diff options
| author | van Hauser <vh@thc.org> | 2021-05-24 14:06:46 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-24 14:06:46 +0200 |
| commit | 95f47ac3a4d23b28a573a0614893d7aac5f5d4b4 (patch) | |
| tree | 260668b935d2490a4e7f694b5fcd2a8ca1bbbd03 /src | |
| parent | 3844e7949283aa70aac14acf4a33c39b31254c8e (diff) | |
| download | afl++-95f47ac3a4d23b28a573a0614893d7aac5f5d4b4.tar.gz | |
Final push to stable (#936)
* sync (#886)
* Create FUNDING.yml
* Update FUNDING.yml
* moved custom_mutator examples
* unicorn speedtest makefile cleanup
* fixed example location
* fix qdbi
* update util readme
* Frida persistent (#880)
* Added x64 support for persistent mode (function call only), in-memory teest cases and complog
* Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC
* Various minor fixes and finished support for AFL_INST_LIBS
* Review changes
Co-authored-by: Your Name <you@example.com>
* nits
* fix frida mode
* Integer overflow/underflow fixes in libdislocator (#889)
* libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t'
* libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads
* Bumped warnings up to the max and fixed remaining issues (#890)
Co-authored-by: Your Name <you@example.com>
* nits
* frida mode - support non-pie
* nits
* nit
* update grammar mutator
* Fixes for aarch64, OSX and other minor issues (#891)
Co-authored-by: Your Name <you@example.com>
* nits
* nits
* fix PCGUARD, build aflpp_driver with fPIC
* Added representative fuzzbench test and test for libxml (#893)
* Added representative fuzzbench test and test for libxml
* Added support for building FRIDA from source with FRIDA_SOURCE=1
Co-authored-by: Your Name <you@example.com>
* nits
* update changelog
* typos
* fixed potential double free in custom trim (#881)
* error handling, freeing mem
* frida: complog -> cmplog
* fix statsd writing
* let aflpp_qemu_driver_hook.so build fail gracefully
* fix stdin trimming
* Support for AFL_ENTRYPOINT (#898)
Co-authored-by: Your Name <you@example.com>
* remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used
* reverse push (#901)
* Create FUNDING.yml
* Update FUNDING.yml
* disable QEMU static pie
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* clarify that no modifications are required.
* add new test for frida_mode (please review)
* typos
* fix persistent mode (64-bit)
* set ARCH for linux intel 32-bit for frida-gum-devkit
* prepare for 32-bit support (later)
* not on qemu 3 anymore
* unicorn mips fixes
* instrumentation further move to C++11 (#900)
* unicorn fixes
* more unicorn fixes
* Fix memory errors when trim causes testcase growth (#881) (#903)
* Revert "fixed potential double free in custom trim (#881)"
This reverts commit e9d2f72382cab75832721d859c3e731da071435d.
* Revert "fix custom trim for increasing data"
This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667.
* Fix memory errors when trim causes testcase growth
Modify trim_case_custom to avoid writing into in_buf because
some custom mutators can cause the testcase to grow rather than
shrink.
Instead of modifying in_buf directly, we write the update out
to the disk when trimming is complete, and then the caller is
responsible for refreshing the in-memory buffer from the file.
This is still a bit sketchy because it does need to modify q->len in
order to notify the upper layers that something changed, and it could
end up telling upper layer code that the q->len is *bigger* than
the buffer (q->testcase_buf) that contains it, which is asking
for trouble down the line somewhere...
* Fix an unlikely situation
Put back some `unlikely()` calls that were in
the e9d2f72382cab75832721d859c3e731da071435d commit that was
reverted.
* typo
* Exit on time (#904)
* Variable AFL_EXIT_ON_TIME description has been added.
Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added.
afl->exit_on_time variable initialization has been added.
The asignment of a value to the afl->afl_env.afl_exit_on_time variable from
environment variables has been added.
Code to exit on timeout if new path not found has been added.
* Type of afl_exit_on_time variable has been changed.
