[PATCH] afl-fuzz: add -Z to set CPU scheduling affinity
540 views
Skip to first unread message
Austin Seipp
Oct 14, 2015, 1:27:16 PM10/14/15
to afl-...@googlegroups.com
Hello *,
Attached to this email is a patch to afl fuzz, which adds a new option
to set the CPU scheduling affinity of the AFL process.
In my experiments on several large-scale machines, explicitly setting
the affinity generally removes 'jitter' from the exec/s you get, as
the kernel no longer reschedules your processes elsewhere. You can do
this on Linux using 'taskset', but I find it much nicer for afl-fuzz
to support it directly.
It's easy to use, instead of:
afl-fuzz -i corpus -o results ./foo
do:
afl-fuzz -Z <n> -i corpus ...
Where 'n' is in the range of [0, x-1] where x is the total number of
CPU cores available (this includes hyperthreading and hardware threads
per core; it's akin to what you would expect of looking at 'htop' or
`cat /proc/cpuinfo`).
Please note the current patch only works on Linux. BSD and OS X
support should be very easy additions for any interested hackers out
there.
Note that you can't directly set a mask with this option; this
generally wouldn't be very useful anyway since you run one-process-per
core, so you can only pin to a specific CPU.
You can also find this code available online in this repository, in
the 'sched_setaffinity' branch:
https://github.com/thoughtpolice/afl/tree/sched_setaffinity
--
Regards,
Austin - PGP: 4096R/0x91384671
Attached to this email is a patch to afl fuzz, which adds a new option
to set the CPU scheduling affinity of the AFL process.
In my experiments on several large-scale machines, explicitly setting
the affinity generally removes 'jitter' from the exec/s you get, as
the kernel no longer reschedules your processes elsewhere. You can do
this on Linux using 'taskset', but I find it much nicer for afl-fuzz
to support it directly.
It's easy to use, instead of:
afl-fuzz -i corpus -o results ./foo
do:
afl-fuzz -Z <n> -i corpus ...
Where 'n' is in the range of [0, x-1] where x is the total number of
CPU cores available (this includes hyperthreading and hardware threads
per core; it's akin to what you would expect of looking at 'htop' or
`cat /proc/cpuinfo`).
Please note the current patch only works on Linux. BSD and OS X
support should be very easy additions for any interested hackers out
there.
Note that you can't directly set a mask with this option; this
generally wouldn't be very useful anyway since you run one-process-per
core, so you can only pin to a specific CPU.
You can also find this code available online in this repository, in
the 'sched_setaffinity' branch:
https://github.com/thoughtpolice/afl/tree/sched_setaffinity
--
Regards,
Austin - PGP: 4096R/0x91384671
Michal Zalewski
Mar 8, 2016, 12:33:46 AM3/8/16
to afl-users
Sorry, catching up on some old stuff :-( Thank you for the idea!
The -Z option is now implemented in 2.07b and will ship shortly! It
should work on Linux and FreeBSD; MacOS X port should be simple, but
there's a different API for that, and I don't have a box to develop
on.
Nice benchmarks with libpng on Linux:
Two fuzzers, no affinity specified:
~3,300 execs/sec
Two fuzzers with affinity on different cores:
~3,800 execs/sec [+15%]
Two fuzzer with colliding affinity:
~1,900 execs/sec [-60%]
/mz
The -Z option is now implemented in 2.07b and will ship shortly! It
should work on Linux and FreeBSD; MacOS X port should be simple, but
there's a different API for that, and I don't have a box to develop
on.
Nice benchmarks with libpng on Linux:
Two fuzzers, no affinity specified:
~3,300 execs/sec
Two fuzzers with affinity on different cores:
~3,800 execs/sec [+15%]
Two fuzzer with colliding affinity:
~1,900 execs/sec [-60%]
/mz
Michal Zalewski
Mar 8, 2016, 12:50:24 AM3/8/16
to afl-users
> Two fuzzers, no affinity specified:
> ~3,300 execs/sec
>
> Two fuzzers with affinity on different cores:
> ~3,800 execs/sec [+15%]
>
> Two fuzzer with colliding affinity:
> ~1,900 execs/sec [-60%]
Shipped in 2.07b.
> ~3,300 execs/sec
>
> Two fuzzers with affinity on different cores:
> ~3,800 execs/sec [+15%]
>
> Two fuzzer with colliding affinity:
> ~1,900 execs/sec [-60%]
/mz
Reply all
Reply to author
Forward
0 new messages