Merge pull request #2129 from choller/persist-code-cov

Collect persistent coverage data and dump it at the end of the run
author: van Hauser <vh@thc.org> 2024-06-19 14:09:06 +0200
committer: GitHub <noreply@github.com> 2024-06-19 14:09:06 +0200
commit: 2276a2f5c35d574de1477d3a014009eca7dcfbd6 (patch)
tree: 1bda28182c1dbf1f9570da2926f6f62be117f154 /src/afl-fuzz-run.c
parent: b8568034f0c120ab8500c03ed4982d641eaa88fb (diff)
parent: 8fcca6fb410a6ece1a4cd2eb8a2cdeed4d4d9865 (diff)
download: afl++-2276a2f5c35d574de1477d3a014009eca7dcfbd6.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 6a0da6ab..c234fc42 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -60,6 +60,27 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
 
   fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon);
 
+#ifdef __AFL_CODE_COVERAGE
+  if (unlikely(!fsrv->persistent_trace_bits)) {
+
+    // On the first run, we allocate the persistent map to collect coverage.
+    fsrv->persistent_trace_bits = (u8 *)malloc(fsrv->map_size);
+    memset(fsrv->persistent_trace_bits, 0, fsrv->map_size);
+
+  }
+
+  for (u32 i = 0; i < fsrv->map_size; ++i) {
+
+    if (fsrv->persistent_trace_bits[i] != 255 && fsrv->trace_bits[i]) {
+
+      fsrv->persistent_trace_bits[i]++;
+
+    }
+
+  }
+
+#endif
+
   /* If post_run() function is defined in custom mutator, the function will be
      called each time after AFL++ executes the target program. */
author	van Hauser <vh@thc.org>	2024-06-19 14:09:06 +0200
committer	GitHub <noreply@github.com>	2024-06-19 14:09:06 +0200
commit	2276a2f5c35d574de1477d3a014009eca7dcfbd6 (patch)
tree	1bda28182c1dbf1f9570da2926f6f62be117f154 /src/afl-fuzz-run.c
parent	b8568034f0c120ab8500c03ed4982d641eaa88fb (diff)
parent	8fcca6fb410a6ece1a4cd2eb8a2cdeed4d4d9865 (diff)
download	afl++-2276a2f5c35d574de1477d3a014009eca7dcfbd6.tar.gz