replay mode support#1965
Conversation
|
Looks super useful! |
|
yes this looks great! please do the |
|
@quarta-qti can you please check? |
|
Hi! Sorry for the late reply, I was on vacation without my laptop with me and couldn't reply! :) On it! |
|
Done. I also added relevant documentation in README.persistent_mode.md, added error handling for when a non-existing record directory is passed, and added another define "AFL_PERSISTENT_REPLAY_ARGPARSE" to selectively enable support for @@-style harnesses to increase compatibility since -afaik- not all platforms allow passing command line arguments to constructors. |
| Note that every crash will be written, not only unique ones! */ | ||
|
|
||
| // #define AFL_PERSISTENT_RECORD | ||
| #define AFL_PERSISTENT_RECORD |
There was a problem hiding this comment.
this has a fuzzing overhead, so I would not want to enable it by default
There was a problem hiding this comment.
Ack! This slipped in inadvertently because of the final testing round, gonna comment it.
| #define __AFL_INIT() sync() | ||
|
|
||
| #define AFL_COMPAT | ||
| #include "persistent_replay.h" |
There was a problem hiding this comment.
this includes then a lot more that does into belong to the demo - why?
There was a problem hiding this comment.
I used the demo to test and showcase the self-contained replay functionality, I'm guessing that it was not the right place to do it, and it's better to keep it as it was originally.
I think it would make sense to either:
- move the self-contained replay demo into a new
persistent_demo_replay.c, - add back the original defines and wrap the two blocks into a conditional block like
#ifdef AFL_PERSISTENT_REPLAY
Although not directly, I hope this answers your question. 😛
There was a problem hiding this comment.
yes just put that into persistent_demo_replay.c please :)
| #define AFL_PERSISTENT_RECORD | ||
|
|
||
| /* Adds support in compiler-rt to replay persistent records */ | ||
| #define AFL_PERSISTENT_REPLAY |
There was a problem hiding this comment.
also this should not by default on I think. but I a second define? persistent recording only makes sense if also replay is added? so why not removing this one and just use afl_persistent_record?
There was a problem hiding this comment.
I thought persistent replay functionality might introduce some overhead in the persistent loop, and preferred to let the user choose if they want to keep a non-"replay" compiler-rt while still being able to use the record functionality in afl-fuzz.
Tbh, I did not measure if there's significant overhead added, will do and report back the results.
If persistent replay adds significant overhead I would rather add another ifdef block to define AFL_PERSISTENT_RECORD if not defined when AFL_PERSISTENT_REPLAY is defined.
#ifdef AFL_PERSISTENT_REPLAY
#ifndef AFL_PERSISTENT_RECORD
#define AFL_PERSISTENT_RECORD
#endif
#endifThere was a problem hiding this comment.
On a second thought:
- Overhead on persistent loop should be extremely minimal. It's pretty much just one more if.
- Initialization should not be a problem, and can also be skipped with manual forkserver initialization.
I'll just use unlikely on the replay mode check, and then use only one define.
|
@quarta-qti looks good, I left some comments for discussion :) |
…eep area ptr and loc logic intact in record replay mode, move replay record example to own dir in utils, update docs, move record compat layer to separate header file
|
All done. Cleaned up a bit the persistent loop to keep the area ptr/loc logic intact to allow reusing afl tools with the only difference from the regular persistent loop being it won't raise a STOP signal. |
| } | ||
|
|
||
| #ifdef AFL_PERSISTENT_RECORD | ||
| #ifdef AFL_eERSISTENT_RECORD |
There was a problem hiding this comment.
you introduced a typo here
| @@ -1811,48 +1823,58 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, | |||
| (fsrv->uses_crash_exitcode && | |||
| WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { | |||
|
|
|||
There was a problem hiding this comment.
from here below to the end of the file the changes seem to change logic/behaviour of non AFL_PERSISTENT_RECORD - can you please have a look?
There was a problem hiding this comment.
Silly mistake here, it just needed wrapping the persistent record logic in a conditional statement checking if the mode is active. Same goes for the hangs logic before here. Fixed! Thanks for spotting this out!
| @@ -0,0 +1,8 @@ | |||
| all: | |||
There was a problem hiding this comment.
This directory needs a short README.md what it actually does, even if it just points the the README.persistent_mode.md file.
|
we are getting close to merging :) |
|
looks good now, thanks a lot! |
|
Thank you! 😊 |
Hi! This pull request introduces functionality to replay records stored by using AFL_PERSISTENT_RECORD.
It includes the following changes:
To use the persistent replay functionality, the record number must be specified via the AFL_PERSISTENT_REPLAY env var (i.e., RECORD:XXXXX -> AFL_PERSISTENT_REPLAY=XXXXX) and the directory can be specified via AFL_PERSISTENT_DIR, otherwise the default will be considered the current directory ("./").