remove dead code, code format

author: vanhauser-thc <vh@thc.org> 2023-06-22 09:24:00 +0200
committer: vanhauser-thc <vh@thc.org> 2023-06-22 09:26:46 +0200
commit: 90f83c13d08f44fbf50036076a1772909c4d2c86 (patch)
tree: d26430fafdefc5a4765e274c930cf0ece7aecf4c
parent: 224e884ba1c8eba8ff6d7ab7c95dfb4f6f958622 (diff)
download: afl++-90f83c13d08f44fbf50036076a1772909c4d2c86.tar.gz
8 files changed, 19 insertions, 48 deletions
diff --git a/.custom-format.py b/.custom-format.py
index 1d5c8839..3521c05d 100755
--- a/.custom-format.py
+++ b/.custom-format.py
@@ -24,7 +24,7 @@ import importlib.metadata
 
 # string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # TODO: for future use
 
-CURRENT_LLVM = os.getenv('LLVM_VERSION', 15)
+CURRENT_LLVM = os.getenv('LLVM_VERSION', 16)
 CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "")
 
 
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 246c3cac..c850c43e 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -18,6 +18,9 @@
     - fixed a bug inherited from vanilla AFL where a coverage of
       map[123] = 11 would be the same as map[1123] = 1
     - warn on crashing inputs
+  - afl-cc
+    - fixed an off-by-one instrumentation of iselect, hurting coverage a bit.
+      Thanks to @amykweon for spotting and fixing!
 
 
 ### Version ++4.07c (release)
diff --git a/include/alloc-inl.h b/include/alloc-inl.h
index 1e9a192b..cff808b2 100644
--- a/include/alloc-inl.h
+++ b/include/alloc-inl.h
@@ -322,7 +322,7 @@ static inline void DFL_ck_free(void *mem) {
 static inline void *DFL_ck_realloc(void *orig, u32 size) {
 
   void *ret;
-  u32 old_size = 0;
+  u32   old_size = 0;
 
   if (!size) {
 
@@ -392,7 +392,7 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) {
 static inline u8 *DFL_ck_strdup(u8 *str) {
 
   void *ret;
-  u32 size;
+  u32   size;
 
   if (!str) return NULL;
 
@@ -438,14 +438,14 @@ struct TRK_obj {
 
   void *ptr;
   char *file, *func;
-  u32 line;
+  u32   line;
 
 };
 
     #ifdef AFL_MAIN
 
 struct TRK_obj *TRK[ALLOC_BUCKETS];
-u32 TRK_cnt[ALLOC_BUCKETS];
+u32             TRK_cnt[ALLOC_BUCKETS];
 
       #define alloc_report() TRK_report()
 
diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc
index d87af775..57b5d128 100644
--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
@@ -225,49 +225,18 @@ llvmGetPassPluginInfo() {
 
 }
 
-#if LLVM_VERSION_MAJOR == 1
+#if LLVM_VERSION_MAJOR >= 16
 PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,
                                                   ModuleAnalysisManager &MAM) {
 
-  ModuleSanitizerCoverageAFL ModuleSancov(Options);
-  auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
-  auto  DTCallback = [&FAM](Function &F) -> const DominatorTree  *{
-
-    return &FAM.getResult<DominatorTreeAnalysis>(F);
-
-  };
-
-  auto PDTCallback = [&FAM](Function &F) -> const PostDominatorTree * {
-
-    return &FAM.getResult<PostDominatorTreeAnalysis>(F);
-
-  };
-
-  if (!ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
-    return PreservedAnalyses::all();
-
-  PreservedAnalyses PA = PreservedAnalyses::none();
-  // GlobalsAA is considered stateless and does not get invalidated unless
-  // explicitly invalidated; PreservedAnalyses::none() is not enough. Sanitizers
-  // make changes that require GlobalsAA to be invalidated.
-  PA.abandon<GlobalsAA>();
-  return PA;
-
-}
-
 #else
-  #if LLVM_VERSION_MAJOR >= 16
-PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M,
-                                                  ModuleAnalysisManager &MAM) {
-
-  #else
 PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,
                                                   ModuleAnalysisManager &MAM) {
 
-  #endif
+#endif
   ModuleSanitizerCoverageAFL ModuleSancov(Options);
   auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
-  auto DTCallback = [&FAM](Function &F) -> const DominatorTree * {
+  auto  DTCallback = [&FAM](Function &F) -> const DominatorTree  *{
 
     return &FAM.getResult<DominatorTreeAnalysis>(F);
 
@@ -285,8 +254,6 @@ PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,
 
 }
 
-#endif
-
 std::pair<Value *, Value *> ModuleSanitizerCoverageAFL::CreateSecStartEnd(
     Module &M, const char *Section, Type *Ty) {
 
diff --git a/qemu_mode/libqasan/dlmalloc.c b/qemu_mode/libqasan/dlmalloc.c
index 5d0b65ce..b459eb7b 100644
--- a/qemu_mode/libqasan/dlmalloc.c
+++ b/qemu_mode/libqasan/dlmalloc.c
@@ -1762,7 +1762,7 @@ static FORCEINLINE void *win32direct_mmap(size_t size) {
 static FORCEINLINE int win32munmap(void *ptr, size_t size) {
 
   MEMORY_BASIC_INFORMATION minfo;
-  char *cptr = (char *)ptr;
+  char                    *cptr = (char *)ptr;
 
   while (size) {
 
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 13802f40..24fd7077 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1542,8 +1542,8 @@ double get_runnable_processes(void) {
      processes well. */
 
   FILE *f = fopen("/proc/stat", "r");
-  u8 tmp[1024];
-  u32 val = 0;
+  u8    tmp[1024];
+  u32   val = 0;
 
   if (!f) { return 0; }
 
@@ -2226,7 +2226,7 @@ void check_crash_handling(void) {
    *BSD, so we can just let it slide for now. */
 
   s32 fd = open("/proc/sys/kernel/core_pattern", O_RDONLY);
-  u8 fchar;
+  u8  fchar;
 
   if (fd < 0) { return; }
 
@@ -2365,7 +2365,7 @@ void check_cpu_governor(afl_state_t *afl) {
   FATAL("Suboptimal CPU scaling governor");
 
 #elif defined __APPLE__
-  u64 min = 0, max = 0;
+  u64    min = 0, max = 0;
   size_t mlen = sizeof(min);
   if (afl->afl_env.afl_skip_cpufreq) return;
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 8cf786af..79b05da7 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -164,7 +164,8 @@ static void usage(u8 *argv0, int more_help) {
       "\n"
 
       "Mutator settings:\n"
-      "  -a            - target expects ascii text input (prefer text mutators)\n"
+      "  -a            - target expects ascii text input (prefer text "
+      "mutators)\n"
       "  -g minlength  - set min length of generated fuzz input (default: 1)\n"
       "  -G maxlength  - set max length of generated fuzz input (default: "
       "%lu)\n"
diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c
index 7eb3d18e..95b0a551 100644
--- a/utils/afl_network_proxy/afl-network-server.c
+++ b/utils/afl_network_proxy/afl-network-server.c
@@ -173,7 +173,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) {
     }
 
     out_file = alloc_printf("%s/.afl-input-temp-%u", use_dir, getpid());
-	fsrv->out_file = out_file;
+    fsrv->out_file = out_file;
 
   }
author	vanhauser-thc <vh@thc.org>	2023-06-22 09:24:00 +0200
committer	vanhauser-thc <vh@thc.org>	2023-06-22 09:26:46 +0200
commit	90f83c13d08f44fbf50036076a1772909c4d2c86 (patch)
tree	d26430fafdefc5a4765e274c930cf0ece7aecf4c
parent	224e884ba1c8eba8ff6d7ab7c95dfb4f6f958622 (diff)
download	afl++-90f83c13d08f44fbf50036076a1772909c4d2c86.tar.gz