Support qemu 4.1.0 for non-instrumented binaries (-Q) #43
Conversation
|
Thanks for the patch.
|
|
Hi guys, are you sure that QEMU 4 is a good idea? I tested it a bit for AFL++, the performance decrement is huge compared to QEMU 3. |
|
I suspect a fix introduced in QEMU 4 to fix an unprobable overflow of the translated instructions in the block. However I'm not sure about it, I suggest you to try QEMU 3 before switching to 4. |
|
@andreafioraldi they have a speed increase going from version 2 to 4, so for stock afl it is helpful. In afl++ we are noticing a speed decrease because we have much better optimization they are missing - that version 4 kills, so for us it would be bad to upgrade to 4. |
This PR is to update the version of qemu used in non-instrumented binaries from qemu 2.10.0 to qemu 4.1.0.
This does break ease of building though as qemu now depends on libcapstone-dev >= 3. I had issues with Debian jessie packages for libcapstone and libcapstone2-dev being too far out of date. I solved this with using the stretch debs for libcapstone3-dev and libcapstone. See Line 148 of the build script for a few comments and the added dependency check.
In terms of performance, before on qemu 2.10.0 on my laptop I was seeing ~12-15 executions per second with fuzzing readelf. With qemu 4.1.0 I am seeing ~40-45 executions per second again with readelf. This probably should be tested more however my initial tests seem good.
I tested building and running on Arch Linux as well as building on a fully up-to-date Debian Jessie.
Let me know if you need anything else from me and thank you for this project!