[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 01/14] fuzz/x86_emulate: Remove redundant AFL hook

On 22/09/17 16:47, George Dunlap wrote:
On Fri, Aug 25, 2017 at 6:37 PM, Andrew Cooper
<andrew.cooper3@xxxxxxxxxx> wrote:
On 25/08/17 17:43, George Dunlap wrote:
You don't need __AFL_INIT if you have __AFL_LOOP.

Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
Really?  Is that covered in any documentation?

I got the contrary impression from whichever version of AFL I was using
when I put this in, and a quick look over the afl-fuzz source doesn't
appear to equate them in any way.
Trying to answer the feof() question, I dug into llvm mode a bit more.
They are independent features but they can be used together: that is,
if you compile with afl-clang-fast, you always get a forkserver.  If
you specify the location with __AFL_INIT, that's where the forkserver
get started; otherwise, it's somewhere before main() is called.

When __AFL_LOOP(N) is present, it will execute the loop N times before
calling exit(); at which point, the forkserver will fork another
instance (either before main(), or at __AFL_INIT).

So you don't *need* __AFL_INIT; and the amount of time it will save
isn't much (the initialization every 1000 iterations), but I suppose
we might as well keep it.

The purpose of c/s 63092064eb was very deliberately to cause the mprotect() remapping the stack as executable to be not repeated.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.