diff options
| -rwxr-xr-x | .custom-format.py | 32 | ||||
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | docs/status_screen.md | 2 | ||||
| -rw-r--r-- | libdislocator/libdislocator.so.c | 3 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-translate-inl.h | 50 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 103 | ||||
| -rw-r--r-- | src/afl-showmap.c | 9 |
7 files changed, 104 insertions, 97 deletions
diff --git a/.custom-format.py b/.custom-format.py index f493a2d9..e3779b68 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -29,27 +29,29 @@ CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN") if CLANG_FORMAT_BIN is None: o = 0 try: - p = subprocess.Popen(["clang-format", "--version"], stdout=subprocess.PIPE) + p = subprocess.Popen(["clang-format-8", "--version"], stdout=subprocess.PIPE) o, _ = p.communicate() o = str(o, "utf-8") o = o[len("clang-format version "):].strip() o = o[:o.find(".")] o = int(o) - except: pass - if o < 7: - if subprocess.call(['which', 'clang-format-7'], stdout=subprocess.PIPE) == 0: - CLANG_FORMAT_BIN = 'clang-format-7' - elif subprocess.call(['which', 'clang-format-8'], stdout=subprocess.PIPE) == 0: - CLANG_FORMAT_BIN = 'clang-format-8' - elif subprocess.call(['which', 'clang-format-9'], stdout=subprocess.PIPE) == 0: - CLANG_FORMAT_BIN = 'clang-format-9' - elif subprocess.call(['which', 'clang-format-10'], stdout=subprocess.PIPE) == 0: - CLANG_FORMAT_BIN = 'clang-format-10' - else: - print ("clang-format 7 or above is needed. Aborted.") - exit(1) + except: + print ("clang-format-8 is needed. Aborted.") + exit(1) + #if o < 7: + # if subprocess.call(['which', 'clang-format-7'], stdout=subprocess.PIPE) == 0: + # CLANG_FORMAT_BIN = 'clang-format-7' + # elif subprocess.call(['which', 'clang-format-8'], stdout=subprocess.PIPE) == 0: + # CLANG_FORMAT_BIN = 'clang-format-8' + # elif subprocess.call(['which', 'clang-format-9'], stdout=subprocess.PIPE) == 0: + # CLANG_FORMAT_BIN = 'clang-format-9' + # elif subprocess.call(['which', 'clang-format-10'], stdout=subprocess.PIPE) == 0: + # CLANG_FORMAT_BIN = 'clang-format-10' + # else: + # print ("clang-format 7 or above is needed. Aborted.") + # exit(1) else: - CLANG_FORMAT_BIN = 'clang-format' + CLANG_FORMAT_BIN = 'clang-format-8' COLUMN_LIMIT = 80 for line in fmt.split("\n"): diff --git a/docs/Changelog.md b/docs/Changelog.md index 8b56603f..751b051a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -19,6 +19,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - CmpLog forkserver - Redqueen input-2-state mutator (cmp instructions only ATM) - all Python 2+3 versions supported now + - changed execs_per_sec in fuzzer_stats from "current" execs per second + (which is pointless) to total execs per second - afl-clang-fast: - show in the help output for which llvm version it was compiled for - now does not need to be recompiled between trace-pc and pass diff --git a/docs/status_screen.md b/docs/status_screen.md index 1ea98415..066c2c07 100644 --- a/docs/status_screen.md +++ b/docs/status_screen.md @@ -377,7 +377,7 @@ directory. This includes: - `fuzzer_pid` - PID of the fuzzer process - `cycles_done` - queue cycles completed so far - `execs_done` - number of execve() calls attempted - - `execs_per_sec` - current number of execs per second + - `execs_per_sec` - overall number of execs per second - `paths_total` - total number of entries in the queue - `paths_found` - number of entries discovered through local fuzzing - `paths_imported` - number of entries imported from other instances diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index bb767495..a0795c87 