From 02887dc1645f3d4114905d22240a062098314e7b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2020 14:09:58 +0200 Subject: fix static and profiling compilation and add profiling calculation --- src/afl-fuzz-run.c | 24 ++++++++++++++++++++++++ src/afl-fuzz.c | 11 +++++++++++ 2 files changed, 35 insertions(+) (limited to 'src') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 692026d4..b7f7f29c 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -30,13 +30,37 @@ #include "cmplog.h" +#ifdef PROFILING +u64 time_spent_working = 0; +#endif + /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ fsrv_run_result_t fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { +#ifdef PROFILING + static u64 time_spent_start = 0; + struct timespec spec; + if (time_spent_start) { + + u64 current; + clock_gettime(CLOCK_REALTIME, &spec); + current = (spec.tv_sec * 1000000000) + spec.tv_nsec; + time_spent_working += (current - time_spent_start); + + } + +#endif + fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); + +#ifdef PROFILING + clock_gettime(CLOCK_REALTIME, &spec); + time_spent_start = (spec.tv_sec * 1000000000) + spec.tv_nsec; +#endif + // TODO: Don't classify for faults? classify_counts(fsrv); return res; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5920f5c0..64973260 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -27,6 +27,10 @@ #include "cmplog.h" #include +#ifdef PROFILING +extern u64 time_spent_working; +#endif + static u8 *get_libradamsa_path(u8 *own_loc) { u8 *tmp, *cp, *rsl, *own_copy; @@ -1351,6 +1355,13 @@ stop_fuzzing: } +#ifdef PROFILING + SAYF(cYEL "[!] " cRST + "Profiling information: %llu ms total work, %llu ns/run\n", + time_spent_working / 1000000, + time_spent_working / afl->fsrv.total_execs); +#endif + fclose(afl->fsrv.plot_file); destroy_queue(afl); destroy_extras(afl); -- cgit v1.2.3 From ef2ccc8117bb899616472e2d95525ae0ca1a2098 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2020 14:59:12 +0200 Subject: added AFL_LLVM_SKIPSINGLEBLOCK and changed default behaviour to instrument single block functions --- src/afl-common.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/afl-common.c b/src/afl-common.c index 54b2e790..d9d57863 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -64,15 +64,15 @@ char *afl_environment_variables[] = { "AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_CMPLOG", "AFL_LLVM_INSTRIM", "AFL_LLVM_CTX", "AFL_LLVM_INSTRUMENT", "AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_LTO_AUTODICTIONARY", "AFL_LLVM_AUTODICTIONARY", - "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", "AFL_LLVM_LAF_SPLIT_COMPARES", - "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", "AFL_LLVM_LAF_SPLIT_FLOATS", - "AFL_LLVM_LAF_SPLIT_SWITCHES", "AFL_LLVM_LAF_TRANSFORM_COMPARES", - "AFL_LLVM_MAP_ADDR", "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", - "AFL_NGRAM_SIZE", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", - "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", - "AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", "AFL_NO_BUILTIN", - "AFL_NO_CPU_RED", "AFL_NO_FORKSRV", "AFL_NO_UI", "AFL_NO_PYTHON", - "AFL_UNTRACER_FILE", + "AFL_LLVM_SKIPSINGLEBLOCK", "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", + "AFL_LLVM_LAF_SPLIT_COMPARES", "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", + "AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES", + "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR", + "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE", + "AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", "AFL_LLVM_SKIP_NEVERZERO", + "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID", + "AFL_NO_ARITH", "AFL_NO_BUILTIN", "AFL_NO_CPU_RED", "AFL_NO_FORKSRV", + "AFL_NO_UI", "AFL_NO_PYTHON", "AFL_UNTRACER_FILE", "AFL_NO_X86", // not really an env but we dont want to warn on it "AFL_MAP_SIZE", "AFL_MAPSIZE", "AFL_PATH", "AFL_PERFORMANCE_FILE", //"AFL_PERSISTENT", // not implemented anymore, so warn additionally -- cgit v1.2.3 From 190f3024dad3713a1b2d3a42b5b99c662dd2cf58 Mon Sep 17 00:00:00 2001 From: Rishi Ranjan <43873720+rish9101@users.noreply.github.com> Date: Fri, 8 May 2020 23:38:27 +0530 Subject: Support multiple custom mutators (#282) * Make a list of custom mutators using env variable * Set up multiple custom mutators * Add destroy custom mutator and changes to load_custom_mutator * Use array instead of list, make changes to afl-fuzz-one for multiple mutators * Make change to fuzz-one custom_queue_get to support multiple mutators * Modify custom python mutator support * Fix bug * Fix missing afl->mutator->data * Revert to list with max count * Change custom_pre_save hook and code format * Free custom_mutator struct in the list * Add testcase for multiple custom mutators * Resolve merge conflict --- src/afl-fuzz-mutators.c | 193 ++++++++++++++++++++++-------------------------- src/afl-fuzz-one.c | 193 +++++++++++++++++++++++++++--------------------- src/afl-fuzz-python.c | 40 +++++----- src/afl-fuzz-queue.c | 17 +++-- src/afl-fuzz-run.c | 49 ++++++++++-- src/afl-fuzz-stats.c | 2 +- src/afl-fuzz.c | 4 +- 7 files changed, 274 insertions(+), 224 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index beb89092..23f15945 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -26,27 +26,47 @@ #include "afl-fuzz.h" -void load_custom_mutator(afl_state_t *, const char *); +struct custom_mutator *load_custom_mutator(afl_state_t *, const char *); +#ifdef USE_PYTHON +struct custom_mutator * load_custom_mutator_py(afl_state_t *, char *); +#endif -void setup_custom_mutator(afl_state_t *afl) { +void setup_custom_mutators(afl_state_t *afl) { /* Try mutator library first */ - u8 *fn = afl->afl_env.afl_custom_mutator_library; + struct custom_mutator * mutator; + u8 * fn = getenv("AFL_CUSTOM_MUTATOR_LIBRARY"); + u32 prev_mutator_count = 0; if (fn) { - if (afl->limit_time_sig) { - + if (afl->limit_time_sig) FATAL( "MOpt and custom mutator are mutually exclusive. We accept pull " "requests that integrates MOpt with the optional mutators " "(custom/radamsa/redquenn/...)."); - } + u8 *fn_token = (u8 *)strsep((char **)&fn, ";"); + + if (likely(!fn_token)) { - load_custom_mutator(afl, fn); + mutator = load_custom_mutator(afl, fn); + list_append(&afl->custom_mutator_list, mutator); + afl->custom_mutators_count++; - return; + } else { + + while (fn_token) { + + prev_mutator_count = afl->custom_mutators_count; + mutator = load_custom_mutator(afl, fn_token); + list_append(&afl->custom_mutator_list, mutator); + afl->custom_mutators_count++; + if (prev_mutator_count > afl->custom_mutators_count) FATAL("Maximum Custom Mutator count reached."); + fn_token = (u8 *)strsep((char **)&fn, ";"); + + } + } } @@ -65,7 +85,9 @@ void setup_custom_mutator(afl_state_t *afl) { } - load_custom_mutator_py(afl, module_name); + struct custom_mutator * mutator = load_custom_mutator_py(afl, module_name); + afl->custom_mutators_count++; + list_append(&afl->custom_mutator_list, mutator); } @@ -80,114 +102,85 @@ void setup_custom_mutator(afl_state_t *afl) { } -void destroy_custom_mutator(afl_state_t *afl) { - - if (afl->mutator) { +void destroy_custom_mutators(afl_state_t *afl) { - afl->mutator->afl_custom_deinit(afl->mutator->data); + if (afl->custom_mutators_count) { - if (afl->mutator->dh) { dlclose(afl->mutator->dh); } + LIST_FOREACH_CLEAR(&afl->custom_mutator_list, struct custom_mutator, { - if (afl->mutator->pre_save_buf) { + if (!el->data) { FATAL("Deintializing NULL mutator"); } + el->afl_custom_deinit(el->data); + if (el->dh) dlclose(el->dh); - ck_free(afl->mutator->pre_save_buf); - afl->mutator->pre_save_buf = NULL; - afl->mutator->pre_save_size = 0; + if (el->pre_save_buf) { + ck_free(el->pre_save_buf); + el->pre_save_buf = NULL; + el->pre_save_size = 0; + } - } + ck_free(el); - ck_free(afl->mutator); - afl->mutator = NULL; + } ); } } -void load_custom_mutator(afl_state_t *afl, const char *fn) { +struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { - void *dh; - afl->mutator = ck_alloc(sizeof(struct custom_mutator)); - afl->mutator->pre_save_buf = NULL; - afl->mutator->pre_save_size = 0; + void * dh; + struct custom_mutator *mutator = ck_alloc(sizeof(struct custom_mutator)); - afl->mutator->name = fn; + mutator->name = fn; ACTF("Loading custom mutator library from '%s'...", fn); dh = dlopen(fn, RTLD_NOW); - if (!dh) { FATAL("%s", dlerror()); } - afl->mutator->dh = dh; + if (!dh) FATAL("%s", dlerror()); + mutator->dh = dh; /* Mutator */ - /* "afl_custom_init", required */ - afl->mutator->afl_custom_init = dlsym(dh, "afl_custom_init"); - if (!afl->mutator->afl_custom_init) { - - FATAL("Symbol 'afl_custom_init' not found."); - - } - - /* "afl_custom_deinit", required */ - afl->mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit"); - if (!afl->mutator->afl_custom_deinit) { - - FATAL("Symbol 'afl_custom_deinit' not found."); - - } + /* "afl_custom_init", optional for backward compatibility */ + mutator->afl_custom_init = dlsym(dh, "afl_custom_init"); + if (!mutator->afl_custom_init) WARNF("Symbol 'afl_custom_init' not found."); /* "afl_custom_fuzz" or "afl_custom_mutator", required */ - afl->mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_fuzz"); - if (!afl->mutator->afl_custom_fuzz) { + mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_fuzz"); + if (!mutator->afl_custom_fuzz) { /* Try "afl_custom_mutator" for backward compatibility */ WARNF("Symbol 'afl_custom_fuzz' not found. Try 'afl_custom_mutator'."); - afl->mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_mutator"); - if (!afl->mutator->afl_custom_fuzz) { - + mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_mutator"); + if (!mutator->afl_custom_fuzz) FATAL("Symbol 'afl_custom_mutator' not found."); - } - } /* "afl_custom_pre_save", optional */ - afl->mutator->afl_custom_pre_save = dlsym(dh, "afl_custom_pre_save"); - if (!afl->mutator->afl_custom_pre_save) { - + mutator->afl_custom_pre_save = dlsym(dh, "afl_custom_pre_save"); + if (!mutator->afl_custom_pre_save) WARNF("Symbol 'afl_custom_pre_save' not found."); - } - u8 notrim = 0; /* "afl_custom_init_trim", optional */ - afl->mutator->afl_custom_init_trim = dlsym(dh, "afl_custom_init_trim"); - if (!afl->mutator->afl_custom_init_trim) { - + mutator->afl_custom_init_trim = dlsym(dh, "afl_custom_init_trim"); + if (!mutator->afl_custom_init_trim) WARNF("Symbol 'afl_custom_init_trim' not found."); - } - /* "afl_custom_trim", optional */ - afl->mutator->afl_custom_trim = dlsym(dh, "afl_custom_trim"); - if (!afl->mutator->afl_custom_trim) { - - WARNF("Symbol 'afl_custom_trim' not found."); - - } + mutator->afl_custom_trim = dlsym(dh, "afl_custom_trim"); + if (!mutator->afl_custom_trim) WARNF("Symbol 'afl_custom_trim' not found."); /* "afl_custom_post_trim", optional */ - afl->mutator->afl_custom_post_trim = dlsym(dh, "afl_custom_post_trim"); - if (!afl->mutator->afl_custom_post_trim) { - + mutator->afl_custom_post_trim = dlsym(dh, "afl_custom_post_trim"); + if (!mutator->afl_custom_post_trim) WARNF("Symbol 'afl_custom_post_trim' not found."); - } - if (notrim) { - afl->mutator->afl_custom_init_trim = NULL; - afl->mutator->afl_custom_trim = NULL; - afl->mutator->afl_custom_post_trim = NULL; + mutator->afl_custom_init_trim = NULL; + mutator->afl_custom_trim = NULL; + mutator->afl_custom_post_trim = NULL; WARNF( "Custom mutator does not implement all three trim APIs, standard " "trimming will be used."); @@ -195,53 +188,41 @@ void load_custom_mutator(afl_state_t *afl, const char *fn) { } /* "afl_custom_havoc_mutation", optional */ - afl->mutator->afl_custom_havoc_mutation = - dlsym(dh, "afl_custom_havoc_mutation"); - if (!afl->mutator->afl_custom_havoc_mutation) { - + mutator->afl_custom_havoc_mutation = dlsym(dh, "afl_custom_havoc_mutation"); + if (!mutator->afl_custom_havoc_mutation) WARNF("Symbol 'afl_custom_havoc_mutation' not found."); - } - /* "afl_custom_havoc_mutation", optional */ - afl->mutator->afl_custom_havoc_mutation_probability = + mutator->afl_custom_havoc_mutation_probability = dlsym(dh, "afl_custom_havoc_mutation_probability"); - if (!afl->mutator->afl_custom_havoc_mutation_probability) { - + if (!mutator->afl_custom_havoc_mutation_probability) WARNF("Symbol 'afl_custom_havoc_mutation_probability' not found."); - } - /* "afl_custom_queue_get", optional */ - afl->mutator->afl_custom_queue_get = dlsym(dh, "afl_custom_queue_get"); - if (!afl->mutator->afl_custom_queue_get) { - + mutator->afl_custom_queue_get = dlsym(dh, "afl_custom_queue_get"); + if (!mutator->afl_custom_queue_get) WARNF("Symbol 'afl_custom_queue_get' not found."); - } - /* "afl_custom_queue_new_entry", optional */ - afl->mutator->afl_custom_queue_new_entry = - dlsym(dh, "afl_custom_queue_new_entry"); - if (!afl->mutator->afl_custom_queue_new_entry) { - + mutator->afl_custom_queue_new_entry = dlsym(dh, "afl_custom_queue_new_entry"); + if (!mutator->afl_custom_queue_new_entry) WARNF("Symbol 'afl_custom_queue_new_entry' not found"); - } - OKF("Custom mutator '%s' installed successfully.", fn); /* Initialize the custom mutator */ - if (afl->mutator->afl_custom_init) { + if (mutator->afl_custom_init) + mutator->data = + mutator->afl_custom_init(afl, rand_below(afl, 0xFFFFFFFF)); - afl->mutator->data = - afl->mutator->afl_custom_init(afl, rand_below(afl, 0xFFFFFFFF)); + mutator->stacked_custom = (mutator && mutator->afl_custom_havoc_mutation); + mutator->stacked_custom_prob = 6; // like one of the default mutations in havoc - } + return mutator; } -u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { +u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, struct custom_mutator *mutator) { u8 needs_write = 0, fault = 0; u32 trim_exec = 0; @@ -255,7 +236,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Initialize trimming in the custom mutator */ afl->stage_cur = 0; afl->stage_max = - afl->mutator->afl_custom_init_trim(afl->mutator->data, in_buf, q->len); + mutator->afl_custom_init_trim(mutator->data, in_buf, q->len); if (unlikely(afl->stage_max) < 0) { FATAL("custom_init_trim error ret: %d", afl->stage_max); @@ -278,7 +259,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { u32 cksum; - size_t retlen = afl->mutator->afl_custom_trim(afl->mutator->data, &retbuf); + size_t retlen = mutator->afl_custom_trim(mutator->data, &retbuf); if (unlikely(!retbuf)) { @@ -319,7 +300,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Tell the custom mutator that the trimming was successful */ afl->stage_cur = - afl->mutator->afl_custom_post_trim(afl->mutator->data, 1); + mutator->afl_custom_post_trim(mutator->data, 1); if (afl->not_on_tty && afl->debug) { @@ -332,7 +313,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Tell the custom mutator that the trimming was unsuccessful */ afl->stage_cur = - afl->mutator->afl_custom_post_trim(afl->mutator->data, 0); + mutator->afl_custom_post_trim(mutator->data, 0); if (unlikely(afl->stage_cur < 0)) { FATAL("Error ret in custom_post_trim: %d", afl->stage_cur); diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 6d399a03..dff1606a 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -384,17 +384,17 @@ u8 fuzz_one_original(afl_state_t *afl) { #else - if (unlikely(afl->mutator) && unlikely(afl->mutator->afl_custom_queue_get)) { + if (unlikely(afl->custom_mutators_count )) { /* The custom mutator will