SIG "\"; " - "extern int __afl_connected;" + "extern __attribute__((visibility(\"default\"))) int __afl_connected;" #ifdef __APPLE__ "__attribute__((visibility(\"default\"))) " "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " @@ -2311,6 +2311,11 @@ void add_runtime(aflcc_state_t *aflcc) { } + #if __AFL_CODE_COVERAGE + // Required for dladdr used in afl-compiler-rt.o + insert_param(aflcc, "-ldl"); + #endif + #if !defined(__APPLE__) && !defined(__sun) if (!aflcc->shared_linking && !aflcc->partial_linking) insert_object(aflcc, "dynamic_list.txt", "-Wl,--dynamic-list=%s", 0); diff --git a/utils/dynamic_covfilter/README.md b/utils/dynamic_covfilter/README.md index a64836f1d5..381e085521 100644 --- a/utils/dynamic_covfilter/README.md +++ b/utils/dynamic_covfilter/README.md @@ -7,7 +7,12 @@ where doing this dynamically without requiring a new build can be beneficial. Especially when dealing with larger builds, it is much more convenient to select the target code locations at runtime instead of doing so at build time. -There are two ways of doing this in AFL++: +There are two ways of doing this in AFL++. Both approaches require a build of +AFL++ with `CODE_COVERAGE=1`, so make sure to build AFL++ first by invoking + +`CODE_COVERAGE=1 make` + +Once you have built AFL++, you can choose out of two approaches: ## Simple Selection with `AFL_PC_FILTER` From 0d164e4c1811c4d05f940f78e90fc56b661fb3b4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 30 Jan 2024 15:32:10 +0100 Subject: [PATCH 323/357] nits --- nyx_mode/update_ref.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nyx_mode/update_ref.sh b/nyx_mode/update_ref.sh index 898a803fc1..146a12559b 100755 --- a/nyx_mode/update_ref.sh +++ b/nyx_mode/update_ref.sh @@ -41,7 +41,7 @@ cd .. rm "$UC_VERSION_FILE" echo "$NEW_VERSION" > "$UC_VERSION_FILE" -echo "Done. New XXX version is $NEW_VERSION." +echo "Done. New libnyx version is $NEW_VERSION." UC_VERSION_FILE='./PACKER_VERSION' @@ -68,7 +68,7 @@ cd .. rm "$UC_VERSION_FILE" echo "$NEW_VERSION" > "$UC_VERSION_FILE" -echo "Done. New XXX version is $NEW_VERSION." +echo "Done. New packer version is $NEW_VERSION." UC_VERSION_FILE='./QEMU_NYX_VERSION' @@ -95,5 +95,5 @@ cd .. rm "$UC_VERSION_FILE" echo "$NEW_VERSION" > "$UC_VERSION_FILE" -echo "Done. New XXX version is $NEW_VERSION." +echo "Done. New QEMU-Nyx version is $NEW_VERSION." From ccad11f7eb04e8c0de76fec6fd4b6eab1e940319 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 31 Jan 2024 14:03:25 +0100 Subject: [PATCH 324/357] nyx build script updates --- docs/Changelog.md | 6 ++-- nyx_mode/build_nyx_support.sh | 57 +++++++++++++++++++++++++++++------ 2 files changed, 51 insertions(+), 12 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 38dbba8271..720a0689d7 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,7 +15,7 @@ - workaround for ASAN with gcc_plugin mode - instrumentation: - LLVM 18 support, thanks to @devnexen! - - Injection (SQL, LDAP, XSS) feature now available, see + - Injection (SQL, LDAP, XSS) fuzzing feature now available, see `instrumentation/README.injections.md` how to activate/use/expand. - compcov/LAF-intel: - floating point splitting bug fix by @hexcoder @@ -28,9 +28,9 @@ - plugins are now activated by default and a new module is included that produces drcov compatible traces for lighthouse/lightkeeper/... thanks to @JRomainG to submitting! - - updated Nyx checkout (fixes a bug) + - updated Nyx checkout (fixes a bug) and some QOL - updated the custom grammar mutator - - document afl-cmin does not work on macOS + - document afl-cmin does not work on macOS (but afl-cmin.bash does) ### Version ++4.09c (release) diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index 581a8292b1..454d1e7b0f 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -28,6 +28,7 @@ echo "[*] Making sure all Nyx is checked out" if git status 1>/dev/null 2>&1; then + set +e git submodule init echo "[*] initializing QEMU-Nyx submodule" git submodule update ./QEMU-Nyx 2>/dev/null # ignore errors @@ -35,6 +36,7 @@ if git status 1>/dev/null 2>&1; then git submodule update ./packer 2>/dev/null # ignore errors echo "[*] initializing libnyx submodule" git submodule update ./libnyx 2>/dev/null # ignore errors + set -e else @@ -48,20 +50,57 @@ test -e packer/.git || { echo "[-] packer not checked out, please install git or test -e libnyx/.git || { echo "[-] libnyx not checked out, please install git or check your internet connection." ; exit 1 ; } test -e QEMU-Nyx/.git || { echo "[-] QEMU-Nyx not checked out, please install git or check your internet connection." ; exit 1 ; } -echo "[*] checking packer init.cpio.gz ..." -if [ ! -f "packer/linux_initramfs/init.cpio.gz" ]; then - (cd packer/linux_initramfs/ && sh pack.sh) + +QEMU_NYX_VERSION="$(cat ./QEMU_NYX_VERSION)" +cd "./QEMU-Nyx" || exit 1 +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $QEMU_NYX_VERSION" +else + echo "[*] Checking out $QEMU_NYX_VERSION" + set +e + sh -c 'git stash' 1>/dev/null 2>/dev/null + git pull 1>/dev/null 2>/dev/null + git checkout "$QEMU_NYX_VERSION" || echo Warning: could not check out to commit $QEMU_NYX_VERSION + set -e fi +cd - > /dev/null -echo "[*] Checking libnyx ..." -if [ ! -f "libnyx/libnyx/target/release/liblibnyx.a" ]; then - (cd libnyx/libnyx && cargo build --release) +PACKER_VERSION="$(cat ./PACKER_VERSION)" +cd "./packer" || exit 1 +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $PACKER_VERSION" +else + echo "[*] Checking out $PACKER_VERSION" + set +e + sh -c 'git stash' 1>/dev/null 2>/dev/null + git pull 1>/dev/null 2>/dev/null + git checkout "$PACKER_VERSION" || echo Warning: could not check out to commit $PACKER_VERSION + set -e fi +cd - > /dev/null -echo "[*] Checking QEMU-Nyx ..." -if [ ! -f "QEMU-Nyx/x86_64-softmmu/qemu-system-x86_64" ]; then - (cd QEMU-Nyx && ./compile_qemu_nyx.sh static) +LIBNYX_VERSION="$(cat ./LIBNYX_VERSION)" +cd "./libnyx/" || exit 1 +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $LIBNYX_VERSION" +else + echo "[*] Checking out $LIBNYX_VERSION" + set +e + sh -c 'git stash' 1>/dev/null 2>/dev/null + git pull 1>/dev/null 2>/dev/null + git checkout "$LIBNYX_VERSION" || echo Warning: could not check out to commit $LIBNYX_VERSION + set -e fi +cd - > /dev/null + +echo "[*] checking packer init.cpio.gz ..." +(cd packer/linux_initramfs/ && sh pack.sh) + +echo "[*] Checking libnyx ..." +(cd libnyx/libnyx && cargo build --release) + +echo "[*] Checking QEMU-Nyx ..." +(cd QEMU-Nyx && ./compile_qemu_nyx.sh static ) echo "[*] Checking libnyx.so ..." cp libnyx/libnyx/target/release/liblibnyx.so ../libnyx.so From da5d3d63e20d7c522db06d7f8439ad3e386e2006 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 31 Jan 2024 17:00:04 +0100 Subject: [PATCH 325/357] test error output --- test/test-nyx-mode.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 913a6d07c1..1d97045b1b 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -5,7 +5,7 @@ $ECHO "$BLUE[*] Testing: nyx_mode" test -e ../libnyx.so && { - ../afl-cc -o test-instr ../test-instr.c >/dev/null 2>&1 + ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 test -e test-instr && { { rm -rf nyx-test in out @@ -58,6 +58,9 @@ test -e ../libnyx.so && { #rm -rf test-instr in out errors nyx-test } } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-cc compilation of test targets failed - what is going on??" CODE=1 } From 3768933c92cd03e7810c856cf3c89e2d589b29dd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 31 Jan 2024 17:43:37 +0100 Subject: [PATCH 326/357] debug ci --- test/test-nyx-mode.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 1d97045b1b..bfb2e8b718 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -42,6 +42,9 @@ test -e ../libnyx.so && { rm -rf errors nyx-test test-instr in out } || { echo CUT------------------------------------------------------------------CUT + afl-cc + afl-cc -v + clang -v cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with nyx_mode" From 970e0b14ce16c04a25ae90be81a933d943a04410 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 08:13:52 +0100 Subject: [PATCH 327/357] debug ci --- test/test-nyx-mode.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index bfb2e8b718..9582982836 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -42,9 +42,8 @@ test -e ../libnyx.so && { rm -rf errors nyx-test test-instr in out } || { echo CUT------------------------------------------------------------------CUT - afl-cc - afl-cc -v - clang -v + ../afl-cc + ../afl-cc -v cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with nyx_mode" From 643df2b538b06561d5a6d6ae441322167d33f834 Mon Sep 17 00:00:00 2001 From: Sonic <50692172+SonicStark@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:17:48 +0800 Subject: [PATCH 328/357] Improve afl-cc (#1975) * update response file support - full support of rsp file - fix some segv issues * Improve afl-cc - remove dead code about allow/denylist options of sancov - missing `if (!aflcc->have_msan)` - add docs for each function - typo --- src/afl-cc.c | 488 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 368 insertions(+), 120 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index d11419b028..c300ddfc98 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -51,7 +51,7 @@ #define MAX_PARAMS_NUM 2048 #endif -/* Global declarations */ +/** Global declarations -----BEGIN----- **/ typedef enum { @@ -187,12 +187,11 @@ typedef struct aflcc_state { void aflcc_state_init(aflcc_state_t *, u8 *argv0); -/* Try to find a specific runtime we need, the path to obj would be - allocated and returned. Otherwise it returns NULL on fail. */ u8 *find_object(aflcc_state_t *, u8 *obj); void find_built_deps(aflcc_state_t *); +/* Insert param into the new argv, raise error if MAX_PARAMS_NUM exceeded. */ static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { if (unlikely(aflcc->cc_par_cnt + 1 >= MAX_PARAMS_NUM)) @@ -202,6 +201,13 @@ static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { } +/* + Insert a param which contains path to the object file. It uses find_object to + get the path based on the name `obj`, and then uses a sprintf like method to + format it with `fmt`. If `fmt` is NULL, the inserted arg is same as the path. + If `msg` provided, it should be an error msg raised if the path can't be + found. `obj` must not be NULL. +*/ static inline void insert_object(aflcc_state_t *aflcc, u8 *obj, u8 *fmt, u8 *msg) { @@ -231,6 +237,7 @@ static inline void insert_object(aflcc_state_t *aflcc, u8 *obj, u8 *fmt, } +/* Insert params into the new argv, make clang load the pass. */ static inline void load_llvm_pass(aflcc_state_t *aflcc, u8 *pass) { #if LLVM_MAJOR >= 11 /* use new pass manager */ @@ -291,8 +298,12 @@ void add_lto_linker(aflcc_state_t *); void add_lto_passes(aflcc_state_t *); void add_runtime(aflcc_state_t *); -/* Working state */ +/** Global declarations -----END----- **/ +/* + Init global state struct. We also extract the callname, + check debug options and if in C++ mode here. +*/ void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { // Default NULL/0 is a good start @@ -352,7 +363,7 @@ void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { } /* - in find_object() we look here: + Try to find a specific runtime we need, in here: 1. firstly we check the $AFL_PATH environment variable location if set 2. next we check argv[0] if it has path information and use it @@ -366,7 +377,6 @@ void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { if all these attempts fail - we return NULL and the caller has to decide what to do. Otherwise the path to obj would be allocated and returned. */ - u8 *find_object(aflcc_state_t *aflcc, u8 *obj) { u8 *argv0 = aflcc->argv0; @@ -499,6 +509,10 @@ u8 *find_object(aflcc_state_t *aflcc, u8 *obj) { } +/* + Deduce some info about compiler toolchains in current system, + from the building results of AFL++ +*/ void find_built_deps(aflcc_state_t *aflcc) { char *ptr = NULL; @@ -571,8 +585,9 @@ void find_built_deps(aflcc_state_t *aflcc) { } -/* compiler_mode & instrument_mode selecting */ +/** compiler_mode & instrument_mode selecting -----BEGIN----- **/ +/* Select compiler_mode by callname, such as "afl-clang-fast", etc. */ void compiler_mode_by_callname(aflcc_state_t *aflcc) { if (strncmp(aflcc->callname, "afl-clang-fast", 14) == 0) { @@ -626,6 +641,10 @@ void compiler_mode_by_callname(aflcc_state_t *aflcc) { } +/* + Select compiler_mode by env AFL_CC_COMPILER. And passthrough mode can be + regarded as a special compiler_mode, so we check for it here, too. +*/ void compiler_mode_by_environ(aflcc_state_t *aflcc) { if (getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) { @@ -682,7 +701,13 @@ void compiler_mode_by_environ(aflcc_state_t *aflcc) { } -// If it can be inferred, instrument_mode would also be set +/* + Select compiler_mode by command line options --afl-... + If it can be inferred, instrument_mode would also be set. + This can supersedes previous result based on callname + or AFL_CC_COMPILER. And "--afl_noopt"/"--afl-noopt" will + be overwritten by "-g". +*/ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { char *ptr = NULL; @@ -775,6 +800,12 @@ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { } +/* + Select instrument_mode by those envs in old style: + - USE_TRACE_PC, AFL_USE_TRACE_PC, AFL_LLVM_USE_TRACE_PC, AFL_TRACE_PC + - AFL_LLVM_CALLER, AFL_LLVM_CTX, AFL_LLVM_CTX_K + - AFL_LLVM_NGRAM_SIZE +*/ static void instrument_mode_old_environ(aflcc_state_t *aflcc) { if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || @@ -834,7 +865,11 @@ static void instrument_mode_old_environ(aflcc_state_t *aflcc) { } -// compiler_mode would also be set if depended by the instrument_mode +/* + Select instrument_mode by env 'AFL_LLVM_INSTRUMENT'. + Previous compiler_mode will be superseded, if required by some + values of instrument_mode. +*/ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { if (!getenv("AFL_LLVM_INSTRUMENT")) { return; } @@ -1058,6 +1093,11 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } +/* + Select instrument_mode by envs, the top wrapper. We check + have_instr_env firstly, then call instrument_mode_old_environ + and instrument_mode_new_environ sequentially. +*/ void instrument_mode_by_environ(aflcc_state_t *aflcc) { if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST") || @@ -1081,6 +1121,10 @@ void instrument_mode_by_environ(aflcc_state_t *aflcc) { } +/* + Workaround to ensure CALLER, CTX, K-CTX and NGRAM + instrumentation were used correctly. +*/ static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) { if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && @@ -1116,6 +1160,11 @@ static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) { } +/* + Last step of compiler_mode & instrument_mode selecting. + We have a few of workarounds here, to check any corner cases, + prepare for a series of fallbacks, and raise warnings or errors. +*/ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { if (aflcc->instrument_opt_mode && @@ -1320,6 +1369,10 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { } +/* + Print welcome message on screen, giving brief notes about + compiler_mode and instrument_mode. +*/ void mode_notification(aflcc_state_t *aflcc) { char *ptr2 = alloc_printf(" + NGRAM-%u", aflcc->ngram_size); @@ -1358,6 +1411,17 @@ void mode_notification(aflcc_state_t *aflcc) { } +/* + Set argv[0] required by execvp. It can be + - specified by env AFL_CXX + - g++ or clang++ + - CLANGPP_BIN or LLVM_BINDIR/clang++ + when in C++ mode, or + - specified by env AFL_CC + - gcc or clang + - CLANG_BIN or LLVM_BINDIR/clang + otherwise. +*/ void add_real_argv0(aflcc_state_t *aflcc) { static u8 llvm_fullpath[PATH_MAX]; @@ -1424,7 +1488,9 @@ void add_real_argv0(aflcc_state_t *aflcc) { } -/* Macro defs for the preprocessor */ +/** compiler_mode & instrument_mode selecting -----END----- **/ + +/** Macro defs for the preprocessor -----BEGIN----- **/ void add_defs_common(aflcc_state_t *aflcc) { @@ -1433,8 +1499,11 @@ void add_defs_common(aflcc_state_t *aflcc) { } -/* See instrumentation/README.instrument_list.md# - 2-selective-instrumentation-with-_afl_coverage-directives */ +/* + __afl_coverage macro defs. See + instrumentation/README.instrument_list.md# + 2-selective-instrumentation-with-_afl_coverage-directives +*/ void add_defs_selective_instr(aflcc_state_t *aflcc) { if (aflcc->plusplus_mode) { @@ -1468,9 +1537,11 @@ void add_defs_selective_instr(aflcc_state_t *aflcc) { } -/* As documented in instrumentation/README.persistent_mode.md, deferred - forkserver initialization and persistent mode are not available in afl-gcc - and afl-clang. */ +/* + Macro defs for persistent mode. As documented in + instrumentation/README.persistent_mode.md, deferred forkserver initialization + and persistent mode are not available in afl-gcc and afl-clang. +*/ void add_defs_persistent_mode(aflcc_state_t *aflcc) { if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) return; @@ -1549,7 +1620,11 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { } -/* Control _FORTIFY_SOURCE */ +/* + Control macro def of _FORTIFY_SOURCE. It will do nothing + if we detect this routine has been called previously, or + the macro already here in these existing args. +*/ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { if (aflcc->have_fortify) { return; } @@ -1574,6 +1649,7 @@ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { } +/* Macro defs of __AFL_LEAK_CHECK, __AFL_LSAN_ON and __AFL_LSAN_OFF */ void add_defs_lsan_ctrl(aflcc_state_t *aflcc) { insert_param(aflcc, "-includesanitizer/lsan_interface.h"); @@ -1586,7 +1662,9 @@ void add_defs_lsan_ctrl(aflcc_state_t *aflcc) { } -/* About fsanitize (including PCGUARD features) */ +/** Macro defs for the preprocessor -----END----- **/ + +/** About -fsanitize -----BEGIN----- **/ /* For input "-fsanitize=...", it: @@ -1665,6 +1743,16 @@ static u8 fsanitize_fuzzer_comma(char *string) { } +/* + Parse and process possible -fsanitize related args, return PARAM_MISS + if nothing matched. We have 3 main tasks here for these args: + - Check which one of those sanitizers present here. + - Check if libfuzzer present. We need to block the request of enable + libfuzzer, and link harness with our libAFLDriver.a later. + - Check if SanCov allow/denylist options present. We need to try switching + to LLVMNATIVE instead of using our optimized PCGUARD anyway. If we + can't make it finally for various reasons, just drop these options. +*/ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; @@ -1706,22 +1794,8 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { #undef HAVE_SANITIZER_SCAN_KEEP - if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && - strstr(cur_argv, "list=")) { - - if (scan) { - - aflcc->have_instr_list = 1; - final_ = PARAM_SCAN; - - } else { - - final_ = PARAM_KEEP; - - } - - } - + // We can't use a "else if" there, because some of the following + // matching rules overlap with those in the if-statement above. if (!strcmp(cur_argv, "-fsanitize=fuzzer")) { if (scan) { @@ -1761,25 +1835,27 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } - } else if ((!strncmp(cur_argv, "-fsanitize=fuzzer-", + } else if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && - strlen("-fsanitize=fuzzer-")) || - !strncmp(cur_argv, "-fsanitize-coverage", - strlen("-fsanitize-coverage"))) && - (strncmp(cur_argv, "sanitize-coverage-allow", - strlen("sanitize-coverage-allow")) && - strncmp(cur_argv, "sanitize-coverage-deny", - strlen("sanitize-coverage-deny")) && - aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE)) { + strstr(cur_argv, "list=")) { if (scan) { + aflcc->have_instr_list = 1; final_ = PARAM_SCAN; } else { - if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } - final_ = PARAM_DROP; + if (aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE) { + + if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } + final_ = PARAM_DROP; + + } else { + + final_ = PARAM_KEEP; + + } } @@ -1791,6 +1867,16 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } +/* + Add params for sanitizers. Here we need to consider: + - Use static runtime for asan, as much as possible. + - ASAN, MSAN, AFL_HARDEN are mutually exclusive. + - Add options if not found there, on request of AFL_USE_ASAN, AFL_USE_MSAN, + etc. + - Update have_* so that functions called after this can have correct context. + However this also means any functions called before should NOT depend on + these have_*, otherwise they may not work as expected. +*/ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { if (getenv("AFL_USE_ASAN") || aflcc->have_asan) { @@ -1820,7 +1906,7 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { FATAL("MSAN and AFL_HARDEN are mutually exclusive"); add_defs_fortify(aflcc, 0); - insert_param(aflcc, "-fsanitize=memory"); + if (!aflcc->have_msan) { insert_param(aflcc, "-fsanitize=memory"); } aflcc->have_msan = 1; } @@ -1907,6 +1993,7 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { } +/* Add params to enable LLVM SanCov, the native PCGUARD */ void add_native_pcguard(aflcc_state_t *aflcc) { /* If there is a rust ASan runtime on the command line, it is likely we're @@ -1943,6 +2030,11 @@ void add_native_pcguard(aflcc_state_t *aflcc) { } +/* + Add params to launch our optimized PCGUARD on request. + It will fallback to use the native PCGUARD in some cases. If so, plz + bear in mind that instrument_mode will be set to INSTRUMENT_LLVMNATIVE. +*/ void add_optimized_pcguard(aflcc_state_t *aflcc) { #if LLVM_MAJOR >= 13 @@ -1959,7 +2051,7 @@ void add_optimized_pcguard(aflcc_state_t *aflcc) { SAYF( "Using unoptimized trace-pc-guard, due usage of " "-fsanitize-coverage-allow/denylist, you can use " - "AFL_LLVM_ALLOWLIST/AFL_LLMV_DENYLIST instead.\n"); + "AFL_LLVM_ALLOWLIST/AFL_LLVM_DENYLIST instead.\n"); insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; @@ -1994,8 +2086,14 @@ void add_optimized_pcguard(aflcc_state_t *aflcc) { } -/* Linking behaviors */ +/** About -fsanitize -----END----- **/ +/** Linking behaviors -----BEGIN----- **/ + +/* + Parse and process possible linking stage related args, + return PARAM_MISS if nothing matched. +*/ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, u8 *skip_next, char **argv) { @@ -2158,6 +2256,7 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, } +/* Add params to specify the linker used in LTO */ void add_lto_linker(aflcc_state_t *aflcc) { unsetenv("AFL_LD"); @@ -2197,6 +2296,7 @@ void add_lto_linker(aflcc_state_t *aflcc) { } +/* Add params to launch SanitizerCoverageLTO.so when linking */ void add_lto_passes(aflcc_state_t *aflcc) { #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15 @@ -2215,6 +2315,7 @@ void add_lto_passes(aflcc_state_t *aflcc) { } +/* Add params to link with libAFLDriver.a on request */ static void add_aflpplib(aflcc_state_t *aflcc) { if (!aflcc->need_aflpplib) return; @@ -2250,6 +2351,7 @@ static void add_aflpplib(aflcc_state_t *aflcc) { } +/* Add params to link with runtimes depended by our instrumentation */ void add_runtime(aflcc_state_t *aflcc) { if (aflcc->preprocessor_only || aflcc->have_c || !aflcc->non_dash) { @@ -2345,8 +2447,14 @@ void add_runtime(aflcc_state_t *aflcc) { } -/* Misc */ +/** Linking behaviors -----END----- **/ + +/** Miscellaneous routines -----BEGIN----- **/ +/* + Add params to make compiler driver use our afl-as + as assembler, required by the vanilla instrumentation. +*/ void add_assembler(aflcc_state_t *aflcc) { u8 *afl_as = find_object(aflcc, "as"); @@ -2363,6 +2471,7 @@ void add_assembler(aflcc_state_t *aflcc) { } +/* Add params to launch the gcc plugins for instrumentation. */ void add_gcc_plugin(aflcc_state_t *aflcc) { if (aflcc->cmplog_mode) { @@ -2379,6 +2488,7 @@ void add_gcc_plugin(aflcc_state_t *aflcc) { } +/* Add some miscellaneous params required by our instrumentation. */ void add_misc_params(aflcc_state_t *aflcc) { if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || @@ -2425,6 +2535,10 @@ void add_misc_params(aflcc_state_t *aflcc) { } +/* + Parse and process a variety of args under our matching rules, + return PARAM_MISS if nothing matched. +*/ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; @@ -2575,6 +2689,9 @@ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } +/** Miscellaneous routines -----END----- **/ + +/* Print help message on request */ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { @@ -2870,6 +2987,24 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { } +/* + Process params passed to afl-cc. + + We have two working modes, *scan* and *non-scan*. In scan mode, + the main task is to set some variables in aflcc according to current argv[i], + while in non-scan mode, is to choose keep or drop current argv[i]. + + We have several matching routines being called sequentially in the while-loop, + and each of them try to parse and match current argv[i] according to their own + rules. If one miss match, the next will then take over. In non-scan mode, each + argv[i] mis-matched by all the routines will be kept. + + These routines are: + 1. parse_misc_params + 2. parse_fsanitize + 3. parse_linking_params + 4. `if (*cur == '@') {...}`, i.e., parse response files +*/ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, char **argv) { @@ -2896,134 +3031,249 @@ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, if (PARAM_MISS != parse_linking_params(aflcc, cur, scan, &skip_next, argv)) continue; + /* Response file support -----BEGIN----- + We have two choices - move everything to the command line or + rewrite the response files to temporary files and delete them + afterwards. We choose the first for easiness. + For clang, llvm::cl::ExpandResponseFiles does this, however it + only has C++ interface. And for gcc there is expandargv in libiberty, + written in C, but we can't simply copy-paste since its LGPL licensed. + So here we use an equivalent FSM as alternative, and try to be compatible + with the two above. See: + - https://gcc.gnu.org/onlinedocs/gcc/Overall-Options.html + - driver::expand_at_files in gcc.git/gcc/gcc.c + - expandargv in gcc.git/libiberty/argv.c + - llvm-project.git/clang/tools/driver/driver.cpp + - ExpandResponseFiles in + llvm-project.git/llvm/lib/Support/CommandLine.cpp + */ if (*cur == '@') { - // response file support. - // we have two choices - move everything to the command line or - // rewrite the response files to temporary files and delete them - // afterwards. We choose the first for easiness. - // We do *not* support quotes in the rsp files to cope with spaces in - // filenames etc! If you need that then send a patch! u8 *filename = cur + 1; if (aflcc->debug) { DEBUGF("response file=%s\n", filename); } - FILE *f = fopen(filename, "r"); - struct stat st; // Check not found or empty? let the compiler complain if so. - if (!f || fstat(fileno(f), &st) < 0 || st.st_size < 1) { + FILE *f = fopen(filename, "r"); + if (!f) { if (!scan) insert_param(aflcc, cur); continue; } - u8 *tmpbuf = malloc(st.st_size + 2), *ptr; - char **args = malloc(sizeof(char *) * (st.st_size >> 1)); - int count = 1, cont = 0, cont_act = 0; + struct stat st; + if (fstat(fileno(f), &st) || !S_ISREG(st.st_mode) || st.st_size < 1) { - while (fgets(tmpbuf, st.st_size + 1, f)) { + fclose(f); + if (!scan) insert_param(aflcc, cur); + continue; - ptr = tmpbuf; - // fprintf(stderr, "1: %s\n", ptr); - // no leading whitespace - while (isspace(*ptr)) { + } - ++ptr; - cont_act = 0; + // Limit the number of response files, the max value + // just keep consistent with expandargv. Only do this in + // scan mode, and not touch rsp_count anymore in the next. + static u32 rsp_count = 2000; + if (scan) { - } + if (rsp_count == 0) FATAL("Too many response files provided!"); - // no comments, no empty lines - if (*ptr == '#' || *ptr == '\n' || !*ptr) { continue; } - // remove LF - if (ptr[strlen(ptr) - 1] == '\n') { ptr[strlen(ptr) - 1] = 0; } - // remove CR - if (*ptr && ptr[strlen(ptr) - 1] == '\r') { ptr[strlen(ptr) - 1] = 0; } - // handle \ at end of line - if (*ptr && ptr[strlen(ptr) - 1] == '\\') { + --rsp_count; - cont = 1; - ptr[strlen(ptr) - 1] = 0; + } - } + // argc, argv acquired from this rsp file. Note that + // process_params ignores argv[0], we need to put a const "" here. + u32 argc_read = 1; + char **argv_read = ck_alloc(sizeof(char *)); + argv_read[0] = ""; + + char *arg_buf = NULL; + u64 arg_len = 0; + + enum fsm_state { + + fsm_whitespace, // whitespace seen so far + fsm_double_quote, // have unpaired double quote + fsm_single_quote, // have unpaired single quote + fsm_backslash, // a backslash is seen with no unpaired quote + fsm_normal // a normal char is seen + + }; + + // Workaround to append c to arg buffer, and append the buffer to argv +#define ARG_ALLOC(c) \ + do { \ + \ + ++arg_len; \ + arg_buf = ck_realloc(arg_buf, (arg_len + 1) * sizeof(char)); \ + arg_buf[arg_len] = '\0'; \ + arg_buf[arg_len - 1] = (char)c; \ + \ + } while (0) + +#define ARG_STORE() \ + do { \ + \ + ++argc_read; \ + argv_read = ck_realloc(argv_read, argc_read * sizeof(char *)); \ + argv_read[argc_read - 1] = arg_buf; \ + arg_buf = NULL; \ + arg_len = 0; \ + \ + } while (0) - // fprintf(stderr, "2: %s\n", ptr); + int cur_chr = (int)' '; // init as whitespace, as a good start :) + enum fsm_state state_ = fsm_whitespace; - // remove whitespace at end - while (*ptr && isspace(ptr[strlen(ptr) - 1])) { + while (cur_chr != EOF) { - ptr[strlen(ptr) - 1] = 0; - cont = 0; + switch (state_) { - } + case fsm_whitespace: + + if (arg_buf) { + + ARG_STORE(); + break; + + } - // fprintf(stderr, "3: %s\n", ptr); - if (*ptr) { + if (isspace(cur_chr)) { - do { + cur_chr = fgetc(f); - u8 *value = ptr; - while (*ptr && !isspace(*ptr)) { + } else if (cur_chr == (int)'\'') { - ++ptr; + state_ = fsm_single_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'"') { + + state_ = fsm_double_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'\\') { + + state_ = fsm_backslash; + cur_chr = fgetc(f); + + } else { + + state_ = fsm_normal; } - while (*ptr && isspace(*ptr)) { + break; + + case fsm_normal: - *ptr++ = 0; + if (isspace(cur_chr)) { + + state_ = fsm_whitespace; + + } else if (cur_chr == (int)'\'') { + + state_ = fsm_single_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'\"') { + + state_ = fsm_double_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'\\') { + + state_ = fsm_backslash; + cur_chr = fgetc(f); + + } else { + + ARG_ALLOC(cur_chr); + cur_chr = fgetc(f); } - if (cont_act) { + break; + + case fsm_backslash: + + ARG_ALLOC(cur_chr); + cur_chr = fgetc(f); + state_ = fsm_normal; + + break; + + case fsm_single_quote: + + if (cur_chr == (int)'\\') { + + cur_chr = fgetc(f); + if (cur_chr == EOF) break; + ARG_ALLOC(cur_chr); + + } else if (cur_chr == (int)'\'') { - u32 len = strlen(args[count - 1]) + strlen(value) + 1; - u8 *tmp = malloc(len); - snprintf(tmp, len, "%s%s", args[count - 1], value); - free(args[count - 1]); - args[count - 1] = tmp; - cont_act = 0; + state_ = fsm_normal; } else { - args[count++] = strdup(value); + ARG_ALLOC(cur_chr); } - } while (*ptr); + cur_chr = fgetc(f); + break; - } + case fsm_double_quote: + + if (cur_chr == (int)'\\') { + + cur_chr = fgetc(f); + if (cur_chr == EOF) break; + ARG_ALLOC(cur_chr); + + } else if (cur_chr == (int)'"') { + + state_ = fsm_normal; + + } else { + + ARG_ALLOC(cur_chr); - if (cont) { + } + + cur_chr = fgetc(f); + break; - cont_act = 1; - cont = 0; + default: + break; } } - if (count) { process_params(aflcc, scan, count, args); } + if (arg_buf) { ARG_STORE(); } // save the pending arg after EOF - // we cannot free args[] unless we don't need - // to keep any reference in cc_params - if (scan) { +#undef ARG_ALLOC +#undef ARG_STORE - if (count) do { + if (argc_read > 1) { process_params(aflcc, scan, argc_read, argv_read); } - free(args[--count]); + // We cannot free argv_read[] unless we don't need to keep any + // reference in cc_params. Never free argv[0], the const "". + if (scan) { - } while (count); + while (argc_read > 1) + ck_free(argv_read[--argc_read]); - free(args); + ck_free(argv_read); } - free(tmpbuf); - continue; - } + } /* Response file support -----END----- */ if (!scan) insert_param(aflcc, cur); @@ -3031,8 +3281,7 @@ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, } -/* Copy argv to cc_params, making the necessary edits. */ - +/* Process each of the existing argv, also add a few new args. */ static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, char **envp) { @@ -3173,7 +3422,6 @@ static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, } /* Main entry point */ - int main(int argc, char **argv, char **envp) { aflcc_state_t *aflcc = malloc(sizeof(aflcc_state_t)); From c33de471208bfe62bfae63fb4c6864c79026a8c0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 08:44:45 +0100 Subject: [PATCH 329/357] enable nyx --- .github/workflows/ci.yml | 3 ++- Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fdf618b9ee..3d20956b57 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,7 +33,8 @@ jobs: - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 NO_NYX=1 + run: make distrib ASAN_BUILD=1 + # NO_NYX=1 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/Dockerfile b/Dockerfile index e1616198ff..50dcd944ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,8 @@ ENV NO_CORESIGHT=1 ENV NO_NYX=1 ### Only change these if you know what you are doing: -# LLVM 15 does not look good so we stay at 14 to still have LTO -ENV LLVM_VERSION=14 +# Current recommended LLVM version is 16 +ENV LLVM_VERSION=16 # GCC 12 is producing compile errors for some targets so we stay at GCC 11 ENV GCC_VERSION=11 From 5da5d6e0dfe1e3f8a0068d9289ecc34dd8a7b6af Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 08:48:35 +0100 Subject: [PATCH 330/357] debug ci --- .github/workflows/ci.yml | 3 +-- test/test-nyx-mode.sh | 3 +++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3d20956b57..fdf618b9ee 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,8 +33,7 @@ jobs: - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 - # NO_NYX=1 + run: make distrib ASAN_BUILD=1 NO_NYX=1 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 9582982836..7cffb321b7 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -4,6 +4,9 @@ $ECHO "$BLUE[*] Testing: nyx_mode" +env|grep -E 'NYX|AFL' +ls -al ../libnyx.so +ls -al ../afl-cc ../*.so test -e ../libnyx.so && { ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 test -e test-instr && { From 123ec5d1361e922201e86fd20016c78900b329b8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 09:06:34 +0100 Subject: [PATCH 331/357] debug ci --- Dockerfile | 2 +- test/test-nyx-mode.sh | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 50dcd944ad..99998a61c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -88,7 +88,7 @@ ARG TEST_BUILD RUN sed -i.bak 's/^ -/ /g' GNUmakefile && \ make clean && make distrib && \ - ([ "${TEST_BUILD}" ] || (make install && make clean)) && \ + ([ "${TEST_BUILD}" ] || (make install)) && \ mv GNUmakefile.bak GNUmakefile RUN echo "set encoding=utf-8" > /root/.vimrc && \ diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 7cffb321b7..f2d217e9b8 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -4,9 +4,11 @@ $ECHO "$BLUE[*] Testing: nyx_mode" -env|grep -E 'NYX|AFL' -ls -al ../libnyx.so -ls -al ../afl-cc ../*.so +ls -al ../libnyx.so ../afl-* ../*.so +../afl-cc -h +../afl-clang-fast -h +../afl-clang-fast -v + test -e ../libnyx.so && { ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 test -e test-instr && { From 6e6d91b6b08db7cbcbc1efd0bf7b6f9ed5d85078 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 09:23:01 +0100 Subject: [PATCH 332/357] debug ci --- test/test-nyx-mode.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index f2d217e9b8..99267ece70 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -6,9 +6,12 @@ $ECHO "$BLUE[*] Testing: nyx_mode" ls -al ../libnyx.so ../afl-* ../*.so ../afl-cc -h -../afl-clang-fast -h ../afl-clang-fast -v - +echo AFL-CC +AFL_DEBUG=1 ../afl-cc -v -o test-inst ../test-instr.c 2>&1 +echo AFL-CLANG-FAST +AFL_DEBUG=1 ../afl-clang-fast -v -o test-inst ../test-instr.c 2>&1 +ls -l test-instr test -e ../libnyx.so && { ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 test -e test-instr && { From 97ba817aa78888b318a76fa278a6fc4454cec1b7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 09:56:31 +0100 Subject: [PATCH 333/357] debug ci --- src/afl-cc.c | 5 +++++ test/test-nyx-mode.sh | 4 +--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index c300ddfc98..5e28ff6f20 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -51,6 +51,9 @@ #define MAX_PARAMS_NUM 2048 #endif +#undef LLVM_MAJOR +#define LLVM_MAJOR 10 + /** Global declarations -----BEGIN----- **/ typedef enum { @@ -3452,6 +3455,8 @@ int main(int argc, char **argv, char **envp) { if (aflcc->debug) debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); + printf("DEBUGXXX: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); + if (aflcc->passthrough) { argv[0] = aflcc->cc_params[0]; diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 99267ece70..5b63d1b72d 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -4,13 +4,11 @@ $ECHO "$BLUE[*] Testing: nyx_mode" +apt-cache search clang|grep -E '^clang-1' ls -al ../libnyx.so ../afl-* ../*.so ../afl-cc -h -../afl-clang-fast -v echo AFL-CC AFL_DEBUG=1 ../afl-cc -v -o test-inst ../test-instr.c 2>&1 -echo AFL-CLANG-FAST -AFL_DEBUG=1 ../afl-clang-fast -v -o test-inst ../test-instr.c 2>&1 ls -l test-instr test -e ../libnyx.so && { ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 From 7793692590b08ff05e513ad679df419bed974723 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 10:26:16 +0100 Subject: [PATCH 334/357] debug ci --- src/afl-cc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 5e28ff6f20..8b24759704 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -51,9 +51,6 @@ #define MAX_PARAMS_NUM 2048 #endif -#undef LLVM_MAJOR -#define LLVM_MAJOR 10 - /** Global declarations -----BEGIN----- **/ typedef enum { @@ -3442,6 +3439,8 @@ int main(int argc, char **argv, char **envp) { mode_final_checkout(aflcc, argc, argv); + printf("DEBUGXXX: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); + process_params(aflcc, 1, argc, argv); maybe_usage(aflcc, argc, argv); From 76a033431d1d7ca7bcbe47e4ff42cf03b9874f57 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 11:16:16 +0100 Subject: [PATCH 335/357] debug ci --- src/afl-cc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 8b24759704..a3b453fc75 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -3439,22 +3439,28 @@ int main(int argc, char **argv, char **envp) { mode_final_checkout(aflcc, argc, argv); - printf("DEBUGXXX: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); + printf("DEBUGXXX0: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); process_params(aflcc, 1, argc, argv); maybe_usage(aflcc, argc, argv); + printf("DEBUGXXX1: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); + mode_notification(aflcc); if (aflcc->debug) debugf_args(argc, argv); + printf("DEBUGXXX2: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); + edit_params(aflcc, argc, argv, envp); + printf("DEBUGXXX3: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); + if (aflcc->debug) debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); - printf("DEBUGXXX: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); + printf("DEBUGXXX4: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); if (aflcc->passthrough) { From e5d305ad42dc29030cb256f3182a316cc806b6da Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 11:43:04 +0100 Subject: [PATCH 336/357] debug ci --- .github/workflows/ci.yml | 7 +++---- src/afl-cc.c | 4 ++++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fdf618b9ee..0a18a8919f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,17 +23,16 @@ jobs: - name: debug run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: update - run: sudo apt-get update - # && sudo apt-get upgrade -y + run: sudo apt-get update && sudo apt-get upgrade -y - name: install packages #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential git libtool libtool-bin automake flex bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip + run: sudo apt-get install -y -m -f build-essential git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 NO_NYX=1 + run: make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/src/afl-cc.c b/src/afl-cc.c index a3b453fc75..24dc105521 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1458,11 +1458,13 @@ void add_real_argv0(aflcc_state_t *aflcc) { } else { u8 *alt_cc = getenv("AFL_CC"); +printf("AFL_CC=%s\n", alt_cc); if (!alt_cc) { if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { +printf("is gcc %d == %d || %d == %d\n", aflcc->compiler_mode, GCC, aflcc->compiler_mode, GCC_PLUGIN); alt_cc = "gcc"; } else if (aflcc->compiler_mode == CLANG) { @@ -1478,6 +1480,8 @@ void add_real_argv0(aflcc_state_t *aflcc) { snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN); alt_cc = llvm_fullpath; +printf("use_bindir=%s llvm_fullpath=%s\n", USE_BINDIR ? "true" : "false", llvm_fullpath); + } } From 236fb9b1456d15a0c0962a95db87f3005446f1a0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 12:03:02 +0100 Subject: [PATCH 337/357] debug ci --- .github/workflows/ci.yml | 6 +++--- test/test-nyx-mode.sh | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a18a8919f..9b2031ae80 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,13 +20,13 @@ jobs: AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 steps: - uses: actions/checkout@v3 - - name: debug - run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: update run: sudo apt-get update && sudo apt-get upgrade -y + - name: debug + run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: install packages #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip + run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 5b63d1b72d..4d5f66ffe0 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -4,7 +4,10 @@ $ECHO "$BLUE[*] Testing: nyx_mode" +echo AFL_CC=$AFL_CC +unset AFL_CC apt-cache search clang|grep -E '^clang-1' +apt-cache search gcc|grep -E '^gcc-1' ls -al ../libnyx.so ../afl-* ../*.so ../afl-cc -h echo AFL-CC From eb52f1cc08e0aacc3c46d1c5a9742526657c842a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 12:58:51 +0100 Subject: [PATCH 338/357] fix ci --- .github/workflows/ci.yml | 2 +- GNUmakefile | 14 +++++++------- src/afl-cc.c | 14 -------------- 3 files changed, 8 insertions(+), 22 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b2031ae80..bd16602f55 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 + run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/GNUmakefile b/GNUmakefile index be5b81462b..2226b5a794 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -653,16 +653,16 @@ endif # -$(MAKE) -C utils/plot_ui -$(MAKE) -C frida_mode ifneq "$(SYS)" "Darwin" - ifeq "$(ARCH)" "aarch64" - ifndef NO_CORESIGHT +ifeq "$(ARCH)" "aarch64" + ifndef NO_CORESIGHT -$(MAKE) -C coresight_mode - endif endif - ifeq "$(SYS)" "Linux" - ifndef NO_NYX +endif +ifeq "$(SYS)" "Linux" +ifndef NO_NYX -cd nyx_mode && ./build_nyx_support.sh - endif - endif +endif +endif -cd qemu_mode && sh ./build_qemu_support.sh ifeq "$(ARCH)" "aarch64" ifndef NO_UNICORN_ARM64 diff --git a/src/afl-cc.c b/src/afl-cc.c index 24dc105521..c300ddfc98 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1458,13 +1458,11 @@ void add_real_argv0(aflcc_state_t *aflcc) { } else { u8 *alt_cc = getenv("AFL_CC"); -printf("AFL_CC=%s\n", alt_cc); if (!alt_cc) { if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { -printf("is gcc %d == %d || %d == %d\n", aflcc->compiler_mode, GCC, aflcc->compiler_mode, GCC_PLUGIN); alt_cc = "gcc"; } else if (aflcc->compiler_mode == CLANG) { @@ -1480,8 +1478,6 @@ printf("is gcc %d == %d || %d == %d\n", aflcc->compiler_mode, GCC, aflcc->compil snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN); alt_cc = llvm_fullpath; -printf("use_bindir=%s llvm_fullpath=%s\n", USE_BINDIR ? "true" : "false", llvm_fullpath); - } } @@ -3443,29 +3439,19 @@ int main(int argc, char **argv, char **envp) { mode_final_checkout(aflcc, argc, argv); - printf("DEBUGXXX0: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - process_params(aflcc, 1, argc, argv); maybe_usage(aflcc, argc, argv); - printf("DEBUGXXX1: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - mode_notification(aflcc); if (aflcc->debug) debugf_args(argc, argv); - printf("DEBUGXXX2: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - edit_params(aflcc, argc, argv, envp); - printf("DEBUGXXX3: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - if (aflcc->debug) debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); - printf("DEBUGXXX4: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - if (aflcc->passthrough) { argv[0] = aflcc->cc_params[0]; From 5549212d9e87de8f45cf72390cf549e23d7a9f60 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 12:59:37 +0100 Subject: [PATCH 339/357] clean test script --- test/test-nyx-mode.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 4d5f66ffe0..494a74f226 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -4,15 +4,8 @@ $ECHO "$BLUE[*] Testing: nyx_mode" -echo AFL_CC=$AFL_CC unset AFL_CC -apt-cache search clang|grep -E '^clang-1' -apt-cache search gcc|grep -E '^gcc-1' -ls -al ../libnyx.so ../afl-* ../*.so -../afl-cc -h -echo AFL-CC -AFL_DEBUG=1 ../afl-cc -v -o test-inst ../test-instr.c 2>&1 -ls -l test-instr + test -e ../libnyx.so && { ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 test -e test-instr && { From a84b7c78207598a24a2e60df0485d740782a6651 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 13:45:05 +0100 Subject: [PATCH 340/357] NO_NYX --- nyx_mode/build_nyx_support.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index 454d1e7b0f..50598e7acf 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -9,6 +9,13 @@ echo echo "[*] Performing basic sanity checks..." +if [ -n "$NO_SPLICING" ]; then + + echo "[-] Error: the NO_NYX environment variable is set, please unset." + exit 0 + +fi + if [ ! "$(uname -s)" = "Linux" ]; then echo "[-] Error: Nyx mode is only available on Linux." From ac639012fbea0bd50e3a1f1ab1a62a5efbf0ceb8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 13:45:21 +0100 Subject: [PATCH 341/357] NO_NYX --- nyx_mode/build_nyx_support.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index 50598e7acf..239b18d56a 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -9,7 +9,7 @@ echo echo "[*] Performing basic sanity checks..." -if [ -n "$NO_SPLICING" ]; then +if [ -n "$NO_NYX" ]; then echo "[-] Error: the NO_NYX environment variable is set, please unset." exit 0 From 87596105efd7e7ebe31556a777e288c9eed6ae5d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 14:01:59 +0100 Subject: [PATCH 342/357] fix ci --- .github/workflows/ci.yml | 4 ++-- GNUmakefile | 2 +- nyx_mode/build_nyx_support.sh | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bd16602f55..53128a17e1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,13 +26,13 @@ jobs: run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: install packages #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev + run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev; sudo apt-get install -y libgtk-3-dev pax-utils python3-msgpack python3-jinja2 - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 + run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 distrib - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/GNUmakefile b/GNUmakefile index 2226b5a794..283c57c28f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -399,7 +399,7 @@ help: @echo INTROSPECTION - compile afl-fuzz with mutation introspection @echo NO_PYTHON - disable python support @echo NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing - @echo NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL) + @echo "NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL)" @echo NO_NYX - disable building nyx mode dependencies @echo "NO_CORESIGHT - disable building coresight (arm64 only)" @echo NO_UNICORN_ARM64 - disable building unicorn on arm64 diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index 239b18d56a..cd04ce7e66 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -30,6 +30,11 @@ if [ ! "$(uname -m)" = "x86_64" ]; then fi +cargo help > /dev/null 2>&1 || { + echo "[-] Error: Rust is not installed." + exit 0 +} + echo "[*] Making sure all Nyx is checked out" From 96ada75bd95741f99987e7bddeea8bde16ebc80c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 14:18:36 +0100 Subject: [PATCH 343/357] debug ci --- test/test-nyx-mode.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 494a74f226..d30be39f36 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -3,6 +3,7 @@ . ./test-pre.sh $ECHO "$BLUE[*] Testing: nyx_mode" +env unset AFL_CC @@ -44,8 +45,6 @@ test -e ../libnyx.so && { rm -rf errors nyx-test test-instr in out } || { echo CUT------------------------------------------------------------------CUT - ../afl-cc - ../afl-cc -v cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with nyx_mode" From d8e8d34c4e5d481433d7fa73db1583410a6981cd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 14:34:07 +0100 Subject: [PATCH 344/357] fix ci --- test/test-nyx-mode.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index d30be39f36..6de63f1b3f 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -3,7 +3,11 @@ . ./test-pre.sh $ECHO "$BLUE[*] Testing: nyx_mode" -env + +test "$CI" = "true" && { + $ECHO "$YELLOW[-] nyx_mode cannot be tested in the Github CI, skipping ..." + exit 0 +} unset AFL_CC From 37d20392117b2d7e887b9ef3694f31ef43b2c9b6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 14:53:10 +0100 Subject: [PATCH 345/357] finalize ci fix --- .github/workflows/ci.yml | 3 +-- nyx_mode/build_nyx_support.sh | 8 ++++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 53128a17e1..ed382fbbaf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,8 +25,7 @@ jobs: - name: debug run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: install packages - #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev; sudo apt-get install -y libgtk-3-dev pax-utils python3-msgpack python3-jinja2 + run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index cd04ce7e66..fda4ec12b2 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -9,6 +9,14 @@ echo echo "[*] Performing basic sanity checks..." +if [ "$CI" = "true" ]; then + + echo "[-] Error: nyx_mode cannot be tested in the Github CI, skipping ..." + exit 0 + +fi + + if [ -n "$NO_NYX" ]; then echo "[-] Error: the NO_NYX environment variable is set, please unset." From eda770fd32b804e3ebd6a43738c0002f6118a463 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 1 Feb 2024 15:13:07 +0100 Subject: [PATCH 346/357] push to stable (#1967) * Output afl-clang-fast stuffs only if necessary (#1912) * afl-cc header * afl-cc common declarations - Add afl-cc-state.c - Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c - Use debugf_args in main - Modify execvp stuffs to fit new aflcc struct * afl-cc show usage * afl-cc mode selecting 1. compiler_mode by callname in argv[0] 2. compiler_mode by env "AFL_CC_COMPILER" 3. compiler_mode/instrument_mode by command line options "--afl-..." 4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT" 5. final checking steps 6. print "... - mode: %s-%s\n" 7. determine real argv[0] according to compiler_mode * afl-cc macro defs * afl-cc linking behaviors * afl-cc fsanitize behaviors * afl-cc misc * afl-cc body update * afl-cc all-in-one formated with custom-format.py * nits --------- Co-authored-by: vanhauser-thc * changelog * update grammar mutator * lto llvm 12+ * docs(custom_mutators): fix missing ':' (#1953) * Fix broken LTO mode and response file support (#1948) * Strip `-Wl,-no-undefined` during compilation (#1952) Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`. Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix). * Remove dead code in write_to_testcase (#1955) The custom_mutators_count check in if case is duplicate with if condition. The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed. Signed-off-by: Xeonacid * update qemuafl * WIP: Add ability to generate drcov trace using QEMU backend (#1956) * Document new drcov QEMU plugin * Add link to lightkeeper for QEMU drcov file loading --------- Co-authored-by: Jean-Romain Garnier * code format * changelog * sleep on uid != 0 afl-system-config * fix segv about skip_next, warn on unsupported cases of linking options (#1958) * todos * ensure afl-cc only allows available compiler modes * update grammar mutator * disable aslr on apple * fix for arm64 * help selective instrumentation * typos * macos * add compiler test script * apple fixes * bump nyx submodules (#1963) * fix docs * update changelog * update grammar mutator * improve compiler test script * gcc asan workaround (#1966) * fix github merge fuckup * fix * Fix afl-cc (#1968) - Check if too many cmdline params here, each time before insert a new param. - Check if it is "-fsanitize=..." before we do sth. - Remove improper param_st transfer. * Avoid adding llvmnative instrumentation when linking rust sanitizer runtime (#1969) * Dynamic instrumentation filtering for LLVM native (#1971) * Add two dynamic instrumentation filter methods to runtime * Always use pc-table with native pcguard * Add make_symbol_list.py and README * changelog * todos * new forkserver check * fix * nyx test for CI * improve nyx docs * Fixes to afl-cc and documentation (#1974) * Always compile with -ldl when building for CODE_COVERAGE When building with CODE_COVERAGE, the afl runtime contains code that calls `dladdr` which requires -ldl. Under most circumstances, clang already adds this (e.g. when building with pc-table), but there are some circumstances where it isn't added automatically. * Add visibility declaration to __afl_connected When building with hidden visibility, the use of __AFL_LOOP inside such code can cause linker errors due to __afl_connected being declared "hidden". * Update docs to clarify that CODE_COVERAGE=1 is required for dynamic_covfilter * nits * nyx build script updates * test error output * debug ci * debug ci * Improve afl-cc (#1975) * update response file support - full support of rsp file - fix some segv issues * Improve afl-cc - remove dead code about allow/denylist options of sancov - missing `if (!aflcc->have_msan)` - add docs for each function - typo * enable nyx * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * fix ci * clean test script * NO_NYX * NO_NYX * fix ci * debug ci * fix ci * finalize ci fix --------- Signed-off-by: Xeonacid Co-authored-by: Sonic <50692172+SonicStark@users.noreply.github.com> Co-authored-by: Xeonacid Co-authored-by: Nils Bars Co-authored-by: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com> Co-authored-by: Jean-Romain Garnier Co-authored-by: Sergej Schumilo Co-authored-by: Christian Holler (:decoder) --- .github/workflows/ci.yml | 10 +- Dockerfile | 6 +- GNUmakefile | 20 +- TODO.md | 19 +- afl-cmin | 6 +- .../grammar_mutator/GRAMMAR_VERSION | 2 +- .../grammar_mutator/grammar_mutator | 2 +- docs/Changelog.md | 7 +- docs/resources/1_instrument_target.drawio.svg | 2 +- instrumentation/README.lto.md | 12 +- .../SanitizerCoveragePCGUARD.so.cc | 7 + instrumentation/afl-compiler-rt.o.c | 279 ++++++- instrumentation/afl-llvm-common.cc | 4 +- nyx_mode/LIBNYX_VERSION | 2 +- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- nyx_mode/README.md | 22 +- nyx_mode/build_nyx_support.sh | 77 +- nyx_mode/libnyx | 2 +- nyx_mode/update_ref.sh | 6 +- src/afl-cc.c | 753 +++++++++++++----- src/afl-forkserver.c | 6 + src/afl-fuzz-init.c | 6 + src/afl-fuzz.c | 11 +- test/test-all.sh | 2 + test/test-basic.sh | 69 +- test/test-compilers.sh | 7 + test/test-llvm.sh | 28 +- test/test-nyx-mode.sh | 79 ++ test/test-pre.sh | 2 +- utils/dynamic_covfilter/README.md | 60 ++ utils/dynamic_covfilter/make_symbol_list.py | 73 ++ 32 files changed, 1229 insertions(+), 356 deletions(-) create mode 100755 test/test-compilers.sh create mode 100755 test/test-nyx-mode.sh create mode 100644 utils/dynamic_covfilter/README.md create mode 100644 utils/dynamic_covfilter/make_symbol_list.py diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fdf618b9ee..ed382fbbaf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,20 +20,18 @@ jobs: AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 steps: - uses: actions/checkout@v3 + - name: update + run: sudo apt-get update && sudo apt-get upgrade -y - name: debug run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - - name: update - run: sudo apt-get update - # && sudo apt-get upgrade -y - name: install packages - #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential git libtool libtool-bin automake flex bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip + run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 NO_NYX=1 + run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 distrib - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/Dockerfile b/Dockerfile index e1616198ff..99998a61c8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,8 @@ ENV NO_CORESIGHT=1 ENV NO_NYX=1 ### Only change these if you know what you are doing: -# LLVM 15 does not look good so we stay at 14 to still have LTO -ENV LLVM_VERSION=14 +# Current recommended LLVM version is 16 +ENV LLVM_VERSION=16 # GCC 12 is producing compile errors for some targets so we stay at GCC 11 ENV GCC_VERSION=11 @@ -88,7 +88,7 @@ ARG TEST_BUILD RUN sed -i.bak 's/^ -/ /g' GNUmakefile && \ make clean && make distrib && \ - ([ "${TEST_BUILD}" ] || (make install && make clean)) && \ + ([ "${TEST_BUILD}" ] || (make install)) && \ mv GNUmakefile.bak GNUmakefile RUN echo "set encoding=utf-8" > /root/.vimrc && \ diff --git a/GNUmakefile b/GNUmakefile index b67f9c1595..283c57c28f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -66,6 +66,10 @@ ifdef MSAN_BUILD override LDFLAGS += -fsanitize=memory endif +ifdef CODE_COVERAGE + override CFLAGS += -D__AFL_CODE_COVERAGE=1 +endif + ifeq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" "" ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=full -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" CFLAGS_FLTO ?= -flto=full @@ -395,7 +399,7 @@ help: @echo INTROSPECTION - compile afl-fuzz with mutation introspection @echo NO_PYTHON - disable python support @echo NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing - @echo NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL) + @echo "NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL)" @echo NO_NYX - disable building nyx mode dependencies @echo "NO_CORESIGHT - disable building coresight (arm64 only)" @echo NO_UNICORN_ARM64 - disable building unicorn on arm64 @@ -649,16 +653,16 @@ endif # -$(MAKE) -C utils/plot_ui -$(MAKE) -C frida_mode ifneq "$(SYS)" "Darwin" - ifeq "$(ARCH)" "aarch64" - ifndef NO_CORESIGHT +ifeq "$(ARCH)" "aarch64" + ifndef NO_CORESIGHT -$(MAKE) -C coresight_mode - endif endif - ifeq "$(SYS)" "Linux" - ifndef NO_NYX +endif +ifeq "$(SYS)" "Linux" +ifndef NO_NYX -cd nyx_mode && ./build_nyx_support.sh - endif - endif +endif +endif -cd qemu_mode && sh ./build_qemu_support.sh ifeq "$(ARCH)" "aarch64" ifndef NO_UNICORN_ARM64 diff --git a/TODO.md b/TODO.md index 7cab71e8fe..f2e3963f14 100644 --- a/TODO.md +++ b/TODO.md @@ -2,26 +2,21 @@ ## Must + - UI revamp + - hardened_usercopy=0 page_alloc.shuffle=0 + - add value_profile but only enable after 15 minutes without finds + - cmplog max len, cmplog max items envs? - adapt MOpt to new mutation engine - - Update afl->pending_not_fuzzed for MOpt - - cmplog rtn sanity check on fixed length? + no length 1 + - Update afl->pending_not_fuzzed for MOpt + - cmplog rtn sanity check on fixed length? currently we ignore the length - afl-showmap -f support - afl-fuzz multicore wrapper script - when trimming then perform crash detection - - either -L0 and/or -p mmopt results in zero new coverage + - problem: either -L0 and/or -p mmopt results in zero new coverage ## Should -<<<<<<< Updated upstream - - add value_profile but only enable after 15 minutes without finds? -======= - - afl-showmap -f support - - afl-fuzz multicore wrapper script - - UI revamp - - hardened_usercopy=0 page_alloc.shuffle=0 - - add value_profile but only enable after 15 minutes without finds ->>>>>>> Stashed changes - afl-crash-analysis - support persistent and deferred fork server in afl-showmap? - better autodetection of shifting runtime timeout values diff --git a/afl-cmin b/afl-cmin index 566f157d92..4aaf3953f4 100755 --- a/afl-cmin +++ b/afl-cmin @@ -1,11 +1,15 @@ #!/usr/bin/env sh +SYS=$(uname -s) +test "$SYS" = "Darwin" && { + echo Error: afl-cmin does not work on Apple currently. please use afl-cmin.bash instead. + exit 1 +} export AFL_QUIET=1 export ASAN_OPTIONS=detect_leaks=0 THISPATH=`dirname ${0}` export PATH="${THISPATH}:$PATH" awk -f - -- ${@+"$@"} <<'EOF' #!/usr/bin/awk -f - # awk script to minimize a test corpus of input files # # based on afl-cmin bash script written by Michal Zalewski diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index 2568c6a55c..3a019448a9 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -ff4e5a2 +5ed4f8d diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index ff4e5a265d..5ed4f8d6e6 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit ff4e5a265daf5d88c4a636fb6a2c22b1d733db09 +Subproject commit 5ed4f8d6e6524df9670af6b411b13031833d67d2 diff --git a/docs/Changelog.md b/docs/Changelog.md index c681c4e17c..720a0689d7 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -12,20 +12,25 @@ - afl-cc: - large rewrite by @SonicStark which fixes a few corner cases, thanks! - LTO mode now requires llvm 12+ + - workaround for ASAN with gcc_plugin mode - instrumentation: - LLVM 18 support, thanks to @devnexen! - - Injection (SQL, LDAP, XSS) feature now available, see + - Injection (SQL, LDAP, XSS) fuzzing feature now available, see `instrumentation/README.injections.md` how to activate/use/expand. - compcov/LAF-intel: - floating point splitting bug fix by @hexcoder - due a bug in LLVM 17 integer splitting is disabled there! - when splitting floats was selected, integers were always split as well, fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should + - dynamic instrumentation filtering for LLVM NATIVE, thanks @Mozilla! + see utils/dynamic_covfilter/README.md - qemu_mode: - plugins are now activated by default and a new module is included that produces drcov compatible traces for lighthouse/lightkeeper/... thanks to @JRomainG to submitting! + - updated Nyx checkout (fixes a bug) and some QOL - updated the custom grammar mutator + - document afl-cmin does not work on macOS (but afl-cmin.bash does) ### Version ++4.09c (release) diff --git a/docs/resources/1_instrument_target.drawio.svg b/docs/resources/1_instrument_target.drawio.svg index af6ac397ad..c93fa2b8c9 100644 --- a/docs/resources/1_instrument_target.drawio.svg +++ b/docs/resources/1_instrument_target.drawio.svg @@ -1,4 +1,4 @@ -
Instrument target
Instrument target
Required task
Required task
Optional task
Optional task
Select compiler

LTO mode
(clang/clang++ 11+)

LLVM mode
(clang/clang++ 3.8+)

GCC_PLUGIN mode
(gcc 5+)

GCC/CLANG mode
(other)
Select compiler...
Select options

Select options depending on
the compiler:

COMPCOV
(only LLVM & LTO)

CmpLog
(only LLVM & LTO)

selective instrumentation
(LTO, LLVM, GCC_PLUGIN)
Select options...
Select sanitizer

Max. one sanitizer type each
in a fuzzing campaign:

ASAN
CFISAN
LSAN
MSAN
TSAN
UBSAN
Select sanitizer...
Compile target source code

Compile target source code depending on the build system:

configure
CMake
Meson Build System
other
Compile target source code...
Modify target

Create a fuzzing harness
by hand for better efficiency.
Modify target...Viewer does not support full SVG 1.1 \ No newline at end of file +
Instrument target
Instrument target
Required task
Required task
Optional task
Optional task
Select compiler

LTO mode
(clang/clang++ 12+)

LLVM mode
(clang/clang++ 3.8+)

GCC_PLUGIN mode
(gcc 5+)

GCC/CLANG mode
(other)
Select compiler...
Select options

Select options depending on
the compiler:

COMPCOV
(only LLVM & LTO)

CmpLog
(only LLVM & LTO)

selective instrumentation
(LTO, LLVM, GCC_PLUGIN)
Select options...
Select sanitizer

Max. one sanitizer type each
in a fuzzing campaign:

ASAN
CFISAN
LSAN
MSAN
TSAN
UBSAN
Select sanitizer...
Compile target source code

Compile target source code depending on the build system:

configure
CMake
Meson Build System
other
Compile target source code...
Modify target

