diff options
| -rw-r--r-- | examples/argv_fuzzing/argv-fuzz-inl.h | 2 | ||||
| -rw-r--r-- | include/config.h | 2 | ||||
| -rw-r--r-- | llvm_mode/LLVMInsTrim.so.cc | 19 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-pass.so.cc | 24 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-translate-inl.h | 47 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-tcg-inl.h | 3 | ||||
| -rw-r--r-- | src/afl-as.c | 26 |
7 files changed, 50 insertions, 73 deletions
diff --git a/examples/argv_fuzzing/argv-fuzz-inl.h b/examples/argv_fuzzing/argv-fuzz-inl.h index 5644f7e4..c595f7ea 100644 --- a/examples/argv_fuzzing/argv-fuzz-inl.h +++ b/examples/argv_fuzzing/argv-fuzz-inl.h @@ -53,7 +53,7 @@ } while (0) #define MAX_CMDLINE_LEN 100000 -#define MAX_CMDLINE_PAR 50000 +#define MAX_CMDLINE_PAR 50000 static char** afl_init_argv(int* argc) { diff --git a/include/config.h b/include/config.h index d47908f6..12e2d092 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ - // c = release, d = volatile github dev, e = experimental branch +// c = release, d = volatile github dev, e = experimental branch #define VERSION "++2.60d" /****************************************************** diff --git a/llvm_mode/LLVMInsTrim.so.cc b/llvm_mode/LLVMInsTrim.so.cc index 9f5bf2a7..995a7217 100644 --- a/llvm_mode/LLVMInsTrim.so.cc +++ b/llvm_mode/LLVMInsTrim.so.cc @@ -481,20 +481,11 @@ struct InsTrim : public ModulePass { } char modeline[100]; - snprintf(modeline, sizeof(modeline), "%s%s%s%s", - getenv("AFL_HARDEN") - ? "hardened" - : "non-hardened", - getenv("AFL_USE_ASAN") - ? ", ASAN" - : "", - getenv("AFL_USE_MSAN") - ? ", MSAN" - : "", - getenv("AFL_USE_UBSAN") - ? ", UBSAN" - : "" - ); + snprintf(modeline, sizeof(modeline), "%s%s%s%s", + getenv("AFL_HARDEN") ? "hardened" : "non-hardened", + getenv("AFL_USE_ASAN") ? ", ASAN" : "", + getenv("AFL_USE_MSAN") ? ", MSAN" : "", + getenv("AFL_USE_UBSAN") ? ", UBSAN" : ""); OKF("Instrumented %u locations (%llu, %llu) (%s mode)\n", total_instr, total_rs, total_hs, modeline); diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index 77d63ce4..555510cc 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -468,24 +468,16 @@ bool AFLCoverage::runOnModule(Module &M) { if (!inst_blocks) WARNF("No instrumentation targets found."); else { + char modeline[100]; - snprintf(modeline, sizeof(modeline), "%s%s%s%s", - getenv("AFL_HARDEN") - ? "hardened" - : "non-hardened", - getenv("AFL_USE_ASAN") - ? ", ASAN" - : "", - getenv("AFL_USE_MSAN") - ? ", MSAN" - : "", - getenv("AFL_USE_UBSAN") - ? ", UBSAN" - : "" - ); + snprintf(modeline, sizeof(modeline), "%s%s%s%s", + getenv("AFL_HARDEN") ? "hardened" : "non-hardened", + getenv("AFL_USE_ASAN") ? ", ASAN" : "", + getenv("AFL_USE_MSAN") ? ", MSAN" : "", + getenv("AFL_USE_UBSAN") ? ", UBSAN" : ""); OKF("Instrumented %u locations (%s mode, ratio %u%%).", inst_blocks, - modeline, - inst_ratio); + modeline, inst_ratio); + } } diff --git a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h index d0be696b..eefe62b2 100644 --- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h @@ -41,9 +41,8 @@ #define _DEFAULT_MO MO_32 #endif - void HELPER(afl_compcov_16)(target_ulong cur_loc, target_ulong arg1, - target_ulong arg2) { + target_ulong arg2) { register uintptr_t idx = cur_loc; @@ -52,7 +51,7 @@ void HELPER(afl_compcov_16)(target_ulong cur_loc, target_ulong arg1, } void HELPER(afl_compcov_32)(target_ulong cur_loc, target_ulong arg1, - target_ulong arg2) { + target_ulong arg2) { register uintptr_t idx = cur_loc; @@ -71,7 +70,7 @@ void HELPER(afl_compcov_32)(target_ulong cur_loc, target_ulong arg1, } void HELPER(afl_compcov_64)(target_ulong cur_loc, target_ulong arg1, - target_ulong arg2) { + target_ulong arg2) { register uintptr_t idx = cur_loc; @@ -110,7 +109,7 @@ void HELPER(afl_compcov_64)(target_ulong cur_loc, target_ulong arg1, } void HELPER(afl_cmplog_16)(target_ulong cur_loc, target_ulong arg1, - target_ulong arg2) { + target_ulong arg2) { register uintptr_t k = (uintptr_t)cur_loc; @@ -129,7 +128,7 @@ void HELPER(afl_cmplog_16)(target_ulong cur_loc, target_ulong arg1, } void HELPER(afl_cmplog_32)(target_ulong cur_loc, target_ulong arg1, - target_ulong arg2) { + target_ulong arg2) { register uintptr_t k = (uintptr_t)cur_loc; @@ -145,7 +144,7 @@ void HELPER(afl_cmplog_32)(target_ulong cur_loc, target_ulong arg1, } void HELPER(afl_cmplog_64)(target_ulong cur_loc, target_ulong arg1, - target_ulong arg2) { + target_ulong arg2) { register uintptr_t k = (uintptr_t)cur_loc; @@ -169,7 +168,7 @@ static void afl_gen_compcov(target_ulong cur_loc, TCGv arg1, TCGv arg2, cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); cur_loc &= CMP_MAP_W - 1; - + TCGv cur_loc_v = tcg_const_tl(cur_loc); switch (ot) { @@ -180,7 +179,7 @@ static void afl_gen_compcov(target_ulong cur_loc, TCGv arg1, TCGv arg2, default: break; } - + tcg_temp_free(cur_loc_v); } else if (afl_compcov_level) { @@ -189,7 +188,7 @@ static void afl_gen_compcov(target_ulong cur_loc, TCGv arg1, TCGv arg2, cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); cur_loc &= MAP_SIZE - 7; - + TCGv cur_loc_v = tcg_const_tl(cur_loc); if (cur_loc >= afl_inst_rms) return; @@ -202,7 +201,7 @@ static void afl_gen_compcov(target_ulong cur_loc, TCGv arg1, TCGv arg2, default: break; } - + tcg_temp_free(cur_loc_v); } @@ -293,7 +292,8 @@ static void gpr_saving(TCGv *cpu_regs, int regs_num) { afl_gen_tcg_plain_call(&afl_persistent_loop); - if (afl_persistent_hook_ptr) afl_gen_tcg_plain_call(callback_to_persistent_hook); + if (afl_persistent_hook_ptr) + afl_gen_tcg_plain_call(callback_to_persistent_hook); // restore GPR registers for (i = 0; i < regs_num; ++i) { @@ -334,19 +334,20 @@ static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) { if (s->pc == afl_persistent_addr) { \ \ restore_state_for_persistent(cpu_regs, AFL_REGS_NUM, R_ESP); \ - /*afl_gen_tcg_plain_call(log_x86_saved_gpr); \ - afl_gen_tcg_plain_call(log_x86_sp_content);*/ \ + /*afl_gen_tcg_plain_call(log_x86_saved_gpr); \ + afl_gen_tcg_plain_call(log_x86_sp_content);*/ \ \ if (afl_persistent_ret_addr == 0) { \ \ - TCGv paddr = tcg_const_tl(afl_persistent_addr); \ - tcg_gen_qemu_st_tl(paddr, cpu_regs[R_ESP], persisent_retaddr_offset, _DEFAULT_MO); \ - tcg_temp_free(paddr); \ + TCGv paddr = tcg_const_tl(afl_persistent_addr); \ + tcg_gen_qemu_st_tl(paddr, cpu_regs[R_ESP], persisent_retaddr_offset, \ + _DEFAULT_MO); \ + tcg_temp_free(paddr); \ \ } \ \ - if (!persistent_save_gpr) afl_gen_tcg_plain_call(&afl_persistent_loop); \ - /*afl_gen_tcg_plain_call(log_x86_sp_content);*/ \ + if (!persistent_save_gpr) afl_gen_tcg_plain_call(&afl_persistent_loop); \ + /*afl_gen_tcg_plain_call(log_x86_sp_content);*/ \ \ } else if (afl_persistent_ret_addr && s->pc == afl_persistent_ret_addr) { \ \ @@ -368,11 +369,11 @@ static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) { \ if (afl_persistent_ret_addr == 0) { \ \ - tcg_gen_movi_tl(cpu_R[14], afl_persistent_addr); \ + tcg_gen_movi_tl(cpu_R[14], afl_persistent_addr); \ \ } \ \ - if (!persistent_save_gpr) afl_gen_tcg_plain_call(&afl_persistent_loop); \ + if (!persistent_save_gpr) afl_gen_tcg_plain_call(&afl_persistent_loop); \ \ } else if (afl_persistent_ret_addr && dc->pc == afl_persistent_ret_addr) { \ \ @@ -393,11 +394,11 @@ static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) { \ if (afl_persistent_ret_addr == 0) { \ \ - tcg_gen_movi_tl(cpu_X[30], afl_persistent_addr); \ + tcg_gen_movi_tl(cpu_X[30], afl_persistent_addr); \ \ } \ \ - if (!persistent_save_gpr) afl_gen_tcg_plain_call(&afl_persistent_loop); \ + if (!persistent_save_gpr) afl_gen_tcg_plain_call(&afl_persistent_loop); \ \ } else if (afl_persistent_ret_addr && s->pc == afl_persistent_ret_addr) { \ \ diff --git a/qemu_mode/patches/afl-qemu-tcg-inl.h b/qemu_mode/patches/afl-qemu-tcg-inl.h index 2fb0c1b4..430574e5 100644 --- a/qemu_mode/patches/afl-qemu-tcg-inl.h +++ b/qemu_mode/patches/afl-qemu-tcg-inl.h @@ -33,7 +33,7 @@ void afl_gen_tcg_plain_call(void *func) { - TCGOp * op = tcg_emit_op(INDEX_op_call); + TCGOp *op = tcg_emit_op(INDEX_op_call); TCGOP_CALLO(op) = 0; @@ -42,3 +42,4 @@ void afl_gen_tcg_plain_call(void *func) { TCGOP_CALLI(op) = 0; } + diff --git a/src/afl-as.c b/src/afl-as.c index 12192838..941105df 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -479,27 +479,19 @@ static void add_instrumentation(void) { WARNF("No instrumentation targets found%s.", pass_thru ? " (pass-thru mode)" : ""); else { + char modeline[100]; - snprintf(modeline, sizeof(modeline), "%s%s%s%s", - getenv("AFL_HARDEN") - ? "hardened" - : "non-hardened", - getenv("AFL_USE_ASAN") - ? ", ASAN" - : "", - getenv("AFL_USE_MSAN") - ? ", MSAN" - : "", - getenv("AFL_USE_UBSAN") - ? ", UBSAN" - : "" - ); + snprintf(modeline, sizeof(modeline), "%s%s%s%s", + getenv("AFL_HARDEN") ? "hardened" : "non-hardened", + getenv("AFL_USE_ASAN") ? ", ASAN" : "", + getenv("AFL_USE_MSAN") ? ", MSAN" : "", + getenv("AFL_USE_UBSAN") ? ", UBSAN" : ""); OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).", ins_lines, - use_64bit ? "64" : "32", - modeline, - inst_ratio); + use_64bit ? "64" : "32", modeline, inst_ratio); + } + } } |