diff options
| author | van Hauser <vh@thc.org> | 2020-04-03 10:31:37 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-04-09 10:23:37 +0200 |
| commit | c14fd1ad18aabd7a946d13e883f8d035650ed993 (patch) | |
| tree | a31aabd0dfdcbd8f0aa8605da92959357cdc974f | |
| parent | 88782ae43c86cb922558460b324020aedbd7a936 (diff) | |
| download | afl++-c14fd1ad18aabd7a946d13e883f8d035650ed993.tar.gz | |
code format, small improvements
| -rw-r--r-- | docs/status_screen.md | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 18 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 19 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 9 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 8 |
5 files changed, 28 insertions, 28 deletions
diff --git a/docs/status_screen.md b/docs/status_screen.md index 8b3d5bda..a66558b9 100644 --- a/docs/status_screen.md +++ b/docs/status_screen.md @@ -400,6 +400,8 @@ directory. This includes: - `exec_timeout` - the -t command line value - `slowest_exec_ms` - real time of the slowest execution in ms - `peak_rss_mb` - max rss usage reached during fuzzing in MB + - `edges_found` - how many edges have been found + - `var_byte_count` - how many edges are non-deterministic - `afl_banner` - banner text (e.g. the target name) - `afl_version` - the version of afl used - `target_mode` - default, persistent, qemu, unicorn, dumb diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 8ca286b2..63c3a2c2 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -177,8 +177,6 @@ u32 count_bits(u8 *mem) { } -#define FF(_b) (0xff << ((_b) << 3)) - /* Count the number of bytes set in the bitmap. Called fairly sporadically, mostly to update the status screen or calibrate and examine confirmed new paths. */ @@ -194,10 +192,10 @@ u32 count_bytes(u8 *mem) { u32 v = *(ptr++); if (!v) continue; - if (v & FF(0)) ++ret; - if (v & FF(1)) ++ret; - if (v & FF(2)) ++ret; - if (v & FF(3)) ++ret; + if (v & 0x000000ff) ++ret; + if (v & 0x0000ff00) ++ret; + if (v & 0x00ff0000) ++ret; + if (v & 0xff000000) ++ret; } @@ -222,10 +220,10 @@ u32 count_non_255_bytes(u8 *mem) { case. */ if (v == 0xffffffff) continue; - if ((v & FF(0)) != FF(0)) ++ret; - if ((v & FF(1)) != FF(1)) ++ret; - if ((v & FF(2)) != FF(2)) ++ret; - if ((v & FF(3)) != FF(3)) ++ret; + if ((v & 0x000000ff) != 0x000000ff) ++ret; + if ((v & 0x0000ff00) != 0x0000ff00) ++ret; + if ((v & 0x00ff0000) != 0x00ff0000) ++ret; + if ((v & 0xff000000) != 0xff000000) ++ret; } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 92cbab6f..6c687ae4 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -186,7 +186,8 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { u64 fav_factor; u64 fuzz_p2 = next_pow2(q->n_fuzz); - if (afl->schedule == MMOPT || afl->schedule == RARE || unlikely(afl->fixed_seed)) + if (afl->schedule == MMOPT || afl->schedule == RARE || + unlikely(afl->fixed_seed)) fav_factor = q->len << 2; else fav_factor = q->exec_us * q->len; @@ -203,7 +204,8 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { u64 top_rated_fav_factor; u64 top_rated_fuzz_p2 = next_pow2(afl->top_rated[i]->n_fuzz); - if (afl->schedule == MMOPT || afl->schedule == RARE || unlikely(afl->fixed_seed)) + if (afl->schedule == MMOPT || afl->schedule == RARE || + unlikely(afl->fixed_seed)) top_rated_fav_factor = afl->top_rated[i]->len << 2; else top_rated_fav_factor = @@ -214,16 +216,16 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { else if (fuzz_p2 == top_rated_fuzz_p2) if (fav_factor > top_rated_fav_factor) continue; - if (afl->schedule == MMOPT || afl->schedule == RARE || unlikely(afl->fixed_seed)) { + if (afl->schedule == MMOPT || afl->schedule == RARE || + unlikely(afl->fixed_seed)) { - if (fav_factor > afl->top_rated[i]->len << 2) - continue; + if (fav_factor > afl->top_rated[i]->len << 2) continue; - } else { + } else { if (fav_factor > afl->top_rated[i]->exec_us * afl->top_rated[i]->len) continue; - + } /* Looks like we're going to win. Decrease ref count for the @@ -339,7 +341,8 @@ u32 calculate_score(afl_state_t *afl, struct queue_entry *q) { // Longer execution time means longer work on the input, the deeper in // coverage, the better the fuzzing, right? -mh - if (afl->schedule != MMOPT && afl->schedule != RARE && likely(!afl->fixed_seed)) { + if (afl->schedule != MMOPT && afl->schedule != RARE && + likely(!afl->fixed_seed)) { if (q->exec_us * 0.1 > avg_exec_us) perf_score = 10; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 5875eb68..47f6e9d9 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -354,17 +354,14 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, for (i = 0; i < MAP_SIZE; ++i) { - if (!afl->var_bytes[i] && - afl->first_trace[i] != afl->fsrv.trace_bits[i]) { - + if (unlikely(!afl->var_bytes[i]) && + unlikely(afl->first_trace[i] != afl->fsrv.trace_bits[i])) afl->var_bytes[i] = 1; - afl->stage_max = CAL_CYCLES_LONG; - - } } var_detected = 1; + afl->stage_max = CAL_CYCLES_LONG; } else { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 77bbe023..d9f8c99c 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -98,8 +98,8 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, "exec_timeout : %u\n" "slowest_exec_ms : %u\n" "peak_rss_mb : %lu\n" + "edges_found : %u\n" "var_byte_count : %u\n" - "found_edges : %u\n" "afl_banner : %s\n" "afl_version : " VERSION "\n" @@ -122,7 +122,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, #else (unsigned long int)(rus.ru_maxrss >> 10), #endif - afl->var_byte_count, t_bytes, afl->use_banner, + t_bytes, afl->var_byte_count, afl->use_banner, afl->unicorn_mode ? "unicorn" : "", afl->qemu_mode ? "qemu " : "", afl->dumb_mode ? " dumb " : "", afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "", @@ -260,8 +260,8 @@ void show_stats(afl_state_t *afl) { t_bytes = count_non_255_bytes(afl->virgin_bits); t_byte_ratio = ((double)t_bytes * 100) / MAP_SIZE; - if (t_bytes) - stab_ratio = 100 - (((double)afl->var_byte_count) * 100) / t_bytes; + if (likely(t_bytes) && unlikely(afl->var_byte_count)) + stab_ratio = 100 - (((double)afl->var_byte_count * 100) / t_bytes); else stab_ratio = 100; |