Create a fuzzing harness
by hand for better efficiency.
Modify target...Viewer does not support full SVG 1.1 \ No newline at end of file diff --git a/instrumentation/README.lto.md b/instrumentation/README.lto.md index df59cc2a01..bd479c269d 100644 --- a/instrumentation/README.lto.md +++ b/instrumentation/README.lto.md @@ -2,7 +2,7 @@ ## TL;DR: -This version requires a LLVM 11 or newer. +This version requires a LLVM 12 or newer. 1. Use afl-clang-lto/afl-clang-lto++ because the resulting binaries run slightly faster and give better coverage. @@ -10,7 +10,7 @@ This version requires a LLVM 11 or newer. 2. You can use it together with COMPCOV, COMPLOG and the instrument file listing features. -3. It only works with LLVM 11 or newer. +3. It only works with LLVM 12 or newer. 4. AUTODICTIONARY feature (see below) @@ -60,7 +60,7 @@ AUTODICTIONARY: 11 strings found [+] Instrumented 12071 locations with no collisions (on average 1046 collisions would be in afl-gcc/afl-clang-fast) (non-hardened mode). ``` -## Getting LLVM 11+ +## Getting LLVM 12+ ### Installing llvm @@ -73,7 +73,7 @@ chmod +x llvm.sh sudo ./llvm.sh 15 all ``` -LLVM 11 to 16 should be available in all current Linux repositories. +LLVM 12 to 18 should be available in all current Linux repositories. ## How to build afl-clang-lto @@ -277,7 +277,7 @@ AS=llvm-as ... afl-clang-lto is still work in progress. Known issues: -* Anything that LLVM 11+ cannot compile, afl-clang-lto cannot compile either - +* Anything that LLVM 12+ cannot compile, afl-clang-lto cannot compile either - obviously. * Anything that does not compile with LTO, afl-clang-lto cannot compile either - obviously. @@ -319,7 +319,7 @@ Still more problems came up though as this only works without bugs from LLVM 9 onwards, and with high optimization the link optimization ruins the instrumented control flow graph. -This is all now fixed with LLVM 11+. The llvm's own linker is now able to load +This is all now fixed with LLVM 12+. The llvm's own linker is now able to load passes and this bypasses all problems we had. Happy end :) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index aae04bb1a3..f88ce12696 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -627,6 +627,13 @@ void ModuleSanitizerCoverageAFL::instrumentFunction( } + if (debug) { + + fprintf(stderr, "SanitizerCoveragePCGUARD: instrumenting %s in %s\n", + F.getName().str().c_str(), F.getParent()->getName().str().c_str()); + + } + InjectCoverage(F, BlocksToInstrument, IsLeafFunc); // InjectTraceForCmp(F, CmpTraceTargets); // InjectTraceForSwitch(F, SwitchTraceTargets); diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 39a762b671..8e55d6a0ac 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -22,6 +22,10 @@ #define __USE_GNU #endif #include + +__attribute__((weak)) void __sanitizer_symbolize_pc(void *, const char *fmt, + char *out_buf, + size_t out_buf_size); #endif #ifdef __ANDROID__ @@ -124,8 +128,8 @@ struct afl_module_info_t { uintptr_t base_address; // PC Guard start/stop - u32 start; - u32 stop; + u32 *start; + u32 *stop; // PC Table begin/end const uintptr_t *pcs_beg; @@ -147,6 +151,18 @@ afl_module_info_t *__afl_module_info = NULL; u32 __afl_pcmap_size = 0; uintptr_t *__afl_pcmap_ptr = NULL; + +typedef struct { + + uintptr_t start; + u32 len; + +} FilterPCEntry; + +u32 __afl_filter_pcs_size = 0; +FilterPCEntry *__afl_filter_pcs = NULL; +u8 *__afl_filter_pcs_module = NULL; + #endif // __AFL_CODE_COVERAGE /* 1 if we are running in afl, and the forkserver was started, else 0 */ @@ -1587,15 +1603,116 @@ void __sanitizer_cov_trace_pc_guard(uint32_t *guard) { } #ifdef __AFL_CODE_COVERAGE -void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, - const uintptr_t *pcs_end) { +void afl_read_pc_filter_file(const char *filter_file) { - if (__afl_debug) { + FILE *file; + char ch; + + file = fopen(filter_file, "r"); + if (file == NULL) { + + perror("Error opening file"); + return; + + } + + // Check how many PCs we expect to read + while ((ch = fgetc(file)) != EOF) { + + if (ch == '\n') { __afl_filter_pcs_size++; } + + } + + // Rewind to actually read the PCs + fseek(file, 0, SEEK_SET); + + __afl_filter_pcs = malloc(__afl_filter_pcs_size * sizeof(FilterPCEntry)); + if (!__afl_filter_pcs) { + + perror("Error allocating PC array"); + return; + + } + + for (size_t i = 0; i < __afl_filter_pcs_size; i++) { + + fscanf(file, "%lx", &(__afl_filter_pcs[i].start)); + ch = fgetc(file); // Read tab + fscanf(file, "%u", &(__afl_filter_pcs[i].len)); + ch = fgetc(file); // Read tab + + if (!__afl_filter_pcs_module) { + + // Read the module name and store it. + // TODO: We only support one module here right now although + // there is technically no reason to support multiple modules + // in one go. + size_t max_module_len = 255; + size_t i = 0; + __afl_filter_pcs_module = malloc(max_module_len); + while (i < max_module_len - 1 && + (__afl_filter_pcs_module[i] = fgetc(file)) != '\t') { + + ++i; + + } - fprintf(stderr, "DEBUG: __sanitizer_cov_pcs_init called\n"); + __afl_filter_pcs_module[i] = '\0'; + fprintf(stderr, "DEBUGXXX: Read module name %s\n", + __afl_filter_pcs_module); + + } + + while ((ch = fgetc(file)) != '\n' && ch != EOF) + ; + + } + + fclose(file); + +} + +u32 locate_in_pcs(uintptr_t needle, u32 *index) { + + size_t lower_bound = 0; + size_t upper_bound = __afl_filter_pcs_size - 1; + + while (lower_bound < __afl_filter_pcs_size && lower_bound <= upper_bound) { + + size_t current_index = lower_bound + (upper_bound - lower_bound) / 2; + + if (__afl_filter_pcs[current_index].start <= needle) { + + if (__afl_filter_pcs[current_index].start + + __afl_filter_pcs[current_index].len > + needle) { + + // Hit + *index = current_index; + return 1; + + } else { + + lower_bound = current_index + 1; + + } + + } else { + + if (!current_index) { break; } + upper_bound = current_index - 1; + + } } + return 0; + +} + +void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, + const uintptr_t *pcs_end) { + // If for whatever reason, we cannot get dlinfo here, then pc_guard_init also // couldn't get it and we'd end up attributing to the wrong module. Dl_info dlinfo; @@ -1608,6 +1725,16 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, } + if (__afl_debug) { + + fprintf( + stderr, + "DEBUG: (%u) __sanitizer_cov_pcs_init called for module %s with %ld " + "PCs\n", + getpid(), dlinfo.dli_fname, pcs_end - pcs_beg); + + } + afl_module_info_t *last_module_info = __afl_module_info; while (last_module_info && last_module_info->next) { @@ -1623,34 +1750,78 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, } + if (strcmp(dlinfo.dli_fname, last_module_info->name)) { + + // This can happen with modules being loaded after the forkserver + // where we decide to not track the module. In that case we must + // not track it here either. + fprintf( + stderr, + "WARNING: __sanitizer_cov_pcs_init module info mismatch: %s vs %s\n", + dlinfo.dli_fname, last_module_info->name); + return; + + } + last_module_info->pcs_beg = pcs_beg; last_module_info->pcs_end = pcs_end; + // This is a direct filter based on symbolizing inside the runtime. + // It should only be used with smaller binaries to avoid long startup + // times. Currently, this only supports a single token to scan for. + const char *pc_filter = getenv("AFL_PC_FILTER"); + + // This is a much faster PC filter based on pre-symbolized input data + // that is sorted for fast lookup through binary search. This method + // of filtering is suitable even for very large binaries. + const char *pc_filter_file = getenv("AFL_PC_FILTER_FILE"); + if (pc_filter_file && !__afl_filter_pcs) { + + afl_read_pc_filter_file(pc_filter_file); + + } + // Now update the pcmap. If this is the last module coming in, after all // pre-loaded code, then this will also map all of our delayed previous // modules. - - if (!__afl_pcmap_ptr) { return; } - + // for (afl_module_info_t *mod_info = __afl_module_info; mod_info; mod_info = mod_info->next) { if (mod_info->mapped) { continue; } + if (!mod_info->start) { + + fprintf(stderr, + "ERROR: __sanitizer_cov_pcs_init called with mod_info->start == " + "NULL (%s)\n", + mod_info->name); + abort(); + + } + PCTableEntry *start = (PCTableEntry *)(mod_info->pcs_beg); PCTableEntry *end = (PCTableEntry *)(mod_info->pcs_end); + if (!*mod_info->stop) { continue; } + u32 in_module_index = 0; while (start < end) { - if (mod_info->start + in_module_index >= __afl_map_size) { + if (*mod_info->start + in_module_index >= __afl_map_size) { - fprintf(stderr, "ERROR: __sanitizer_cov_pcs_init out of bounds?!\n"); + fprintf(stderr, + "ERROR: __sanitizer_cov_pcs_init out of bounds?! Start: %u " + "Stop: %u Map Size: %u (%s)\n", + *mod_info->start, *mod_info->stop, __afl_map_size, + mod_info->name); abort(); } + u32 orig_start_index = *mod_info->start; + uintptr_t PC = start->PC; // This is what `GetPreviousInstructionPc` in sanitizer runtime does @@ -1660,7 +1831,58 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, // Calculate relative offset in module PC = PC - mod_info->base_address; - __afl_pcmap_ptr[mod_info->start + in_module_index] = PC; + if (__afl_pcmap_ptr) { + + __afl_pcmap_ptr[orig_start_index + in_module_index] = PC; + + } + + if (pc_filter) { + + char PcDescr[1024]; + // This function is a part of the sanitizer run-time. + // To use it, link with AddressSanitizer or other sanitizer. + __sanitizer_symbolize_pc((void *)start->PC, "%p %F %L", PcDescr, + sizeof(PcDescr)); + + if (strstr(PcDescr, pc_filter)) { + + if (__afl_debug) + fprintf( + stderr, + "DEBUG: Selective instrumentation match: %s (PC %p Index %u)\n", + PcDescr, (void *)start->PC, + *(mod_info->start + in_module_index)); + // No change to guard needed + + } else { + + // Null out the guard to disable this edge + *(mod_info->start + in_module_index) = 0; + + } + + } + + if (__afl_filter_pcs && strstr(mod_info->name, __afl_filter_pcs_module)) { + + u32 result_index; + if (locate_in_pcs(PC, &result_index)) { + + if (__afl_debug) + fprintf(stderr, + "DEBUG: Selective instrumentation match: (PC %lx File " + "Index %u PC Index %u)\n", + PC, result_index, in_module_index); + + } else { + + // Null out the guard to disable this edge + *(mod_info->start + in_module_index) = 0; + + } + + } start++; in_module_index++; @@ -1671,8 +1893,10 @@ void __sanitizer_cov_pcs_init(const uintptr_t *pcs_beg, if (__afl_debug) { - fprintf(stderr, "DEBUG: __sanitizer_cov_pcs_init initialized %u PCs\n", - in_module_index); + fprintf(stderr, + "DEBUG: __sanitizer_cov_pcs_init successfully mapped %s with %u " + "PCs\n", + mod_info->name, in_module_index); } @@ -1706,9 +1930,9 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { fprintf( stderr, "DEBUG: Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges) " - "after_fs=%u\n", + "after_fs=%u *start=%u\n", start, stop, (unsigned long)(stop - start), - __afl_already_initialized_forkserver); + __afl_already_initialized_forkserver, *start); } @@ -1740,8 +1964,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { mod_info->id = last_module_info ? last_module_info->id + 1 : 0; mod_info->name = strdup(dlinfo.dli_fname); mod_info->base_address = (uintptr_t)dlinfo.dli_fbase; - mod_info->start = 0; - mod_info->stop = 0; + mod_info->start = NULL; + mod_info->stop = NULL; mod_info->pcs_beg = NULL; mod_info->pcs_end = NULL; mod_info->mapped = 0; @@ -1757,8 +1981,12 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { } - fprintf(stderr, "[pcmap] Module: %s Base Address: %p\n", dlinfo.dli_fname, - dlinfo.dli_fbase); + if (__afl_debug) { + + fprintf(stderr, "[pcmap] Module: %s Base Address: %p\n", + dlinfo.dli_fname, dlinfo.dli_fbase); + + } } @@ -1861,12 +2089,17 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { #ifdef __AFL_CODE_COVERAGE if (mod_info) { - mod_info->start = *orig_start; - mod_info->stop = *(stop - 1); + if (!mod_info->start) { + + mod_info->start = orig_start; + mod_info->stop = stop - 1; + + } + if (__afl_debug) { fprintf(stderr, "DEBUG: [pcmap] Start Index: %u Stop Index: %u\n", - mod_info->start, mod_info->stop); + *(mod_info->start), *(mod_info->stop)); } diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 96952bd6c4..8e9e78008e 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -201,7 +201,7 @@ void initInstrumentList() { if (debug) DEBUGF("loaded allowlist with %zu file and %zu function entries\n", - allowListFiles.size(), allowListFunctions.size()); + allowListFiles.size() / 4, allowListFunctions.size() / 4); } @@ -276,7 +276,7 @@ void initInstrumentList() { if (debug) DEBUGF("loaded denylist with %zu file and %zu function entries\n", - denyListFiles.size(), denyListFunctions.size()); + denyListFiles.size() / 4, denyListFunctions.size() / 4); } diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION index da3939adcf..9aae19be63 100644 --- a/nyx_mode/LIBNYX_VERSION +++ b/nyx_mode/LIBNYX_VERSION @@ -1 +1 @@ -512058a +6833d23 diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 02a6f2aed3..1def26f83e 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 02a6f2aed360cfe76bb3d788dafe517c350d74e5 +Subproject commit 1def26f83e83556d767754581fa52081ffb54b09 diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index 4f58054c20..cac32d4184 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -02a6f2aed3 +1def26f83e diff --git a/nyx_mode/README.md b/nyx_mode/README.md index aee9879ed4..7a2a8e6cdb 100644 --- a/nyx_mode/README.md +++ b/nyx_mode/README.md @@ -84,9 +84,17 @@ Then the final step: we generate the Nyx package configuration: python3 nyx_mode/packer/packer/nyx_config_gen.py PACKAGE-DIRECTORY Kernel ``` - ## Fuzzing with Nyx mode +Note that you need to load the kvm kernel modules for Nyx: +``` +sudo modprobe -r kvm-intel +sudo modprobe -r kvm +sudo modprobe kvm enable_vmware_backdoor=y +sudo modprobe kvm-intel +cat /sys/module/kvm/parameters/enable_vmware_backdoor | grep -q Y && echi OK || echo KVM module problem +``` + All the hard parts are done, fuzzing with Nyx mode is easy - just supply the `PACKAGE-DIRECTORY` as fuzzing target and specify the `-X` option to afl-fuzz: @@ -94,16 +102,8 @@ All the hard parts are done, fuzzing with Nyx mode is easy - just supply the afl-fuzz -i in -o out -X -- ./PACKAGE-DIRECTORY ``` -Most likely your first run will fail because the Linux modules have to be -specially set up, but afl-fuzz will tell you this on startup and how to rectify -the situation: - -``` -sudo modprobe -r kvm-intel # or kvm-amd for AMD processors -sudo modprobe -r kvm -sudo modprobe kvm enable_vmware_backdoor=y -sudo modprobe kvm-intel # or kvm-amd for AMD processors -``` +If you get a forkserver error upon starting then you did not load the Linux +kvm kernel modules, see above. If you want to fuzz in parallel (and you should!), then this has to be done in a special way: diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index 581a8292b1..fda4ec12b2 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -9,6 +9,21 @@ echo echo "[*] Performing basic sanity checks..." +if [ "$CI" = "true" ]; then + + echo "[-] Error: nyx_mode cannot be tested in the Github CI, skipping ..." + exit 0 + +fi + + +if [ -n "$NO_NYX" ]; then + + echo "[-] Error: the NO_NYX environment variable is set, please unset." + exit 0 + +fi + if [ ! "$(uname -s)" = "Linux" ]; then echo "[-] Error: Nyx mode is only available on Linux." @@ -23,11 +38,17 @@ if [ ! "$(uname -m)" = "x86_64" ]; then fi +cargo help > /dev/null 2>&1 || { + echo "[-] Error: Rust is not installed." + exit 0 +} + echo "[*] Making sure all Nyx is checked out" if git status 1>/dev/null 2>&1; then + set +e git submodule init echo "[*] initializing QEMU-Nyx submodule" git submodule update ./QEMU-Nyx 2>/dev/null # ignore errors @@ -35,6 +56,7 @@ if git status 1>/dev/null 2>&1; then git submodule update ./packer 2>/dev/null # ignore errors echo "[*] initializing libnyx submodule" git submodule update ./libnyx 2>/dev/null # ignore errors + set -e else @@ -48,20 +70,57 @@ test -e packer/.git || { echo "[-] packer not checked out, please install git or test -e libnyx/.git || { echo "[-] libnyx not checked out, please install git or check your internet connection." ; exit 1 ; } test -e QEMU-Nyx/.git || { echo "[-] QEMU-Nyx not checked out, please install git or check your internet connection." ; exit 1 ; } -echo "[*] checking packer init.cpio.gz ..." -if [ ! -f "packer/linux_initramfs/init.cpio.gz" ]; then - (cd packer/linux_initramfs/ && sh pack.sh) + +QEMU_NYX_VERSION="$(cat ./QEMU_NYX_VERSION)" +cd "./QEMU-Nyx" || exit 1 +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $QEMU_NYX_VERSION" +else + echo "[*] Checking out $QEMU_NYX_VERSION" + set +e + sh -c 'git stash' 1>/dev/null 2>/dev/null + git pull 1>/dev/null 2>/dev/null + git checkout "$QEMU_NYX_VERSION" || echo Warning: could not check out to commit $QEMU_NYX_VERSION + set -e fi +cd - > /dev/null -echo "[*] Checking libnyx ..." -if [ ! -f "libnyx/libnyx/target/release/liblibnyx.a" ]; then - (cd libnyx/libnyx && cargo build --release) +PACKER_VERSION="$(cat ./PACKER_VERSION)" +cd "./packer" || exit 1 +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $PACKER_VERSION" +else + echo "[*] Checking out $PACKER_VERSION" + set +e + sh -c 'git stash' 1>/dev/null 2>/dev/null + git pull 1>/dev/null 2>/dev/null + git checkout "$PACKER_VERSION" || echo Warning: could not check out to commit $PACKER_VERSION + set -e fi +cd - > /dev/null -echo "[*] Checking QEMU-Nyx ..." -if [ ! -f "QEMU-Nyx/x86_64-softmmu/qemu-system-x86_64" ]; then - (cd QEMU-Nyx && ./compile_qemu_nyx.sh static) +LIBNYX_VERSION="$(cat ./LIBNYX_VERSION)" +cd "./libnyx/" || exit 1 +if [ -n "$NO_CHECKOUT" ]; then + echo "[*] Skipping checkout to $LIBNYX_VERSION" +else + echo "[*] Checking out $LIBNYX_VERSION" + set +e + sh -c 'git stash' 1>/dev/null 2>/dev/null + git pull 1>/dev/null 2>/dev/null + git checkout "$LIBNYX_VERSION" || echo Warning: could not check out to commit $LIBNYX_VERSION + set -e fi +cd - > /dev/null + +echo "[*] checking packer init.cpio.gz ..." +(cd packer/linux_initramfs/ && sh pack.sh) + +echo "[*] Checking libnyx ..." +(cd libnyx/libnyx && cargo build --release) + +echo "[*] Checking QEMU-Nyx ..." +(cd QEMU-Nyx && ./compile_qemu_nyx.sh static ) echo "[*] Checking libnyx.so ..." cp libnyx/libnyx/target/release/liblibnyx.so ../libnyx.so diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx index 512058a68d..6833d236df 160000 --- a/nyx_mode/libnyx +++ b/nyx_mode/libnyx @@ -1 +1 @@ -Subproject commit 512058a68d58b1a90a4e3971b526a955559735bf +Subproject commit 6833d236dfe785a8a23d8c8d79e74c99fa635004 diff --git a/nyx_mode/update_ref.sh b/nyx_mode/update_ref.sh index 898a803fc1..146a12559b 100755 --- a/nyx_mode/update_ref.sh +++ b/nyx_mode/update_ref.sh @@ -41,7 +41,7 @@ cd .. rm "$UC_VERSION_FILE" echo "$NEW_VERSION" > "$UC_VERSION_FILE" -echo "Done. New XXX version is $NEW_VERSION." +echo "Done. New libnyx version is $NEW_VERSION." UC_VERSION_FILE='./PACKER_VERSION' @@ -68,7 +68,7 @@ cd .. rm "$UC_VERSION_FILE" echo "$NEW_VERSION" > "$UC_VERSION_FILE" -echo "Done. New XXX version is $NEW_VERSION." +echo "Done. New packer version is $NEW_VERSION." UC_VERSION_FILE='./QEMU_NYX_VERSION' @@ -95,5 +95,5 @@ cd .. rm "$UC_VERSION_FILE" echo "$NEW_VERSION" > "$UC_VERSION_FILE" -echo "Done. New XXX version is $NEW_VERSION." +echo "Done. New QEMU-Nyx version is $NEW_VERSION." diff --git a/src/afl-cc.c b/src/afl-cc.c index 192c542325..c300ddfc98 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -51,7 +51,7 @@ #define MAX_PARAMS_NUM 2048 #endif -/* Global declarations */ +/** Global declarations -----BEGIN----- **/ typedef enum { @@ -170,8 +170,11 @@ typedef struct aflcc_state { u8 have_instr_env, have_gcc, have_clang, have_llvm, have_gcc_plugin, have_lto, have_optimized_pcguard, have_instr_list; - u8 fortify_set, asan_set, x_set, bit_mode, preprocessor_only, have_unroll, - have_o, have_pic, have_c, shared_linking, partial_linking, non_dash; + u8 fortify_set, x_set, bit_mode, preprocessor_only, have_unroll, have_o, + have_pic, have_c, shared_linking, partial_linking, non_dash, have_fp, + have_flto, have_hidden, have_fortify, have_fcf, have_staticasan, + have_rust_asanrt, have_asan, have_msan, have_ubsan, have_lsan, have_tsan, + have_cfisan; // u8 *march_opt; u8 need_aflpplib; @@ -184,25 +187,27 @@ typedef struct aflcc_state { void aflcc_state_init(aflcc_state_t *, u8 *argv0); -/* Try to find a specific runtime we need, the path to obj would be - allocated and returned. Otherwise it returns NULL on fail. */ u8 *find_object(aflcc_state_t *, u8 *obj); void find_built_deps(aflcc_state_t *); -static inline void limit_params(aflcc_state_t *aflcc, u32 add) { +/* Insert param into the new argv, raise error if MAX_PARAMS_NUM exceeded. */ +static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { - if (aflcc->cc_par_cnt + add >= MAX_PARAMS_NUM) + if (unlikely(aflcc->cc_par_cnt + 1 >= MAX_PARAMS_NUM)) FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); -} - -static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { - aflcc->cc_params[aflcc->cc_par_cnt++] = param; } +/* + Insert a param which contains path to the object file. It uses find_object to + get the path based on the name `obj`, and then uses a sprintf like method to + format it with `fmt`. If `fmt` is NULL, the inserted arg is same as the path. + If `msg` provided, it should be an error msg raised if the path can't be + found. `obj` must not be NULL. +*/ static inline void insert_object(aflcc_state_t *aflcc, u8 *obj, u8 *fmt, u8 *msg) { @@ -232,6 +237,7 @@ static inline void insert_object(aflcc_state_t *aflcc, u8 *obj, u8 *fmt, } +/* Insert params into the new argv, make clang load the pass. */ static inline void load_llvm_pass(aflcc_state_t *aflcc, u8 *pass) { #if LLVM_MAJOR >= 11 /* use new pass manager */ @@ -292,8 +298,12 @@ void add_lto_linker(aflcc_state_t *); void add_lto_passes(aflcc_state_t *); void add_runtime(aflcc_state_t *); -/* Working state */ +/** Global declarations -----END----- **/ +/* + Init global state struct. We also extract the callname, + check debug options and if in C++ mode here. +*/ void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { // Default NULL/0 is a good start @@ -353,7 +363,7 @@ void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { } /* - in find_object() we look here: + Try to find a specific runtime we need, in here: 1. firstly we check the $AFL_PATH environment variable location if set 2. next we check argv[0] if it has path information and use it @@ -367,7 +377,6 @@ void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) { if all these attempts fail - we return NULL and the caller has to decide what to do. Otherwise the path to obj would be allocated and returned. */ - u8 *find_object(aflcc_state_t *aflcc, u8 *obj) { u8 *argv0 = aflcc->argv0; @@ -500,6 +509,10 @@ u8 *find_object(aflcc_state_t *aflcc, u8 *obj) { } +/* + Deduce some info about compiler toolchains in current system, + from the building results of AFL++ +*/ void find_built_deps(aflcc_state_t *aflcc) { char *ptr = NULL; @@ -572,8 +585,9 @@ void find_built_deps(aflcc_state_t *aflcc) { } -/* compiler_mode & instrument_mode selecting */ +/** compiler_mode & instrument_mode selecting -----BEGIN----- **/ +/* Select compiler_mode by callname, such as "afl-clang-fast", etc. */ void compiler_mode_by_callname(aflcc_state_t *aflcc) { if (strncmp(aflcc->callname, "afl-clang-fast", 14) == 0) { @@ -611,30 +625,26 @@ void compiler_mode_by_callname(aflcc_state_t *aflcc) { aflcc->compiler_mode = GCC_PLUGIN; -#if defined(__x86_64__) - } else if (strncmp(aflcc->callname, "afl-gcc", 7) == 0 || strncmp(aflcc->callname, "afl-g++", 7) == 0) { aflcc->compiler_mode = GCC; -#endif - -#if defined(__x86_64__) - } else if (strcmp(aflcc->callname, "afl-clang") == 0 || strcmp(aflcc->callname, "afl-clang++") == 0) { aflcc->compiler_mode = CLANG; -#endif - } } +/* + Select compiler_mode by env AFL_CC_COMPILER. And passthrough mode can be + regarded as a special compiler_mode, so we check for it here, too. +*/ void compiler_mode_by_environ(aflcc_state_t *aflcc) { if (getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) { @@ -675,22 +685,14 @@ void compiler_mode_by_environ(aflcc_state_t *aflcc) { aflcc->compiler_mode = GCC_PLUGIN; -#if defined(__x86_64__) - } else if (strcasecmp(ptr, "GCC") == 0) { aflcc->compiler_mode = GCC; -#endif - -#if defined(__x86_64__) - } else if (strcasecmp(ptr, "CLANG") == 0) { aflcc->compiler_mode = CLANG; -#endif - } else FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr); @@ -699,7 +701,13 @@ void compiler_mode_by_environ(aflcc_state_t *aflcc) { } -// If it can be inferred, instrument_mode would also be set +/* + Select compiler_mode by command line options --afl-... + If it can be inferred, instrument_mode would also be set. + This can supersedes previous result based on callname + or AFL_CC_COMPILER. And "--afl_noopt"/"--afl-noopt" will + be overwritten by "-g". +*/ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { char *ptr = NULL; @@ -774,22 +782,14 @@ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { aflcc->compiler_mode = GCC_PLUGIN; -#if defined(__x86_64__) - } else if (strcasecmp(ptr, "GCC") == 0) { aflcc->compiler_mode = GCC; -#endif - -#if defined(__x86_64__) - } else if (strncasecmp(ptr, "CLANG", 5) == 0) { aflcc->compiler_mode = CLANG; -#endif - } else FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); @@ -800,6 +800,12 @@ void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) { } +/* + Select instrument_mode by those envs in old style: + - USE_TRACE_PC, AFL_USE_TRACE_PC, AFL_LLVM_USE_TRACE_PC, AFL_TRACE_PC + - AFL_LLVM_CALLER, AFL_LLVM_CTX, AFL_LLVM_CTX_K + - AFL_LLVM_NGRAM_SIZE +*/ static void instrument_mode_old_environ(aflcc_state_t *aflcc) { if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || @@ -859,7 +865,11 @@ static void instrument_mode_old_environ(aflcc_state_t *aflcc) { } -// compiler_mode would also be set if depended by the instrument_mode +/* + Select instrument_mode by env 'AFL_LLVM_INSTRUMENT'. + Previous compiler_mode will be superseded, if required by some + values of instrument_mode. +*/ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { if (!getenv("AFL_LLVM_INSTRUMENT")) { return; } @@ -960,7 +970,6 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } -#if defined(__x86_64__) if (strcasecmp(ptr2, "gcc") == 0) { if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_GCC) @@ -975,9 +984,6 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } -#endif - -#if defined(__x86_64__) if (strcasecmp(ptr2, "clang") == 0) { if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_CLANG) @@ -992,8 +998,6 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } -#endif - if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { @@ -1089,6 +1093,11 @@ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { } +/* + Select instrument_mode by envs, the top wrapper. We check + have_instr_env firstly, then call instrument_mode_old_environ + and instrument_mode_new_environ sequentially. +*/ void instrument_mode_by_environ(aflcc_state_t *aflcc) { if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST") || @@ -1112,6 +1121,10 @@ void instrument_mode_by_environ(aflcc_state_t *aflcc) { } +/* + Workaround to ensure CALLER, CTX, K-CTX and NGRAM + instrumentation were used correctly. +*/ static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) { if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && @@ -1147,6 +1160,11 @@ static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) { } +/* + Last step of compiler_mode & instrument_mode selecting. + We have a few of workarounds here, to check any corner cases, + prepare for a series of fallbacks, and raise warnings or errors. +*/ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { if (aflcc->instrument_opt_mode && @@ -1180,11 +1198,11 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { switch (aflcc->compiler_mode) { case GCC: - if (!aflcc->have_gcc) FATAL("afl-gcc not available on your platform!"); + if (!aflcc->have_gcc) FATAL("afl-gcc is not available on your platform!"); break; case CLANG: if (!aflcc->have_clang) - FATAL("afl-clang not available on your platform!"); + FATAL("afl-clang is not available on your platform!"); break; case LLVM: if (!aflcc->have_llvm) @@ -1351,6 +1369,10 @@ void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) { } +/* + Print welcome message on screen, giving brief notes about + compiler_mode and instrument_mode. +*/ void mode_notification(aflcc_state_t *aflcc) { char *ptr2 = alloc_printf(" + NGRAM-%u", aflcc->ngram_size); @@ -1389,6 +1411,17 @@ void mode_notification(aflcc_state_t *aflcc) { } +/* + Set argv[0] required by execvp. It can be + - specified by env AFL_CXX + - g++ or clang++ + - CLANGPP_BIN or LLVM_BINDIR/clang++ + when in C++ mode, or + - specified by env AFL_CC + - gcc or clang + - CLANG_BIN or LLVM_BINDIR/clang + otherwise. +*/ void add_real_argv0(aflcc_state_t *aflcc) { static u8 llvm_fullpath[PATH_MAX]; @@ -1455,7 +1488,9 @@ void add_real_argv0(aflcc_state_t *aflcc) { } -/* Macro defs for the preprocessor */ +/** compiler_mode & instrument_mode selecting -----END----- **/ + +/** Macro defs for the preprocessor -----BEGIN----- **/ void add_defs_common(aflcc_state_t *aflcc) { @@ -1464,8 +1499,11 @@ void add_defs_common(aflcc_state_t *aflcc) { } -/* See instrumentation/README.instrument_list.md# - 2-selective-instrumentation-with-_afl_coverage-directives */ +/* + __afl_coverage macro defs. See + instrumentation/README.instrument_list.md# + 2-selective-instrumentation-with-_afl_coverage-directives +*/ void add_defs_selective_instr(aflcc_state_t *aflcc) { if (aflcc->plusplus_mode) { @@ -1499,9 +1537,11 @@ void add_defs_selective_instr(aflcc_state_t *aflcc) { } -/* As documented in instrumentation/README.persistent_mode.md, deferred - forkserver initialization and persistent mode are not available in afl-gcc - and afl-clang. */ +/* + Macro defs for persistent mode. As documented in + instrumentation/README.persistent_mode.md, deferred forkserver initialization + and persistent mode are not available in afl-gcc and afl-clang. +*/ void add_defs_persistent_mode(aflcc_state_t *aflcc) { if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) return; @@ -1552,7 +1592,7 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { "({ static volatile const char *_B __attribute__((used,unused)); " " _B = (const char*)\"" PERSIST_SIG "\"; " - "extern int __afl_connected;" + "extern __attribute__((visibility(\"default\"))) int __afl_connected;" #ifdef __APPLE__ "__attribute__((visibility(\"default\"))) " "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); " @@ -1580,9 +1620,15 @@ void add_defs_persistent_mode(aflcc_state_t *aflcc) { } -/* Control _FORTIFY_SOURCE */ +/* + Control macro def of _FORTIFY_SOURCE. It will do nothing + if we detect this routine has been called previously, or + the macro already here in these existing args. +*/ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { + if (aflcc->have_fortify) { return; } + switch (action) { case 1: @@ -1599,8 +1645,11 @@ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { } + aflcc->have_fortify = 1; + } +/* Macro defs of __AFL_LEAK_CHECK, __AFL_LSAN_ON and __AFL_LSAN_OFF */ void add_defs_lsan_ctrl(aflcc_state_t *aflcc) { insert_param(aflcc, "-includesanitizer/lsan_interface.h"); @@ -1613,7 +1662,9 @@ void add_defs_lsan_ctrl(aflcc_state_t *aflcc) { } -/* About fsanitize (including PCGUARD features) */ +/** Macro defs for the preprocessor -----END----- **/ + +/** About -fsanitize -----BEGIN----- **/ /* For input "-fsanitize=...", it: @@ -1692,26 +1743,59 @@ static u8 fsanitize_fuzzer_comma(char *string) { } +/* + Parse and process possible -fsanitize related args, return PARAM_MISS + if nothing matched. We have 3 main tasks here for these args: + - Check which one of those sanitizers present here. + - Check if libfuzzer present. We need to block the request of enable + libfuzzer, and link harness with our libAFLDriver.a later. + - Check if SanCov allow/denylist options present. We need to try switching + to LLVMNATIVE instead of using our optimized PCGUARD anyway. If we + can't make it finally for various reasons, just drop these options. +*/ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; - if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && - strstr(cur_argv, "list=")) { - - if (scan) { - - aflcc->have_instr_list = 1; - final_ = PARAM_SCAN; +// MACRO START +#define HAVE_SANITIZER_SCAN_KEEP(v, k) \ + do { \ + \ + if (strstr(cur_argv, "=" STRINGIFY(k)) || \ + strstr(cur_argv, "," STRINGIFY(k))) { \ + \ + if (scan) { \ + \ + aflcc->have_##v = 1; \ + final_ = PARAM_SCAN; \ + \ + } else { \ + \ + final_ = PARAM_KEEP; \ + \ + } \ + \ + } \ + \ + } while (0) - } else { + // MACRO END - final_ = PARAM_KEEP; // may be set to DROP next + if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize="))) { - } + HAVE_SANITIZER_SCAN_KEEP(asan, address); + HAVE_SANITIZER_SCAN_KEEP(msan, memory); + HAVE_SANITIZER_SCAN_KEEP(ubsan, undefined); + HAVE_SANITIZER_SCAN_KEEP(tsan, thread); + HAVE_SANITIZER_SCAN_KEEP(lsan, leak); + HAVE_SANITIZER_SCAN_KEEP(cfisan, cfi); } +#undef HAVE_SANITIZER_SCAN_KEEP + + // We can't use a "else if" there, because some of the following + // matching rules overlap with those in the if-statement above. if (!strcmp(cur_argv, "-fsanitize=fuzzer")) { if (scan) { @@ -1751,44 +1835,27 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } - } else if ((!strncmp(cur_argv, "-fsanitize=fuzzer-", + } else if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && - strlen("-fsanitize=fuzzer-")) || - !strncmp(cur_argv, "-fsanitize-coverage", - strlen("-fsanitize-coverage"))) && - (strncmp(cur_argv, "sanitize-coverage-allow", - strlen("sanitize-coverage-allow")) && - strncmp(cur_argv, "sanitize-coverage-deny", - strlen("sanitize-coverage-deny")) && - aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE)) { + strstr(cur_argv, "list=")) { if (scan) { + aflcc->have_instr_list = 1; final_ = PARAM_SCAN; } else { - if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } - final_ = PARAM_DROP; - - } + if (aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE) { - } - - if (!strcmp(cur_argv, "-fsanitize=address") || - !strcmp(cur_argv, "-fsanitize=memory")) { - - if (scan) { + if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } + final_ = PARAM_DROP; - // "-fsanitize=undefined,address" may be un-treated, but it's OK. - aflcc->asan_set = 1; - final_ = PARAM_SCAN; + } else { - } else { + final_ = PARAM_KEEP; - // It's impossible that final_ is PARAM_DROP before, - // so no checks are needed here. - final_ = PARAM_KEEP; + } } @@ -1800,76 +1867,125 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } +/* + Add params for sanitizers. Here we need to consider: + - Use static runtime for asan, as much as possible. + - ASAN, MSAN, AFL_HARDEN are mutually exclusive. + - Add options if not found there, on request of AFL_USE_ASAN, AFL_USE_MSAN, + etc. + - Update have_* so that functions called after this can have correct context. + However this also means any functions called before should NOT depend on + these have_*, otherwise they may not work as expected. +*/ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { - if (!aflcc->asan_set) { + if (getenv("AFL_USE_ASAN") || aflcc->have_asan) { + + if (getenv("AFL_USE_MSAN") || aflcc->have_msan) + FATAL("ASAN and MSAN are mutually exclusive"); - if (getenv("AFL_USE_ASAN")) { + if (getenv("AFL_HARDEN")) + FATAL("ASAN and AFL_HARDEN are mutually exclusive"); - if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); + if (aflcc->compiler_mode == GCC_PLUGIN && !aflcc->have_staticasan) { - if (getenv("AFL_HARDEN")) - FATAL("ASAN and AFL_HARDEN are mutually exclusive"); + insert_param(aflcc, "-static-libasan"); - add_defs_fortify(aflcc, 0); - insert_param(aflcc, "-fsanitize=address"); + } - } else if (getenv("AFL_USE_MSAN")) { + add_defs_fortify(aflcc, 0); + if (!aflcc->have_asan) { insert_param(aflcc, "-fsanitize=address"); } + aflcc->have_asan = 1; - if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); + } else if (getenv("AFL_USE_MSAN") || aflcc->have_msan) { - if (getenv("AFL_HARDEN")) - FATAL("MSAN and AFL_HARDEN are mutually exclusive"); + if (getenv("AFL_USE_ASAN") || aflcc->have_asan) + FATAL("ASAN and MSAN are mutually exclusive"); - add_defs_fortify(aflcc, 0); - insert_param(aflcc, "-fsanitize=memory"); + if (getenv("AFL_HARDEN")) + FATAL("MSAN and AFL_HARDEN are mutually exclusive"); - } + add_defs_fortify(aflcc, 0); + if (!aflcc->have_msan) { insert_param(aflcc, "-fsanitize=memory"); } + aflcc->have_msan = 1; } - if (getenv("AFL_USE_UBSAN")) { + if (getenv("AFL_USE_UBSAN") || aflcc->have_ubsan) { + + if (!aflcc->have_ubsan) { + + insert_param(aflcc, "-fsanitize=undefined"); + insert_param(aflcc, "-fsanitize-undefined-trap-on-error"); + insert_param(aflcc, "-fno-sanitize-recover=all"); + + } + + if (!aflcc->have_fp) { - insert_param(aflcc, "-fsanitize=undefined"); - insert_param(aflcc, "-fsanitize-undefined-trap-on-error"); - insert_param(aflcc, "-fno-sanitize-recover=all"); - insert_param(aflcc, "-fno-omit-frame-pointer"); + insert_param(aflcc, "-fno-omit-frame-pointer"); + aflcc->have_fp = 1; + + } + + aflcc->have_ubsan = 1; } - if (getenv("AFL_USE_TSAN")) { + if (getenv("AFL_USE_TSAN") || aflcc->have_tsan) { + + if (!aflcc->have_fp) { + + insert_param(aflcc, "-fno-omit-frame-pointer"); + aflcc->have_fp = 1; + + } - insert_param(aflcc, "-fsanitize=thread"); - insert_param(aflcc, "-fno-omit-frame-pointer"); + if (!aflcc->have_tsan) { insert_param(aflcc, "-fsanitize=thread"); } + aflcc->have_tsan = 1; } - if (getenv("AFL_USE_LSAN")) { + if (getenv("AFL_USE_LSAN") && !aflcc->have_lsan) { insert_param(aflcc, "-fsanitize=leak"); add_defs_lsan_ctrl(aflcc); + aflcc->have_lsan = 1; } - if (getenv("AFL_USE_CFISAN")) { + if (getenv("AFL_USE_CFISAN") || aflcc->have_cfisan) { if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) { - insert_param(aflcc, "-fcf-protection=full"); + if (!aflcc->have_fcf) { insert_param(aflcc, "-fcf-protection=full"); } } else { - if (!aflcc->lto_mode) { + if (!aflcc->lto_mode && !aflcc->have_flto) { uint32_t i = 0, found = 0; - while (envp[i] != NULL && !found) + while (envp[i] != NULL && !found) { + if (strncmp("-flto", envp[i++], 5) == 0) found = 1; - if (!found) insert_param(aflcc, "-flto"); + + } + + if (!found) { insert_param(aflcc, "-flto"); } + aflcc->have_flto = 1; } - insert_param(aflcc, "-fsanitize=cfi"); - insert_param(aflcc, "-fvisibility=hidden"); + if (!aflcc->have_cfisan) { insert_param(aflcc, "-fsanitize=cfi"); } + + if (!aflcc->have_hidden) { + + insert_param(aflcc, "-fvisibility=hidden"); + aflcc->have_hidden = 1; + + } + + aflcc->have_cfisan = 1; } @@ -1877,42 +1993,48 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { } +/* Add params to enable LLVM SanCov, the native PCGUARD */ void add_native_pcguard(aflcc_state_t *aflcc) { + /* If there is a rust ASan runtime on the command line, it is likely we're + * linking from rust and adding native flags requiring the sanitizer runtime + * will trigger native clang to add yet another runtime, causing linker + * errors. For now we shouldn't add instrumentation here, we're linking + * anyway. + */ + if (aflcc->have_rust_asanrt) { return; } + /* If llvm-config doesn't figure out LLVM_MAJOR, just go on anyway and let compiler complain if doesn't work. */ - if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { - #if LLVM_MAJOR > 0 && LLVM_MAJOR < 6 - FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); + FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); #else #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation with pc-table requires LLVM 6.0.1+" - " otherwise the compiler will fail"); + WARNF( + "pcguard instrumentation with pc-table requires LLVM 6.0.1+" + " otherwise the compiler will fail"); #endif + if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); -#endif } else { -#if LLVM_MAJOR > 0 && LLVM_MAJOR < 4 - FATAL("pcguard instrumentation requires LLVM 4.0.1+"); -#else - #if LLVM_MAJOR == 0 - WARNF( - "pcguard instrumentation requires LLVM 4.0.1+" - " otherwise the compiler will fail"); - #endif - insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); -#endif + insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard,pc-table"); } +#endif + } +/* + Add params to launch our optimized PCGUARD on request. + It will fallback to use the native PCGUARD in some cases. If so, plz + bear in mind that instrument_mode will be set to INSTRUMENT_LLVMNATIVE. +*/ void add_optimized_pcguard(aflcc_state_t *aflcc) { #if LLVM_MAJOR >= 13 @@ -1929,7 +2051,7 @@ void add_optimized_pcguard(aflcc_state_t *aflcc) { SAYF( "Using unoptimized trace-pc-guard, due usage of " "-fsanitize-coverage-allow/denylist, you can use " - "AFL_LLVM_ALLOWLIST/AFL_LLMV_DENYLIST instead.\n"); + "AFL_LLVM_ALLOWLIST/AFL_LLVM_DENYLIST instead.\n"); insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; @@ -1964,8 +2086,14 @@ void add_optimized_pcguard(aflcc_state_t *aflcc) { } -/* Linking behaviors */ +/** About -fsanitize -----END----- **/ +/** Linking behaviors -----BEGIN----- **/ + +/* + Parse and process possible linking stage related args, + return PARAM_MISS if nothing matched. +*/ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, u8 *skip_next, char **argv) { @@ -2128,6 +2256,7 @@ param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan, } +/* Add params to specify the linker used in LTO */ void add_lto_linker(aflcc_state_t *aflcc) { unsetenv("AFL_LD"); @@ -2167,6 +2296,7 @@ void add_lto_linker(aflcc_state_t *aflcc) { } +/* Add params to launch SanitizerCoverageLTO.so when linking */ void add_lto_passes(aflcc_state_t *aflcc) { #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15 @@ -2185,6 +2315,7 @@ void add_lto_passes(aflcc_state_t *aflcc) { } +/* Add params to link with libAFLDriver.a on request */ static void add_aflpplib(aflcc_state_t *aflcc) { if (!aflcc->need_aflpplib) return; @@ -2220,6 +2351,7 @@ static void add_aflpplib(aflcc_state_t *aflcc) { } +/* Add params to link with runtimes depended by our instrumentation */ void add_runtime(aflcc_state_t *aflcc) { if (aflcc->preprocessor_only || aflcc->have_c || !aflcc->non_dash) { @@ -2281,6 +2413,11 @@ void add_runtime(aflcc_state_t *aflcc) { } + #if __AFL_CODE_COVERAGE + // Required for dladdr used in afl-compiler-rt.o + insert_param(aflcc, "-ldl"); + #endif + #if !defined(__APPLE__) && !defined(__sun) if (!aflcc->shared_linking && !aflcc->partial_linking) insert_object(aflcc, "dynamic_list.txt", "-Wl,--dynamic-list=%s", 0); @@ -2310,8 +2447,14 @@ void add_runtime(aflcc_state_t *aflcc) { } -/* Misc */ +/** Linking behaviors -----END----- **/ +/** Miscellaneous routines -----BEGIN----- **/ + +/* + Add params to make compiler driver use our afl-as + as assembler, required by the vanilla instrumentation. +*/ void add_assembler(aflcc_state_t *aflcc) { u8 *afl_as = find_object(aflcc, "as"); @@ -2328,6 +2471,7 @@ void add_assembler(aflcc_state_t *aflcc) { } +/* Add params to launch the gcc plugins for instrumentation. */ void add_gcc_plugin(aflcc_state_t *aflcc) { if (aflcc->cmplog_mode) { @@ -2344,6 +2488,7 @@ void add_gcc_plugin(aflcc_state_t *aflcc) { } +/* Add some miscellaneous params required by our instrumentation. */ void add_misc_params(aflcc_state_t *aflcc) { if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || @@ -2390,6 +2535,10 @@ void add_misc_params(aflcc_state_t *aflcc) { } +/* + Parse and process a variety of args under our matching rules, + return PARAM_MISS if nothing matched. +*/ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; @@ -2447,6 +2596,36 @@ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { SCAN_KEEP(aflcc->have_c, 1); + } else if (!strcmp(cur_argv, "-static-libasan")) { + + SCAN_KEEP(aflcc->have_staticasan, 1); + + } else if (strstr(cur_argv, "librustc") && strstr(cur_argv, "_rt.asan.a")) { + + SCAN_KEEP(aflcc->have_rust_asanrt, 1); + + } else if (!strcmp(cur_argv, "-fno-omit-frame-pointer")) { + + SCAN_KEEP(aflcc->have_fp, 1); + + } else if (!strcmp(cur_argv, "-fvisibility=hidden")) { + + SCAN_KEEP(aflcc->have_hidden, 1); + + } else if (!strcmp(cur_argv, "-flto") || !strcmp(cur_argv, "-flto=full")) { + + SCAN_KEEP(aflcc->have_flto, 1); + + } else if (!strncmp(cur_argv, "-D_FORTIFY_SOURCE", + + strlen("-D_FORTIFY_SOURCE"))) { + + SCAN_KEEP(aflcc->have_fortify, 1); + + } else if (!strncmp(cur_argv, "-fcf-protection", strlen("-fcf-protection"))) { + + SCAN_KEEP(aflcc->have_cfisan, 1); + } else if (!strncmp(cur_argv, "-O", 2)) { SCAN_KEEP(aflcc->have_o, 1); @@ -2510,6 +2689,9 @@ param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } +/** Miscellaneous routines -----END----- **/ + +/* Print help message on request */ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { @@ -2538,11 +2720,11 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { "MODES: NCC PERSIST DICT LAF " "CMPLOG SELECT\n" " [LLVM] LLVM: %s%s\n" - " PCGUARD %s yes yes module yes yes " + " PCGUARD %s yes yes module yes yes " "yes\n" - " NATIVE AVAILABLE no yes no no " + " NATIVE AVAILABLE no yes no no " "part. yes\n" - " CLASSIC %s no yes module yes yes " + " CLASSIC %s no yes module yes yes " "yes\n" " - NORMAL\n" " - CALLER\n" @@ -2805,11 +2987,27 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { } +/* + Process params passed to afl-cc. + + We have two working modes, *scan* and *non-scan*. In scan mode, + the main task is to set some variables in aflcc according to current argv[i], + while in non-scan mode, is to choose keep or drop current argv[i]. + + We have several matching routines being called sequentially in the while-loop, + and each of them try to parse and match current argv[i] according to their own + rules. If one miss match, the next will then take over. In non-scan mode, each + argv[i] mis-matched by all the routines will be kept. + + These routines are: + 1. parse_misc_params + 2. parse_fsanitize + 3. parse_linking_params + 4. `if (*cur == '@') {...}`, i.e., parse response files +*/ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, char **argv) { - limit_params(aflcc, argc); - // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]); /* Process the argument list. */ @@ -2833,134 +3031,249 @@ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, if (PARAM_MISS != parse_linking_params(aflcc, cur, scan, &skip_next, argv)) continue; + /* Response file support -----BEGIN----- + We have two choices - move everything to the command line or + rewrite the response files to temporary files and delete them + afterwards. We choose the first for easiness. + For clang, llvm::cl::ExpandResponseFiles does this, however it + only has C++ interface. And for gcc there is expandargv in libiberty, + written in C, but we can't simply copy-paste since its LGPL licensed. + So here we use an equivalent FSM as alternative, and try to be compatible + with the two above. See: + - https://gcc.gnu.org/onlinedocs/gcc/Overall-Options.html + - driver::expand_at_files in gcc.git/gcc/gcc.c + - expandargv in gcc.git/libiberty/argv.c + - llvm-project.git/clang/tools/driver/driver.cpp + - ExpandResponseFiles in + llvm-project.git/llvm/lib/Support/CommandLine.cpp + */ if (*cur == '@') { - // response file support. - // we have two choices - move everything to the command line or - // rewrite the response files to temporary files and delete them - // afterwards. We choose the first for easiness. - // We do *not* support quotes in the rsp files to cope with spaces in - // filenames etc! If you need that then send a patch! u8 *filename = cur + 1; if (aflcc->debug) { DEBUGF("response file=%s\n", filename); } - FILE *f = fopen(filename, "r"); - struct stat st; // Check not found or empty? let the compiler complain if so. - if (!f || fstat(fileno(f), &st) < 0 || st.st_size < 1) { + FILE *f = fopen(filename, "r"); + if (!f) { if (!scan) insert_param(aflcc, cur); continue; } - u8 *tmpbuf = malloc(st.st_size + 2), *ptr; - char **args = malloc(sizeof(char *) * (st.st_size >> 1)); - int count = 1, cont = 0, cont_act = 0; + struct stat st; + if (fstat(fileno(f), &st) || !S_ISREG(st.st_mode) || st.st_size < 1) { - while (fgets(tmpbuf, st.st_size + 1, f)) { + fclose(f); + if (!scan) insert_param(aflcc, cur); + continue; - ptr = tmpbuf; - // fprintf(stderr, "1: %s\n", ptr); - // no leading whitespace - while (isspace(*ptr)) { + } - ++ptr; - cont_act = 0; + // Limit the number of response files, the max value + // just keep consistent with expandargv. Only do this in + // scan mode, and not touch rsp_count anymore in the next. + static u32 rsp_count = 2000; + if (scan) { - } + if (rsp_count == 0) FATAL("Too many response files provided!"); - // no comments, no empty lines - if (*ptr == '#' || *ptr == '\n' || !*ptr) { continue; } - // remove LF - if (ptr[strlen(ptr) - 1] == '\n') { ptr[strlen(ptr) - 1] = 0; } - // remove CR - if (*ptr && ptr[strlen(ptr) - 1] == '\r') { ptr[strlen(ptr) - 1] = 0; } - // handle \ at end of line - if (*ptr && ptr[strlen(ptr) - 1] == '\\') { + --rsp_count; - cont = 1; - ptr[strlen(ptr) - 1] = 0; + } - } + // argc, argv acquired from this rsp file. Note that + // process_params ignores argv[0], we need to put a const "" here. + u32 argc_read = 1; + char **argv_read = ck_alloc(sizeof(char *)); + argv_read[0] = ""; + + char *arg_buf = NULL; + u64 arg_len = 0; + + enum fsm_state { + + fsm_whitespace, // whitespace seen so far + fsm_double_quote, // have unpaired double quote + fsm_single_quote, // have unpaired single quote + fsm_backslash, // a backslash is seen with no unpaired quote + fsm_normal // a normal char is seen + + }; + + // Workaround to append c to arg buffer, and append the buffer to argv +#define ARG_ALLOC(c) \ + do { \ + \ + ++arg_len; \ + arg_buf = ck_realloc(arg_buf, (arg_len + 1) * sizeof(char)); \ + arg_buf[arg_len] = '\0'; \ + arg_buf[arg_len - 1] = (char)c; \ + \ + } while (0) + +#define ARG_STORE() \ + do { \ + \ + ++argc_read; \ + argv_read = ck_realloc(argv_read, argc_read * sizeof(char *)); \ + argv_read[argc_read - 1] = arg_buf; \ + arg_buf = NULL; \ + arg_len = 0; \ + \ + } while (0) - // fprintf(stderr, "2: %s\n", ptr); + int cur_chr = (int)' '; // init as whitespace, as a good start :) + enum fsm_state state_ = fsm_whitespace; - // remove whitespace at end - while (*ptr && isspace(ptr[strlen(ptr) - 1])) { + while (cur_chr != EOF) { - ptr[strlen(ptr) - 1] = 0; - cont = 0; + switch (state_) { - } + case fsm_whitespace: - // fprintf(stderr, "3: %s\n", ptr); - if (*ptr) { + if (arg_buf) { + + ARG_STORE(); + break; + + } - do { + if (isspace(cur_chr)) { - u8 *value = ptr; - while (*ptr && !isspace(*ptr)) { + cur_chr = fgetc(f); - ++ptr; + } else if (cur_chr == (int)'\'') { + + state_ = fsm_single_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'"') { + + state_ = fsm_double_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'\\') { + + state_ = fsm_backslash; + cur_chr = fgetc(f); + + } else { + + state_ = fsm_normal; } - while (*ptr && isspace(*ptr)) { + break; + + case fsm_normal: + + if (isspace(cur_chr)) { + + state_ = fsm_whitespace; + + } else if (cur_chr == (int)'\'') { + + state_ = fsm_single_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'\"') { - *ptr++ = 0; + state_ = fsm_double_quote; + cur_chr = fgetc(f); + + } else if (cur_chr == (int)'\\') { + + state_ = fsm_backslash; + cur_chr = fgetc(f); + + } else { + + ARG_ALLOC(cur_chr); + cur_chr = fgetc(f); } - if (cont_act) { + break; + + case fsm_backslash: + + ARG_ALLOC(cur_chr); + cur_chr = fgetc(f); + state_ = fsm_normal; - u32 len = strlen(args[count - 1]) + strlen(value) + 1; - u8 *tmp = malloc(len); - snprintf(tmp, len, "%s%s", args[count - 1], value); - free(args[count - 1]); - args[count - 1] = tmp; - cont_act = 0; + break; + + case fsm_single_quote: + + if (cur_chr == (int)'\\') { + + cur_chr = fgetc(f); + if (cur_chr == EOF) break; + ARG_ALLOC(cur_chr); + + } else if (cur_chr == (int)'\'') { + + state_ = fsm_normal; } else { - args[count++] = strdup(value); + ARG_ALLOC(cur_chr); } - } while (*ptr); + cur_chr = fgetc(f); + break; - } + case fsm_double_quote: + + if (cur_chr == (int)'\\') { - if (cont) { + cur_chr = fgetc(f); + if (cur_chr == EOF) break; + ARG_ALLOC(cur_chr); - cont_act = 1; - cont = 0; + } else if (cur_chr == (int)'"') { + + state_ = fsm_normal; + + } else { + + ARG_ALLOC(cur_chr); + + } + + cur_chr = fgetc(f); + break; + + default: + break; } } - if (count) { process_params(aflcc, scan, count, args); } + if (arg_buf) { ARG_STORE(); } // save the pending arg after EOF - // we cannot free args[] unless we don't need - // to keep any reference in cc_params - if (scan) { +#undef ARG_ALLOC +#undef ARG_STORE - if (count) do { + if (argc_read > 1) { process_params(aflcc, scan, argc_read, argv_read); } - free(args[--count]); + // We cannot free argv_read[] unless we don't need to keep any + // reference in cc_params. Never free argv[0], the const "". + if (scan) { - } while (count); + while (argc_read > 1) + ck_free(argv_read[--argc_read]); - free(args); + ck_free(argv_read); } - free(tmpbuf); - continue; - } + } /* Response file support -----END----- */ if (!scan) insert_param(aflcc, cur); @@ -2968,8 +3281,7 @@ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, } -/* Copy argv to cc_params, making the necessary edits. */ - +/* Process each of the existing argv, also add a few new args. */ static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, char **envp) { @@ -3110,7 +3422,6 @@ static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv, } /* Main entry point */ - int main(int argc, char **argv, char **envp) { aflcc_state_t *aflcc = malloc(sizeof(aflcc_state_t)); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 3f9bfa728d..214b4fe994 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1017,6 +1017,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (rlen == 4) { + if (status >= 0x41464c00 && status <= 0x41464cff) { + + FATAL("Target uses the new forkserver model, you need to switch to a newer afl-fuzz too!"); + + } + if (!be_quiet) { OKF("All right - fork server is up."); } if (getenv("AFL_DEBUG")) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 3593291353..8ab44a3b56 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -124,6 +124,9 @@ void bind_to_free_cpu(afl_state_t *afl) { } WARNF("Not binding to a CPU core (AFL_NO_AFFINITY set)."); + #ifdef __linux__ + if (afl->fsrv.nyx_mode) { afl->fsrv.nyx_bind_cpu_id = 0; } + #endif return; } @@ -151,6 +154,9 @@ void bind_to_free_cpu(afl_state_t *afl) { } else { OKF("CPU binding request using -b %d successful.", afl->cpu_to_bind); + #ifdef __linux__ + if (afl->fsrv.nyx_mode) { afl->fsrv.nyx_bind_cpu_id = afl->cpu_to_bind; } + #endif } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 2d5787e804..8cf6c73583 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -165,7 +165,7 @@ static void usage(u8 *argv0, int more_help) { "\n" "Mutator settings:\n" - " -a - target input format, \"text\" or \"binary\" (default: " + " -a type - target input format, \"text\" or \"binary\" (default: " "generic)\n" " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " @@ -1915,6 +1915,15 @@ int main(int argc, char **argv_orig, char **envp) { bind_to_free_cpu(afl); #endif /* HAVE_AFFINITY */ + #ifdef __linux__ + if (afl->fsrv.nyx_mode && afl->fsrv.nyx_bind_cpu_id == 0xFFFFFFFF) { + + afl->fsrv.nyx_bind_cpu_id = 0; + + } + + #endif + #ifdef __HAIKU__ /* Prioritizes performance over power saving */ set_scheduler_mode(SCHEDULER_MODE_LOW_LATENCY); diff --git a/test/test-all.sh b/test/test-all.sh index 3cb692caf2..65cfb812a7 100755 --- a/test/test-all.sh +++ b/test/test-all.sh @@ -16,6 +16,8 @@ . ./test-frida-mode.sh +. ./test-nyx-mode.sh + . ./test-unicorn-mode.sh . ./test-custom-mutators.sh diff --git a/test/test-basic.sh b/test/test-basic.sh index 61ad4b7c19..7005d3cee1 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -2,6 +2,7 @@ . ./test-pre.sh +OS=$(uname -s) AFL_GCC=afl-gcc $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" @@ -61,7 +62,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } # now we want to be sure that afl-fuzz is working # make sure crash reporter is disabled on Mac OS X - (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + (test "$OS" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" true }) || { @@ -84,16 +85,20 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } echo 000000000000000000000000 > in/in2 echo 111 > in/in3 - mkdir -p in2 - ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? - CNT=`ls in2/* 2>/dev/null | wc -l` - case "$CNT" in - *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; - *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 - ;; - esac - rm -f in2/in* + test "$OS" = "Darwin" && { + $ECHO "$GREY[*] afl-cmin not available on macOS, cannot test afl-cmin" + } || { + mkdir -p in2 + ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? + CNT=`ls in2/* 2>/dev/null | wc -l` + case "$CNT" in + *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; + *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + ;; + esac + rm -f in2/in* + } export AFL_QUIET=1 if command -v bash >/dev/null ; then { ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null @@ -182,7 +187,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } # now we want to be sure that afl-fuzz is working # make sure crash reporter is disabled on Mac OS X - (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + (test "$OS" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" true }) || { @@ -204,25 +209,29 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc } } echo 000000000000000000000000 > in/in2 - echo AAA > in/in3 - mkdir -p in2 - ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? - CNT=`ls in2/* 2>/dev/null | wc -l` - case "$CNT" in - *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; - \ *1|1) { # allow leading whitecase for portability - test -s in2/* && $ECHO "$YELLOW[?] afl-cmin did minimize to one testcase. This can be a bug or due compiler optimization." - test -s in2/* || { - $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 + echo AAA > in/in2 + test "$OS" = "Darwin" && { + $ECHO "$GREY[*] afl-cmin not available on macOS, cannot test afl-cmin" + } || { + mkdir -p in2 + ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? + CNT=`ls in2/* 2>/dev/null | wc -l` + case "$CNT" in + *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; + \ *1|1) { # allow leading whitecase for portability + test -s in2/* && $ECHO "$YELLOW[?] afl-cmin did minimize to one testcase. This can be a bug or due compiler optimization." + test -s in2/* || { + $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + } } - } - ;; - *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 - ;; - esac - rm -f in2/in* + ;; + *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + ;; + esac + rm -f in2/in* + } export AFL_QUIET=1 if command -v bash >/dev/null ; then { ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null diff --git a/test/test-compilers.sh b/test/test-compilers.sh new file mode 100755 index 0000000000..b47cf38d5d --- /dev/null +++ b/test/test-compilers.sh @@ -0,0 +1,7 @@ +#!/bin/sh +echo Testing compilers ... +for cc in afl-cc afl-gcc afl-clang afl-clang-fast afl-clang-lto afl-gcc-fast; do + test -e ../$cc && { { ../$cc -o t ../test-instr.c >/dev/null 2<&1 && echo Success: $cc ; } || echo Failing: $cc ; } || echo Missing: $cc +done +rm -f t +echo Done! diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 95e43b1c0d..53bbd7b4d5 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -2,6 +2,8 @@ . ./test-pre.sh +OS=$(uname -s) + $ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 @@ -123,7 +125,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } # now we want to be sure that afl-fuzz is working # make sure crash reporter is disabled on Mac OS X - (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + (test "$OS" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" CODE=1 true @@ -146,18 +148,22 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } } test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" || { + mkdir -p in2 echo 000000000000000000000000 > in/in2 echo 111 > in/in3 - mkdir -p in2 - ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? - CNT=`ls in2/* 2>/dev/null | wc -l` - case "$CNT" in - *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; - *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" - CODE=1 - ;; - esac - rm -f in2/in* + test "$OS" = "Darwin" && { + $ECHO "$GREY[*] afl-cmin not available on macOS, cannot test afl-cmin" + } || { + ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? + CNT=`ls in2/* 2>/dev/null | wc -l` + case "$CNT" in + *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; + *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" + CODE=1 + ;; + esac + rm -f in2/in* + } export AFL_QUIET=1 if type bash >/dev/null ; then { ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh new file mode 100755 index 0000000000..6de63f1b3f --- /dev/null +++ b/test/test-nyx-mode.sh @@ -0,0 +1,79 @@ +#!