Fast executions

[Stefan Nagy]

I just want to verify my understanding: honggFuzz does not use any sort of forkserver implementation (i.e., AFL's), but instead achieves high execution rates due to multithreading?

[Robert Święcki]

Hi,

sob., 3 lis 2018 o 03:38 Stefan Nagy <sna...@vt.edu> napisał(a):

I just want to verify my understanding: honggFuzz does not use any sort of forkserver implementation (i.e., AFL's), but instead achieves high execution rates due to multithreading?

Not really, executions of single commands are things of the past in the fuzzing world. If someone is fuzzing a single command, it's typically because it's a quick'n'simple attempt to check whether a command can crash, or maybe it's a closed-source thing which cannot be easily modified.

The vast majority of serious fuzzing setups these days uses persistent fuzzing (e.g. in oss-fuzz). And yup, honggfuzz by default can run multiple instances of fuzzed software at once with shared corpus and stats. It's technically a multi-process approach, but honggfuzz internally uses one thread per fuzzed process for bookkeeping and corpus synchronization, that's why the term multi-threaded is used sometimes here.

--

Robert Święcki