Variable exit_on_time has been added to the afl_state_t structure.
* Command `export AFL_EXIT_WHEN_DONE=1` has been added.
* Millisecond to second conversion has been added.
Call get_cur_time() has been added.
* Revert to using the saved current time value.
* Useless check has been removed.
* fix new path to custom-mutators
* ensure crashes/README.txt exists
* fix
* Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906)
Co-authored-by: Your Name <you@example.com>
* Fix numeric overflow in cmplog implementation (#907)
Co-authored-by: Your Name <you@example.com>
* testcase fixes for unicorn
* remove merge conflict artifacts
* fix afl-plot
* Changes to remove binaries from frida_mode (#913)
Co-authored-by: Your Name <you@example.com>
* Frida cmplog fail fast (#914)
* Changes to remove binaries from frida_mode
* Changes to make cmplog fail fast
Co-authored-by: Your Name <you@example.com>
* afl-plot: relative time
* arch linux and mac os support for afl-system-config
* typo
* code-format
* update documentation
* github workflow for qemu
* OSX-specific improvements (#912)
* Fix afl-cc to work correctly by default on OSX using xcode
- CLANG_ENV_VAR must be set for afl-as to work
- Use clang mode by default if no specific compiler selected
* Add OSX-specific documentation for configuring shared memory
* Fixes to memory operands for complog (#916)
Co-authored-by: Your Name <you@example.com>
* fix a few cur_time uses
* added bounds check to pivot_inputs (fixes #921)
* additional safety checks for restarts
* restrict afl-showmap in_file size
* fix seed crash disable
* add warning for afl-showmap partial read
* no core dumps
* AFL_PRINT_FILENAMES added
* more documentation for AFL_EXIT_ON_TIME
* Flushing for AFL_PRINT_FILENAMES
* FASAN Support (#918)
* FASAN Support
* Fix handling of Address Sanitizer DSO
* Changes to identification of Address Sanitizer DSO
Co-authored-by: Your Name <you@example.com>
* Support for x86 (#920)
Co-authored-by: Your Name <you@example.com>
* Update frida_mode readme (#925)
* libqasan: use syscalls for read and write
* update readme
* Minor integration tweaks (#926)
Co-authored-by: Your Name <you@example.com>
* merge
* fix afl-fuzz.c frida preload
* cleaned up AFL_PRINT_FILENAMES env
* Changes to have persistent mode exit at the end of the loop (#928)
Co-authored-by: Your Name <you@example.com>
* fix llvm-dict2file
* push to stable (#931) (#932)
* sync (#886)
* Create FUNDING.yml
* Update FUNDING.yml
* moved custom_mutator examples
* unicorn speedtest makefile cleanup
* fixed example location
* fix qdbi
* update util readme
* Frida persistent (#880)
* Added x64 support for persistent mode (function call only), in-memory teest cases and complog
* Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC
* Various minor fixes and finished support for AFL_INST_LIBS
* Review changes
Co-authored-by: Your Name <you@example.com>
* nits
* fix frida mode
* Integer overflow/underflow fixes in libdislocator (#889)
* libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t'
* libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads
* Bumped warnings up to the max and fixed remaining issues (#890)
Co-authored-by: Your Name <you@example.com>
* nits
* frida mode - support non-pie
* nits
* nit
* update grammar mutator
* Fixes for aarch64, OSX and other minor issues (#891)
Co-authored-by: Your Name <you@example.com>
* nits
* nits
* fix PCGUARD, build aflpp_driver with fPIC
* Added representative fuzzbench test and test for libxml (#893)
* Added representative fuzzbench test and test for libxml
* Added support for building FRIDA from source with FRIDA_SOURCE=1
Co-authored-by: Your Name <you@example.com>
* nits
* update changelog
* typos
* fixed potential double free in custom trim (#881)
* error handling, freeing mem
* frida: complog -> cmplog
* fix statsd writing
* let aflpp_qemu_driver_hook.so build fail gracefully
* fix stdin trimming
* Support for AFL_ENTRYPOINT (#898)
Co-authored-by: Your Name <you@example.com>
* remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used
* reverse push (#901)
* Create FUNDING.yml
* Update FUNDING.yml
* disable QEMU static pie
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
* clarify that no modifications are required.
