Revert "Merge branch 'debug' into dev"

This reverts commit a7537b5511ad767d2240cf2dc6d3e261daa676f9, reversing changes made to 15e799f7ae666418e75c6a79db833c5316b21f97.
author: root <root@localhost.localdomain> 2020-08-14 14:35:05 +0200
committer: root <root@localhost.localdomain> 2020-08-14 14:35:05 +0200
commit: af14acf2c148b1aef10414d1dd6c929c49abc11e (patch)
tree: 107df994e2f3c9870e2dc48222313a3fa4316c35 /include
parent: a7537b5511ad767d2240cf2dc6d3e261daa676f9 (diff)
download: afl++-af14acf2c148b1aef10414d1dd6c929c49abc11e.tar.gz
4 files changed, 8 insertions, 32 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index ad7b0cd6..ca7d10fe 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -133,10 +133,8 @@ extern s32
 
 struct queue_entry {
 
-  u8 *                fname;            /* File name for the test case      */
-  u8 *                fname_taint;      /* File name for taint data         */
-  u32                 len;              /* Input length                     */
-  struct queue_entry *prev;             /* previous queue entry, if any     */
+  u8 *fname;                            /* File name for the test case      */
+  u32 len;                              /* Input length                     */
 
   u8 cal_failed,                        /* Calibration failed?              */
       trim_done,                        /* Trimmed?                         */
@@ -150,10 +148,7 @@ struct queue_entry {
       is_ascii;                         /* Is the input just ascii text?    */
 
   u32 bitmap_size,                      /* Number of bits set in bitmap     */
-      fuzz_level,                       /* Number of fuzzing iterations     */
-      taint_bytes_all,                  /* Number of tainted bytes          */
-      taint_bytes_new,                  /* Number of new tainted bytes      */
-      taint_bytes_highest;              /* highest offset in input          */
+      fuzz_level;                       /* Number of fuzzing iterations     */
 
   u64 exec_us,                          /* Execution time (us)              */
       handicap,                         /* Number of queue cycles behind    */
@@ -385,8 +380,6 @@ typedef struct afl_state {
 
   char **argv;                                            /* argv if needed */
 
-  char **argv_taint;                                 /* argv for taint mode */
-
   /* MOpt:
     Lots of globals, but mostly for the status UI and other things where it
     really makes no sense to haul them around as function parameters. */
@@ -438,9 +431,7 @@ typedef struct afl_state {
       *in_bitmap,                       /* Input bitmap                     */
       *file_extension,                  /* File extension                   */
       *orig_cmdline,                    /* Original command line            */
-      *infoexec,                       /* Command to execute on a new crash */
-      *taint_input_file,                /* fuzz_input_one input file        */
-      *taint_src, *taint_map;
+      *infoexec;                       /* Command to execute on a new crash */
 
   u32 hang_tmout;                       /* Timeout used for hang det (ms)   */
 
@@ -451,9 +442,7 @@ typedef struct afl_state {
       custom_only,                      /* Custom mutator only mode         */
       python_only,                      /* Python-only mode                 */
       is_main_node,                     /* if this is the main node         */
-      is_secondary_node,                /* if this is a secondary instance  */
-      taint_needs_splode,               /* explode fuzz input               */
-      taint_mode;
+      is_secondary_node;                /* if this is a secondary instance  */
 
   u32 stats_update_freq;                /* Stats update frequency (execs)   */
 
@@ -514,8 +503,7 @@ typedef struct afl_state {
       useless_at_start,                 /* Number of useless starting paths */
       var_byte_count,                   /* Bitmap bytes with var behavior   */
       current_entry,                    /* Current queue entry ID           */
-      havoc_div,                        /* Cycle count divisor for havoc    */
-      taint_len, taint_count;
+      havoc_div;                        /* Cycle count divisor for havoc    */
 
   u64 total_crashes,                    /* Total number of crashes          */
       unique_crashes,                   /* Crashes with unique signatures   */
@@ -602,9 +590,6 @@ typedef struct afl_state {
   char *           cmplog_binary;
   afl_forkserver_t cmplog_fsrv;     /* cmplog has its own little forkserver */
 
-  /* Taint mode */
-  afl_forkserver_t taint_fsrv;  /* taint mode has its own little forkserver */
-
   /* Custom mutators */
   struct custom_mutator *mutator;
 
@@ -856,8 +841,7 @@ struct custom_mutator {
 
 };
 
-void afl_state_init_1(afl_state_t *, uint32_t map_size);
-void afl_state_init_2(afl_state_t *, uint32_t map_size);
+void afl_state_init(afl_state_t *, uint32_t map_size);
 void afl_state_deinit(afl_state_t *);
 
 /* Set stop_soon flag on all childs, kill all childs */
@@ -903,7 +887,7 @@ void   deinit_py(void *);
 void mark_as_det_done(afl_state_t *, struct queue_entry *);
 void mark_as_variable(afl_state_t *, struct queue_entry *);
 void mark_as_redundant(afl_state_t *, struct queue_entry *, u8);
-void add_to_queue(afl_state_t *, u8 *, u8 *, u32, struct queue_entry *, u8);
+void add_to_queue(afl_state_t *, u8 *, u32, u8);
 void destroy_queue(afl_state_t *);
 void update_bitmap_score(afl_state_t *, struct queue_entry *);
 void cull_queue(afl_state_t *);
@@ -913,9 +897,7 @@ u32  calculate_score(afl_state_t *, struct queue_entry *);
 
 void write_bitmap(afl_state_t *);
 u32  count_bits(afl_state_t *, u8 *);
-u32  count_bits_len(afl_state_t *, u8 *, u32);
 u32  count_bytes(afl_state_t *, u8 *);
-u32  count_bytes_len(afl_state_t *, u8 *, u32);
 u32  count_non_255_bytes(afl_state_t *, u8 *);
 #ifdef WORD_SIZE_64
 void simplify_trace(afl_state_t *, u64 *);
@@ -993,8 +975,6 @@ void   check_if_tty(afl_state_t *);
 void   setup_signal_handlers(void);
 void   save_cmdline(afl_state_t *, u32, char **);
 void   read_foreign_testcases(afl_state_t *, int);
-void   perform_taint_run(afl_state_t *afl, struct queue_entry *q, u8 *fname,
-                         u8 *mem, u32 len);
 
 /* CmpLog */
 
diff --git a/include/common.h b/include/common.h
index c7d57e07..87a7425b 100644
--- a/include/common.h
+++ b/include/common.h
@@ -55,7 +55,6 @@ extern u8 *doc_path;                    /* path to documentation dir        */
    @returns the path, allocating the string */
 
 u8 *find_binary(u8 *fname);
-u8 *find_afl_binary(u8 *fname, u8 *own_loc);
 
 /* Read a bitmap from file fname to memory
    This is for the -B option again. */
diff --git a/include/envs.h b/include/envs.h
index bd97b9cd..96ae91ba 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -123,7 +123,6 @@ static char *afl_environment_variables[] = {
     "AFL_SKIP_BIN_CHECK",
     "AFL_SKIP_CPUFREQ",
     "AFL_SKIP_CRASHES",
-    "AFL_TAINT_INPUT",
     "AFL_TMIN_EXACT",
     "AFL_TMPDIR",
     "AFL_TOKEN_FILE",
diff --git a/include/forkserver.h b/include/forkserver.h
index 59a9f150..0a7390ed 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -80,8 +80,6 @@ typedef struct afl_forkserver {
 
   u8 qemu_mode;                         /* if running in qemu mode or not   */
 
-  u8 taint_mode;                        /* if running taint analysis or not */
-
   u32 *shmem_fuzz_len;                  /* length of the fuzzing test case  */
 
   u8 *shmem_fuzz;                       /* allocated memory for fuzzing     */
author	root <root@localhost.localdomain>	2020-08-14 14:35:05 +0200
committer	root <root@localhost.localdomain>	2020-08-14 14:35:05 +0200
commit	af14acf2c148b1aef10414d1dd6c929c49abc11e (patch)
tree	107df994e2f3c9870e2dc48222313a3fa4316c35 /include
parent	a7537b5511ad767d2240cf2dc6d3e261daa676f9 (diff)
download	afl++-af14acf2c148b1aef10414d1dd6c929c49abc11e.tar.gz