/bin/sh + +. ./test-pre.sh + +$ECHO "$BLUE[*] Testing: nyx_mode" + +test "$CI" = "true" && { + $ECHO "$YELLOW[-] nyx_mode cannot be tested in the Github CI, skipping ..." + exit 0 +} + +unset AFL_CC + +test -e ../libnyx.so && { + ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 + test -e test-instr && { + { + rm -rf nyx-test in out + $ECHO "$GREY[*] running nyx_packer" + python3 ../nyx_mode/packer/packer/nyx_packer.py \ + ./test-instr \ + nyx-test \ + afl \ + instrumentation \ + --fast_reload_mode \ + --purge > /dev/null 2>&1 + + test -e nyx-test/test-instr && { + + $ECHO "$GREY[*] running nyx_config_gen" + python3 ../nyx_mode/packer/packer/nyx_config_gen.py nyx-test Kernel > /dev/null 2>&1 + + test -e nyx-test/config.ron && { + sudo modprobe -r kvm-intel + sudo modprobe -r kvm + sudo modprobe kvm enable_vmware_backdoor=y + sudo modprobe kvm-intel + #cat /sys/module/kvm/parameters/enable_vmware_backdoor + + mkdir -p in + echo 00000 > in/in + $ECHO "$GREY[*] running afl-fuzz for nyx_mode, this will take approx 10 seconds" + { + AFL_DEBUG=1 ../afl-fuzz -i in -o out -V05 -X -- ./nyx-test >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with nyx_mode" + RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` + rm -rf errors nyx-test test-instr in out + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with nyx_mode" + CODE=1 + } + } || { + $ECHO "$RED[!] nyx_packer failed, likely install requirements not met." + CODE=1 + } + } || { + $ECHO "$RED[!] nyx_packer failed, likely install requirements not met." + CODE=1 + } + #rm -rf test-instr in out errors nyx-test + } + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-cc compilation of test targets failed - what is going on??" + CODE=1 + } +} || { + $ECHO "$YELLOW[-] nyx_mode is not compiled, cannot test" + INCOMPLETE=1 +} + +. ./test-post.sh diff --git a/test/test-pre.sh b/test/test-pre.sh index 1ca9dfb57e..ce99641590 100755 --- a/test/test-pre.sh +++ b/test/test-pre.sh @@ -20,7 +20,7 @@ echo foobar | grep -qE 'asd|oob' 2>/dev/null || { echo Error: grep command does test -e ./test-all.sh || cd $(dirname $0) || exit 1 test -e ./test-all.sh || { echo Error: you must be in the test/ directory ; exit 1 ; } export AFL_PATH=`pwd`/.. -export AFL_NO_AFFINITY=1 # workaround for travis that fails for no avail cores +export AFL_TRY_AFFINITY=1 # workaround for travis that fails for no avail cores echo 1 > test.1 echo 1 > test.2 diff --git a/utils/dynamic_covfilter/README.md b/utils/dynamic_covfilter/README.md new file mode 100644 index 0000000000..381e085521 --- /dev/null +++ b/utils/dynamic_covfilter/README.md @@ -0,0 +1,60 @@ +# Dynamic Instrumentation Filter + +Sometimes it can be beneficial to limit the instrumentation feedback to +specific code locations. It is possible to do so at compile-time by simply +not instrumenting any undesired locations. However, there are situations +where doing this dynamically without requiring a new build can be beneficial. +Especially when dealing with larger builds, it is much more convenient to +select the target code locations at runtime instead of doing so at build time. + +There are two ways of doing this in AFL++. Both approaches require a build of +AFL++ with `CODE_COVERAGE=1`, so make sure to build AFL++ first by invoking + +`CODE_COVERAGE=1 make` + +Once you have built AFL++, you can choose out of two approaches: + +## Simple Selection with `AFL_PC_FILTER` + +This approach requires a build with `AFL_INSTRUMENTATION=llvmnative` or +`llvmcodecov` as well as an AddressSanitizer build with debug information. + +By setting the environment variable `AFL_PC_FILTER` to a string, the runtime +symbolizer is enabled in the AFL++ runtime. At startup, the runtime will call +the `__sanitizer_symbolize_pc` API to resolve every PC in every loaded module. +The runtime then matches the result using `strstr` and disables the PC guard +if the symbolized PC does not contain the specified string. + +This approach has the benefit of being very easy to use. The downside is that +it causes significant startup delays with large binaries and that it requires +an AddressSanitizer build. + +This method has no additional runtime overhead after startup. + +## Selection using pre-symbolized data file with `AFL_PC_FILTER_FILE` + +To avoid large startup time delays, a specific module can be pre-symbolized +using the `make_symbol_list.py` script. This script outputs a sorted list of +functions with their respective relative offsets and lengths in the target +binary: + +`python3 make_symbol_list.py libxul.so > libxul.symbols.txt` + +The resulting list can be filtered, e.g. using grep: + +`grep -i "webgl" libxul.symbols.txt > libxul.webgl.symbols.txt` + +Finally, you can run with `AFL_PC_FILTER_FILE=libxul.webgl.symbols.txt` to +restrict instrumentation feedback to the given locations. This approach only +has a minimal startup time delay due to the implementation only using binary +search on the given file per PC rather than reading debug information for every +PC. It also works well with Nyx, where symbolizing is usually disabled for the +target process to avoid delays with frequent crashes. + +Similar to the previous method, This approach requires a build with +`AFL_INSTRUMENTATION=llvmnative` or `llvmcodecov` as well debug information. +However, it does not require the ASan runtime as it doesn't do the symbolizing +in process. Due to the way it maps PCs to symbols, it is less accurate when it +comes to includes and inlines (it assumes all PCs within a function belong to +that function and originate from the same file). For most purposes, this should +be a reasonable simplification to quickly process even the largest binaries. diff --git a/utils/dynamic_covfilter/make_symbol_list.py b/utils/dynamic_covfilter/make_symbol_list.py new file mode 100644 index 0000000000..d1dd6ab392 --- /dev/null +++ b/utils/dynamic_covfilter/make_symbol_list.py @@ -0,0 +1,73 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# Written by Christian Holler + +import json +import os +import sys +import subprocess + +if len(sys.argv) != 2: + print("Usage: %s binfile" % os.path.basename(sys.argv[0])) + sys.exit(1) + +binfile = sys.argv[1] + +addr2len = {} +addrs = [] + +output = subprocess.check_output(["objdump", "-t", binfile]).decode("utf-8") +for line in output.splitlines(): + line = line.replace("\t", " ") + components = [x for x in line.split(" ") if x] + if not components: + continue + try: + start_addr = int(components[0], 16) + except ValueError: + continue + + # Length has variable position in objdump output + length = None + for comp in components[1:]: + if len(comp) == 16: + try: + length = int(comp, 16) + break + except: + continue + + if length is None: + print("ERROR: Couldn't determine function section length: %s" % line) + + func = components[-1] + + addrs.append(start_addr) + addr2len[str(hex(start_addr))] = str(length) + +# The search implementation in the AFL runtime expects everything sorted. +addrs.sort() +addrs = [str(hex(addr)) for addr in addrs] + +# We symbolize in one go to speed things up with large binaries. +output = subprocess.check_output([ + "llvm-addr2line", + "--output-style=JSON", + "-f", "-C", "-a", "-e", + binfile], + input="\n".join(addrs).encode("utf-8")).decode("utf-8") + +output = output.strip().splitlines() +for line in output: + output = json.loads(line) + if "Symbol" in output and output["Address"] in addr2len: + final_output = [ + output["Address"], + addr2len[output["Address"]], + os.path.basename(output["ModuleName"]), + output["Symbol"][0]["FileName"], + output["Symbol"][0]["FunctionName"] + ] + print("\t".join(final_output)) From 06f0982f0f4506e18872efb86b97993f2518988c Mon Sep 17 00:00:00 2001 From: Han Zheng <35988108+kdsjZh@users.noreply.github.com> Date: Thu, 1 Feb 2024 15:13:21 +0100 Subject: [PATCH 347/357] Enhancement on Deterministic stage (#1972) * fuzzer: init commit based on aflpp 60dc37a8cf09f8e9048e4b6a2204d6c90b27655a * fuzzers: adding the skip variables and initialize * log: profile the det/havoc finding * log: add profile log output * fuzzers: sperate log/skipdet module * fuzzers: add quick eff_map calc * fuzzers: add skip_eff_map in fuzz_one * fuzzers: mark whole input space in eff_map * fuzzers: add undet bit threshold to skip some seeds * fuzzers: fix one byte overflow * fuzzers: fix overflow * fix code format * add havoc only again * code format * remove log to INTROSPECTION, rename skipdet module * rename skipdet module * remove log to stats * clean redundant code * code format * remove redundant code format check * remove redundant doc * remove redundant objects * clean files * change -d to default skipdet * disable deterministic when using CUSTOM_MUTATOR * revert fix --- include/afl-fuzz.h | 58 ++++++ include/config.h | 12 ++ include/forkserver.h | 3 +- src/afl-fuzz-init.c | 15 ++ src/afl-fuzz-one.c | 166 ++++++++++++----- src/afl-fuzz-queue.c | 11 ++ src/afl-fuzz-skipdet.c | 403 +++++++++++++++++++++++++++++++++++++++++ src/afl-fuzz-state.c | 10 +- src/afl-fuzz-stats.c | 38 ++++ src/afl-fuzz.c | 13 +- 10 files changed, 680 insertions(+), 49 deletions(-) create mode 100644 src/afl-fuzz-skipdet.c diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index f1813df652..c2b09b2e84 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -149,6 +149,48 @@ struct tainted { }; +struct inf_profile { + + u32 inf_skipped_bytes; /* Inference Stage Profiling */ + u64 inf_execs_cost, inf_time_cost; + +}; + +/* ToDo: add cmplog profile as well */ +struct havoc_profile { + + u32 queued_det_stage, /* Det/Havoc Stage Profiling */ + queued_havoc_stage, total_queued_det, edge_det_stage, edge_havoc_stage, + total_det_edge; + + u64 det_stage_time, havoc_stage_time, total_det_time; + +}; + +struct skipdet_entry { + + u8 continue_inf, done_eff; + u32 undet_bits, quick_eff_bytes; + + u8 *skip_eff_map, /* we'v finish the eff_map */ + *done_inf_map; /* some bytes are not done yet */ + +}; + +struct skipdet_global { + + u8 use_skip_havoc; + + u32 undet_bits_threshold; + + u64 last_cov_undet; + + u8 *virgin_det_bits; /* global fuzzed bits */ + + struct inf_profile *inf_prof; + +}; + struct queue_entry { u8 *fname; /* File name for the test case */ @@ -203,6 +245,8 @@ struct queue_entry { struct queue_entry *mother; /* queue entry this based on */ + struct skipdet_entry *skipdet_e; + }; struct extra_data { @@ -247,6 +291,8 @@ enum { /* 19 */ STAGE_CUSTOM_MUTATOR, /* 20 */ STAGE_COLORIZATION, /* 21 */ STAGE_ITS, + /* 22 */ STAGE_INF, + /* 23 */ STAGE_QUICK, STAGE_NUM_MAX @@ -782,6 +828,11 @@ typedef struct afl_state { * is too large) */ struct queue_entry **q_testcase_cache; + /* Global Profile Data for deterministic/havoc-splice stage */ + struct havoc_profile *havoc_prof; + + struct skipdet_global *skipdet_g; + #ifdef INTROSPECTION char mutation[8072]; char m_tmp[4096]; @@ -1232,6 +1283,13 @@ AFL_RAND_RETURN rand_next(afl_state_t *afl); /* probability between 0.0 and 1.0 */ double rand_next_percent(afl_state_t *afl); +/* SkipDet Functions */ + +u8 skip_deterministic_stage(afl_state_t *, u8 *, u8 *, u32, u64); +u8 is_det_timeout(u64, u8); + +void plot_profile_data(afl_state_t *, struct queue_entry *); + /**** Inline routines ****/ /* Generate a random number (from 0 to limit - 1). This may diff --git a/include/config.h b/include/config.h index 63340650ea..7ad73c2f24 100644 --- a/include/config.h +++ b/include/config.h @@ -52,6 +52,18 @@ /* Default file permission umode when creating files (default: 0600) */ #define DEFAULT_PERMISSION 0600 +/* SkipDet's global configuration */ + +#define MINIMAL_BLOCK_SIZE 64 +#define SMALL_DET_TIME (60 * 1000 * 1000U) +#define MAXIMUM_INF_EXECS (16 * 1024U) +#define MAXIMUM_QUICK_EFF_EXECS (64 * 1024U) +#define THRESHOLD_DEC_TIME (20 * 60 * 1000U) + +/* Set the Prob of selecting eff_bytes 3 times more than original, + Now disabled */ +#define EFF_HAVOC_RATE 3 + /* CMPLOG/REDQUEEN TUNING * * Here you can modify tuning and solving options for CMPLOG. diff --git a/include/forkserver.h b/include/forkserver.h index f6230fe8c4..f1d3b5b100 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -126,7 +126,8 @@ typedef struct afl_forkserver { u8 *out_file, /* File to fuzz, if any */ *target_path; /* Path of the target */ - FILE *plot_file; /* Gnuplot output file */ + FILE *plot_file, /* Gnuplot output file */ + *det_plot_file; /* Note: last_run_timed_out is u32 to send it to the child as 4 byte array */ u32 last_run_timed_out; /* Traced process timed out? */ diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 8ab44a3b56..057d8cf5f9 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2236,6 +2236,21 @@ void setup_dirs_fds(afl_state_t *afl) { fflush(afl->fsrv.plot_file); +#ifdef INTROSPECTION + + tmp = alloc_printf("%s/plot_det_data", afl->out_dir); + + int fd = open(tmp, O_WRONLY | O_CREAT, DEFAULT_PERMISSION); + if (fd < 0) { PFATAL("Unable to create '%s'", tmp); } + ck_free(tmp); + + afl->fsrv.det_plot_file = fdopen(fd, "w"); + if (!afl->fsrv.det_plot_file) { PFATAL("fdopen() failed"); } + + if (afl->in_place_resume) { fseek(afl->fsrv.det_plot_file, 0, SEEK_END); } + +#endif + /* ignore errors */ } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 01e34b69cf..4a7d3fad97 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -545,12 +545,37 @@ u8 fuzz_one_original(afl_state_t *afl) { } + u64 before_det_time = get_cur_time(); +#ifdef INTROSPECTION + + u64 before_havoc_time; + u32 before_det_findings = afl->queued_items, + before_det_edges = count_non_255_bytes(afl, afl->virgin_bits), + before_havoc_findings, before_havoc_edges; + u8 is_logged = 0; + +#endif + if (!afl->skip_deterministic) { + + if (!skip_deterministic_stage(afl, in_buf, out_buf, len, before_det_time)) { + + goto abandon_entry; + + } + + } + + u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map; + /* Skip right away if -d is given, if it has not been chosen sufficiently often to warrant the expensive deterministic stage (fuzz_level), or if it has gone through deterministic testing in earlier, resumed runs (passed_det). */ + /* if skipdet decide to skip the seed or no interesting bytes found, + we skip the whole deterministic stage as well */ if (likely(afl->skip_deterministic) || likely(afl->queue_cur->passed_det) || + likely(!afl->queue_cur->skipdet_e->quick_eff_bytes) || likely(perf_score < (afl->queue_cur->depth * 30 <= afl->havoc_max_mult * 100 ? afl->queue_cur->depth * 30 @@ -609,6 +634,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur >> 3; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + FLIP_BIT(out_buf, afl->stage_cur); #ifdef INTROSPECTION @@ -725,6 +754,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur >> 3; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + FLIP_BIT(out_buf, afl->stage_cur); FLIP_BIT(out_buf, afl->stage_cur + 1); @@ -760,6 +793,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur >> 3; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + FLIP_BIT(out_buf, afl->stage_cur); FLIP_BIT(out_buf, afl->stage_cur + 1); FLIP_BIT(out_buf, afl->stage_cur + 2); @@ -828,6 +865,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + out_buf[afl->stage_cur] ^= 0xFF; #ifdef INTROSPECTION @@ -837,37 +878,6 @@ u8 fuzz_one_original(afl_state_t *afl) { if (common_fuzz_stuff(afl, out_buf, len)) { goto abandon_entry; } - /* We also use this stage to pull off a simple trick: we identify - bytes that seem to have no effect on the current execution path - even when fully flipped - and we skip them during more expensive - deterministic stages, such as arithmetics or known ints. */ - - if (!eff_map[EFF_APOS(afl->stage_cur)]) { - - u64 cksum; - - /* If in non-instrumented mode or if the file is very short, just flag - everything without wasting time on checksums. */ - - if (!afl->non_instrumented_mode && len >= EFF_MIN_LEN) { - - cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); - - } else { - - cksum = ~prev_cksum; - - } - - if (cksum != prev_cksum) { - - eff_map[EFF_APOS(afl->stage_cur)] = 1; - ++eff_cnt; - - } - - } - out_buf[afl->stage_cur] ^= 0xFF; } @@ -876,18 +886,8 @@ u8 fuzz_one_original(afl_state_t *afl) { whole thing as worth fuzzing, since we wouldn't be saving much time anyway. */ - if (eff_cnt != (u32)EFF_ALEN(len) && - eff_cnt * 100 / EFF_ALEN(len) > EFF_MAX_PERC) { - - memset(eff_map, 1, EFF_ALEN(len)); - - afl->blocks_eff_select += EFF_ALEN(len); - - } else { - - afl->blocks_eff_select += eff_cnt; - - } + memset(eff_map, 1, EFF_ALEN(len)); + afl->blocks_eff_select += EFF_ALEN(len); afl->blocks_eff_total += EFF_ALEN(len); @@ -921,6 +921,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; *(u16 *)(out_buf + i) ^= 0xFFFF; @@ -967,6 +971,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; *(u32 *)(out_buf + i) ^= 0xFFFFFFFF; @@ -1023,6 +1031,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 1; j <= ARITH_MAX; ++j) { @@ -1110,6 +1122,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 1; j <= ARITH_MAX; ++j) { @@ -1244,6 +1260,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 1; j <= ARITH_MAX; ++j) { @@ -1381,6 +1401,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 0; j < (u32)sizeof(interesting_8); ++j) { @@ -1444,6 +1468,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 0; j < sizeof(interesting_16) / 2; ++j) { @@ -1536,6 +1564,10 @@ u8 fuzz_one_original(afl_state_t *afl) { } + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 0; j < sizeof(interesting_32) / 4; ++j) { @@ -1626,6 +1658,10 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 last_len = 0; + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; /* Extras are sorted by size, from smallest to largest. This means @@ -1693,6 +1729,10 @@ u8 fuzz_one_original(afl_state_t *afl) { for (i = 0; i <= (u32)len; ++i) { + if (!skip_eff_map[i % len]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 0; j < afl->extras_cnt; ++j) { @@ -1755,6 +1795,10 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 last_len = 0; + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; u32 min_extra_len = MIN(afl->a_extras_cnt, (u32)USE_AUTO_EXTRAS); @@ -1813,6 +1857,10 @@ u8 fuzz_one_original(afl_state_t *afl) { for (i = 0; i <= (u32)len; ++i) { + if (!skip_eff_map[i % len]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 0; j < afl->a_extras_cnt; ++j) { @@ -2020,6 +2068,19 @@ u8 fuzz_one_original(afl_state_t *afl) { havoc_stage: +#ifdef INTROSPECTION + + if (!is_logged) { + + is_logged = 1; + before_havoc_findings = afl->queued_items; + before_havoc_edges = count_non_255_bytes(afl, afl->virgin_bits); + before_havoc_time = get_cur_time(); + + } + +#endif + if (unlikely(afl->custom_only)) { /* Force UI update */ @@ -3430,6 +3491,25 @@ u8 fuzz_one_original(afl_state_t *afl) { ret_val = 0; +#ifdef INTROSPECTION + + afl->havoc_prof->queued_det_stage = + before_havoc_findings - before_det_findings; + afl->havoc_prof->queued_havoc_stage = + afl->queued_items - before_havoc_findings; + afl->havoc_prof->total_queued_det += afl->havoc_prof->queued_det_stage; + afl->havoc_prof->edge_det_stage = before_havoc_edges - before_det_edges; + afl->havoc_prof->edge_havoc_stage = + count_non_255_bytes(afl, afl->virgin_bits) - before_havoc_edges; + afl->havoc_prof->total_det_edge += afl->havoc_prof->edge_det_stage; + afl->havoc_prof->det_stage_time = before_havoc_time - before_det_time; + afl->havoc_prof->havoc_stage_time = get_cur_time() - before_havoc_time; + afl->havoc_prof->total_det_time += afl->havoc_prof->det_stage_time; + + plot_profile_data(afl, afl->queue_cur); + +#endif + /* we are through with this queue entry - for this iteration */ abandon_entry: diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 4b9627f7bb..67931bbaa0 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -664,6 +664,8 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { } + q->skipdet_e = (struct skipdet_entry *)ck_alloc(sizeof(struct skipdet_entry)); + } /* Destroy the entire queue. */ @@ -679,6 +681,15 @@ void destroy_queue(afl_state_t *afl) { q = afl->queue_buf[i]; ck_free(q->fname); ck_free(q->trace_mini); + if (q->skipdet_e) { + + if (q->skipdet_e->done_inf_map) ck_free(q->skipdet_e->done_inf_map); + if (q->skipdet_e->skip_eff_map) ck_free(q->skipdet_e->skip_eff_map); + + ck_free(q->skipdet_e); + + } + ck_free(q); } diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c new file mode 100644 index 0000000000..e52d59a32b --- /dev/null +++ b/src/afl-fuzz-skipdet.c @@ -0,0 +1,403 @@ + + +#include "afl-fuzz.h" + +void flip_range(u8 *input, u32 pos, u32 size) { + + for (u32 i = 0; i < size; i++) + input[pos + i] ^= 0xFF; + + return; + +} + +#define MAX_EFF_TIMEOUT (10 * 60 * 1000) +#define MAX_DET_TIMEOUT (15 * 60 * 1000) +u8 is_det_timeout(u64 cur_ms, u8 is_flip) { + + if (is_flip) { + + if (unlikely(get_cur_time() - cur_ms > MAX_EFF_TIMEOUT)) return 1; + + } else { + + if (unlikely(get_cur_time() - cur_ms > MAX_DET_TIMEOUT)) return 1; + + } + + return 0; + +} + +/* decide if the seed should be deterministically fuzzed */ + +u8 should_det_fuzz(afl_state_t *afl, struct queue_entry *q) { + + if (!afl->skipdet_g->virgin_det_bits) { + + afl->skipdet_g->virgin_det_bits = + (u8 *)ck_alloc(sizeof(u8) * afl->fsrv.map_size); + + } + + if (!q->favored || q->passed_det) return 0; + if (!q->trace_mini) return 0; + + if (!afl->skipdet_g->last_cov_undet) + afl->skipdet_g->last_cov_undet = get_cur_time(); + + if (get_cur_time() - afl->skipdet_g->last_cov_undet >= THRESHOLD_DEC_TIME) { + + if (afl->skipdet_g->undet_bits_threshold >= 2) { + + afl->skipdet_g->undet_bits_threshold *= 0.75; + afl->skipdet_g->last_cov_undet = get_cur_time(); + + } + + } + + u32 new_det_bits = 0; + + for (u32 i = 0; i < afl->fsrv.map_size; i++) { + + if (unlikely(q->trace_mini[i >> 3] & (1 << (i & 7)))) { + + if (!afl->skipdet_g->virgin_det_bits[i]) { new_det_bits++; } + + } + + } + + if (!afl->skipdet_g->undet_bits_threshold) + afl->skipdet_g->undet_bits_threshold = new_det_bits * 0.05; + + if (new_det_bits >= afl->skipdet_g->undet_bits_threshold) { + + afl->skipdet_g->last_cov_undet = get_cur_time(); + q->skipdet_e->undet_bits = new_det_bits; + + for (u32 i = 0; i < afl->fsrv.map_size; i++) { + + if (unlikely(q->trace_mini[i >> 3] & (1 << (i & 7)))) { + + if (!afl->skipdet_g->virgin_det_bits[i]) + afl->skipdet_g->virgin_det_bits[i] = 1; + + } + + } + + return 1; + + } + + return 0; + +} + +/* + consists of two stages that + return 0 if exec failed. +*/ + +u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, + u32 len, u64 before_det_time) { + + u64 orig_hit_cnt, new_hit_cnt; + + if (afl->queue_cur->skipdet_e->done_eff) return 1; + + if (!should_det_fuzz(afl, afl->queue_cur)) return 1; + + /* Add check to make sure that for seeds without too much undet bits, + we ignore them */ + + /****************** + * SKIP INFERENCE * + ******************/ + + afl->stage_short = "inf"; + afl->stage_name = "inference"; + afl->stage_cur = 0; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; + + u8 *inf_eff_map = (u8 *)ck_alloc(sizeof(u8) * len); + memset(inf_eff_map, 1, sizeof(u8) * len); + + if (common_fuzz_stuff(afl, orig_buf, len)) { return 0; } + + u64 prev_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + u64 _prev_cksum = prev_cksum; + + if (MINIMAL_BLOCK_SIZE * 8 < len) { + + // u64 size_skiped = 0, quick_skip_exec = total_execs, quick_skip_time = + // get_cur_time(); + u64 pre_inf_exec = afl->fsrv.total_execs, pre_inf_time = get_cur_time(); + + /* if determine stage time / input size is too small, just go ahead */ + + u32 pos = 0, cur_block_size = MINIMAL_BLOCK_SIZE, max_block_size = len / 8; + + while (pos < len - 1) { + + cur_block_size = MINIMAL_BLOCK_SIZE; + + while (cur_block_size < max_block_size) { + + u32 flip_block_size = + (cur_block_size + pos < len) ? cur_block_size : len - 1 - pos; + + afl->stage_cur += 1; + + flip_range(out_buf, pos, flip_block_size); + + if (common_fuzz_stuff(afl, out_buf, len)) return 0; + + flip_range(out_buf, pos, flip_block_size); + + u64 cksum = + hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + + // printf("Now trying range %d with %d, %s.\n", pos, cur_block_size, + // (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); + + /* continue until we fail or exceed length */ + if (cksum == _prev_cksum) { + + cur_block_size *= 2; + + if (cur_block_size >= len - 1 - pos) break; + + } else { + + break; + + } + + } + + if (cur_block_size == MINIMAL_BLOCK_SIZE) { + + /* we failed early on*/ + + pos += cur_block_size; + + } else { + + u32 cur_skip_len = (cur_block_size / 2 + pos < len) + ? (cur_block_size / 2) + : (len - pos - 1); + + memset(inf_eff_map + pos, 0, cur_skip_len); + + afl->skipdet_g->inf_prof->inf_skipped_bytes += cur_skip_len; + + pos += cur_skip_len; + + } + + } + + afl->skipdet_g->inf_prof->inf_execs_cost += + (afl->fsrv.total_execs - pre_inf_exec); + afl->skipdet_g->inf_prof->inf_time_cost += (get_cur_time() - pre_inf_time); + // PFATAL("Done, now have %d bytes skipped, with exec %lld, time %lld.\n", + // afl->inf_skipped_bytes, afl->inf_execs_cost, afl->inf_time_cost); + + } else + + memset(inf_eff_map, 1, len); + + new_hit_cnt = afl->queued_items + afl->saved_crashes; + + afl->stage_finds[STAGE_INF] += new_hit_cnt - orig_hit_cnt; + afl->stage_cycles[STAGE_INF] += afl->stage_cur; + + /**************************** + * Quick Skip Effective Map * + ****************************/ + + /* Quick Effective Map Calculation */ + + afl->stage_short = "quick"; + afl->stage_name = "quick eff"; + afl->stage_cur = 0; + afl->stage_max = 32 * 1024; + + orig_hit_cnt = afl->queued_items + afl->saved_crashes; + + u32 before_skip_inf = afl->queued_items; + + /* clean all the eff bytes, since previous eff bytes are already fuzzed */ + u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map, + *done_inf_map = afl->queue_cur->skipdet_e->done_inf_map; + + if (!skip_eff_map) { + + skip_eff_map = (u8 *)ck_alloc(sizeof(u8) * len); + afl->queue_cur->skipdet_e->skip_eff_map = skip_eff_map; + + } else { + + memset(skip_eff_map, 0, sizeof(u8) * len); + + } + + /* restore the starting point */ + if (!done_inf_map) { + + done_inf_map = (u8 *)ck_alloc(sizeof(u8) * len); + afl->queue_cur->skipdet_e->done_inf_map = done_inf_map; + + } else { + + for (afl->stage_cur = 0; afl->stage_cur < len; afl->stage_cur++) { + + if (done_inf_map[afl->stage_cur] == 0) break; + + } + + } + + /* depending on the seed's performance, we could search eff bytes + for multiple rounds */ + + u8 eff_round_continue = 1, eff_round_done = 0, done_eff = 0, repeat_eff = 0, + fuzz_nearby = 0, *non_eff_bytes = 0; + + u64 before_eff_execs = afl->fsrv.total_execs; + + if (getenv("REPEAT_EFF")) repeat_eff = 1; + if (getenv("FUZZ_NEARBY")) fuzz_nearby = 1; + + if (fuzz_nearby) { + + non_eff_bytes = (u8 *)ck_alloc(sizeof(u8) * len); + + // clean exec cksum + if (common_fuzz_stuff(afl, out_buf, len)) { return 0; } + prev_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + + } + + do { + + eff_round_continue = 0; + afl->stage_max = 32 * 1024; + + for (; afl->stage_cur < afl->stage_max && afl->stage_cur < len; + ++afl->stage_cur) { + + afl->stage_cur_byte = afl->stage_cur; + + if (!inf_eff_map[afl->stage_cur_byte] || + skip_eff_map[afl->stage_cur_byte]) + continue; + + if (is_det_timeout(before_det_time, 1)) { goto cleanup_skipdet; } + + u8 orig = out_buf[afl->stage_cur_byte], replace = rand_below(afl, 256); + + while (replace == orig) { + + replace = rand_below(afl, 256); + + } + + out_buf[afl->stage_cur_byte] = replace; + + before_skip_inf = afl->queued_items; + + if (common_fuzz_stuff(afl, out_buf, len)) { return 0; } + + out_buf[afl->stage_cur_byte] = orig; + + if (fuzz_nearby) { + + if (prev_cksum == + hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST)) { + + non_eff_bytes[afl->stage_cur_byte] = 1; + + } + + } + + if (afl->queued_items != before_skip_inf) { + + skip_eff_map[afl->stage_cur_byte] = 1; + afl->queue_cur->skipdet_e->quick_eff_bytes += 1; + + if (afl->stage_max < MAXIMUM_QUICK_EFF_EXECS) { afl->stage_max *= 2; } + + if (afl->stage_max == MAXIMUM_QUICK_EFF_EXECS && repeat_eff) + eff_round_continue = 1; + + } + + done_inf_map[afl->stage_cur_byte] = 1; + + } + + afl->stage_cur = 0; + done_eff = 1; + + if (++eff_round_done >= 8) break; + + } while (eff_round_continue); + + new_hit_cnt = afl->queued_items + afl->saved_crashes; + + afl->stage_finds[STAGE_QUICK] += new_hit_cnt - orig_hit_cnt; + afl->stage_cycles[STAGE_QUICK] += (afl->fsrv.total_execs - before_eff_execs); + +cleanup_skipdet: + + if (fuzz_nearby) { + + u8 *nearby_bytes = (u8 *)ck_alloc(sizeof(u8) * len); + + u32 i = 3; + while (i < len) { + + // assume DWORD size, from i - 3 -> i + 3 + if (skip_eff_map[i]) { + + u32 fill_length = (i + 3 < len) ? 7 : len - i + 2; + memset(nearby_bytes + i - 3, 1, fill_length); + i += 3; + + } else + + i += 1; + + } + + for (i = 0; i < len; i++) { + + if (nearby_bytes[i] && !non_eff_bytes[i]) skip_eff_map[i] = 1; + + } + + ck_free(nearby_bytes); + ck_free(non_eff_bytes); + + } + + if (done_eff) { + + afl->queue_cur->skipdet_e->continue_inf = 0; + afl->queue_cur->skipdet_e->done_eff = 1; + + } else { + + afl->queue_cur->skipdet_e->continue_inf = 1; + + } + + return 1; + +} + diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 7d6fdfb9a3..6cf580cee7 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -102,7 +102,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->stats_update_freq = 1; afl->stats_file_update_freq_msecs = STATS_UPDATE_SEC * 1000; afl->stats_avg_exec = 0; - afl->skip_deterministic = 1; + afl->skip_deterministic = 0; afl->sync_time = SYNC_TIME; afl->cmplog_lvl = 2; afl->min_length = 1; @@ -140,6 +140,14 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->fsrv.child_pid = -1; afl->fsrv.out_dir_fd = -1; + /* Init SkipDet */ + afl->skipdet_g = + (struct skipdet_global *)ck_alloc(sizeof(struct skipdet_global)); + afl->skipdet_g->inf_prof = + (struct inf_profile *)ck_alloc(sizeof(struct inf_profile)); + afl->havoc_prof = + (struct havoc_profile *)ck_alloc(sizeof(struct havoc_profile)); + init_mopt_globals(afl); list_append(&afl_states, afl); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index deb28b7a6b..4b83ad29f6 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -502,6 +502,44 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, } +/* Log deterministic stage efficiency */ + +void plot_profile_data(afl_state_t *afl, struct queue_entry *q) { + + u64 current_ms = get_cur_time() - afl->start_time; + + u32 current_edges = count_non_255_bytes(afl, afl->virgin_bits); + double det_finding_rate = (double)afl->havoc_prof->total_det_edge * 100.0 / + (double)current_edges, + det_time_rate = (double)afl->havoc_prof->total_det_time * 100.0 / + (double)current_ms; + + u32 ndet_bits = 0; + for (u32 i = 0; i < afl->fsrv.map_size; i++) { + + if (afl->skipdet_g->virgin_det_bits[i]) ndet_bits += 1; + + } + + double det_fuzzed_rate = (double)ndet_bits * 100.0 / (double)current_edges; + + fprintf(afl->fsrv.det_plot_file, + "[%02lld:%02lld:%02lld] fuzz %d (%d), find %d/%d among %d(%02.2f) " + "and spend %lld/%lld(%02.2f), cover %02.2f yet, %d/%d undet bits, " + "continue %d.\n", + current_ms / 1000 / 3600, (current_ms / 1000 / 60) % 60, + (current_ms / 1000) % 60, afl->current_entry, q->fuzz_level, + afl->havoc_prof->edge_det_stage, afl->havoc_prof->edge_havoc_stage, + current_edges, det_finding_rate, + afl->havoc_prof->det_stage_time / 1000, + afl->havoc_prof->havoc_stage_time / 1000, det_time_rate, + det_fuzzed_rate, q->skipdet_e->undet_bits, + afl->skipdet_g->undet_bits_threshold, q->skipdet_e->continue_inf); + + fflush(afl->fsrv.det_plot_file); + +} + /* Check terminal dimensions after resize. */ static void check_term_size(afl_state_t *afl) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8cf6c73583..7db1aeb37e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -955,14 +955,14 @@ int main(int argc, char **argv_orig, char **envp) { break; - case 'D': /* enforce deterministic */ + case 'D': /* no deterministic */ - afl->skip_deterministic = 0; + afl->skip_deterministic = 1; break; - case 'd': /* skip deterministic */ + case 'd': /* partial deterministic */ - afl->skip_deterministic = 1; + afl->skip_deterministic = 0; break; case 'B': /* load bitmap */ @@ -3031,6 +3031,11 @@ int main(int argc, char **argv_orig, char **envp) { if (frida_afl_preload) { ck_free(frida_afl_preload); } fclose(afl->fsrv.plot_file); + + #ifdef INTROSPECTION + fclose(afl->fsrv.det_plot_file); + #endif + destroy_queue(afl); destroy_extras(afl); destroy_custom_mutators(afl); From 5ba66a8860657b21c45480f1d565634cfe38a7dc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 15:22:51 +0100 Subject: [PATCH 348/357] final touches for skipdet --- GNUmakefile.llvm | 2 +- docs/Changelog.md | 2 ++ src/afl-forkserver.c | 4 +++- src/afl-fuzz-state.c | 2 +- src/afl-fuzz.c | 22 ++++++++++++++-------- test/test-custom-mutators.sh | 4 ++-- 6 files changed, 23 insertions(+), 13 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 7437130d54..ec8fefe43e 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -45,7 +45,7 @@ endif LLVMVER = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' ) LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) -LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 ) +LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-8]\.' && echo 1 || echo 0 ) LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[8-9]|^2[0-9]' && echo 1 || echo 0 ) LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9]\.|^1[012]\.' