diff options
Diffstat (limited to 'llvm_mode/afl-llvm-common.cc')
| -rw-r--r-- | llvm_mode/afl-llvm-common.cc | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/llvm_mode/afl-llvm-common.cc b/llvm_mode/afl-llvm-common.cc index 04dd9475..db604e14 100644 --- a/llvm_mode/afl-llvm-common.cc +++ b/llvm_mode/afl-llvm-common.cc @@ -43,10 +43,29 @@ char *getBBName(const llvm::BasicBlock *BB) { /* Note: this blacklist check is also called in isInWhitelist() */ bool isBlacklisted(const llvm::Function *F) { + // Starting from "LLVMFuzzer" these are functions used in libfuzzer based + // fuzzing campaign installations, e.g. oss-fuzz + static const char *Blacklist[] = { - "asan.", "llvm.", "sancov.", "__ubsan_handle_", "ign.", "__afl_", - "_fini", "__libc_csu", "__asan", "__msan", "msan." + "asan.", + "llvm.", + "sancov.", + "__ubsan_handle_", + "ign.", + "__afl_", + "_fini", + "__libc_csu", + "__asan", + "__msan", + "msan.", + "LLVMFuzzer", + "maybe_duplicate_stderr", + "discard_output", + "close_stdout", + "dup_and_close_stderr", + "maybe_close_fd_mask", + "ExecuteFilesOnyByOne" }; @@ -201,3 +220,20 @@ bool isInWhitelist(llvm::Function *F) { } +// Calculate the number of average collisions that would occur if all +// location IDs would be assigned randomly (like normal afl/afl++). +// This uses the "balls in bins" algorithm. +unsigned long long int calculateCollisions(uint32_t edges) { + + double bins = MAP_SIZE; + double balls = edges; + double step1 = 1 - (1 / bins); + double step2 = pow(step1, balls); + double step3 = bins * step2; + double step4 = round(step3); + unsigned long long int empty = step4; + unsigned long long int collisions = edges - (MAP_SIZE - empty); + return collisions; + +} + |