* add new test for frida_mode (please review)
* typos
* fix persistent mode (64-bit)
* set ARCH for linux intel 32-bit for frida-gum-devkit
* prepare for 32-bit support (later)
* not on qemu 3 anymore
* unicorn mips fixes
* instrumentation further move to C++11 (#900)
* unicorn fixes
* more unicorn fixes
* Fix memory errors when trim causes testcase growth (#881) (#903)
* Revert "fixed potential double free in custom trim (#881)"
This reverts commit e9d2f72382cab75832721d859c3e731da071435d.
* Revert "fix custom trim for increasing data"
This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667.
* Fix memory errors when trim causes testcase growth
Modify trim_case_custom to avoid writing into in_buf because
some custom mutators can cause the testcase to grow rather than
shrink.
Instead of modifying in_buf directly, we write the update out
to the disk when trimming is complete, and then the caller is
responsible for refreshing the in-memory buffer from the file.
This is still a bit sketchy because it does need to modify q->len in
order to notify the upper layers that something changed, and it could
end up telling upper layer code that the q->len is *bigger* than
the buffer (q->testcase_buf) that contains it, which is asking
for trouble down the line somewhere...
* Fix an unlikely situation
Put back some `unlikely()` calls that were in
the e9d2f72382cab75832721d859c3e731da071435d commit that was
reverted.
* typo
* Exit on time (#904)
* Variable AFL_EXIT_ON_TIME description has been added.
Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added.
afl->exit_on_time variable initialization has been added.
The asignment of a value to the afl->afl_env.afl_exit_on_time variable from
environment variables has been added.
Code to exit on timeout if new path not found has been added.
* Type of afl_exit_on_time variable has been changed.
Variable exit_on_time has been added to the afl_state_t structure.
* Command `export AFL_EXIT_WHEN_DONE=1` has been added.
* Millisecond to second conversion has been added.
Call get_cur_time() has been added.
* Revert to using the saved current time value.
* Useless check has been removed.
* fix new path to custom-mutators
* ensure crashes/README.txt exists
* fix
* Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906)
Co-authored-by: Your Name <you@example.com>
* Fix numeric overflow in cmplog implementation (#907)
Co-authored-by: Your Name <you@example.com>
* testcase fixes for unicorn
* remove merge conflict artifacts
* fix afl-plot
* Changes to remove binaries from frida_mode (#913)
Co-authored-by: Your Name <you@example.com>
* Frida cmplog fail fast (#914)
* Changes to remove binaries from frida_mode
* Changes to make cmplog fail fast
Co-authored-by: Your Name <you@example.com>
* afl-plot: relative time
* arch linux and mac os support for afl-system-config
* typo
* code-format
* update documentation
* github workflow for qemu
* OSX-specific improvements (#912)
* Fix afl-cc to work correctly by default on OSX using xcode
- CLANG_ENV_VAR must be set for afl-as to work
- Use clang mode by default if no specific compiler selected
* Add OSX-specific documentation for configuring shared memory
* Fixes to memory operands for complog (#916)
Co-authored-by: Your Name <you@example.com>
* fix a few cur_time uses
* added bounds check to pivot_inputs (fixes #921)
* additional safety checks for restarts
* restrict afl-showmap in_file size
* fix seed crash disable
* add warning for afl-showmap partial read
* no core dumps
* AFL_PRINT_FILENAMES added
* more documentation for AFL_EXIT_ON_TIME
* Flushing for AFL_PRINT_FILENAMES
* FASAN Support (#918)
* FASAN Support
* Fix handling of Address Sanitizer DSO
* Changes to identification of Address Sanitizer DSO
Co-authored-by: Your Name <you@example.com>
* Support for x86 (#920)
Co-authored-by: Your Name <you@example.com>
* Update frida_mode readme (#925)
* libqasan: use syscalls for read and write
* update readme
* Minor integration tweaks (#926)
Co-authored-by: Your Name <you@example.com>
* merge
* fix afl-fuzz.c frida preload
* cleaned up AFL_PRINT_FILENAMES env
* Changes to have persistent mode exit at the end of the loop (#928)
Co-authored-by: Your Name <you@example.com>
* fix llvm-dict2file
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Dmitry Zheregelya <zheregelya.d@gmail.com>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
Co-authored-by: hexcoder- <heiko@hexco.de>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com>
Co-authored-by: Roman M. Iudichev <SecNotice@ya.ru>
Co-authored-by: Dustin Spicuzza <dustin@virtualroadside.com>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Dmitry Zheregelya <zheregelya.d@gmail.com>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
Co-authored-by: hexcoder- <heiko@hexco.de>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com>
Co-authored-by: Roman M. Iudichev <SecNotice@ya.ru>
Co-authored-by: Dustin Spicuzza <dustin@virtualroadside.com>
* improve error msg
* Added documentation for wine LoadLibrary workaround (#933)
* Fix cmake target compilation command example (#934)
- Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER.
- Add `cd build` after `mkdir build`.
* showmap passes queue items in alphabetical order
* added tmp files to gitignore
* lenient dict parsing, no map size enum for binary fuzzing
* added info about showmap queue directions
* update binary-only doc
* turn off map size detection if skip_bin_check is set
* Typo
* update docs
* update afl-system-config
* Set kill signal before using it in afl-showmap (#935)
* fix afl-cc help output
* add libafl to binary-only doc
Co-authored-by: Dominik Maier <domenukk@gmail.com>
Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Dmitry Zheregelya <zheregelya.d@gmail.com>
Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com>
Co-authored-by: hexcoder- <heiko@hexco.de>
Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
Co-authored-by: David CARLIER <devnexen@gmail.com>
Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com>
Co-authored-by: Roman M. Iudichev <SecNotice@ya.ru>
Co-authored-by: Dustin Spicuzza <dustin@virtualroadside.com>
Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com>
Co-authored-by: Tommy Chiang <oToToT@users.noreply.github.com>
Co-authored-by: buherator <buherator@silentsignal.hu>
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-cc.c | 2 | ||||
| -rw-r--r-- | src/afl-common.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-extras.c | 14 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 10 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 11 | ||||
| -rw-r--r-- | src/afl-showmap.c | 33 |
6 files changed, 52 insertions, 22 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c index ff7b5219..ebe11525 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1640,7 +1640,7 @@ int main(int argc, char **argv, char **envp) { " yes\n" " [LLVM] llvm: %s%s\n" " PCGUARD %s yes yes module yes yes " - "extern\n" + "yes\n" " CLASSIC %s no yes module yes yes " "yes\n" " - NORMAL\n" diff --git a/src/afl-common.c b/src/afl-common.c index 0fb1462e..8826de70 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -1110,6 +1110,10 @@ u32 get_map_size(void) { if (map_size % 64) { map_size = (((map_size >> 6) + 1) << 6); } + } else if (getenv("AFL_SKIP_BIN_CHECK")) { + + map_size = MAP_SIZE; + } return map_size; diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 6091db15..584241d4 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -130,6 +130,20 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len, } + /* Skip [number] */ + + if (*lptr == '[') { + + do { + + ++lptr; + + } while (*lptr >= '0' && *lptr <= '9'); + + if (*lptr == ']') { ++lptr; } + + } + /* Skip whitespace and = signs. */ while (isspace(*lptr) || *lptr == '=') { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index c43bcc2b..b277802b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2728,11 +2728,15 @@ void check_binary(afl_state_t *afl, u8 *fname) { " When source code is not available, you may be able to leverage " "QEMU\n" " mode support. Consult the README.md for tips on how to enable " - "this.