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 ) diff --git a/docs/Changelog.md b/docs/Changelog.md index 720a0689d7..29081549ae 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,8 @@ explore is slightly better now. - fixed minor issues in the mutation engine, thanks to @futhewo for reporting! + - better deterministic fuzzing is now available, benchmarks have shown + to improve fuzzing. Enable with -D. Thanks to @kdsjZh for the PR! - afl-cc: - large rewrite by @SonicStark which fixes a few corner cases, thanks! - LTO mode now requires llvm 12+ diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 214b4fe994..ded0c21d66 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1019,7 +1019,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (status >= 0x41464c00 && status <= 0x41464cff) { - FATAL("Target uses the new forkserver model, you need to switch to a newer afl-fuzz too!"); + FATAL( + "Target uses the new forkserver model, you need to switch to a newer " + "afl-fuzz too!"); } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 6cf580cee7..b647ac84b4 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -102,7 +102,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->stats_update_freq = 1; afl->stats_file_update_freq_msecs = STATS_UPDATE_SEC * 1000; afl->stats_avg_exec = 0; - afl->skip_deterministic = 0; + afl->skip_deterministic = 1; afl->sync_time = SYNC_TIME; afl->cmplog_lvl = 2; afl->min_length = 1; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 7db1aeb37e..69064d51d3 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -170,7 +170,7 @@ static void usage(u8 *argv0, int more_help) { " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " "%lu)\n" - " -D - enable deterministic fuzzing (once per queue entry)\n" + " -D - enable (a new) effective deterministic fuzzing\n" " -L minutes - use MOpt(imize) mode and set the time limit for " "entering the\n" " pacemaker mode (minutes of no new finds). 0 = " @@ -955,14 +955,20 @@ int main(int argc, char **argv_orig, char **envp) { break; - case 'D': /* no deterministic */ + case 'D': /* partial deterministic */ - afl->skip_deterministic = 1; + afl->skip_deterministic = 0; break; - case 'd': /* partial deterministic */ + case 'd': /* no deterministic */ - afl->skip_deterministic = 0; + // this is the default and currently a lot of infrastructure enforces + // it (e.g. clusterfuzz, fuzzbench) based on that this feature + // originally was bad performance wise. We now have a better + // implementation, hence if it is activated, we do not want to + // deactivate it by such setups. + + // afl->skip_deterministic = 1; break; case 'B': /* load bitmap */ @@ -1424,11 +1430,11 @@ int main(int argc, char **argv_orig, char **envp) { } #endif + + // silently disable deterministic mutation if custom mutators are used if (!afl->skip_deterministic && afl->afl_env.afl_custom_mutator_only) { - FATAL( - "Using -D determinstic fuzzing is incompatible with " - "AFL_CUSTOM_MUTATOR_ONLY!"); + afl->skip_deterministic = 1; } diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index 49feedc051..8c8b0ad3c5 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -38,7 +38,7 @@ test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUS # Run afl-fuzz w/ the C mutator $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds" { - AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1 + AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-custom-mutator >>errors 2>&1 } >>errors 2>&1 # Check results @@ -58,7 +58,7 @@ test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUS # Run afl-fuzz w/ multiple C mutators $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds" { - AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1 + AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-multiple-mutators >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here From ba28f5fbfa32564891c87b4395bdb8a59b3df1f4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 16:01:16 +0100 Subject: [PATCH 349/357] remove unused var --- src/afl-fuzz-one.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4a7d3fad97..35841738d5 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -331,7 +331,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 i; u8 *in_buf, *out_buf, *orig_in, *ex_tmp, *eff_map = 0; u64 havoc_queued = 0, orig_hit_cnt, new_hit_cnt = 0, prev_cksum, _prev_cksum; - u32 splice_cycle = 0, perf_score = 100, orig_perf, eff_cnt = 1; + u32 splice_cycle = 0, perf_score = 100, orig_perf; u8 ret_val = 1, doing_det = 0; @@ -848,7 +848,6 @@ u8 fuzz_one_original(afl_state_t *afl) { if (EFF_APOS(len - 1) != 0) { eff_map[EFF_APOS(len - 1)] = 1; - ++eff_cnt; } From 028d4c8c6483be765ec4a346b0f568992cbcc34b Mon Sep 17 00:00:00 2001 From: Han Zheng <35988108+kdsjZh@users.noreply.github.com> Date: Thu, 1 Feb 2024 17:53:07 +0100 Subject: [PATCH 350/357] remove redundant eff struct (#1977) --- src/afl-fuzz-one.c | 108 +++++---------------------------------------- 1 file changed, 10 insertions(+), 98 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 35841738d5..c163a42052 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -329,7 +329,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 len, temp_len; u32 j; u32 i; - u8 *in_buf, *out_buf, *orig_in, *ex_tmp, *eff_map = 0; + u8 *in_buf, *out_buf, *orig_in, *ex_tmp; u64 havoc_queued = 0, orig_hit_cnt, new_hit_cnt = 0, prev_cksum, _prev_cksum; u32 splice_cycle = 0, perf_score = 100, orig_perf; @@ -824,33 +824,6 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->queue_cur->stats_mutated += afl->stage_max; #endif - /* Effector map setup. These macros calculate: - - EFF_APOS - position of a particular file offset in the map. - EFF_ALEN - length of a map with a particular number of bytes. - EFF_SPAN_ALEN - map span for a sequence of bytes. - - */ - -#define EFF_APOS(_p) ((_p) >> EFF_MAP_SCALE2) -#define EFF_REM(_x) ((_x) & ((1 << EFF_MAP_SCALE2) - 1)) -#define EFF_ALEN(_l) (EFF_APOS(_l) + !!EFF_REM(_l)) -#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l)-1) - EFF_APOS(_p) + 1) - - /* Initialize effector map for the next step (see comments below). Always - flag first and last byte as doing something. */ - - eff_map = afl_realloc(AFL_BUF_PARAM(eff), EFF_ALEN(len)); - if (unlikely(!eff_map)) { PFATAL("alloc"); } - memset(eff_map, 0, EFF_ALEN(len)); - eff_map[0] = 1; - - if (EFF_APOS(len - 1) != 0) { - - eff_map[EFF_APOS(len - 1)] = 1; - - } - /* Walking byte. */ afl->stage_name = "bitflip 8/8"; @@ -881,14 +854,15 @@ u8 fuzz_one_original(afl_state_t *afl) { } - /* If the effector map is more than EFF_MAX_PERC dense, just flag the - whole thing as worth fuzzing, since we wouldn't be saving much time - anyway. */ + /* New effective bytes calculation. */ - memset(eff_map, 1, EFF_ALEN(len)); - afl->blocks_eff_select += EFF_ALEN(len); + for (i = 0; i < len; i++) { - afl->blocks_eff_total += EFF_ALEN(len); + if (skip_eff_map[i]) afl->blocks_eff_select += 1; + + } + + afl->blocks_eff_total += len; new_hit_cnt = afl->queued_items + afl->saved_crashes; @@ -913,13 +887,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) { - - --afl->stage_max; - continue; - - } - if (!skip_eff_map[i]) continue; if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } @@ -962,13 +929,6 @@ u8 fuzz_one_original(afl_state_t *afl) { for (i = 0; i < len - 3; ++i) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] && - !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) { - - --afl->stage_max; - continue; - - } if (!skip_eff_map[i]) continue; @@ -1023,13 +983,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)]) { - - afl->stage_max -= 2 * ARITH_MAX; - continue; - - } - if (!skip_eff_map[i]) continue; if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } @@ -1114,13 +1067,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) { - - afl->stage_max -= 4 * ARITH_MAX; - continue; - - } - if (!skip_eff_map[i]) continue; if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } @@ -1251,14 +1197,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] && - !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) { - - afl->stage_max -= 4 * ARITH_MAX; - continue; - - } - if (!skip_eff_map[i]) continue; if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } @@ -1393,13 +1331,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)]) { - - afl->stage_max -= sizeof(interesting_8); - continue; - - } - if (!skip_eff_map[i]) continue; if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } @@ -1460,13 +1391,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) { - - afl->stage_max -= sizeof(interesting_16); - continue; - - } - if (!skip_eff_map[i]) continue; if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } @@ -1555,14 +1479,6 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] && - !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) { - - afl->stage_max -= sizeof(interesting_32) >> 1; - continue; - - } - if (!skip_eff_map[i]) continue; if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } @@ -1678,9 +1594,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if ((afl->extras_cnt > afl->max_det_extras && rand_below(afl, afl->extras_cnt) >= afl->max_det_extras) || afl->extras[j].len > len - i || - !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) || - !memchr(eff_map + EFF_APOS(i), 1, - EFF_SPAN_ALEN(i, afl->extras[j].len))) { + !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len)) { --afl->stage_max; continue; @@ -1806,9 +1720,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* See the comment in the earlier code; extras are sorted by size. */ if (afl->a_extras[j].len > len - i || - !memcmp(afl->a_extras[j].data, out_buf + i, afl->a_extras[j].len) || - !memchr(eff_map + EFF_APOS(i), 1, - EFF_SPAN_ALEN(i, afl->a_extras[j].len))) { + !memcmp(afl->a_extras[j].data, out_buf + i, afl->a_extras[j].len)) { --afl->stage_max; continue; From f98dc8abe8edfdccfcb436976b0bec45cd45c771 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Fri, 2 Feb 2024 10:16:33 +0100 Subject: [PATCH 351/357] update QEMU-Nyx submodule (#1978) --- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 1def26f83e..3ea4a8c37c 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 1def26f83e83556d767754581fa52081ffb54b09 +Subproject commit 3ea4a8c37c387d711db75548c06d2918ebba9a03 diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index cac32d4184..5d6aed69e9 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -1def26f83e +3ea4a8c37c38 From 58871777ae8ed14675c8627a1035248b6e6d0eb2 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Fri, 2 Feb 2024 11:03:10 +0100 Subject: [PATCH 352/357] update QEMU-Nyx submodule (#1980) --- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 3ea4a8c37c..e5e1c4c21f 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 3ea4a8c37c387d711db75548c06d2918ebba9a03 +Subproject commit e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index 5d6aed69e9..30796da2c6 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -3ea4a8c37c38 +e5e1c4c21f From 1e7485dcee1f19d8eb78562d62c30f2aae5a101d Mon Sep 17 00:00:00 2001 From: Khaled Yakdan Date: Sat, 3 Feb 2024 10:49:45 +0100 Subject: [PATCH 353/357] Fix type in AFL_NOOPT env variable in afl-cc help message (#1982) --- src/afl-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index c300ddfc98..9831054536 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2830,7 +2830,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { " AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" " AFL_NO_BUILTIN: no builtins for string compare functions (for " "libtokencap.so)\n" - " AFL_NOOP: behave like a normal compiler (to pass configure " + " AFL_NOOPT: behave like a normal compiler (to pass configure " "tests)\n" " AFL_PATH: path to instrumenting pass and runtime " "(afl-compiler-rt.*o)\n" From a9292626a6a94b22f8b9123ff4ee160466c9b6fd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 3 Feb 2024 10:51:55 +0100 Subject: [PATCH 354/357] nits --- docs/INSTALL.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 1379df0af4..84bbe3eab1 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -114,10 +114,10 @@ freshly installed clang, clang++, llvm-config, gmake and coreutils, e.g.: # Depending on your MacOS system + brew version it is either export PATH="/opt/homebrew/opt/llvm/bin:$PATH" # or -export PATH="/usr/local/opt/llvm/bin:$PATH" +export PATH="/usr/local/opt/llvm/bin:/usr/local/opt/coreutils/libexec/gnubin:$PATH" # you can check with "brew info llvm" -export PATH="/usr/local/opt/coreutils/libexec/gnubin:/usr/local/bin:$PATH" +export PATH="/usr/local/bin:$PATH" export CC=clang export CXX=clang++ gmake From ed1a6f8a570c6fcabee962f402d8d58f6cea77b7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 3 Feb 2024 11:01:31 +0100 Subject: [PATCH 355/357] 2024 v4.10c release --- GNUmakefile.gcc_plugin | 2 +- README.md | 4 ++-- afl-cmin.bash | 2 +- afl-whatsup | 2 +- docs/Changelog.md | 3 +-- frida_mode/Scripting.md | 2 +- frida_mode/test/cmplog/cmplog.c | 2 +- frida_mode/test/deferred/testinstr.c | 2 +- frida_mode/test/dynamic/testinstr.c | 2 +- frida_mode/test/entry_point/testinstr.c | 2 +- frida_mode/test/exe/testinstr.c | 2 +- frida_mode/test/js/test.c | 2 +- frida_mode/test/js/test2.c | 2 +- frida_mode/test/output/testinstr.c | 2 +- frida_mode/test/perf/perf.c | 2 +- frida_mode/test/persistent_ret/testinstr.c | 2 +- frida_mode/test/testinstr/testinstr.c | 2 +- frida_mode/test/unstable/unstable.c | 2 +- frida_mode/util/frida_get_symbol_addr.sh | 2 +- include/afl-as.h | 2 +- include/afl-fuzz.h | 2 +- include/afl-prealloc.h | 2 +- include/alloc-inl.h | 2 +- include/cmplog.h | 2 +- include/common.h | 2 +- include/config.h | 4 ++-- include/debug.h | 2 +- include/forkserver.h | 2 +- include/hash.h | 2 +- include/list.h | 2 +- include/sharedmem.h | 2 +- include/snapshot-inl.h | 2 +- include/types.h | 2 +- include/xxhash.h | 2 +- instrumentation/afl-compiler-rt.o.c | 2 +- instrumentation/afl-gcc-cmplog-pass.so.cc | 2 +- instrumentation/afl-gcc-cmptrs-pass.so.cc | 2 +- instrumentation/afl-gcc-common.h | 2 +- instrumentation/afl-gcc-pass.so.cc | 2 +- instrumentation/afl-llvm-dict2file.so.cc | 2 +- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 2 +- instrumentation/afl-llvm-pass.so.cc | 2 +- instrumentation/cmplog-instructions-pass.cc | 2 +- instrumentation/cmplog-routines-pass.cc | 2 +- instrumentation/cmplog-switches-pass.cc | 2 +- instrumentation/injection-pass.cc | 2 +- qemu_mode/build_qemu_support.sh | 2 +- qemu_mode/fastexit/Makefile | 2 +- qemu_mode/libcompcov/Makefile | 2 +- qemu_mode/libcompcov/compcovtest.cc | 2 +- qemu_mode/libcompcov/libcompcov.so.c | 2 +- qemu_mode/libqasan/Makefile | 2 +- qemu_mode/libqasan/hooks.c | 2 +- qemu_mode/libqasan/libqasan.c | 2 +- qemu_mode/libqasan/libqasan.h | 2 +- qemu_mode/libqasan/malloc.c | 2 +- qemu_mode/libqasan/patch.c | 2 +- qemu_mode/libqasan/string.c | 2 +- qemu_mode/libqasan/uninstrument.c | 2 +- qemu_mode/unsigaction/Makefile | 2 +- qemu_mode/util/qemu_get_symbol_addr.sh | 2 +- src/afl-analyze.c | 2 +- src/afl-as.c | 2 +- src/afl-cc.c | 2 +- src/afl-common.c | 2 +- src/afl-forkserver.c | 2 +- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-cmplog.c | 2 +- src/afl-fuzz-extras.c | 2 +- src/afl-fuzz-init.c | 2 +- src/afl-fuzz-mutators.c | 2 +- src/afl-fuzz-one.c | 2 +- src/afl-fuzz-python.c | 2 +- src/afl-fuzz-queue.c | 2 +- src/afl-fuzz-redqueen.c | 2 +- src/afl-fuzz-run.c | 2 +- src/afl-fuzz-state.c | 2 +- src/afl-fuzz-stats.c | 2 +- src/afl-fuzz.c | 2 +- src/afl-gotcpu.c | 2 +- src/afl-ld-lto.c | 2 +- src/afl-sharedmem.c | 2 +- src/afl-showmap.c | 2 +- src/afl-tmin.c | 2 +- test-instr.c | 2 +- unicorn_mode/build_unicorn_support.sh | 2 +- utils/afl_network_proxy/afl-network-client.c | 2 +- utils/afl_network_proxy/afl-network-server.c | 2 +- utils/afl_proxy/afl-proxy.c | 2 +- utils/afl_untracer/afl-untracer.c | 2 +- utils/afl_untracer/libtestinstr.c | 2 +- utils/argv_fuzzing/Makefile | 2 +- utils/argv_fuzzing/argvfuzz.c | 2 +- utils/distributed_fuzzing/sync_script.sh | 2 +- utils/libdislocator/libdislocator.so.c | 2 +- utils/libtokencap/libtokencap.so.c | 2 +- utils/persistent_mode/test-instr.c | 2 +- 97 files changed, 99 insertions(+), 100 deletions(-) diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index 16c98399d3..8f06792dc4 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -11,7 +11,7 @@ # from Laszlo Szekeres. # # Copyright 2015 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index fd48cb1412..f713e9717d 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ logo -Release version: [4.09c](https://github.com/AFLplusplus/AFLplusplus/releases) +Release version: [4.10c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.10a +GitHub version: 4.10c Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/afl-cmin.bash b/afl-cmin.bash index fda48fb4c1..6c2712206a 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -7,7 +7,7 @@ # # Copyright 2014, 2015 Google Inc. All rights reserved. # -# Copyright 2019-2023 AFLplusplus +# Copyright 2019-2024 AFLplusplus # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/afl-whatsup b/afl-whatsup index 5b7cbcd60f..aa081e41ff 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -6,7 +6,7 @@ # Originally written by Michal Zalewski # # Copyright 2015 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/docs/Changelog.md b/docs/Changelog.md index 29081549ae..48003f4bf8 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,7 +3,7 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. -### Version ++4.10a (dev) +### Version ++4.10c (release) - afl-fuzz: - default power schedule is now EXPLORE, due a fix in fast schedules explore is slightly better now. @@ -34,7 +34,6 @@ - updated the custom grammar mutator - document afl-cmin does not work on macOS (but afl-cmin.bash does) - ### Version ++4.09c (release) - afl-fuzz: - fixed the new mutation implementation for two bugs diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md index dfd09e7b1d..653687f0e8 100644 --- a/frida_mode/Scripting.md +++ b/frida_mode/Scripting.md @@ -390,7 +390,7 @@ Consider the [following](test/js/test2.c) test code... -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c index 2565b35c62..d397f36e8b 100644 --- a/frida_mode/test/cmplog/cmplog.c +++ b/frida_mode/test/cmplog/cmplog.c @@ -2,7 +2,7 @@ // // Author: Mateusz Jurczyk (mjurczyk@google.com) // -// Copyright 2019-2023 Google LLC +// Copyright 2019-2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/frida_mode/test/deferred/testinstr.c b/frida_mode/test/deferred/testinstr.c index 0ab4458279..4e5124ed8e 100644 --- a/frida_mode/test/deferred/testinstr.c +++ b/frida_mode/test/deferred/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/dynamic/testinstr.c b/frida_mode/test/dynamic/testinstr.c index 8b285f6d8f..0abc61fd0d 100644 --- a/frida_mode/test/dynamic/testinstr.c +++ b/frida_mode/test/dynamic/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/entry_point/testinstr.c b/frida_mode/test/entry_point/testinstr.c index 24d9a61573..75e71bdad5 100644 --- a/frida_mode/test/entry_point/testinstr.c +++ b/frida_mode/test/entry_point/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/exe/testinstr.c b/frida_mode/test/exe/testinstr.c index d965502e41..7b60365986 100644 --- a/frida_mode/test/exe/testinstr.c +++ b/frida_mode/test/exe/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/js/test.c b/frida_mode/test/js/test.c index 87c9cdf63c..9799bf3bce 100644 --- a/frida_mode/test/js/test.c +++ b/frida_mode/test/js/test.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/js/test2.c b/frida_mode/test/js/test2.c index 6b680a2456..60b30eb5ab 100644 --- a/frida_mode/test/js/test2.c +++ b/frida_mode/test/js/test2.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/output/testinstr.c b/frida_mode/test/output/testinstr.c index d965502e41..7b60365986 100644 --- a/frida_mode/test/output/testinstr.c +++ b/frida_mode/test/output/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/perf/perf.c b/frida_mode/test/perf/perf.c index d962697428..55efba26d8 100644 --- a/frida_mode/test/perf/perf.c +++ b/frida_mode/test/perf/perf.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/persistent_ret/testinstr.c b/frida_mode/test/persistent_ret/testinstr.c index 12365ceb76..85aa2b806c 100644 --- a/frida_mode/test/persistent_ret/testinstr.c +++ b/frida_mode/test/persistent_ret/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/testinstr/testinstr.c b/frida_mode/test/testinstr/testinstr.c index d965502e41..7b60365986 100644 --- a/frida_mode/test/testinstr/testinstr.c +++ b/frida_mode/test/testinstr/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/unstable/unstable.c b/frida_mode/test/unstable/unstable.c index a87b6c74ee..16978e7ed9 100644 --- a/frida_mode/test/unstable/unstable.c +++ b/frida_mode/test/unstable/unstable.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/util/frida_get_symbol_addr.sh b/frida_mode/util/frida_get_symbol_addr.sh index 2e682255f1..53d5b802ab 100755 --- a/frida_mode/util/frida_get_symbol_addr.sh +++ b/frida_mode/util/frida_get_symbol_addr.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2023 AFLplusplus +# Copyright 2024 AFLplusplus # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/include/afl-as.h b/include/afl-as.h index 486314e2b9..612f34f43a 100644 --- a/include/afl-as.h +++ b/include/afl-as.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c2b09b2e84..c24f39e27c 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index d19a7b52a0..3c621d794b 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/alloc-inl.h b/include/alloc-inl.h index cff808b246..0aa417beb5 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/cmplog.h b/include/cmplog.h index e48214445d..6bfc146bcc 100644 --- a/include/cmplog.h +++ b/include/cmplog.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/common.h b/include/common.h index a9739a7de5..0df07dee87 100644 --- a/include/common.h +++ b/include/common.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/config.h b/include/config.h index 7ad73c2f24..9349828f20 100644 --- a/include/config.h +++ b/include/config.h @@ -10,7 +10,7 @@ Heiko Eissfeldt , Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.10a" +#define VERSION "++4.10c" /****************************************************** * * diff --git a/include/debug.h b/include/debug.h index 234d8fc42f..4b812f8e19 100644 --- a/include/debug.h +++ b/include/debug.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/forkserver.h b/include/forkserver.h index f1d3b5b100..be7f9e8d57 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -12,7 +12,7 @@ Dominik Maier > Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/hash.h b/include/hash.h index 0243c5b7c0..5d56a10852 100644 --- a/include/hash.h +++ b/include/hash.h @@ -15,7 +15,7 @@ Other code written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/list.h b/include/list.h index 283bf0354a..441eccd32e 100644 --- a/include/list.h +++ b/include/list.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/sharedmem.h b/include/sharedmem.h index d32bd8452e..4484066e55 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/snapshot-inl.h b/include/snapshot-inl.h index 3864e473d5..b2c81402f0 100644 --- a/include/snapshot-inl.h +++ b/include/snapshot-inl.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/types.h b/include/types.h index d6476d829c..2233213529 100644 --- a/include/types.h +++ b/include/types.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/xxhash.h b/include/xxhash.h index a8bd6f2709..9a8804704f 100644 --- a/include/xxhash.h +++ b/include/xxhash.h @@ -1,7 +1,7 @@ /* * xxHash - Extremely Fast Hash algorithm * Header File - * Copyright (C) 2012-2023 Yann Collet + * Copyright (C) 2012-2024 Yann Collet * * BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php) * diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 8e55d6a0ac..caa3c3a8ef 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -3,7 +3,7 @@ ------------------------------------------------ Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-gcc-cmplog-pass.so.cc b/instrumentation/afl-gcc-cmplog-pass.so.cc index b4e6fda903..774dd5fd5a 100644 --- a/instrumentation/afl-gcc-cmplog-pass.so.cc +++ b/instrumentation/afl-gcc-cmplog-pass.so.cc @@ -3,7 +3,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. Copyright 2019-2020 AFLplusplus Project. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL++ LLVM CmpLog pass by Andrea Fioraldi , and diff --git a/instrumentation/afl-gcc-cmptrs-pass.so.cc b/instrumentation/afl-gcc-cmptrs-pass.so.cc index c56263dd21..929a9d7a8e 100644 --- a/instrumentation/afl-gcc-cmptrs-pass.so.cc +++ b/instrumentation/afl-gcc-cmptrs-pass.so.cc @@ -3,7 +3,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. Copyright 2019-2020 AFLplusplus Project. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL++ LLVM CmpLog Routines pass by Andrea Fioraldi diff --git a/instrumentation/afl-gcc-common.h b/instrumentation/afl-gcc-common.h index 1d5eb46630..80ded57de9 100644 --- a/instrumentation/afl-gcc-common.h +++ b/instrumentation/afl-gcc-common.h @@ -2,7 +2,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL++ GCC plugin. diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 4d7fd0efe5..41b1e5af52 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -2,7 +2,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL LLVM pass by Laszlo Szekeres and Michal diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index c60f3e06ab..ac497b5b50 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index 61f97d774c..e0899cd36b 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -9,7 +9,7 @@ from afl-as.c are Michal's fault. Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 052488a9ab..62f5023df4 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -12,7 +12,7 @@ NGRAM previous location coverage comes from Adrian Herrera. Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 8be8c29462..dc60221ed9 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index b27e06e0c4..78317d5d96 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index 01da6da7f6..3e05c13dad 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/injection-pass.cc b/instrumentation/injection-pass.cc index 971b103bab..2280208bd0 100644 --- a/instrumentation/injection-pass.cc +++ b/instrumentation/injection-pass.cc @@ -5,7 +5,7 @@ Written by Marc Heuse Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 3f8a88f2b3..45019cc839 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -13,7 +13,7 @@ # counters by Andrea Fioraldi # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/fastexit/Makefile b/qemu_mode/fastexit/Makefile index c7b79277b6..be80207d10 100644 --- a/qemu_mode/fastexit/Makefile +++ b/qemu_mode/fastexit/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile index 7260df87fe..4761ac025b 100644 --- a/qemu_mode/libcompcov/Makefile +++ b/qemu_mode/libcompcov/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 23215013d6..1179709149 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -2,7 +2,7 @@ // // Author: Mateusz Jurczyk (mjurczyk@google.com) // -// Copyright 2019-2023 Google LLC +// Copyright 2019-2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index b57e970178..36f7b2e220 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -5,7 +5,7 @@ Written and maintained by Andrea Fioraldi - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/libqasan/Makefile b/qemu_mode/libqasan/Makefile index 61782894ea..7366d6f6c0 100644 --- a/qemu_mode/libqasan/Makefile +++ b/qemu_mode/libqasan/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libqasan/hooks.c b/qemu_mode/libqasan/hooks.c index a9fd0ce94d..cf1b082036 100644 --- a/qemu_mode/libqasan/hooks.c +++ b/qemu_mode/libqasan/hooks.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index 12be77783d..45f47d5a6c 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/libqasan.h b/qemu_mode/libqasan/libqasan.h index a430c868f3..f0844e2308 100644 --- a/qemu_mode/libqasan/libqasan.h +++ b/qemu_mode/libqasan/libqasan.h @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/malloc.c b/qemu_mode/libqasan/malloc.c index 4448f480c2..ae470b56ad 100644 --- a/qemu_mode/libqasan/malloc.c +++ b/qemu_mode/libqasan/malloc.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/patch.c b/qemu_mode/libqasan/patch.c index 38e0903bcb..4ce8c3d8e1 100644 --- a/qemu_mode/libqasan/patch.c +++ b/qemu_mode/libqasan/patch.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/string.c b/qemu_mode/libqasan/string.c index e17cff4b9d..cd14d57b71 100644 --- a/qemu_mode/libqasan/string.c +++ b/qemu_mode/libqasan/string.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/uninstrument.c b/qemu_mode/libqasan/uninstrument.c index e37a9b46b0..996f2a744a 100644 --- a/qemu_mode/libqasan/uninstrument.c +++ b/qemu_mode/libqasan/uninstrument.c @@ -7,7 +7,7 @@ for some strange reason. */ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/unsigaction/Makefile b/qemu_mode/unsigaction/Makefile index c1a7397f47..d5e807d8c9 100644 --- a/qemu_mode/unsigaction/Makefile +++ b/qemu_mode/unsigaction/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/util/qemu_get_symbol_addr.sh b/qemu_mode/util/qemu_get_symbol_addr.sh index e0a7ae80c5..5e00f1b287 100755 --- a/qemu_mode/util/qemu_get_symbol_addr.sh +++ b/qemu_mode/util/qemu_get_symbol_addr.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2023 AFLplusplus +# Copyright 2024 AFLplusplus # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 5b1227418d..95f32fee31 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-as.c b/src/afl-as.c index 772e31b3ed..09ba75bff7 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-cc.c b/src/afl-cc.c index 9831054536..e956427758 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -5,7 +5,7 @@ Written by Michal Zalewski, Laszlo Szekeres and Marc Heuse Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-common.c b/src/afl-common.c index ba498b3b04..87003b03ca 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index ded0c21d66..0a77d61c10 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -13,7 +13,7 @@ Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 5f67347ced..d056ac9fdd 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 3e6432cac6..21f34e120b 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 905431d1e9..3b1d13f104 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 057d8cf5f9..76291cc417 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 17fb936873..ae4d666886 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index c163a42052..d9c074ecea 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 4c7da774a5..16a398fd91 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 67931bbaa0..1ea5041889 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 9e9b38226e..eead7a8bed 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 1ee8ebe76d..d764952ce2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index b647ac84b4..4467cae876 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 4b83ad29f6..7657708122 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 69064d51d3..12d67fe715 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index 4f85109963..7aee2985c1 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index 7ce5de4134..513c1ae96d 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -9,7 +9,7 @@ Andrea Fioraldi Dominik Maier - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index a2c81586e4..daea8f466e 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 7a639cf61b..20ba5a5e9b 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-tmin.c b/src/afl-tmin.c index e7442d1df9..4e5dab41ef 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/test-instr.c b/test-instr.c index eda5189c37..285528932c 100644 --- a/test-instr.c +++ b/test-instr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index d3d16ad5ab..baca21716b 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -14,7 +14,7 @@ # # # Copyright 2017 Battelle Memorial Institute. