xenbits.xensource.com Git - people/royger/xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 1 Mar 2017 19:02:35 +0000 (19:02 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Mon, 20 Mar 2017 16:45:21 +0000 (16:45 +0000)
commit	69f4633817c38655cd27aa62c3cbfc02f6627234
tree	f4a78e90ae883707d89fa1b78a04dc1132947e92	tree
parent	63092064eb1e6268357516715245a481db653e13	commit \| diff

tools/insn-fuzz: Support AFL's afl-clang-fast mode

AFL has an alternative llvm-base instrumentation mode, which has much lower
overhead than the traditional afl-gcc.

One extra ability is to chose exactly where the master process gets
initialised to, before being forked for testing. This point is chosen after
the call to LLVMFuzzerInitialize(), so the stack isn't being remapped
executable for every test.

Another extra ability is to feed multiple inputs into a single test process,
to reduce the number of fork() calls required overall. Two caveats are that if
stdin is used for data, it must be unbuffered, and if input is passed via a
command line parameter, the underlying file must be opened and closed on each
iteration.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>

tools/fuzz/README.afl		diff \| blob \| blame \| history
tools/fuzz/x86_instruction_emulator/afl-harness.c		diff \| blob \| blame \| history