diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-08-28 18:42:21 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-08-28 18:42:21 +0200 |
| commit | 733c8e4c349562fd02d0238be486ecbdf0640fd0 (patch) | |
| tree | 7a7b67f535581f091a9201048812b01cba66da44 | |
| parent | 80f175daac0e2dac12aad908abb19316e85552c8 (diff) | |
| download | afl++-733c8e4c349562fd02d0238be486ecbdf0640fd0.tar.gz | |
better neverzero with adc + neverzero for compcov
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-translate-inl.h | 36 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-translate-inl.h | 3 | ||||
| -rw-r--r-- | unicorn_mode/patches/afl-unicorn-cpu-inl.h | 3 | ||||
| -rw-r--r-- | unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h | 36 |
4 files changed, 52 insertions, 26 deletions
diff --git a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h index 4716c2ac..f85a86d7 100644 --- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h @@ -45,11 +45,25 @@ extern u8 afl_compcov_level; void tcg_gen_afl_compcov_log_call(void *func, target_ulong cur_loc, TCGv_i64 arg1, TCGv_i64 arg2); +#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) +# define INC_AFL_AREA(loc) \ + asm volatile ( \ + "incb (%0, %1, 1)\n" \ + "adc $0, (%0, %1, 1)\n" \ + : /* no out */ \ + : "r" (afl_area_ptr), "r" (loc) \ + : "memory", "eax" \ + ) +#else +# define INC_AFL_AREA(loc) \ + afl_area_ptr[loc]++ +#endif + static void afl_compcov_log_16(target_ulong cur_loc, target_ulong arg1, target_ulong arg2) { if ((arg1 & 0xff) == (arg2 & 0xff)) { - afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); } } @@ -57,11 +71,11 @@ static void afl_compcov_log_32(target_ulong cur_loc, target_ulong arg1, target_ulong arg2) { if ((arg1 & 0xff) == (arg2 & 0xff)) { - afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); if ((arg1 & 0xffff) == (arg2 & 0xffff)) { - afl_area_ptr[cur_loc +1]++; + INC_AFL_AREA(cur_loc +1); if ((arg1 & 0xffffff) == (arg2 & 0xffffff)) { - afl_area_ptr[cur_loc +2]++; + INC_AFL_AREA(cur_loc +2); } } } @@ -71,19 +85,19 @@ static void afl_compcov_log_64(target_ulong cur_loc, target_ulong arg1, target_ulong arg2) { if ((arg1 & 0xff) == (arg2 & 0xff)) { - afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); if ((arg1 & 0xffff) == (arg2 & 0xffff)) { - afl_area_ptr[cur_loc +1]++; + INC_AFL_AREA(cur_loc +1); if ((arg1 & 0xffffff) == (arg2 & 0xffffff)) { - afl_area_ptr[cur_loc +2]++; + INC_AFL_AREA(cur_loc +2); if ((arg1 & 0xffffffff) == (arg2 & 0xffffffff)) { - afl_area_ptr[cur_loc +3]++; + INC_AFL_AREA(cur_loc +3); if ((arg1 & 0xffffffffff) == (arg2 & 0xffffffffff)) { - afl_area_ptr[cur_loc +4]++; + INC_AFL_AREA(cur_loc +4); if ((arg1 & 0xffffffffffff) == (arg2 & 0xffffffffffff)) { - afl_area_ptr[cur_loc +5]++; + INC_AFL_AREA(cur_loc +5); if ((arg1 & 0xffffffffffffff) == (arg2 & 0xffffffffffffff)) { - afl_area_ptr[cur_loc +6]++; + INC_AFL_AREA(cur_loc +6); } } } diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h index f82d1217..48d05179 100644 --- a/qemu_mode/patches/afl-qemu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-translate-inl.h @@ -51,8 +51,7 @@ void afl_maybe_log(target_ulong cur_loc) { #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) asm volatile ( "incb (%0, %1, 1)\n" - "seto %%al\n" - "addb %%al, (%0, %1, 1)\n" + "adc $0, (%0, %1, 1)\n" : /* no out */ : "r" (afl_area_ptr), "r" (afl_idx) : "memory", "eax" diff --git a/unicorn_mode/patches/afl-unicorn-cpu-inl.h b/unicorn_mode/patches/afl-unicorn-cpu-inl.h index 28400357..187a0ce6 100644 --- a/unicorn_mode/patches/afl-unicorn-cpu-inl.h +++ b/unicorn_mode/patches/afl-unicorn-cpu-inl.h @@ -252,8 +252,7 @@ static inline void afl_maybe_log(struct uc_struct* uc, unsigned long cur_loc) { #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) asm volatile ( "incb (%0, %1, 1)\n" - "seto %%al\n" - "addb %%al, (%0, %1, 1)\n" + "adc $0, (%0, %1, 1)\n" : /* no out */ : "r" (uc->afl_area_ptr), "r" (afl_idx) : "memory", "eax" diff --git a/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h b/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h index 9e56484b..e59d7b15 100644 --- a/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h +++ b/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h @@ -32,13 +32,27 @@ #include "uc_priv.h" +#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) +# define INC_AFL_AREA(loc) \ + asm volatile ( \ + "incb (%0, %1, 1)\n" \ + "adc $0, (%0, %1, 1)\n" \ + : /* no out */ \ + : "r" (uc->afl_area_ptr), "r" (loc) \ + : "memory", "eax" \ + ) +#else +# define INC_AFL_AREA(loc) \ + uc->afl_area_ptr[loc]++ +#endif + void HELPER(afl_compcov_log_16)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1, uint64_t arg2) { struct uc_struct* uc = uc_ptr; if ((arg1 & 0xff) == (arg2 & 0xff)) { - uc->afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); } } @@ -48,11 +62,11 @@ void HELPER(afl_compcov_log_32)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1, struct uc_struct* uc = uc_ptr; if ((arg1 & 0xff) == (arg2 & 0xff)) { - uc->afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); if ((arg1 & 0xffff) == (arg2 & 0xffff)) { - uc->afl_area_ptr[cur_loc +1]++; + INC_AFL_AREA(cur_loc +1); if ((arg1 & 0xffffff) == (arg2 & 0xffffff)) { - uc->afl_area_ptr[cur_loc +2]++; + INC_AFL_AREA(cur_loc +2); } } } @@ -64,19 +78,19 @@ void HELPER(afl_compcov_log_64)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1, struct uc_struct* uc = uc_ptr; if ((arg1 & 0xff) == (arg2 & 0xff)) { - uc->afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); if ((arg1 & 0xffff) == (arg2 & 0xffff)) { - uc->afl_area_ptr[cur_loc +1]++; + INC_AFL_AREA(cur_loc +1); if ((arg1 & 0xffffff) == (arg2 & 0xffffff)) { - uc->afl_area_ptr[cur_loc +2]++; + INC_AFL_AREA(cur_loc +2); if ((arg1 & 0xffffffff) == (arg2 & 0xffffffff)) { - uc->afl_area_ptr[cur_loc +3]++; + INC_AFL_AREA(cur_loc +3); if ((arg1 & 0xffffffffff) == (arg2 & 0xffffffffff)) { - uc->afl_area_ptr[cur_loc +4]++; + INC_AFL_AREA(cur_loc +4); if ((arg1 & 0xffffffffffff) == (arg2 & 0xffffffffffff)) { - uc->afl_area_ptr[cur_loc +5]++; + INC_AFL_AREA(cur_loc +5); if ((arg1 & 0xffffffffffffff) == (arg2 & 0xffffffffffffff)) { - uc->afl_area_ptr[cur_loc +6]++; + INC_AFL_AREA(cur_loc +6); } } } |