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/afl_network_proxy/afl-network-client.c b/utils/afl_network_proxy/afl-network-client.c index 0416f0f952..1f04dd87fd 100644 --- a/utils/afl_network_proxy/afl-network-client.c +++ b/utils/afl_network_proxy/afl-network-client.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 95b0a551c8..c4a700f488 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index 531a97a222..6cf47636bf 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index 0e3f8a454b..e6a74518a1 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_untracer/libtestinstr.c b/utils/afl_untracer/libtestinstr.c index b7afc325b0..0a98778add 100644 --- a/utils/afl_untracer/libtestinstr.c +++ b/utils/afl_untracer/libtestinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 6786467a48..ba977e5f0d 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -2,7 +2,7 @@ # american fuzzy lop++ - argvfuzz # -------------------------------- # -# Copyright 2019-2023 Kjell Braden +# Copyright 2019-2024 Kjell Braden # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/argv_fuzzing/argvfuzz.c b/utils/argv_fuzzing/argvfuzz.c index 41eead0cfa..47383138df 100644 --- a/utils/argv_fuzzing/argvfuzz.c +++ b/utils/argv_fuzzing/argvfuzz.c @@ -2,7 +2,7 @@ american fuzzy lop++ - LD_PRELOAD for fuzzing argv in binaries ------------------------------------------------------------ - Copyright 2019-2023 Kjell Braden + Copyright 2019-2024 Kjell Braden Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/distributed_fuzzing/sync_script.sh b/utils/distributed_fuzzing/sync_script.sh index b22816f1fc..861b65c83f 100755 --- a/utils/distributed_fuzzing/sync_script.sh +++ b/utils/distributed_fuzzing/sync_script.sh @@ -6,7 +6,7 @@ # Originally written by Michal Zalewski # # Copyright 2014 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index 1cd7abc6e3..b80be1a1fd 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -6,7 +6,7 @@ Originally written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index f4024799c3..cc49915071 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -6,7 +6,7 @@ Originally written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c index 4ead657722..72e26e9397 100644 --- a/utils/persistent_mode/test-instr.c +++ b/utils/persistent_mode/test-instr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: From 68dc4829b394d07f09709a0bbc17008fa523705f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 3 Feb 2024 11:40:19 +0100 Subject: [PATCH 356/357] fixes --- .gitmodules | 3 +++ nyx_mode/QEMU-Nyx | 1 + 2 files changed, 4 insertions(+) create mode 160000 nyx_mode/QEMU-Nyx diff --git a/.gitmodules b/.gitmodules index 33b40c84af..7fce4460c8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -22,3 +22,6 @@ [submodule "nyx_mode/packer"] path = nyx_mode/packer url = https://github.com/nyx-fuzz/packer.git +[submodule "nyx_mode/QEMU-Nyx"] + path = nyx_mode/QEMU-Nyx + url = https://github.com/nyx-fuzz/QEMU-Nyx diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx new file mode 160000 index 0000000000..e5e1c4c21f --- /dev/null +++ b/nyx_mode/QEMU-Nyx @@ -0,0 +1 @@ +Subproject commit e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd From 602eceed8b56eef62d673a54b6011541bf1ab60a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 3 Feb 2024 11:55:51 +0100 Subject: [PATCH 357/357] push to stable (#1983) * Output afl-clang-fast stuffs only if necessary (#1912) * afl-cc header * afl-cc common declarations - Add afl-cc-state.c - Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c - Use debugf_args in main - Modify execvp stuffs to fit new aflcc struct * afl-cc show usage * afl-cc mode selecting 1. compiler_mode by callname in argv[0] 2. compiler_mode by env "AFL_CC_COMPILER" 3. compiler_mode/instrument_mode by command line options "--afl-..." 4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT" 5. final checking steps 6. print "... - mode: %s-%s\n" 7. determine real argv[0] according to compiler_mode * afl-cc macro defs * afl-cc linking behaviors * afl-cc fsanitize behaviors * afl-cc misc * afl-cc body update * afl-cc all-in-one formated with custom-format.py * nits --------- Co-authored-by: vanhauser-thc * changelog * update grammar mutator * lto llvm 12+ * docs(custom_mutators): fix missing ':' (#1953) * Fix broken LTO mode and response file support (#1948) * Strip `-Wl,-no-undefined` during compilation (#1952) Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`. Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix). * Remove dead code in write_to_testcase (#1955) The custom_mutators_count check in if case is duplicate with if condition. The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed. Signed-off-by: Xeonacid * update qemuafl * WIP: Add ability to generate drcov trace using QEMU backend (#1956) * Document new drcov QEMU plugin * Add link to lightkeeper for QEMU drcov file loading --------- Co-authored-by: Jean-Romain Garnier * code format * changelog * sleep on uid != 0 afl-system-config * fix segv about skip_next, warn on unsupported cases of linking options (#1958) * todos * ensure afl-cc only allows available compiler modes * update grammar mutator * disable aslr on apple * fix for arm64 * help selective instrumentation * typos * macos * add compiler test script * apple fixes * bump nyx submodules (#1963) * fix docs * update changelog * update grammar mutator * improve compiler test script * gcc asan workaround (#1966) * fix github merge fuckup * fix * Fix afl-cc (#1968) - Check if too many cmdline params here, each time before insert a new param. - Check if it is "-fsanitize=..." before we do sth. - Remove improper param_st transfer. * Avoid adding llvmnative instrumentation when linking rust sanitizer runtime (#1969) * Dynamic instrumentation filtering for LLVM native (#1971) * Add two dynamic instrumentation filter methods to runtime * Always use pc-table with native pcguard * Add make_symbol_list.py and README * changelog * todos * new forkserver check * fix * nyx test for CI * improve nyx docs * Fixes to afl-cc and documentation (#1974) * Always compile with -ldl when building for CODE_COVERAGE When building with CODE_COVERAGE, the afl runtime contains code that calls `dladdr` which requires -ldl. Under most circumstances, clang already adds this (e.g. when building with pc-table), but there are some circumstances where it isn't added automatically. * Add visibility declaration to __afl_connected When building with hidden visibility, the use of __AFL_LOOP inside such code can cause linker errors due to __afl_connected being declared "hidden". * Update docs to clarify that CODE_COVERAGE=1 is required for dynamic_covfilter * nits * nyx build script updates * test error output * debug ci * debug ci * Improve afl-cc (#1975) * update response file support - full support of rsp file - fix some segv issues * Improve afl-cc - remove dead code about allow/denylist options of sancov - missing `if (!aflcc->have_msan)` - add docs for each function - typo * enable nyx * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * debug ci * fix ci * clean test script * NO_NYX * NO_NYX * fix ci * debug ci * fix ci * finalize ci fix * Enhancement on Deterministic stage (#1972) * fuzzer: init commit based on aflpp 60dc37a8cf09f8e9048e4b6a2204d6c90b27655a * fuzzers: adding the skip variables and initialize * log: profile the det/havoc finding * log: add profile log output * fuzzers: sperate log/skipdet module * fuzzers: add quick eff_map calc * fuzzers: add skip_eff_map in fuzz_one * fuzzers: mark whole input space in eff_map * fuzzers: add undet bit threshold to skip some seeds * fuzzers: fix one byte overflow * fuzzers: fix overflow * fix code format * add havoc only again * code format * remove log to INTROSPECTION, rename skipdet module * rename skipdet module * remove log to stats * clean redundant code * code format * remove redundant code format check * remove redundant doc * remove redundant objects * clean files * change -d to default skipdet * disable deterministic when using CUSTOM_MUTATOR * revert fix * final touches for skipdet * remove unused var * remove redundant eff struct (#1977) * update QEMU-Nyx submodule (#1978) * update QEMU-Nyx submodule (#1980) * Fix type in AFL_NOOPT env variable in afl-cc help message (#1982) * nits * 2024 v4.10c release * fixes --------- Signed-off-by: Xeonacid Co-authored-by: Sonic <50692172+SonicStark@users.noreply.github.com> Co-authored-by: Xeonacid Co-authored-by: Nils Bars Co-authored-by: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com> Co-authored-by: Jean-Romain Garnier Co-authored-by: Sergej Schumilo Co-authored-by: Christian Holler (:decoder) Co-authored-by: Han Zheng <35988108+kdsjZh@users.noreply.github.com> Co-authored-by: Khaled Yakdan --- .gitmodules | 6 +- GNUmakefile.gcc_plugin | 2 +- GNUmakefile.llvm | 2 +- README.md | 4 +- afl-cmin.bash | 2 +- afl-whatsup | 2 +- docs/Changelog.md | 5 +- docs/INSTALL.md | 4 +- frida_mode/Scripting.md | 2 +- frida_mode/test/cmplog/cmplog.c | 2 +- frida_mode/test/deferred/testinstr.c | 2 +- frida_mode/test/dynamic/testinstr.c | 2 +- frida_mode/test/entry_point/testinstr.c | 2 +- frida_mode/test/exe/testinstr.c | 2 +- frida_mode/test/js/test.c | 2 +- frida_mode/test/js/test2.c | 2 +- frida_mode/test/output/testinstr.c | 2 +- frida_mode/test/perf/perf.c | 2 +- frida_mode/test/persistent_ret/testinstr.c | 2 +- frida_mode/test/testinstr/testinstr.c | 2 +- frida_mode/test/unstable/unstable.c | 2 +- frida_mode/util/frida_get_symbol_addr.sh | 2 +- include/afl-as.h | 2 +- include/afl-fuzz.h | 60 ++- include/afl-prealloc.h | 2 +- include/alloc-inl.h | 2 +- include/cmplog.h | 2 +- include/common.h | 2 +- include/config.h | 16 +- include/debug.h | 2 +- include/forkserver.h | 5 +- include/hash.h | 2 +- include/list.h | 2 +- include/sharedmem.h | 2 +- include/snapshot-inl.h | 2 +- include/types.h | 2 +- include/xxhash.h | 2 +- instrumentation/afl-compiler-rt.o.c | 2 +- instrumentation/afl-gcc-cmplog-pass.so.cc | 2 +- instrumentation/afl-gcc-cmptrs-pass.so.cc | 2 +- instrumentation/afl-gcc-common.h | 2 +- instrumentation/afl-gcc-pass.so.cc | 2 +- instrumentation/afl-llvm-dict2file.so.cc | 2 +- .../afl-llvm-lto-instrumentlist.so.cc | 2 +- instrumentation/afl-llvm-pass.so.cc | 2 +- instrumentation/cmplog-instructions-pass.cc | 2 +- instrumentation/cmplog-routines-pass.cc | 2 +- instrumentation/cmplog-switches-pass.cc | 2 +- instrumentation/injection-pass.cc | 2 +- nyx_mode/QEMU-Nyx | 2 +- nyx_mode/QEMU_NYX_VERSION | 2 +- qemu_mode/build_qemu_support.sh | 2 +- qemu_mode/fastexit/Makefile | 2 +- qemu_mode/libcompcov/Makefile | 2 +- qemu_mode/libcompcov/compcovtest.cc | 2 +- qemu_mode/libcompcov/libcompcov.so.c | 2 +- qemu_mode/libqasan/Makefile | 2 +- qemu_mode/libqasan/hooks.c | 2 +- qemu_mode/libqasan/libqasan.c | 2 +- qemu_mode/libqasan/libqasan.h | 2 +- qemu_mode/libqasan/malloc.c | 2 +- qemu_mode/libqasan/patch.c | 2 +- qemu_mode/libqasan/string.c | 2 +- qemu_mode/libqasan/uninstrument.c | 2 +- qemu_mode/unsigaction/Makefile | 2 +- qemu_mode/util/qemu_get_symbol_addr.sh | 2 +- src/afl-analyze.c | 2 +- src/afl-as.c | 2 +- src/afl-cc.c | 4 +- src/afl-common.c | 2 +- src/afl-forkserver.c | 6 +- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-cmplog.c | 2 +- src/afl-fuzz-extras.c | 2 +- src/afl-fuzz-init.c | 17 +- src/afl-fuzz-mutators.c | 2 +- src/afl-fuzz-one.c | 237 +++++----- src/afl-fuzz-python.c | 2 +- src/afl-fuzz-queue.c | 13 +- src/afl-fuzz-redqueen.c | 2 +- src/afl-fuzz-run.c | 2 +- src/afl-fuzz-skipdet.c | 403 ++++++++++++++++++ src/afl-fuzz-state.c | 10 +- src/afl-fuzz-stats.c | 40 +- src/afl-fuzz.c | 27 +- src/afl-gotcpu.c | 2 +- src/afl-ld-lto.c | 2 +- src/afl-sharedmem.c | 2 +- src/afl-showmap.c | 2 +- src/afl-tmin.c | 2 +- test-instr.c | 2 +- test/test-custom-mutators.sh | 4 +- unicorn_mode/build_unicorn_support.sh | 2 +- utils/afl_network_proxy/afl-network-client.c | 2 +- utils/afl_network_proxy/afl-network-server.c | 2 +- utils/afl_proxy/afl-proxy.c | 2 +- utils/afl_untracer/afl-untracer.c | 2 +- utils/afl_untracer/libtestinstr.c | 2 +- utils/argv_fuzzing/Makefile | 2 +- utils/argv_fuzzing/argvfuzz.c | 2 +- utils/distributed_fuzzing/sync_script.sh | 2 +- utils/libdislocator/libdislocator.so.c | 2 +- utils/libtokencap/libtokencap.so.c | 2 +- utils/persistent_mode/test-instr.c | 2 +- 104 files changed, 793 insertions(+), 242 deletions(-) create mode 100644 src/afl-fuzz-skipdet.c diff --git a/.gitmodules b/.gitmodules index 18fda27e63..7fce4460c8 100644 --- a/.gitmodules +++ b/.gitmodules @@ -19,9 +19,9 @@ [submodule "nyx_mode/libnyx"] path = nyx_mode/libnyx url = https://github.com/nyx-fuzz/libnyx.git -[submodule "nyx_mode/QEMU-Nyx"] - path = nyx_mode/QEMU-Nyx - url = https://github.com/nyx-fuzz/qemu-nyx.git [submodule "nyx_mode/packer"] path = nyx_mode/packer url = https://github.com/nyx-fuzz/packer.git +[submodule "nyx_mode/QEMU-Nyx"] + path = nyx_mode/QEMU-Nyx + url = https://github.com/nyx-fuzz/QEMU-Nyx diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index 16c98399d3..8f06792dc4 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -11,7 +11,7 @@ # from Laszlo Szekeres. # # Copyright 2015 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 7437130d54..ec8fefe43e 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -45,7 +45,7 @@ endif LLVMVER = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' ) LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) -LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 ) +LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-8]\.' && echo 1 || echo 0 ) LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[8-9]|^2[0-9]' && echo 1 || echo 0 ) LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9]\.|^1[012]\.' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 ) diff --git a/README.md b/README.md index fd48cb1412..f713e9717d 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ logo -Release version: [4.09c](https://github.com/AFLplusplus/AFLplusplus/releases) +Release version: [4.10c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.10a +GitHub version: 4.10c Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/afl-cmin.bash b/afl-cmin.bash index fda48fb4c1..6c2712206a 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -7,7 +7,7 @@ # # Copyright 2014, 2015 Google Inc. All rights reserved. # -# Copyright 2019-2023 AFLplusplus +# Copyright 2019-2024 AFLplusplus # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/afl-whatsup b/afl-whatsup index 5b7cbcd60f..aa081e41ff 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -6,7 +6,7 @@ # Originally written by Michal Zalewski # # Copyright 2015 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/docs/Changelog.md b/docs/Changelog.md index 720a0689d7..48003f4bf8 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,12 +3,14 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. -### Version ++4.10a (dev) +### Version ++4.10c (release) - afl-fuzz: - default power schedule is now EXPLORE, due a fix in fast schedules explore is slightly better now. - fixed minor issues in the mutation engine, thanks to @futhewo for reporting! + - better deterministic fuzzing is now available, benchmarks have shown + to improve fuzzing. Enable with -D. Thanks to @kdsjZh for the PR! - afl-cc: - large rewrite by @SonicStark which fixes a few corner cases, thanks! - LTO mode now requires llvm 12+ @@ -32,7 +34,6 @@ - updated the custom grammar mutator - document afl-cmin does not work on macOS (but afl-cmin.bash does) - ### Version ++4.09c (release) - afl-fuzz: - fixed the new mutation implementation for two bugs diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 1379df0af4..84bbe3eab1 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -114,10 +114,10 @@ freshly installed clang, clang++, llvm-config, gmake and coreutils, e.g.: # Depending on your MacOS system + brew version it is either export PATH="/opt/homebrew/opt/llvm/bin:$PATH" # or -export PATH="/usr/local/opt/llvm/bin:$PATH" +export PATH="/usr/local/opt/llvm/bin:/usr/local/opt/coreutils/libexec/gnubin:$PATH" # you can check with "brew info llvm" -export PATH="/usr/local/opt/coreutils/libexec/gnubin:/usr/local/bin:$PATH" +export PATH="/usr/local/bin:$PATH" export CC=clang export CXX=clang++ gmake diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md index dfd09e7b1d..653687f0e8 100644 --- a/frida_mode/Scripting.md +++ b/frida_mode/Scripting.md @@ -390,7 +390,7 @@ Consider the [following](test/js/test2.c) test code... -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c index 2565b35c62..d397f36e8b 100644 --- a/frida_mode/test/cmplog/cmplog.c +++ b/frida_mode/test/cmplog/cmplog.c @@ -2,7 +2,7 @@ // // Author: Mateusz Jurczyk (mjurczyk@google.com) // -// Copyright 2019-2023 Google LLC +// Copyright 2019-2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/frida_mode/test/deferred/testinstr.c b/frida_mode/test/deferred/testinstr.c index 0ab4458279..4e5124ed8e 100644 --- a/frida_mode/test/deferred/testinstr.c +++ b/frida_mode/test/deferred/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/dynamic/testinstr.c b/frida_mode/test/dynamic/testinstr.c index 8b285f6d8f..0abc61fd0d 100644 --- a/frida_mode/test/dynamic/testinstr.c +++ b/frida_mode/test/dynamic/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/entry_point/testinstr.c b/frida_mode/test/entry_point/testinstr.c index 24d9a61573..75e71bdad5 100644 --- a/frida_mode/test/entry_point/testinstr.c +++ b/frida_mode/test/entry_point/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/exe/testinstr.c b/frida_mode/test/exe/testinstr.c index d965502e41..7b60365986 100644 --- a/frida_mode/test/exe/testinstr.c +++ b/frida_mode/test/exe/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/js/test.c b/frida_mode/test/js/test.c index 87c9cdf63c..9799bf3bce 100644 --- a/frida_mode/test/js/test.c +++ b/frida_mode/test/js/test.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/js/test2.c b/frida_mode/test/js/test2.c index 6b680a2456..60b30eb5ab 100644 --- a/frida_mode/test/js/test2.c +++ b/frida_mode/test/js/test2.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/output/testinstr.c b/frida_mode/test/output/testinstr.c index d965502e41..7b60365986 100644 --- a/frida_mode/test/output/testinstr.c +++ b/frida_mode/test/output/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/perf/perf.c b/frida_mode/test/perf/perf.c index d962697428..55efba26d8 100644 --- a/frida_mode/test/perf/perf.c +++ b/frida_mode/test/perf/perf.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/persistent_ret/testinstr.c b/frida_mode/test/persistent_ret/testinstr.c index 12365ceb76..85aa2b806c 100644 --- a/frida_mode/test/persistent_ret/testinstr.c +++ b/frida_mode/test/persistent_ret/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/testinstr/testinstr.c b/frida_mode/test/testinstr/testinstr.c index d965502e41..7b60365986 100644 --- a/frida_mode/test/testinstr/testinstr.c +++ b/frida_mode/test/testinstr/testinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/test/unstable/unstable.c b/frida_mode/test/unstable/unstable.c index a87b6c74ee..16978e7ed9 100644 --- a/frida_mode/test/unstable/unstable.c +++ b/frida_mode/test/unstable/unstable.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/frida_mode/util/frida_get_symbol_addr.sh b/frida_mode/util/frida_get_symbol_addr.sh index 2e682255f1..53d5b802ab 100755 --- a/frida_mode/util/frida_get_symbol_addr.sh +++ b/frida_mode/util/frida_get_symbol_addr.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2023 AFLplusplus +# Copyright 2024 AFLplusplus # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/include/afl-as.h b/include/afl-as.h index 486314e2b9..612f34f43a 100644 --- a/include/afl-as.h +++ b/include/afl-as.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index f1813df652..c24f39e27c 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -149,6 +149,48 @@ struct tainted { }; +struct inf_profile { + + u32 inf_skipped_bytes; /* Inference Stage Profiling */ + u64 inf_execs_cost, inf_time_cost; + +}; + +/* ToDo: add cmplog profile as well */ +struct havoc_profile { + + u32 queued_det_stage, /* Det/Havoc Stage Profiling */ + queued_havoc_stage, total_queued_det, edge_det_stage, edge_havoc_stage, + total_det_edge; + + u64 det_stage_time, havoc_stage_time, total_det_time; + +}; + +struct skipdet_entry { + + u8 continue_inf, done_eff; + u32 undet_bits, quick_eff_bytes; + + u8 *skip_eff_map, /* we'v finish the eff_map */ + *done_inf_map; /* some bytes are not done yet */ + +}; + +struct skipdet_global { + + u8 use_skip_havoc; + + u32 undet_bits_threshold; + + u64 last_cov_undet; + + u8 *virgin_det_bits; /* global fuzzed bits */ + + struct inf_profile *inf_prof; + +}; + struct queue_entry { u8 *fname; /* File name for the test case */ @@ -203,6 +245,8 @@ struct queue_entry { struct queue_entry *mother; /* queue entry this based on */ + struct skipdet_entry *skipdet_e; + }; struct extra_data { @@ -247,6 +291,8 @@ enum { /* 19 */ STAGE_CUSTOM_MUTATOR, /* 20 */ STAGE_COLORIZATION, /* 21 */ STAGE_ITS, + /* 22 */ STAGE_INF, + /* 23 */ STAGE_QUICK, STAGE_NUM_MAX @@ -782,6 +828,11 @@ typedef struct afl_state { * is too large) */ struct queue_entry **q_testcase_cache; + /* Global Profile Data for deterministic/havoc-splice stage */ + struct havoc_profile *havoc_prof; + + struct skipdet_global *skipdet_g; + #ifdef INTROSPECTION char mutation[8072]; char m_tmp[4096]; @@ -1232,6 +1283,13 @@ AFL_RAND_RETURN rand_next(afl_state_t *afl); /* probability between 0.0 and 1.0 */ double rand_next_percent(afl_state_t *afl); +/* SkipDet Functions */ + +u8 skip_deterministic_stage(afl_state_t *, u8 *, u8 *, u32, u64); +u8 is_det_timeout(u64, u8); + +void plot_profile_data(afl_state_t *, struct queue_entry *); + /**** Inline routines ****/ /* Generate a random number (from 0 to limit - 1). This may diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index d19a7b52a0..3c621d794b 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/alloc-inl.h b/include/alloc-inl.h index cff808b246..0aa417beb5 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/cmplog.h b/include/cmplog.h index e48214445d..6bfc146bcc 100644 --- a/include/cmplog.h +++ b/include/cmplog.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/common.h b/include/common.h index a9739a7de5..0df07dee87 100644 --- a/include/common.h +++ b/include/common.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/config.h b/include/config.h index 63340650ea..9349828f20 100644 --- a/include/config.h +++ b/include/config.h @@ -10,7 +10,7 @@ Heiko Eissfeldt , Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.10a" +#define VERSION "++4.10c" /****************************************************** * * @@ -52,6 +52,18 @@ /* Default file permission umode when creating files (default: 0600) */ #define DEFAULT_PERMISSION 0600 +/* SkipDet's global configuration */ + +#define MINIMAL_BLOCK_SIZE 64 +#define SMALL_DET_TIME (60 * 1000 * 1000U) +#define MAXIMUM_INF_EXECS (16 * 1024U) +#define MAXIMUM_QUICK_EFF_EXECS (64 * 1024U) +#define THRESHOLD_DEC_TIME (20 * 60 * 1000U) + +/* Set the Prob of selecting eff_bytes 3 times more than original, + Now disabled */ +#define EFF_HAVOC_RATE 3 + /* CMPLOG/REDQUEEN TUNING * * Here you can modify tuning and solving options for CMPLOG. diff --git a/include/debug.h b/include/debug.h index 234d8fc42f..4b812f8e19 100644 --- a/include/debug.h +++ b/include/debug.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/forkserver.h b/include/forkserver.h index f6230fe8c4..be7f9e8d57 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -12,7 +12,7 @@ Dominik Maier > Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -126,7 +126,8 @@ typedef struct afl_forkserver { u8 *out_file, /* File to fuzz, if any */ *target_path; /* Path of the target */ - FILE *plot_file; /* Gnuplot output file */ + FILE *plot_file, /* Gnuplot output file */ + *det_plot_file; /* Note: last_run_timed_out is u32 to send it to the child as 4 byte array */ u32 last_run_timed_out; /* Traced process timed out? */ diff --git a/include/hash.h b/include/hash.h index 0243c5b7c0..5d56a10852 100644 --- a/include/hash.h +++ b/include/hash.h @@ -15,7 +15,7 @@ Other code written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/list.h b/include/list.h index 283bf0354a..441eccd32e 100644 --- a/include/list.h +++ b/include/list.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/sharedmem.h b/include/sharedmem.h index d32bd8452e..4484066e55 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/snapshot-inl.h b/include/snapshot-inl.h index 3864e473d5..b2c81402f0 100644 --- a/include/snapshot-inl.h +++ b/include/snapshot-inl.h @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/types.h b/include/types.h index d6476d829c..2233213529 100644 --- a/include/types.h +++ b/include/types.h @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/xxhash.h b/include/xxhash.h index a8bd6f2709..9a8804704f 100644 --- a/include/xxhash.h +++ b/include/xxhash.h @@ -1,7 +1,7 @@ /* * xxHash - Extremely Fast Hash algorithm * Header File - * Copyright (C) 2012-2023 Yann Collet + * Copyright (C) 2012-2024 Yann Collet * * BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php) * diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 8e55d6a0ac..caa3c3a8ef 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -3,7 +3,7 @@ ------------------------------------------------ Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-gcc-cmplog-pass.so.cc b/instrumentation/afl-gcc-cmplog-pass.so.cc index b4e6fda903..774dd5fd5a 100644 --- a/instrumentation/afl-gcc-cmplog-pass.so.cc +++ b/instrumentation/afl-gcc-cmplog-pass.so.cc @@ -3,7 +3,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. Copyright 2019-2020 AFLplusplus Project. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL++ LLVM CmpLog pass by Andrea Fioraldi , and diff --git a/instrumentation/afl-gcc-cmptrs-pass.so.cc b/instrumentation/afl-gcc-cmptrs-pass.so.cc index c56263dd21..929a9d7a8e 100644 --- a/instrumentation/afl-gcc-cmptrs-pass.so.cc +++ b/instrumentation/afl-gcc-cmptrs-pass.so.cc @@ -3,7 +3,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. Copyright 2019-2020 AFLplusplus Project. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL++ LLVM CmpLog Routines pass by Andrea Fioraldi diff --git a/instrumentation/afl-gcc-common.h b/instrumentation/afl-gcc-common.h index 1d5eb46630..80ded57de9 100644 --- a/instrumentation/afl-gcc-common.h +++ b/instrumentation/afl-gcc-common.h @@ -2,7 +2,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL++ GCC plugin. diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 4d7fd0efe5..41b1e5af52 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -2,7 +2,7 @@ Copyright 2014-2019 Free Software Foundation, Inc Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AdaCore + Copyright 2019-2024 AdaCore Written by Alexandre Oliva , based on the AFL LLVM pass by Laszlo Szekeres and Michal diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index c60f3e06ab..ac497b5b50 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index 61f97d774c..e0899cd36b 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -9,7 +9,7 @@ from afl-as.c are Michal's fault. Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 052488a9ab..62f5023df4 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -12,7 +12,7 @@ NGRAM previous location coverage comes from Adrian Herrera. Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 8be8c29462..dc60221ed9 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index b27e06e0c4..78317d5d96 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index 01da6da7f6..3e05c13dad 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -5,7 +5,7 @@ Written by Andrea Fioraldi Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/instrumentation/injection-pass.cc b/instrumentation/injection-pass.cc index 971b103bab..2280208bd0 100644 --- a/instrumentation/injection-pass.cc +++ b/instrumentation/injection-pass.cc @@ -5,7 +5,7 @@ Written by Marc Heuse Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx index 1def26f83e..e5e1c4c21f 160000 --- a/nyx_mode/QEMU-Nyx +++ b/nyx_mode/QEMU-Nyx @@ -1 +1 @@ -Subproject commit 1def26f83e83556d767754581fa52081ffb54b09 +Subproject commit e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index cac32d4184..c6ed0c6a9a 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -1def26f83e +e5e1c4c21ff9c4dc80e6409d4eab47146c6024cd diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 3f8a88f2b3..45019cc839 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -13,7 +13,7 @@ # counters by Andrea Fioraldi # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/fastexit/Makefile b/qemu_mode/fastexit/Makefile index c7b79277b6..be80207d10 100644 --- a/qemu_mode/fastexit/Makefile +++ b/qemu_mode/fastexit/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile index 7260df87fe..4761ac025b 100644 --- a/qemu_mode/libcompcov/Makefile +++ b/qemu_mode/libcompcov/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 23215013d6..1179709149 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -2,7 +2,7 @@ // // Author: Mateusz Jurczyk (mjurczyk@google.com) // -// Copyright 2019-2023 Google LLC +// Copyright 2019-2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index b57e970178..36f7b2e220 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -5,7 +5,7 @@ Written and maintained by Andrea Fioraldi - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/libqasan/Makefile b/qemu_mode/libqasan/Makefile index 61782894ea..7366d6f6c0 100644 --- a/qemu_mode/libqasan/Makefile +++ b/qemu_mode/libqasan/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libqasan/hooks.c b/qemu_mode/libqasan/hooks.c index a9fd0ce94d..cf1b082036 100644 --- a/qemu_mode/libqasan/hooks.c +++ b/qemu_mode/libqasan/hooks.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index 12be77783d..45f47d5a6c 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/libqasan.h b/qemu_mode/libqasan/libqasan.h index a430c868f3..f0844e2308 100644 --- a/qemu_mode/libqasan/libqasan.h +++ b/qemu_mode/libqasan/libqasan.h @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/malloc.c b/qemu_mode/libqasan/malloc.c index 4448f480c2..ae470b56ad 100644 --- a/qemu_mode/libqasan/malloc.c +++ b/qemu_mode/libqasan/malloc.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/patch.c b/qemu_mode/libqasan/patch.c index 38e0903bcb..4ce8c3d8e1 100644 --- a/qemu_mode/libqasan/patch.c +++ b/qemu_mode/libqasan/patch.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/string.c b/qemu_mode/libqasan/string.c index e17cff4b9d..cd14d57b71 100644 --- a/qemu_mode/libqasan/string.c +++ b/qemu_mode/libqasan/string.c @@ -1,5 +1,5 @@ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/libqasan/uninstrument.c b/qemu_mode/libqasan/uninstrument.c index e37a9b46b0..996f2a744a 100644 --- a/qemu_mode/libqasan/uninstrument.c +++ b/qemu_mode/libqasan/uninstrument.c @@ -7,7 +7,7 @@ for some strange reason. */ /******************************************************************************* -Copyright (c) 2019-2023, Andrea Fioraldi +Copyright (c) 2019-2024, Andrea Fioraldi Redistribution and use in source and binary forms, with or without diff --git a/qemu_mode/unsigaction/Makefile b/qemu_mode/unsigaction/Makefile index c1a7397f47..d5e807d8c9 100644 --- a/qemu_mode/unsigaction/Makefile +++ b/qemu_mode/unsigaction/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi # -# Copyright 2019-2023 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2024 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/util/qemu_get_symbol_addr.sh b/qemu_mode/util/qemu_get_symbol_addr.sh index e0a7ae80c5..5e00f1b287 100755 --- a/qemu_mode/util/qemu_get_symbol_addr.sh +++ b/qemu_mode/util/qemu_get_symbol_addr.