\n" + "this.\n\n" + + " If your target is an instrumented binary (e.g. with zafl, " + "retrowrite,\n" + " etc.) then set 'AFL_SKIP_BIN_CHECK=1'\n\n" " (It is also possible to use afl-fuzz as a traditional, " - "non-instrumented fuzzer.\n" - " For that, you can use the -n option - but expect much worse " + "non-instrumented\n" + " fuzzer. For that use the -n option - but expect much worse " "results.)\n", doc_path); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5f939115..35fb2d04 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -238,7 +238,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" - "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" + "AFL_SKIP_BIN_CHECK: skip afl compatibility checks, also disables auto map size\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_STATSD: enables StatsD metrics collection\n" @@ -1717,10 +1717,10 @@ int main(int argc, char **argv_orig, char **envp) { afl_shm_init(&afl->shm, afl->fsrv.map_size, afl->non_instrumented_mode); if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->unicorn_mode) { + !afl->unicorn_mode && !afl->fsrv.frida_mode && + !afl->afl_env.afl_skip_bin_check) { - if (map_size <= DEFAULT_SHMEM_SIZE && !afl->non_instrumented_mode && - !afl->fsrv.qemu_mode && !afl->unicorn_mode) { + if (map_size <= DEFAULT_SHMEM_SIZE) { afl->fsrv.map_size = DEFAULT_SHMEM_SIZE; // dummy temporary value char vbuf[16]; @@ -1778,7 +1778,8 @@ int main(int argc, char **argv_orig, char **envp) { if ((map_size <= DEFAULT_SHMEM_SIZE || afl->cmplog_fsrv.map_size < map_size) && !afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->fsrv.frida_mode && !afl->unicorn_mode) { + !afl->fsrv.frida_mode && !afl->unicorn_mode && + !afl->afl_env.afl_skip_bin_check) { afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE); char vbuf[16]; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 9b4d21a5..d7af668c 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -52,6 +52,7 @@ #include <fcntl.h> #include <limits.h> +#include <dirent.h> #include <sys/wait.h> #include <sys/time.h> #ifndef USEMMAP @@ -1103,6 +1104,9 @@ int main(int argc, char **argv_orig, char **envp) { : 0); be_quiet = save_be_quiet; + fsrv->kill_signal = + parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + if (new_map_size) { // only reinitialize when it makes sense @@ -1129,8 +1133,9 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir) { - DIR * dir_in, *dir_out = NULL; - struct dirent *dir_ent; + DIR * dir_in, *dir_out = NULL; + struct dirent **file_list; + // int done = 0; u8 infile[PATH_MAX], outfile[PATH_MAX]; u8 wait_for_gdb = 0; @@ -1155,12 +1160,6 @@ int main(int argc, char **argv_orig, char **envp) { ck_free(dn); if (!be_quiet) ACTF("Reading from directory '%s'...", in_dir); - if (!(dir_in = opendir(in_dir))) { - - PFATAL("cannot open directory %s", in_dir); - - } - if (!collect_coverage) { if (!(dir_out = opendir(out_file))) { @@ -1215,9 +1214,6 @@ int main(int argc, char **argv_orig, char **envp) { } - fsrv->kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); - if (getenv("AFL_CRASH_EXITCODE")) { long exitcode = strtol(getenv("AFL_CRASH_EXITCODE"), NULL, 10); @@ -1246,7 +1242,16 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); - while ((dir_ent = readdir(dir_in))) { + int file_count = scandir(in_dir, &file_list, NULL, alphasort); + if (file_count < 0) { + + PFATAL("Failed to read from input dir at %s\n", in_dir); + + } + + for (int i = 0; i < file_count; i++) { + + struct dirent *dir_ent = file_list[i]; if (dir_ent->d_name[0] == '.') { @@ -1293,9 +1298,11 @@ int main(int argc, char **argv_orig, char **envp) { } + free(file_list); + file_list = NULL; + if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); } - closedir(dir_in); if (dir_out) { closedir(dir_out); } if (collect_coverage) { |