added gcc_plugin

author: van Hauser <vh@thc.org> 2019-07-16 08:34:17 +0200
committer: van Hauser <vh@thc.org> 2019-07-16 08:34:17 +0200
commit: 8a4cdd56d4d7557a54b0f28af7edceaddfb30663 (patch)
tree: efaf460b40d94183f235073ac1d10f2268cb70c4 /afl-fuzz.c
parent: 32525238238e96ec0ce64a36f70558f76bc90ff5 (diff)
download: afl++-8a4cdd56d4d7557a54b0f28af7edceaddfb30663.tar.gz
1 files changed, 13 insertions, 49 deletions
diff --git a/afl-fuzz.c b/afl-fuzz.c
index 3a8e5750..81dff98c 100644
--- a/afl-fuzz.c
+++ b/afl-fuzz.c
@@ -5234,6 +5234,7 @@ static u32 calculate_score(struct queue_entry* q) {
 
   // MOpt mode
   if (limit_time_sig != 0 && max_depth - q->depth < 3) perf_score *= 2;
+  else if (perf_score < 1) perf_score = 1; // Add a lower bound to AFLFast's energy assignment strategies
 
   /* Make sure that we don't go over limit. */
 
@@ -10224,8 +10225,7 @@ static u8 core_fuzzing(char** argv) {
 			stage_max = (doing_det ? HAVOC_CYCLES_INIT : HAVOC_CYCLES) *
 				perf_score / havoc_div / 100;
 
-		}
-		else {
+		} else {
 
 			static u8 tmp[32];
 
@@ -10243,20 +10243,13 @@ static u8 core_fuzzing(char** argv) {
 
 		//for (; swarm_now < swarm_num; swarm_now++)
 		{
-
-
-			if (key_puppet == 1)
-			{
-				if (unlikely(orig_hit_cnt_puppet == 0))
-				{
+			if (key_puppet == 1) {
+				if (unlikely(orig_hit_cnt_puppet == 0)) {
 					orig_hit_cnt_puppet = queued_paths + unique_crashes;
 					last_limit_time_start = get_cur_time();
-					
 					SPLICE_CYCLES_puppet = (UR(SPLICE_CYCLES_puppet_up - SPLICE_CYCLES_puppet_low + 1) + SPLICE_CYCLES_puppet_low);
 				}
 			}
-
-
 			{
 			havoc_stage_puppet:
 
@@ -10266,14 +10259,11 @@ static u8 core_fuzzing(char** argv) {
 				   splice_cycle variable is set, generate different descriptions and such. */
 
 				if (!splice_cycle) {
-
 					stage_name = "MOpt core avoc";
 					stage_short = "MOpt core havoc";
 					stage_max = (doing_det ? HAVOC_CYCLES_INIT : HAVOC_CYCLES) *
 						perf_score / havoc_div / 100;
-
-				}
-				else {
+				} else {
 					static u8 tmp[32];
 					perf_score = orig_perf;
 					sprintf(tmp, "MOpt core splice %u", splice_cycle);
@@ -10282,31 +10272,20 @@ static u8 core_fuzzing(char** argv) {
 					stage_max = SPLICE_HAVOC * perf_score / havoc_div / 100;
 				}
 
-
-
 				if (stage_max < HAVOC_MIN) stage_max = HAVOC_MIN;
-
 				temp_len = len;
-
 				orig_hit_cnt = queued_paths + unique_crashes;
-
 				havoc_queued = queued_paths;
 
-
-
 				for (stage_cur = 0; stage_cur < stage_max; stage_cur++) {
 
 					u32 use_stacking = 1 << (1 + UR(HAVOC_STACK_POW2));
-
 					stage_cur_val = use_stacking;
 
-
-					for (i = 0; i < operator_num; i++)
-					{
+					for (i = 0; i < operator_num; i++) {
 						core_operator_cycles_puppet_v3[i] = core_operator_cycles_puppet_v2[i];
 					}
 