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright 2023 AFLplusplus +# Copyright 2024 AFLplusplus # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 5b1227418d..95f32fee31 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-as.c b/src/afl-as.c index 772e31b3ed..09ba75bff7 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-cc.c b/src/afl-cc.c index c300ddfc98..e956427758 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -5,7 +5,7 @@ Written by Michal Zalewski, Laszlo Szekeres and Marc Heuse Copyright 2015, 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -2830,7 +2830,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { " AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" " AFL_NO_BUILTIN: no builtins for string compare functions (for " "libtokencap.so)\n" - " AFL_NOOP: behave like a normal compiler (to pass configure " + " AFL_NOOPT: behave like a normal compiler (to pass configure " "tests)\n" " AFL_PATH: path to instrumenting pass and runtime " "(afl-compiler-rt.*o)\n" diff --git a/src/afl-common.c b/src/afl-common.c index ba498b3b04..87003b03ca 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 214b4fe994..0a77d61c10 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -13,7 +13,7 @@ Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -1019,7 +1019,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (status >= 0x41464c00 && status <= 0x41464cff) { - FATAL("Target uses the new forkserver model, you need to switch to a newer afl-fuzz too!"); + FATAL( + "Target uses the new forkserver model, you need to switch to a newer " + "afl-fuzz too!"); } diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 5f67347ced..d056ac9fdd 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 3e6432cac6..21f34e120b 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 905431d1e9..3b1d13f104 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 8ab44a3b56..76291cc417 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -2236,6 +2236,21 @@ void setup_dirs_fds(afl_state_t *afl) { fflush(afl->fsrv.plot_file); +#ifdef INTROSPECTION + + tmp = alloc_printf("%s/plot_det_data", afl->out_dir); + + int fd = open(tmp, O_WRONLY | O_CREAT, DEFAULT_PERMISSION); + if (fd < 0) { PFATAL("Unable to create '%s'", tmp); } + ck_free(tmp); + + afl->fsrv.det_plot_file = fdopen(fd, "w"); + if (!afl->fsrv.det_plot_file) { PFATAL("fdopen() failed"); } + + if (afl->in_place_resume) { fseek(afl->fsrv.det_plot_file, 0, SEEK_END); } + +#endif + /* ignore errors */ } diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 17fb936873..ae4d666886 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 01e34b69cf..d9c074ecea 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -329,9 +329,9 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 len, temp_len; u32 j; u32 i; - u8 *in_buf, *out_buf, *orig_in, *ex_tmp, *eff_map = 0; + u8 *in_buf, *out_buf, *orig_in, *ex_tmp; u64 havoc_queued = 0, orig_hit_cnt, new_hit_cnt = 0, prev_cksum, _prev_cksum; - u32 splice_cycle = 0, perf_score = 100, orig_perf, eff_cnt = 1; + u32 splice_cycle = 0, perf_score = 100, orig_perf; u8 ret_val = 1, doing_det = 0; @@ -545,12 +545,37 @@ u8 fuzz_one_original(afl_state_t *afl) { } + u64 before_det_time = get_cur_time(); +#ifdef INTROSPECTION + + u64 before_havoc_time; + u32 before_det_findings = afl->queued_items, + before_det_edges = count_non_255_bytes(afl, afl->virgin_bits), + before_havoc_findings, before_havoc_edges; + u8 is_logged = 0; + +#endif + if (!afl->skip_deterministic) { + + if (!skip_deterministic_stage(afl, in_buf, out_buf, len, before_det_time)) { + + goto abandon_entry; + + } + + } + + u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map; + /* Skip right away if -d is given, if it has not been chosen sufficiently often to warrant the expensive deterministic stage (fuzz_level), or if it has gone through deterministic testing in earlier, resumed runs (passed_det). */ + /* if skipdet decide to skip the seed or no interesting bytes found, + we skip the whole deterministic stage as well */ if (likely(afl->skip_deterministic) || likely(afl->queue_cur->passed_det) || + likely(!afl->queue_cur->skipdet_e->quick_eff_bytes) || likely(perf_score < (afl->queue_cur->depth * 30 <= afl->havoc_max_mult * 100 ? afl->queue_cur->depth * 30 @@ -609,6 +634,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur >> 3; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + FLIP_BIT(out_buf, afl->stage_cur); #ifdef INTROSPECTION @@ -725,6 +754,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur >> 3; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + FLIP_BIT(out_buf, afl->stage_cur); FLIP_BIT(out_buf, afl->stage_cur + 1); @@ -760,6 +793,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur >> 3; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + FLIP_BIT(out_buf, afl->stage_cur); FLIP_BIT(out_buf, afl->stage_cur + 1); FLIP_BIT(out_buf, afl->stage_cur + 2); @@ -787,34 +824,6 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->queue_cur->stats_mutated += afl->stage_max; #endif - /* Effector map setup. These macros calculate: - - EFF_APOS - position of a particular file offset in the map. - EFF_ALEN - length of a map with a particular number of bytes. - EFF_SPAN_ALEN - map span for a sequence of bytes. - - */ - -#define EFF_APOS(_p) ((_p) >> EFF_MAP_SCALE2) -#define EFF_REM(_x) ((_x) & ((1 << EFF_MAP_SCALE2) - 1)) -#define EFF_ALEN(_l) (EFF_APOS(_l) + !!EFF_REM(_l)) -#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l)-1) - EFF_APOS(_p) + 1) - - /* Initialize effector map for the next step (see comments below). Always - flag first and last byte as doing something. */ - - eff_map = afl_realloc(AFL_BUF_PARAM(eff), EFF_ALEN(len)); - if (unlikely(!eff_map)) { PFATAL("alloc"); } - memset(eff_map, 0, EFF_ALEN(len)); - eff_map[0] = 1; - - if (EFF_APOS(len - 1) != 0) { - - eff_map[EFF_APOS(len - 1)] = 1; - ++eff_cnt; - - } - /* Walking byte. */ afl->stage_name = "bitflip 8/8"; @@ -828,6 +837,10 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_cur_byte = afl->stage_cur; + if (!skip_eff_map[afl->stage_cur_byte]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + out_buf[afl->stage_cur] ^= 0xFF; #ifdef INTROSPECTION @@ -837,59 +850,19 @@ u8 fuzz_one_original(afl_state_t *afl) { if (common_fuzz_stuff(afl, out_buf, len)) { goto abandon_entry; } - /* We also use this stage to pull off a simple trick: we identify - bytes that seem to have no effect on the current execution path - even when fully flipped - and we skip them during more expensive - deterministic stages, such as arithmetics or known ints. */ - - if (!eff_map[EFF_APOS(afl->stage_cur)]) { - - u64 cksum; - - /* If in non-instrumented mode or if the file is very short, just flag - everything without wasting time on checksums. */ - - if (!afl->non_instrumented_mode && len >= EFF_MIN_LEN) { - - cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); - - } else { - - cksum = ~prev_cksum; - - } - - if (cksum != prev_cksum) { - - eff_map[EFF_APOS(afl->stage_cur)] = 1; - ++eff_cnt; - - } - - } - out_buf[afl->stage_cur] ^= 0xFF; } - /* If the effector map is more than EFF_MAX_PERC dense, just flag the - whole thing as worth fuzzing, since we wouldn't be saving much time - anyway. */ - - if (eff_cnt != (u32)EFF_ALEN(len) && - eff_cnt * 100 / EFF_ALEN(len) > EFF_MAX_PERC) { + /* New effective bytes calculation. */ - memset(eff_map, 1, EFF_ALEN(len)); + for (i = 0; i < len; i++) { - afl->blocks_eff_select += EFF_ALEN(len); - - } else { - - afl->blocks_eff_select += eff_cnt; + if (skip_eff_map[i]) afl->blocks_eff_select += 1; } - afl->blocks_eff_total += EFF_ALEN(len); + afl->blocks_eff_total += len; new_hit_cnt = afl->queued_items + afl->saved_crashes; @@ -914,12 +887,9 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) { - - --afl->stage_max; - continue; + if (!skip_eff_map[i]) continue; - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -959,13 +929,10 @@ u8 fuzz_one_original(afl_state_t *afl) { for (i = 0; i < len - 3; ++i) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] && - !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) { - --afl->stage_max; - continue; + if (!skip_eff_map[i]) continue; - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -1016,12 +983,9 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)]) { - - afl->stage_max -= 2 * ARITH_MAX; - continue; + if (!skip_eff_map[i]) continue; - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -1103,12 +1067,9 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) { - - afl->stage_max -= 4 * ARITH_MAX; - continue; + if (!skip_eff_map[i]) continue; - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -1236,13 +1197,9 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] && - !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) { - - afl->stage_max -= 4 * ARITH_MAX; - continue; + if (!skip_eff_map[i]) continue; - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -1374,12 +1331,9 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)]) { - - afl->stage_max -= sizeof(interesting_8); - continue; + if (!skip_eff_map[i]) continue; - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -1437,12 +1391,9 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)]) { + if (!skip_eff_map[i]) continue; - afl->stage_max -= sizeof(interesting_16); - continue; - - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -1528,13 +1479,9 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Let's consult the effector map... */ - if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] && - !eff_map[EFF_APOS(i + 2)] && !eff_map[EFF_APOS(i + 3)]) { + if (!skip_eff_map[i]) continue; - afl->stage_max -= sizeof(interesting_32) >> 1; - continue; - - } + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } afl->stage_cur_byte = i; @@ -1626,6 +1573,10 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 last_len = 0; + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; /* Extras are sorted by size, from smallest to largest. This means @@ -1643,9 +1594,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if ((afl->extras_cnt > afl->max_det_extras && rand_below(afl, afl->extras_cnt) >= afl->max_det_extras) || afl->extras[j].len > len - i || - !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) || - !memchr(eff_map + EFF_APOS(i), 1, - EFF_SPAN_ALEN(i, afl->extras[j].len))) { + !memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len)) { --afl->stage_max; continue; @@ -1693,6 +1642,10 @@ u8 fuzz_one_original(afl_state_t *afl) { for (i = 0; i <= (u32)len; ++i) { + if (!skip_eff_map[i % len]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 0; j < afl->extras_cnt; ++j) { @@ -1755,6 +1708,10 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 last_len = 0; + if (!skip_eff_map[i]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; u32 min_extra_len = MIN(afl->a_extras_cnt, (u32)USE_AUTO_EXTRAS); @@ -1763,9 +1720,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* See the comment in the earlier code; extras are sorted by size. */ if (afl->a_extras[j].len > len - i || - !memcmp(afl->a_extras[j].data, out_buf + i, afl->a_extras[j].len) || - !memchr(eff_map + EFF_APOS(i), 1, - EFF_SPAN_ALEN(i, afl->a_extras[j].len))) { + !memcmp(afl->a_extras[j].data, out_buf + i, afl->a_extras[j].len)) { --afl->stage_max; continue; @@ -1813,6 +1768,10 @@ u8 fuzz_one_original(afl_state_t *afl) { for (i = 0; i <= (u32)len; ++i) { + if (!skip_eff_map[i % len]) continue; + + if (is_det_timeout(before_det_time, 0)) { goto custom_mutator_stage; } + afl->stage_cur_byte = i; for (j = 0; j < afl->a_extras_cnt; ++j) { @@ -2020,6 +1979,19 @@ u8 fuzz_one_original(afl_state_t *afl) { havoc_stage: +#ifdef INTROSPECTION + + if (!is_logged) { + + is_logged = 1; + before_havoc_findings = afl->queued_items; + before_havoc_edges = count_non_255_bytes(afl, afl->virgin_bits); + before_havoc_time = get_cur_time(); + + } + +#endif + if (unlikely(afl->custom_only)) { /* Force UI update */ @@ -3430,6 +3402,25 @@ u8 fuzz_one_original(afl_state_t *afl) { ret_val = 0; +#ifdef INTROSPECTION + + afl->havoc_prof->queued_det_stage = + before_havoc_findings - before_det_findings; + afl->havoc_prof->queued_havoc_stage = + afl->queued_items - before_havoc_findings; + afl->havoc_prof->total_queued_det += afl->havoc_prof->queued_det_stage; + afl->havoc_prof->edge_det_stage = before_havoc_edges - before_det_edges; + afl->havoc_prof->edge_havoc_stage = + count_non_255_bytes(afl, afl->virgin_bits) - before_havoc_edges; + afl->havoc_prof->total_det_edge += afl->havoc_prof->edge_det_stage; + afl->havoc_prof->det_stage_time = before_havoc_time - before_det_time; + afl->havoc_prof->havoc_stage_time = get_cur_time() - before_havoc_time; + afl->havoc_prof->total_det_time += afl->havoc_prof->det_stage_time; + + plot_profile_data(afl, afl->queue_cur); + +#endif + /* we are through with this queue entry - for this iteration */ abandon_entry: diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 4c7da774a5..16a398fd91 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 4b9627f7bb..1ea5041889 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: @@ -664,6 +664,8 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { } + q->skipdet_e = (struct skipdet_entry *)ck_alloc(sizeof(struct skipdet_entry)); + } /* Destroy the entire queue. */ @@ -679,6 +681,15 @@ void destroy_queue(afl_state_t *afl) { q = afl->queue_buf[i]; ck_free(q->fname); ck_free(q->trace_mini); + if (q->skipdet_e) { + + if (q->skipdet_e->done_inf_map) ck_free(q->skipdet_e->done_inf_map); + if (q->skipdet_e->skip_eff_map) ck_free(q->skipdet_e->skip_eff_map); + + ck_free(q->skipdet_e); + + } + ck_free(q); } diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 9e9b38226e..eead7a8bed 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 1ee8ebe76d..d764952ce2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -10,7 +10,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c new file mode 100644 index 0000000000..e52d59a32b --- /dev/null +++ b/src/afl-fuzz-skipdet.c @@ -0,0 +1,403 @@ + + +#include "afl-fuzz.h" + +void flip_range(u8 *input, u32 pos, u32 size) { + + for (u32 i = 0; i < size; i++) + input[pos + i] ^= 0xFF; + + return; + +} + +#define MAX_EFF_TIMEOUT (10 * 60 * 1000) +#define MAX_DET_TIMEOUT (15 * 60 * 1000) +u8 is_det_timeout(u64 cur_ms, u8 is_flip) { + + if (is_flip) { + + if (unlikely(get_cur_time() - cur_ms > MAX_EFF_TIMEOUT)) return 1; + + } else { + + if (unlikely(get_cur_time() - cur_ms > MAX_DET_TIMEOUT)) return 1; + + } + + return 0; + +} + +/* decide if the seed should be deterministically fuzzed */ + +u8 should_det_fuzz(afl_state_t *afl, struct queue_entry *q) { + + if (!afl->skipdet_g->virgin_det_bits) { + + afl->skipdet_g->virgin_det_bits = + (u8 *)ck_alloc(sizeof(u8) * afl->fsrv.map_size); + + } + + if (!q->favored || q->passed_det) return 0; + if (!q->trace_mini) return 0; + + if (!afl->skipdet_g->last_cov_undet) + afl->skipdet_g->last_cov_undet = get_cur_time(); + + if (get_cur_time() - afl->skipdet_g->last_cov_undet >= THRESHOLD_DEC_TIME) { + + if (afl->skipdet_g->undet_bits_threshold >= 2) { + + afl->skipdet_g->undet_bits_threshold *= 0.75; + afl->skipdet_g->last_cov_undet = get_cur_time(); + + } + + } + + u32 new_det_bits = 0; + + for (u32 i = 0; i < afl->fsrv.map_size; i++) { + + if (unlikely(q->trace_mini[i >> 3] & (1 << (i & 7)))) { + + if (!afl->skipdet_g->virgin_det_bits[i]) { new_det_bits++; } + + } + + } + + if (!afl->skipdet_g->undet_bits_threshold) + afl->skipdet_g->undet_bits_threshold = new_det_bits * 0.05; + + if (new_det_bits >= afl->skipdet_g->undet_bits_threshold) { + + afl->skipdet_g->last_cov_undet = get_cur_time(); + q->skipdet_e->undet_bits = new_det_bits; + + for (u32 i = 0; i < afl->fsrv.map_size; i++) { + + if (unlikely(q->trace_mini[i >> 3] & (1 << (i & 7)))) { + + if (!afl->skipdet_g->virgin_det_bits[i]) + afl->skipdet_g->virgin_det_bits[i] = 1; + + } + + } + + return 1; + + } + + return 0; + +} + +/* + consists of two stages that + return 0 if exec failed. +*/ + +u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, + u32 len, u64 before_det_time) { + + u64 orig_hit_cnt, new_hit_cnt; + + if (afl->queue_cur->skipdet_e->done_eff) return 1; + + if (!should_det_fuzz(afl, afl->queue_cur)) return 1; + + /* Add check to make sure that for seeds without too much undet bits, + we ignore them */ + + /****************** + * SKIP INFERENCE * + ******************/ + + afl->stage_short = "inf"; + afl->stage_name = "inference"; + afl->stage_cur = 0; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; + + u8 *inf_eff_map = (u8 *)ck_alloc(sizeof(u8) * len); + memset(inf_eff_map, 1, sizeof(u8) * len); + + if (common_fuzz_stuff(afl, orig_buf, len)) { return 0; } + + u64 prev_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + u64 _prev_cksum = prev_cksum; + + if (MINIMAL_BLOCK_SIZE * 8 < len) { + + // u64 size_skiped = 0, quick_skip_exec = total_execs, quick_skip_time = + // get_cur_time(); + u64 pre_inf_exec = afl->fsrv.total_execs, pre_inf_time = get_cur_time(); + + /* if determine stage time / input size is too small, just go ahead */ + + u32 pos = 0, cur_block_size = MINIMAL_BLOCK_SIZE, max_block_size = len / 8; + + while (pos < len - 1) { + + cur_block_size = MINIMAL_BLOCK_SIZE; + + while (cur_block_size < max_block_size) { + + u32 flip_block_size = + (cur_block_size + pos < len) ? cur_block_size : len - 1 - pos; + + afl->stage_cur += 1; + + flip_range(out_buf, pos, flip_block_size); + + if (common_fuzz_stuff(afl, out_buf, len)) return 0; + + flip_range(out_buf, pos, flip_block_size); + + u64 cksum = + hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + + // printf("Now trying range %d with %d, %s.\n", pos, cur_block_size, + // (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); + + /* continue until we fail or exceed length */ + if (cksum == _prev_cksum) { + + cur_block_size *= 2; + + if (cur_block_size >= len - 1 - pos) break; + + } else { + + break; + + } + + } + + if (cur_block_size == MINIMAL_BLOCK_SIZE) { + + /* we failed early on*/ + + pos += cur_block_size; + + } else { + + u32 cur_skip_len = (cur_block_size / 2 + pos < len) + ? (cur_block_size / 2) + : (len - pos - 1); + + memset(inf_eff_map + pos, 0, cur_skip_len); + + afl->skipdet_g->inf_prof->inf_skipped_bytes += cur_skip_len; + + pos += cur_skip_len; + + } + + } + + afl->skipdet_g->inf_prof->inf_execs_cost += + (afl->fsrv.total_execs - pre_inf_exec); + afl->skipdet_g->inf_prof->inf_time_cost += (get_cur_time() - pre_inf_time); + // PFATAL("Done, now have %d bytes skipped, with exec %lld, time %lld.\n", + // afl->inf_skipped_bytes, afl->inf_execs_cost, afl->inf_time_cost); + + } else + + memset(inf_eff_map, 1, len); + + new_hit_cnt = afl->queued_items + afl->saved_crashes; + + afl->stage_finds[STAGE_INF] += new_hit_cnt - orig_hit_cnt; + afl->stage_cycles[STAGE_INF] += afl->stage_cur; + + /**************************** + * Quick Skip Effective Map * + ****************************/ + + /* Quick Effective Map Calculation */ + + afl->stage_short = "quick"; + afl->stage_name = "quick eff"; + afl->stage_cur = 0; + afl->stage_max = 32 * 1024; + + orig_hit_cnt = afl->queued_items + afl->saved_crashes; + + u32 before_skip_inf = afl->queued_items; + + /* clean all the eff bytes, since previous eff bytes are already fuzzed */ + u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map, + *done_inf_map = afl->queue_cur->skipdet_e->done_inf_map; + + if (!skip_eff_map) { + + skip_eff_map = (u8 *)ck_alloc(sizeof(u8) * len); + afl->queue_cur->skipdet_e->skip_eff_map = skip_eff_map; + + } else { + + memset(skip_eff_map, 0, sizeof(u8) * len); + + } + + /* restore the starting point */ + if (!done_inf_map) { + + done_inf_map = (u8 *)ck_alloc(sizeof(u8) * len); + afl->queue_cur->skipdet_e->done_inf_map = done_inf_map; + + } else { + + for (afl->stage_cur = 0; afl->stage_cur < len; afl->stage_cur++) { + + if (done_inf_map[afl->stage_cur] == 0) break; + + } + + } + + /* depending on the seed's performance, we could search eff bytes + for multiple rounds */ + + u8 eff_round_continue = 1, eff_round_done = 0, done_eff = 0, repeat_eff = 0, + fuzz_nearby = 0, *non_eff_bytes = 0; + + u64 before_eff_execs = afl->fsrv.total_execs; + + if (getenv("REPEAT_EFF")) repeat_eff = 1; + if (getenv("FUZZ_NEARBY")) fuzz_nearby = 1; + + if (fuzz_nearby) { + + non_eff_bytes = (u8 *)ck_alloc(sizeof(u8) * len); + + // clean exec cksum + if (common_fuzz_stuff(afl, out_buf, len)) { return 0; } + prev_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + + } + + do { + + eff_round_continue = 0; + afl->stage_max = 32 * 1024; + + for (; afl->stage_cur < afl->stage_max && afl->stage_cur < len; + ++afl->stage_cur) { + + afl->stage_cur_byte = afl->stage_cur; + + if (!inf_eff_map[afl->stage_cur_byte] || + skip_eff_map[afl->stage_cur_byte]) + continue; + + if (is_det_timeout(before_det_time, 1)) { goto cleanup_skipdet; } + + u8 orig = out_buf[afl->stage_cur_byte], replace = rand_below(afl, 256); + + while (replace == orig) { + + replace = rand_below(afl, 256); + + } + + out_buf[afl->stage_cur_byte] = replace; + + before_skip_inf = afl->queued_items; + + if (common_fuzz_stuff(afl, out_buf, len)) { return 0; } + + out_buf[afl->stage_cur_byte] = orig; + + if (fuzz_nearby) { + + if (prev_cksum == + hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST)) { + + non_eff_bytes[afl->stage_cur_byte] = 1; + + } + + } + + if (afl->queued_items != before_skip_inf) { + + skip_eff_map[afl->stage_cur_byte] = 1; + afl->queue_cur->skipdet_e->quick_eff_bytes += 1; + + if (afl->stage_max < MAXIMUM_QUICK_EFF_EXECS) { afl->stage_max *= 2; } + + if (afl->stage_max == MAXIMUM_QUICK_EFF_EXECS && repeat_eff) + eff_round_continue = 1; + + } + + done_inf_map[afl->stage_cur_byte] = 1; + + } + + afl->stage_cur = 0; + done_eff = 1; + + if (++eff_round_done >= 8) break; + + } while (eff_round_continue); + + new_hit_cnt = afl->queued_items + afl->saved_crashes; + + afl->stage_finds[STAGE_QUICK] += new_hit_cnt - orig_hit_cnt; + afl->stage_cycles[STAGE_QUICK] += (afl->fsrv.total_execs - before_eff_execs); + +cleanup_skipdet: + + if (fuzz_nearby) { + + u8 *nearby_bytes = (u8 *)ck_alloc(sizeof(u8) * len); + + u32 i = 3; + while (i < len) { + + // assume DWORD size, from i - 3 -> i + 3 + if (skip_eff_map[i]) { + + u32 fill_length = (i + 3 < len) ? 7 : len - i + 2; + memset(nearby_bytes + i - 3, 1, fill_length); + i += 3; + + } else + + i += 1; + + } + + for (i = 0; i < len; i++) { + + if (nearby_bytes[i] && !non_eff_bytes[i]) skip_eff_map[i] = 1; + + } + + ck_free(nearby_bytes); + ck_free(non_eff_bytes); + + } + + if (done_eff) { + + afl->queue_cur->skipdet_e->continue_inf = 0; + afl->queue_cur->skipdet_e->done_eff = 1; + + } else { + + afl->queue_cur->skipdet_e->continue_inf = 1; + + } + + return 1; + +} + diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 7d6fdfb9a3..4467cae876 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -140,6 +140,14 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->fsrv.child_pid = -1; afl->fsrv.out_dir_fd = -1; + /* Init SkipDet */ + afl->skipdet_g = + (struct skipdet_global *)ck_alloc(sizeof(struct skipdet_global)); + afl->skipdet_g->inf_prof = + (struct inf_profile *)ck_alloc(sizeof(struct inf_profile)); + afl->havoc_prof = + (struct havoc_profile *)ck_alloc(sizeof(struct havoc_profile)); + init_mopt_globals(afl); list_append(&afl_states, afl); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index deb28b7a6b..7657708122 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -502,6 +502,44 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, } +/* Log deterministic stage efficiency */ + +void plot_profile_data(afl_state_t *afl, struct queue_entry *q) { + + u64 current_ms = get_cur_time() - afl->start_time; + + u32 current_edges = count_non_255_bytes(afl, afl->virgin_bits); + double det_finding_rate = (double)afl->havoc_prof->total_det_edge * 100.0 / + (double)current_edges, + det_time_rate = (double)afl->havoc_prof->total_det_time * 100.0 / + (double)current_ms; + + u32 ndet_bits = 0; + for (u32 i = 0; i < afl->fsrv.map_size; i++) { + + if (afl->skipdet_g->virgin_det_bits[i]) ndet_bits += 1; + + } + + double det_fuzzed_rate = (double)ndet_bits * 100.0 / (double)current_edges; + + fprintf(afl->fsrv.det_plot_file, + "[%02lld:%02lld:%02lld] fuzz %d (%d), find %d/%d among %d(%02.2f) " + "and spend %lld/%lld(%02.2f), cover %02.2f yet, %d/%d undet bits, " + "continue %d.\n", + current_ms / 1000 / 3600, (current_ms / 1000 / 60) % 60, + (current_ms / 1000) % 60, afl->current_entry, q->fuzz_level, + afl->havoc_prof->edge_det_stage, afl->havoc_prof->edge_havoc_stage, + current_edges, det_finding_rate, + afl->havoc_prof->det_stage_time / 1000, + afl->havoc_prof->havoc_stage_time / 1000, det_time_rate, + det_fuzzed_rate, q->skipdet_e->undet_bits, + afl->skipdet_g->undet_bits_threshold, q->skipdet_e->continue_inf); + + fflush(afl->fsrv.det_plot_file); + +} + /* Check terminal dimensions after resize. */ static void check_term_size(afl_state_t *afl) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8cf6c73583..12d67fe715 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -170,7 +170,7 @@ static void usage(u8 *argv0, int more_help) { " -g minlength - set min length of generated fuzz input (default: 1)\n" " -G maxlength - set max length of generated fuzz input (default: " "%lu)\n" - " -D - enable deterministic fuzzing (once per queue entry)\n" + " -D - enable (a new) effective deterministic fuzzing\n" " -L minutes - use MOpt(imize) mode and set the time limit for " "entering the\n" " pacemaker mode (minutes of no new finds). 0 = " @@ -955,14 +955,20 @@ int main(int argc, char **argv_orig, char **envp) { break; - case 'D': /* enforce deterministic */ + case 'D': /* partial deterministic */ afl->skip_deterministic = 0; break; - case 'd': /* skip deterministic */ + case 'd': /* no deterministic */ - afl->skip_deterministic = 1; + // this is the default and currently a lot of infrastructure enforces + // it (e.g. clusterfuzz, fuzzbench) based on that this feature + // originally was bad performance wise. We now have a better + // implementation, hence if it is activated, we do not want to + // deactivate it by such setups. + + // afl->skip_deterministic = 1; break; case 'B': /* load bitmap */ @@ -1424,11 +1430,11 @@ int main(int argc, char **argv_orig, char **envp) { } #endif + + // silently disable deterministic mutation if custom mutators are used if (!afl->skip_deterministic && afl->afl_env.afl_custom_mutator_only) { - FATAL( - "Using -D determinstic fuzzing is incompatible with " - "AFL_CUSTOM_MUTATOR_ONLY!"); + afl->skip_deterministic = 1; } @@ -3031,6 +3037,11 @@ int main(int argc, char **argv_orig, char **envp) { if (frida_afl_preload) { ck_free(frida_afl_preload); } fclose(afl->fsrv.plot_file); + + #ifdef INTROSPECTION + fclose(afl->fsrv.det_plot_file); + #endif + destroy_queue(afl); destroy_extras(afl); destroy_custom_mutators(afl); diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index 4f85109963..7aee2985c1 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -9,7 +9,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index 7ce5de4134..513c1ae96d 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -9,7 +9,7 @@ Andrea Fioraldi Dominik Maier - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index a2c81586e4..daea8f466e 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -11,7 +11,7 @@ Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 7a639cf61b..20ba5a5e9b 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-tmin.c b/src/afl-tmin.c index e7442d1df9..4e5dab41ef 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/test-instr.c b/test-instr.c index eda5189c37..285528932c 100644 --- a/test-instr.c +++ b/test-instr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index 49feedc051..8c8b0ad3c5 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -38,7 +38,7 @@ test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUS # Run afl-fuzz w/ the C mutator $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds" { - AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1 + AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-custom-mutator >>errors 2>&1 } >>errors 2>&1 # Check results @@ -58,7 +58,7 @@ test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUS # Run afl-fuzz w/ multiple C mutators $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds" { - AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1 + AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -d -- ./test-multiple-mutators >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index d3d16ad5ab..baca21716b 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -14,7 +14,7 @@ # # # Copyright 2017 Battelle Memorial Institute. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/afl_network_proxy/afl-network-client.c b/utils/afl_network_proxy/afl-network-client.c index 0416f0f952..1f04dd87fd 100644 --- a/utils/afl_network_proxy/afl-network-client.c +++ b/utils/afl_network_proxy/afl-network-client.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 95b0a551c8..c4a700f488 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -12,7 +12,7 @@ Dominik Maier Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index 531a97a222..6cf47636bf 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index 0e3f8a454b..e6a74518a1 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -4,7 +4,7 @@ Written by Marc Heuse - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/afl_untracer/libtestinstr.c b/utils/afl_untracer/libtestinstr.c index b7afc325b0..0a98778add 100644 --- a/utils/afl_untracer/libtestinstr.c +++ b/utils/afl_untracer/libtestinstr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/utils/argv_fuzzing/Makefile b/utils/argv_fuzzing/Makefile index 6786467a48..ba977e5f0d 100644 --- a/utils/argv_fuzzing/Makefile +++ b/utils/argv_fuzzing/Makefile @@ -2,7 +2,7 @@ # american fuzzy lop++ - argvfuzz # -------------------------------- # -# Copyright 2019-2023 Kjell Braden +# Copyright 2019-2024 Kjell Braden # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/argv_fuzzing/argvfuzz.c b/utils/argv_fuzzing/argvfuzz.c index 41eead0cfa..47383138df 100644 --- a/utils/argv_fuzzing/argvfuzz.c +++ b/utils/argv_fuzzing/argvfuzz.c @@ -2,7 +2,7 @@ american fuzzy lop++ - LD_PRELOAD for fuzzing argv in binaries ------------------------------------------------------------ - Copyright 2019-2023 Kjell Braden + Copyright 2019-2024 Kjell Braden Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/distributed_fuzzing/sync_script.sh b/utils/distributed_fuzzing/sync_script.sh index b22816f1fc..861b65c83f 100755 --- a/utils/distributed_fuzzing/sync_script.sh +++ b/utils/distributed_fuzzing/sync_script.sh @@ -6,7 +6,7 @@ # Originally written by Michal Zalewski # # Copyright 2014 Google Inc. All rights reserved. -# Copyright 2019-2023 AFLplusplus Project. All rights reserved. +# Copyright 2019-2024 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index 1cd7abc6e3..b80be1a1fd 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -6,7 +6,7 @@ Originally written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index f4024799c3..cc49915071 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -6,7 +6,7 @@ Originally written by Michal Zalewski Copyright 2016 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c index 4ead657722..72e26e9397 100644 --- a/utils/persistent_mode/test-instr.c +++ b/utils/persistent_mode/test-instr.c @@ -3,7 +3,7 @@ -------------------------------------------------------- Originally written by Michal Zalewski Copyright 2014 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: