optimize fuzzing setup #21
Conversation
|
ping @sagamusix :) |
|
Finally digging into this, thanks for the reminder! :) |
| AFL_NO_WARN_INSTABILITY=1 | ||
| AFL_FAST_CAL=1 | ||
| AFL_IMPORT_FIRST=1 | ||
| AFL_DISABLE_TRIM=1 |
There was a problem hiding this comment.
Can you explain why using AFL_DISABLE_TRIM=1 would be beneficial? It seems counterintuitive given the afl++ documentation, and also given that a lot of our formats have the possibility of having large chunks of PCM sample data at the end which should not affect the fuzzing state at all, so trimming this data would often result in smaller files and thus faster fuzzing cycles according to my understanding.
There was a problem hiding this comment.
In >60% of the time it’s better that is why :) you could try it out yourself by running it with and without for 3h
| @@ -1,4 +1,4 @@ | |||
| #!/usr/bin/env bash | |||
| cd "${0%/*}" | |||
| cd ../.. | |||
| AFL_USE_ASAN=1 CONFIG=afl make clean all EXAMPLES=0 TEST=0 OPENMPT123=0 NO_VORBIS=1 NO_VORBISFILE=1 NO_MPG123=1 CHECKED_ADDRESS=1 | |||
| AFL_LLVM_CMPLOG=1 AFL_USE_ASAN=1 CONFIG=afl make clean all EXAMPLES=0 TEST=0 OPENMPT123=0 NO_VORBIS=1 NO_VORBISFILE=1 NO_MPG123=1 CHECKED_ADDRESS=1 | |||
There was a problem hiding this comment.
Doesn't this addition require building the binary two times (one with cmplog, one without)? Is there any benefit in building just one binary with cmplog?
There was a problem hiding this comment.
Yes that would be beneficial. This is the easier way. As you use an asan binary anyway it doesn’t matter. Best practice would be 3 binaries :) normal, cmplog, asan
Patch-by: vanhauser-thc <[email protected]> git-svn-id: https://source.openmpt.org/svn/openmpt/trunk/OpenMPT@21159 56274372-70c3-4bfc-bfc3-4c3a0b034d27
|
Applied in 6710289. Thanks for looking into it! |
renamed AFL_DIR to AFL_PATH, as the former makes afl-fuzz complain and the latter helps to find it's data.
also optimized building the target and how to fuzz it.