Merge pull request #359 from AFLplusplus/dev

push to master

1 files changed, 38 insertions, 2 deletions

diff --git a/llvm_mode/afl-llvm-common.cc b/llvm_mode/afl-llvm-common.cc
index 04dd9475..db604e14 100644
--- a/llvm_mode/afl-llvm-common.cc
+++ b/llvm_mode/afl-llvm-common.cc
@@ -43,10 +43,29 @@ char *getBBName(const llvm::BasicBlock *BB) {
 /* Note: this blacklist check is also called in isInWhitelist() */
 bool isBlacklisted(const llvm::Function *F) {
 
+  // Starting from "LLVMFuzzer" these are functions used in libfuzzer based
+  // fuzzing campaign installations, e.g. oss-fuzz
+
   static const char *Blacklist[] = {
 
-      "asan.", "llvm.",      "sancov.", "__ubsan_handle_", "ign.", "__afl_",
-      "_fini", "__libc_csu", "__asan",  "__msan",          "msan."
+      "asan.",
+      "llvm.",
+      "sancov.",
+      "__ubsan_handle_",
+      "ign.",
+      "__afl_",
+      "_fini",
+      "__libc_csu",
+      "__asan",
+      "__msan",
+      "msan.",
+      "LLVMFuzzer",
+      "maybe_duplicate_stderr",
+      "discard_output",
+      "close_stdout",
+      "dup_and_close_stderr",
+      "maybe_close_fd_mask",
+      "ExecuteFilesOnyByOne"
 
   };
 
@@ -201,3 +220,20 @@ bool isInWhitelist(llvm::Function *F) {
 
 }
 
+// Calculate the number of average collisions that would occur if all
+// location IDs would be assigned randomly (like normal afl/afl++).
+// This uses the "balls in bins" algorithm.
+unsigned long long int calculateCollisions(uint32_t edges) {
+
+  double                 bins = MAP_SIZE;
+  double                 balls = edges;
+  double                 step1 = 1 - (1 / bins);
+  double                 step2 = pow(step1, balls);
+  double                 step3 = bins * step2;
+  double                 step4 = round(step3);
+  unsigned long long int empty = step4;
+  unsigned long long int collisions = edges - (MAP_SIZE - empty);
+  return collisions;
+
+}
+