AFLplusplus declined in aggregate rank from 2020-03-09 to 2020-03-11 #113
Comments
|
I think we can run an experiment where we turn off some of the 4 changes I mention above to find out what's responsible. |
|
the drop in coverage - my guess it is fidgety (-d) - the deterministic fuzzing is in my experience really good for initial path discovery and later in finding features and options. so skipping this is likely not beneficial. the big improvements are likely based on laf-intel. instrim results in less map collisions and more speed, libdislocator is also a speed gain. more speed + less collisions = better coverage, so they should result in a medium improvement. |
|
I suspect mopt removal had a lot to do with it as well. Mopt seems to do terrifically on fuzzbench. I didn't realize this option was removed from AFL++ when I made this issue, but this definitely would be my first guess. |
|
laf-intel is my guess for why libpcap_fuzz_both is so much better now. It has no seeds and all other AFL based fuzzers do very badly compared to every single non-afl based fuzzer (I assume because they can instrument compares whereas the other AFL configurations we were using don't do this). I think if we run another experiment with mopt-afl++, it will show that it was the reason for the overall drop and we can close this issue. |
|
@andreafioraldi how about we remove the -d and see how this changes the performance? This would be a great opportunity to see the difference for that. Also you should update the checkout as this makes a good change to instrim, e.g. to a57896a7ce7f2d51aad001234c0686e237eea54f (I would propose you take authority on this fuzzer instance and I take the one on aflplusplus-mopt (if that PR is accepted) so we dont interfere with experiments @jonathanmetzman when is the next run of fuzzbench? |
|
we run stuff periodically every few days, https://www.fuzzbench.com/reports/index.html |
|
lets hope #122 makes it into the next run then :) |
|
Hi, |
|
@andreafioraldi the decline can be attributed to the removal of MOpt (#113 (comment)) |
|
Given the new report, https://www.fuzzbench.com/reports/2020-03-19/index.html, my guess about dislocator was right. -d also is a improvement when having a single run. |
I agree, |
in a real effective fuzzing campaign you have a master and several slaves. By default deterministic fuzzing is only done on the master which is the optimal behavious IMHO. |
|
@jonathanmetzman how about we add an afl fuzzer without -d and then compare the stock google afl's against each other? of course this makes more sense for targets that have a corpus |
|
there is afl_deterministic |
|
yes right, afl_deterministic is that one. Since performance of afl_deterministic, we removed it and -d is now the default for all afl based fuzzers. |
|
I feel also that, due to the good initial corpus, roadblocks bypassing techniques such as laf-intel may be decremental. There is also a benchmark that is super strange in this last run:
aflplusplus_mopt is -L 0 -p fast that this MOpt + AFLFast, two fuzzers that performed very bad on this target |
|
Closing this issue, free free to file tracking issue for specific bugs. |
|
@andreafioraldi aflplusplus_mopt also has laf-intel and that is why its good - (it does not have a corpus) and MOpt and aflfast dont have laf-intel |
Maybe deterministic steps can be defaulted to if |
2020-03-11 was the first experiment we ran with the new AFL++ fuzzer.py.
The aggregate ranking in this report claims AFL++ does about the same as AFL, whereas older reports, such as 2020-03-09, consistently show otherwise.
Since AFL++ already used afl-clang-fast in 2020-03-09, the aggregate change could be related to any of the following changes in fuzzer.py:
I think changes causing the slip fall into two broad categories.
I quickly eyeballed the two reports and put my observations about performance changes on different benchmaks in this table:
I think libpcap and sqlite are some interesting success stories
The text was updated successfully, but these errors were encountered: