Add cmplog

[Evian-Zhang]

Thanks to LibAFL, the hardest part is already implemented. :)

[wtdcode]

This doesn't sound correct to me. Cmplog and Cmpcov can be used together, though might be not too effective. It should be bitflags in my opinion.

[Evian-Zhang]

It's what the C-version of unicornafl does🤔

unicornafl/unicornafl.cpp

Line 587 in a8f96da

ERR("CMPLOG and CMPCOV turned on at the same time!\n");

[Evian-Zhang]

And qemuafl also makes it exclusive: https://github.com/AFLplusplus/qemuafl/blob/c43dd6e0369cd5d2a2458f3bd7f4f58c8de53300/qemuafl/cpu-translate.h#L79

[wtdcode]

Okay, then let us also do this way since using cmplog with cmpcov indeed doesn't have some interesting usages and cause slowdown.

A side question: can we even disable pc instrumentation when cmplog is detected? I forget a bit about cmplog details so correct me if that won't work.

[Evian-Zhang]

I agree. I'll check the implementation later.

[Evian-Zhang]

I have pushed a new commit, which disables PC instrumentation for CMPLOG mode :)

[vanhauser-thc]

No please don’t. When compiling for cmplog some users compile only once and don’t mind the speed impact. And with this it would fail

[vanhauser-thc]

But I need to update the docs to recommend doing this

[wtdcode]

How about going to docs?

[wtdcode]

Okay, make sense. I was going to refer to https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md

[wtdcode]

(not in the scope of this PR)

I do think we should avoid these global variables in libafl_targets

[Evian-Zhang]

A practical way is do like what libafl_qemu's module system does. The map pointer is retrieved from passed-in map observers, but this only hide the global vars under the hood. Anyway, to real handle this problem, a lot of work in LibAFL still needs to be done (mostly in API design since the previous global var is parameter now)

[wtdcode]

Thanks!