-
 					for (i = 0; i < use_stacking; i++) {
 
 						switch (select_algorithm()) {
@@ -10366,8 +10345,7 @@ static u8 core_fuzzing(char** argv) {
 							if (UR(2)) {
 								u32 pos = UR(temp_len - 1);
 								*(u16*)(out_buf + pos) -= 1 + UR(ARITH_MAX);
-							}
-							else {
+							} else {
 								u32 pos = UR(temp_len - 1);
 								u16 num = 1 + UR(ARITH_MAX);
 								*(u16*)(out_buf + pos) =
@@ -10377,8 +10355,7 @@ static u8 core_fuzzing(char** argv) {
 							if (UR(2)) {
 								u32 pos = UR(temp_len - 1);
 								*(u16*)(out_buf + pos) += 1 + UR(ARITH_MAX);
-							}
-							else {
+							} else {
 								u32 pos = UR(temp_len - 1);
 								u16 num = 1 + UR(ARITH_MAX);
 								*(u16*)(out_buf + pos) =
@@ -10394,8 +10371,7 @@ static u8 core_fuzzing(char** argv) {
 							if (UR(2)) {
 								u32 pos = UR(temp_len - 3);
 								*(u32*)(out_buf + pos) -= 1 + UR(ARITH_MAX);
-							}
-							else {
+							} else {
 								u32 pos = UR(temp_len - 3);
 								u32 num = 1 + UR(ARITH_MAX);
 								*(u32*)(out_buf + pos) =
@@ -10405,8 +10381,7 @@ static u8 core_fuzzing(char** argv) {
 							if (UR(2)) {
 								u32 pos = UR(temp_len - 3);
 								*(u32*)(out_buf + pos) += 1 + UR(ARITH_MAX);
-							}
-							else {
+							} else {
 								u32 pos = UR(temp_len - 3);
 								u32 num = 1 + UR(ARITH_MAX);
 								*(u32*)(out_buf + pos) =
@@ -10429,8 +10404,7 @@ static u8 core_fuzzing(char** argv) {
 							if (UR(2)) {
 								*(u16*)(out_buf + UR(temp_len - 1)) =
 									interesting_16[UR(sizeof(interesting_16) >> 1)];
-							}
-							else {
+							} else {
 								*(u16*)(out_buf + UR(temp_len - 1)) = SWAP16(
 									interesting_16[UR(sizeof(interesting_16) >> 1)]);
 							}
@@ -10446,8 +10420,7 @@ static u8 core_fuzzing(char** argv) {
 							if (UR(2)) {
 								*(u32*)(out_buf + UR(temp_len - 3)) =
 									interesting_32[UR(sizeof(interesting_32) >> 2)];
-							}
-							else {
+							} else {
 								*(u32*)(out_buf + UR(temp_len - 3)) = SWAP32(
 									interesting_32[UR(sizeof(interesting_32) >> 2)]);
 							}
@@ -10466,7 +10439,6 @@ static u8 core_fuzzing(char** argv) {
 							break;
 
 
-
 						case 13: {
 
 							/* Delete bytes. We're making this a bit more likely
@@ -10507,8 +10479,7 @@ static u8 core_fuzzing(char** argv) {
 									clone_len = choose_block_len(temp_len);
 									clone_from = UR(temp_len - clone_len + 1);
 
-								}
-								else {
+								} else {
 
 									clone_len = choose_block_len(HAVOC_BLK_XL);
 									clone_from = 0;
@@ -10575,17 +10546,10 @@ static u8 core_fuzzing(char** argv) {
 
 					}
 
-
 					tmp_core_time += 1;
 
-
-
-
 					u64 temp_total_found = queued_paths + unique_crashes;
 
-
-
-
 					if (common_fuzz_stuff(argv, out_buf, temp_len))
 						goto abandon_entry_puppet;
author	van Hauser <vh@thc.org>	2019-07-16 08:34:17 +0200
committer	van Hauser <vh@thc.org>	2019-07-16 08:34:17 +0200
commit	8a4cdd56d4d7557a54b0f28af7edceaddfb30663 (patch)
tree	efaf460b40d94183f235073ac1d10f2268cb70c4 /afl-fuzz.c
parent	32525238238e96ec0ce64a36f70558f76bc90ff5 (diff)
download	afl++-8a4cdd56d4d7557a54b0f28af7edceaddfb30663.tar.gz