Android Frida-mode Exec Speed & Stability Regressions

**Describe the bug**
Recent versions of afl++ have dramatically lower exec speed and stability in Android frida-mode.

In the provided example, no changes were made to the harness. The only difference between runs is using different versions of afl++. Frida version is locked at 16.0.13 between all tests shown here. Separately, I also tried various updated versions of Frida and that did not appear to make a difference.

I followed the Quarkslab frida-mode tutorial (https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html) that is suggested on the afl++ website here: https://aflplus.plus/docs/tutorials/. Harness and configuration here: https://github.com/quarkslab/android-fuzzing.

Performance using the open-source android-fuzzing wlinked harness and afl.js (supporting screenshots for reference):
afl++ Version | Exec Speed | Stability |
|---|---|---|
| dev-branch (9cb3fe9) | ~100/s | ~75% |
| 4.31c (9cac7ce) | ~100/s | ~75% |
| 4.30c (4f53803) | ~100/s | ~75% |
| 4.21c (9f6b012) | ~30k/s | ~75% |
| 4.10c (775861e) | ~30k/s | ~75% |
| 4.09c (108fb0b) | ~26k/s | 100% |

**To Reproduce**
```
gh repo clone quarkslab/android-fuzzing
cd android-fuzzing
export NDK_PATH=<HERE>
 
adb push apk/qb.blogfuzz.apk /data/local/tmp/
adb push native/lib/libblogfuzz.so /data/local/tmp/
 
pushd jenv
cmake -DANDROID_PLATFORM=31 -DCMAKE_TOOLCHAIN_FILE=${NDK_PATH}/build/cmake/android.toolchain.cmake -DANDROID_ABI=arm64-v8a .
make
adb push libjenv.so /data/local/tmp/
popd
 
pushd wlinked_jni
mkdir -p build && cd build
cmake -DANDROID_PLATFORM=31 -DCMAKE_TOOLCHAIN_FILE=${NDK_PATH}/build/cmake/android.toolchain.cmake -DANDROID_ABI=arm64-v8a ..
make
adb push fuzz /data/local/tmp/
adb push ../afl.js /data/local/tmp/
popd
 
adb shell su -c "cd /data/local/tmp/ && mkdir -p /data/local/tmp/in && su -c rm -rf /data/local/tmp/out/* && su -c dd if=/dev/urandom of=/data/local/tmp/in/sample.bin bs=1 count=16 && /data/local/tmp/afl-fuzz -O -G 256 -i in -o out /data/local/tmp/fuzz"
```

**Expected behavior**
Expect stability and performance to roughly stay the same or improve.

**Screen output/Screenshots**

![Image](https://github.com/user-attachments/assets/c2b110a5-2764-4c89-8afc-98fa04f9a9ea)

![Image](https://github.com/user-attachments/assets/deec65e0-7434-4fba-b105-3c11fe50e6b4)

![Image](https://github.com/user-attachments/assets/c6e531e2-7fd4-471a-b725-f65943eeb25f)

![Image](https://github.com/user-attachments/assets/4b53f1d1-0717-47f1-9f39-5f92040ccf7c)

![Image](https://github.com/user-attachments/assets/967e70db-81ba-40b1-8293-a7007fa58d6f)

![Image](https://github.com/user-attachments/assets/f95ae3c8-fa04-4c79-aec2-00dc812d43f1)

**Additional context**
Add any other context about the problem here.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Android Frida-mode Exec Speed & Stability Regressions #2298

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

afl++ Version	Exec Speed	Stability
dev-branch (`9cb3fe9`)	~100/s	~75%
4.31c (`9cac7ce`)	~100/s	~75%
4.30c (`4f53803`)	~100/s	~75%
4.21c (`9f6b012`)	~30k/s	~75%
4.10c (`775861e`)	~30k/s	~75%
4.09c (`108fb0b`)	~26k/s	100%

Uh oh!

Android Frida-mode Exec Speed & Stability Regressions #2298

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions