From 3a509c61689112cc321c4c78f058014abff66c8a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 10 Apr 2020 22:33:11 +0200 Subject: LTO optimization, variable map size, autodictionary (#307) * lto module clean-up * step 1/3 * step 1/3 completed * if tmp is ever made non-static * parts 2 and 3 - autodictionary is complete * variable map_size support * variable map size: changed overlooked functions * remove debug for autodict * 64 bit alignment of map size * fix review comments * force 64 bit alignment on both sides * typo --- qemu_mode/patches/afl-qemu-cpu-inl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'qemu_mode/patches/afl-qemu-cpu-inl.h') diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index 3bd107d7..d73566fc 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -293,7 +293,7 @@ static void print_mappings(void) { void afl_forkserver(CPUState *cpu) { - static unsigned char tmp[4]; + static unsigned char tmp[4] = {0, 0, 0, 0}; if (forkserver_installed == 1) return; forkserver_installed = 1; -- cgit 1.4.1 From d8947d1fa41c8fa12b2bf6a0ef128bd1d06b127e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 11 Apr 2020 08:15:42 +0200 Subject: add extended forkserver feature to gcc_plugin and qemu_mode --- gcc_plugin/afl-gcc-rt.o.c | 8 ++++++++ qemu_mode/patches/afl-qemu-cpu-inl.h | 10 ++++++++++ 2 files changed, 18 insertions(+) (limited to 'qemu_mode/patches/afl-qemu-cpu-inl.h') diff --git a/gcc_plugin/afl-gcc-rt.o.c b/gcc_plugin/afl-gcc-rt.o.c index b157b50f..0a2246e7 100644 --- a/gcc_plugin/afl-gcc-rt.o.c +++ b/gcc_plugin/afl-gcc-rt.o.c @@ -139,6 +139,7 @@ static void __afl_map_shm(void) { static void __afl_start_forkserver(void) { u8 tmp[4] = {0, 0, 0, 0}; + u32 map_size = MAP_SIZE; s32 child_pid; u8 child_stopped = 0; @@ -148,6 +149,13 @@ static void __afl_start_forkserver(void) { /* Phone home and tell the parent that we're OK. If parent isn't there, assume we're not running in forkserver mode and just execute program. */ + if (MAP_SIZE <= 0x800000) { + + map_size = (FS_OPT_ENABLED | FS_OPT_MAPSIZE | FS_OPT_SET_MAPSIZE(MAP_SIZE)); + memcpy(tmp, &map_size, 4); + + } + if (write(FORKSRV_FD + 1, tmp, 4) != 4) return; while (1) { diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index d73566fc..ee3ec44e 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -293,6 +293,7 @@ static void print_mappings(void) { void afl_forkserver(CPUState *cpu) { + u32 map_size = 0; static unsigned char tmp[4] = {0, 0, 0, 0}; if (forkserver_installed == 1) return; @@ -306,6 +307,15 @@ void afl_forkserver(CPUState *cpu) { int t_fd[2]; u8 child_stopped = 0; + // if in the future qemu has non-collding coverage then switch MAP_SIZE + // with the max ID value + if (MAP_SIZE <= 0x800000) { + + map_size = (FS_OPT_ENABLED | FS_OPT_MAPSIZE | FS_OPT_SET_MAPSIZE(MAP_SIZE)); + memcpy(tmp, &map_size, 4); + + } + /* Tell the parent that we're alive. If the parent doesn't want to talk, assume that we're not running in forkserver mode. */ -- cgit 1.4.1 From 263daaacafae423828d458c59817c5b96e4fd399 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 17 Apr 2020 12:04:16 +0200 Subject: remove static from tmp var in qemu --- qemu_mode/patches/afl-qemu-cpu-inl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'qemu_mode/patches/afl-qemu-cpu-inl.h') diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index ee3ec44e..06243141 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -293,8 +293,8 @@ static void print_mappings(void) { void afl_forkserver(CPUState *cpu) { - u32 map_size = 0; - static unsigned char tmp[4] = {0, 0, 0, 0}; + u32 map_size = 0; + unsigned char tmp[4] = {0}; if (forkserver_installed == 1) return; forkserver_installed = 1; -- cgit 1.4.1