From 0011f2047bdd3e1adc25de4388edd609dc27bc85 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Dec 2020 09:33:52 +0100 Subject: merge romu and skim --- include/coverage-32.h | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 include/coverage-32.h (limited to 'include/coverage-32.h') diff --git a/include/coverage-32.h b/include/coverage-32.h new file mode 100644 index 00000000..710ff0cf --- /dev/null +++ b/include/coverage-32.h @@ -0,0 +1,109 @@ +#include "config.h" +#include "types.h" + +inline u32 classify_word(u32 word) { + + u16 mem16[2]; + memcpy(mem16, &word, sizeof(mem16)); + + mem16[0] = count_class_lookup16[mem16[0]]; + mem16[1] = count_class_lookup16[mem16[1]]; + + memcpy(&word, mem16, sizeof(mem16)); + return word; + +} + +void simplify_trace(afl_state_t *afl, u8 *bytes) { + + u32 *mem = (u32 *)fsrv->trace_bits; + u32 i = (fsrv->map_size >> 2); + + while (i--) { + + /* Optimize for sparse bitmaps. */ + + if (unlikely(*mem)) { + + u8 *mem8 = (u8 *)mem; + + mem8[0] = simplify_lookup[mem8[0]]; + mem8[1] = simplify_lookup[mem8[1]]; + mem8[2] = simplify_lookup[mem8[2]]; + mem8[3] = simplify_lookup[mem8[3]]; + + } else + + *mem = 0x01010101; + + mem++; + + } + +} + +inline void classify_counts(u8 *bytes) { + + u64 *mem = (u64 *)bytes; + u32 i = MAP_SIZE >> 2; + + while (i--) { + + /* Optimize for sparse bitmaps. */ + + if (unlikely(*mem)) { *mem = classify_word(*mem); } + + mem++; + + } + +} + +/* Updates the virgin bits, then reflects whether a new count or a new tuple is + * seen in ret. */ +inline void discover_word(u8 *ret, u32 *current, u32 *virgin) { + + /* Optimize for (*current & *virgin) == 0 - i.e., no bits in current bitmap + that have not been already cleared from the virgin map - since this will + almost always be the case. */ + + if (*current & *virgin) { + + if (likely(*ret < 2)) { + + u8 *cur = (u8 *)current; + u8 *vir = (u8 *)virgin; + + /* Looks like we have not found any new bytes yet; see if any non-zero + bytes in current[] are pristine in virgin[]. */ + + if ((cur[0] && vir[0] == 0xff) || (cur[1] && vir[1] == 0xff) || + (cur[2] && vir[2] == 0xff) || (cur[3] && vir[3] == 0xff)) + *ret = 2; + else + *ret = 1; + + } + + *virgin &= ~*current; + + } + +} + +#define PACK_SIZE 16 +inline u32 skim(const u32 *virgin, const u32 *current, const u32 *current_end) { + + for (; current != current_end; virgin += 4, current += 4) { + + if (current[0] && classify_word(current[0]) & virgin[0]) return 1; + if (current[1] && classify_word(current[1]) & virgin[1]) return 1; + if (current[2] && classify_word(current[2]) & virgin[2]) return 1; + if (current[3] && classify_word(current[3]) & virgin[3]) return 1; + + } + + return 0; + +} + -- cgit 1.4.1 From 4ff9eb0e67cc70c8f9415fa5bc4df10916fb6f4c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Dec 2020 10:02:26 +0100 Subject: fix compile --- include/coverage-32.h | 3 +++ include/coverage-64.h | 3 +++ 2 files changed, 6 insertions(+) (limited to 'include/coverage-32.h') diff --git a/include/coverage-32.h b/include/coverage-32.h index 710ff0cf..d7684708 100644 --- a/include/coverage-32.h +++ b/include/coverage-32.h @@ -1,6 +1,9 @@ #include "config.h" #include "types.h" +u32 skim(const u32 *virgin, const u32 *current, const u32 *current_end); +u32 classify_word(u32 word); + inline u32 classify_word(u32 word) { u16 mem16[2]; diff --git a/include/coverage-64.h b/include/coverage-64.h index 54cf0073..0ede5fa5 100644 --- a/include/coverage-64.h +++ b/include/coverage-64.h @@ -5,6 +5,9 @@ #include #endif +u32 skim(const u64 *virgin, const u64 *current, const u64 *current_end); +u64 classify_word(u64 word); + inline u64 classify_word(u64 word) { u16 mem16[4]; -- cgit 1.4.1 From 45a68760ee19739a7c1532d74486deb79dc6b9fd Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 12:02:01 +0100 Subject: fix 32 bit --- include/coverage-32.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'include/coverage-32.h') diff --git a/include/coverage-32.h b/include/coverage-32.h index d7684708..124d6ee5 100644 --- a/include/coverage-32.h +++ b/include/coverage-32.h @@ -19,8 +19,8 @@ inline u32 classify_word(u32 word) { void simplify_trace(afl_state_t *afl, u8 *bytes) { - u32 *mem = (u32 *)fsrv->trace_bits; - u32 i = (fsrv->map_size >> 2); + u32 *mem = (u32 *)bytes; + u32 i = (afl->fsrv.map_size >> 2); while (i--) { @@ -45,10 +45,10 @@ void simplify_trace(afl_state_t *afl, u8 *bytes) { } -inline void classify_counts(u8 *bytes) { +inline void classify_counts(afl_forkserver_t *fsrv) { - u64 *mem = (u64 *)bytes; - u32 i = MAP_SIZE >> 2; + u64 *mem = (u32 *)fsrv->trace_bits; + u32 i = (fsrv->map_size >> 2); while (i--) { -- cgit 1.4.1 From 7e27448dac2191060320831904f32fe9d572bc3d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Dec 2020 12:19:22 +0100 Subject: another 32 bit fix --- include/afl-fuzz.h | 4 ++++ include/coverage-32.h | 2 +- src/afl-cc.c | 3 ++- 3 files changed, 7 insertions(+), 2 deletions(-) (limited to 'include/coverage-32.h') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 99647c5b..e2fb0344 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1022,7 +1022,11 @@ u32 count_bytes(afl_state_t *, u8 *); u32 count_non_255_bytes(afl_state_t *, u8 *); void simplify_trace(afl_state_t *, u8 *); void classify_counts(afl_forkserver_t *); +#ifdef WORD_SIZE_64 void discover_word(u8 *ret, u64 *current, u64 *virgin); +#else +void discover_word(u8 *ret, u32 *current, u32 *virgin); +#endif void init_count_class16(void); void minimize_bits(afl_state_t *, u8 *, u8 *); #ifndef SIMPLE_FILES diff --git a/include/coverage-32.h b/include/coverage-32.h index 124d6ee5..a5cc498c 100644 --- a/include/coverage-32.h +++ b/include/coverage-32.h @@ -47,7 +47,7 @@ void simplify_trace(afl_state_t *afl, u8 *bytes) { inline void classify_counts(afl_forkserver_t *fsrv) { - u64 *mem = (u32 *)fsrv->trace_bits; + u32 *mem = (u32 *)fsrv->trace_bits; u32 i = (fsrv->map_size >> 2); while (i--) { diff --git a/src/afl-cc.c b/src/afl-cc.c index 6f4801de..3b8092a9 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1347,7 +1347,8 @@ int main(int argc, char **argv, char **envp) { "available)\n" " PCGUARD: Dominator tree instrumentation (best!) (README.llvm.md)\n" #if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) - " NATIVE: use llvm's native PCGUARD instrumentation (less performant)\n" + " NATIVE: use llvm's native PCGUARD instrumentation (less " + "performant)\n" #endif " CLASSIC: decision target instrumentation (README.llvm.md)\n" " CTX: CLASSIC + callee context (instrumentation/README.ctx.md)\n" -- cgit 1.4.1