experimental implementation of counters that skip zero on overflow.

Enable with AFL_NZERO_COUNTS=1 during compilation of target.
author: Hexcoder <heiko@hexco.de> 2019-06-25 22:03:59 +0200
committer: Hexcoder <heiko@hexco.de> 2019-06-25 22:03:59 +0200
commit: 45be91ff48554569be7f1ba6e4fc1de57e7286c3 (patch)
tree: 5004e9fef6f8a3cbe693ceffd8b847a9c789ec1a /llvm_mode/afl-llvm-pass.so.cc
parent: c657b3d0727835cd53e57a5d14b2e766fa241c7d (diff)
download: afl++-45be91ff48554569be7f1ba6e4fc1de57e7286c3.tar.gz
1 files changed, 29 insertions, 1 deletions
diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc
index d46db7c0..2d283f1f 100644
--- a/llvm_mode/afl-llvm-pass.so.cc
+++ b/llvm_mode/afl-llvm-pass.so.cc
@@ -118,6 +118,9 @@ bool AFLCoverage::runOnModule(Module &M) {
 
   }
 
+  char* neverZero_counters_str = getenv("AFL_NZERO_COUNTS");
+  bool enable_neverZero_counters = neverZero_counters_str && '1' == *neverZero_counters_str;
+
   /* Get globals for the SHM region and the previous location. Note that
      __afl_prev_loc is thread-local. */
 
@@ -234,7 +237,32 @@ bool AFLCoverage::runOnModule(Module &M) {
 
       LoadInst *Counter = IRB.CreateLoad(MapPtrIdx);
       Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None));
-      Value *Incr = IRB.CreateAdd(Counter, ConstantInt::get(Int8Ty, 1));
+
+      Value *Incr;
+      if (enable_neverZero_counters) {
+          /* hexcoder: Realize a counter that skips zero during overflow.
+           * Once this counter reaches its maximum value, it next increments to 1
+           *
+           * Instead of
+           * Counter + 1 -> Counter
+           * we inject now this
+           * Counter + 1 -> {Counter, OverflowFlag}
+           * Counter + OverflowFlag -> Counter
+           */
+          CallInst *AddOv = IRB.CreateBinaryIntrinsic(Intrinsic::uadd_with_overflow,
+                             Counter, ConstantInt::get(Int8Ty, 1));
+          AddOv->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None));
+          Value *SumWithOverflowBit = AddOv;
+          Incr = IRB.CreateAdd(
+                           IRB.CreateExtractValue(SumWithOverflowBit, 0),  /* sum */
+                           IRB.CreateZExt( /* convert from one bit type to 8 bits type */
+                              IRB.CreateExtractValue(SumWithOverflowBit, 1) /* overflow */
+                              , Int8Ty));
+      } else {
+          /* standard AFL behavior: wrapping counters */
+          Incr = IRB.CreateAdd(Counter, ConstantInt::get(Int8Ty, 1));
+      }
+
       IRB.CreateStore(Incr, MapPtrIdx)
           ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None));
author	Hexcoder <heiko@hexco.de>	2019-06-25 22:03:59 +0200
committer	Hexcoder <heiko@hexco.de>	2019-06-25 22:03:59 +0200
commit	45be91ff48554569be7f1ba6e4fc1de57e7286c3 (patch)
tree	5004e9fef6f8a3cbe693ceffd8b847a9c789ec1a /llvm_mode/afl-llvm-pass.so.cc
parent	c657b3d0727835cd53e57a5d14b2e766fa241c7d (diff)
download	afl++-45be91ff48554569be7f1ba6e4fc1de57e7286c3.tar.gz