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -68,7 +68,8 @@ #include "config.h" #include "types.h" -#if __STDC_VERSION__ < 201112L || (defined(__FreeBSD__) && __FreeBSD_version < 1200000) +#if __STDC_VERSION__ < 201112L || \ + (defined(__FreeBSD__) && __FreeBSD_version < 1200000) // use this hack if not C11 typedef struct { diff --git a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h index 2b9472b8..6f526d92 100644 --- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h @@ -67,7 +67,7 @@ static void afl_compcov_log_64(target_ulong cur_loc, target_ulong arg1, target_ulong arg2) { register uintptr_t idx = cur_loc; - + if ((arg1 & 0xff00000000000000) == (arg2 & 0xff00000000000000)) { INC_AFL_AREA(idx + 6); @@ -299,7 +299,6 @@ static void gpr_saving(TCGv *cpu_regs, int regs_num) { } - static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) { if (persistent_save_gpr) { @@ -349,29 +348,29 @@ static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) { // SP = 13, LINK = 14 -#define AFL_QEMU_TARGET_ARM_SNIPPET \ - if (is_persistent) { \ - \ - if (dc->pc == afl_persistent_addr) { \ - \ - if (persistent_save_gpr) gpr_saving(cpu_R, AFL_REGS_NUM); \ - \ - if (afl_persistent_ret_addr == 0) { \ - \ - TCGv_ptr paddr = tcg_const_ptr(afl_persistent_addr); \ - tcg_gen_mov_i32(cpu_R[14], paddr); \ - tcg_temp_free_ptr(paddr); \ - \ - } \ - \ - if (!persistent_save_gpr) tcg_gen_afl_call0(&afl_persistent_loop); \ - \ - } else if (afl_persistent_ret_addr && dc->pc == afl_persistent_ret_addr) {\ - \ - gen_bx_im(dc, afl_persistent_addr); \ - \ - } \ - \ +#define AFL_QEMU_TARGET_ARM_SNIPPET \ + if (is_persistent) { \ + \ + if (dc->pc == afl_persistent_addr) { \ + \ + if (persistent_save_gpr) gpr_saving(cpu_R, AFL_REGS_NUM); \ + \ + if (afl_persistent_ret_addr == 0) { \ + \ + TCGv_ptr paddr = tcg_const_ptr(afl_persistent_addr); \ + tcg_gen_mov_i32(cpu_R[14], paddr); \ + tcg_temp_free_ptr(paddr); \ + \ + } \ + \ + if (!persistent_save_gpr) tcg_gen_afl_call0(&afl_persistent_loop); \ + \ + } else if (afl_persistent_ret_addr && dc->pc == afl_persistent_ret_addr) { \ + \ + gen_bx_im(dc, afl_persistent_addr); \ + \ + } \ + \ } // SP = 31, LINK = 30 @@ -400,3 +399,4 @@ static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) { } \ \ } + diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index d09b4fe6..344e0abf 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -65,59 +65,62 @@ void write_stats_file(double bitmap_cvg, double stability, double eps) { if (getrusage(RUSAGE_CHILDREN, &rus)) rus.ru_maxrss = 0; - fprintf(f, - "start_time : %llu\n" - "last_update : %llu\n" - "fuzzer_pid : %d\n" - "cycles_done : %llu\n" - "execs_done : %llu\n" - "execs_per_sec : %0.02f\n" - "paths_total : %u\n" - "paths_favored : %u\n" - "paths_found : %u\n" - "paths_imported : %u\n" - "max_depth : %u\n" - "cur_path : %u\n" /* Must match find_start_position() */ - "pending_favs : %u\n" - "pending_total : %u\n" - "variable_paths : %u\n" - "stability : %0.02f%%\n" - "bitmap_cvg : %0.02f%%\n" - "unique_crashes : %llu\n" - "unique_hangs : %llu\n" - "last_path : %llu\n" - "last_crash : %llu\n" - "last_hang : %llu\n" - "execs_since_crash : %llu\n" - "exec_timeout : %u\n" - "slowest_exec_ms : %llu\n" - "peak_rss_mb : %lu\n" - "afl_banner : %s\n" - "afl_version : " VERSION - "\n" - "target_mode : %s%s%s%s%s%s%s%s\n" - "command_line : %s\n", - start_time / 1000, get_cur_time() / 1000, getpid(), - queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps, queued_paths, - queued_favored, queued_discovered, queued_imported, max_depth, - current_entry, pending_favored, pending_not_fuzzed, queued_variable, - stability, bitmap_cvg, unique_crashes, unique_hangs, - last_path_time / 1000, last_crash_time / 1000, last_hang_time / 1000, - total_execs - last_crash_execs, exec_tmout, slowest_exec_ms, + fprintf( + f, + "start_time : %llu\n" + "last_update : %llu\n" + "fuzzer_pid : %d\n" + "cycles_done : %llu\n" + "execs_done : %llu\n" + "execs_per_sec : %0.02f\n" + // "real_execs_per_sec: %0.02f\n" // damn the name is too long + "paths_total : %u\n" + "paths_favored : %u\n" + "paths_found : %u\n" + "paths_imported : %u\n" + "max_depth : %u\n" + "cur_path : %u\n" /* Must match find_start_position() */ + "pending_favs : %u\n" + "pending_total : %u\n" + "variable_paths : %u\n" + "stability : %0.02f%%\n" + "bitmap_cvg : %0.02f%%\n" + "unique_crashes : %llu\n" + "unique_hangs : %llu\n" + "last_path : %llu\n" + "last_crash : %llu\n" + "last_hang : %llu\n" + "execs_since_crash : %llu\n" + "exec_timeout : %u\n" + "slowest_exec_ms : %llu\n" + "peak_rss_mb : %lu\n" + "afl_banner : %s\n" + "afl_version : " VERSION + "\n" + "target_mode : %s%s%s%s%s%s%s%s\n" + "command_line : %s\n", + start_time / 1000, get_cur_time() / 1000, getpid(), + queue_cycle ? (queue_cycle - 1) : 0, total_execs, + /*eps,*/ total_execs / ((double)(get_cur_time() - start_time) / 1000), + queued_paths, queued_favored, queued_discovered, queued_imported, + max_depth, current_entry, pending_favored, pending_not_fuzzed, + queued_variable, stability, bitmap_cvg, unique_crashes, unique_hangs, + last_path_time / 1000, last_crash_time / 1000, last_hang_time / 1000, + total_execs - last_crash_execs, exec_tmout, slowest_exec_ms, #ifdef __APPLE__ - (unsigned long int)(rus.ru_maxrss >> 20), + (unsigned long int)(rus.ru_maxrss >> 20), #else - (unsigned long int)(rus.ru_maxrss >> 10), + (unsigned long int)(rus.ru_maxrss >> 10), #endif - use_banner, unicorn_mode ? "unicorn" : "", qemu_mode ? "qemu " : "", - dumb_mode ? " dumb " : "", no_forkserver ? "no_forksrv " : "", - crash_mode ? "crash " : "", persistent_mode ? "persistent " : "", - deferred_mode ? "deferred " : "", - (unicorn_mode || qemu_mode || dumb_mode || no_forkserver || - crash_mode || persistent_mode || deferred_mode) - ? "" - : "default", - orig_cmdline); + use_banner, unicorn_mode ? "unicorn" : "", qemu_mode ? "qemu " : "", + dumb_mode ? " dumb " : "", no_forkserver ? "no_forksrv " : "", + crash_mode ? "crash " : "", persistent_mode ? "persistent " : "", + deferred_mode ? "deferred " : "", + (unicorn_mode || qemu_mode || dumb_mode || no_forkserver || crash_mode || + persistent_mode || deferred_mode) + ? "" + : "default", + orig_cmdline); /* ignore errors */ fclose(f); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 1686a750..1fd425a2 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -926,7 +926,7 @@ int main(int argc, char** argv) { int done = 0; u8 infile[4096], outfile[4096]; #if !defined(DT_REG) - struct stat statbuf; + struct stat statbuf; #endif dev_null_fd = open("/dev/null", O_RDWR); @@ -974,15 +974,14 @@ int main(int argc, char** argv) { if (dir_ent->d_name[0] == '.') continue; // skip anything that starts with '.' -#if defined(DT_REG) /* Posix and Solaris do not know d_type and DT_REG */ +#if defined(DT_REG) /* Posix and Solaris do not know d_type and DT_REG */ if (dir_ent->d_type != DT_REG) continue; // only regular files #endif snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name); -#if !defined(DT_REG) /* use stat() */ - if (-1 == stat(infile, &statbuf) - || !S_ISREG(statbuf.st_mode)) continue; +#if !defined(DT_REG) /* use stat() */ + if (-1 == stat(infile, &statbuf) || !S_ISREG(statbuf.st_mode)) continue; #endif snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name); |