decide to skip this test case or not. */ - if (!afl->mutator->afl_custom_queue_get(afl->mutator->data, - afl->queue_cur->fname)) { + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - return 1; - - } + if (el->afl_custom_queue_get && !el->afl_custom_queue_get(el->data, afl->queue_cur->fname)) { + return 1; + } + } ); } if (likely(afl->pending_favored)) { @@ -1646,13 +1646,13 @@ custom_mutator_stage: * CUSTOM MUTATORS * *******************/ - if (likely(!afl->mutator)) { goto havoc_stage; } - if (likely(!afl->mutator->afl_custom_fuzz)) { goto havoc_stage; } + if (likely(!afl->custom_mutators_count)) { goto havoc_stage; } afl->stage_name = "custom mutator"; afl->stage_short = "custom"; afl->stage_max = HAVOC_CYCLES * perf_score / afl->havoc_div / 100; afl->stage_val_type = STAGE_VAL_NONE; + bool has_custom_fuzz = false; if (afl->stage_max < HAVOC_MIN) { afl->stage_max = HAVOC_MIN; } @@ -1660,98 +1660,111 @@ custom_mutator_stage: orig_hit_cnt = afl->queued_paths + afl->unique_crashes; - for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { + LIST_FOREACH (&afl->custom_mutator_list, struct custom_mutator, { - struct queue_entry *target; - u32 tid; - u8 * new_buf; + if ( el->afl_custom_fuzz ) { - retry_external_pick: - /* Pick a random other queue entry for passing to external API */ - do { + has_custom_fuzz = true; - tid = rand_below(afl, afl->queued_paths); + for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - } while (tid == afl->current_entry && afl->queued_paths > 1); + struct queue_entry *target; + u32 tid; + u8 * new_buf; - target = afl->queue; + retry_external_pick: + /* Pick a random other queue entry for passing to external API */ + do { - while (tid >= 100) { + tid = rand_below(afl, afl->queued_paths); - target = target->next_100; - tid -= 100; + } while (tid == afl->current_entry && afl->queued_paths > 1); - } + target = afl->queue; - while (tid--) { + while (tid >= 100) { - target = target->next; + target = target->next_100; + tid -= 100; - } + } - /* Make sure that the target has a reasonable length. */ + while (tid--) { - while (target && (target->len < 2 || target == afl->queue_cur) && - afl->queued_paths > 1) { + target = target->next; - target = target->next; - ++afl->splicing_with; + } - } + /* Make sure that the target has a reasonable length. */ - if (!target) { goto retry_external_pick; } + while (target && (target->len < 2 || target == afl->queue_cur) && + afl->queued_paths > 1) { - /* Read the additional testcase into a new buffer. */ - fd = open(target->fname, O_RDONLY); - if (unlikely(fd < 0)) { PFATAL("Unable to open '%s'", target->fname); } + target = target->next; + ++afl->splicing_with; - new_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), target->len); - ck_read(fd, new_buf, target->len, target->fname); - close(fd); + } - u8 *mutated_buf = NULL; + if (!target) { goto retry_external_pick; } - size_t mutated_size = afl->mutator->afl_custom_fuzz( - afl->mutator->data, out_buf, len, &mutated_buf, new_buf, target->len, - max_seed_size); + /* Read the additional testcase into a new buffer. */ + fd = open(target->fname, O_RDONLY); + if (unlikely(fd < 0)) { PFATAL("Unable to open '%s'", target->fname); } - if (unlikely(!mutated_buf)) { + new_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), target->len); + ck_read(fd, new_buf, target->len, target->fname); + close(fd); - FATAL("Error in custom_fuzz. Size returned: %zd", mutated_size); + u8 *mutated_buf = NULL; - } + size_t mutated_size = el->afl_custom_fuzz( + el->data, out_buf, len, &mutated_buf, new_buf, target->len, + max_seed_size); - if (mutated_size > 0) { + if (unlikely(!mutated_buf)) { - if (common_fuzz_stuff(afl, mutated_buf, (u32)mutated_size)) { + FATAL("Error in custom_fuzz. Size returned: %zd", mutated_size); - goto abandon_entry; + } - } + if (mutated_size > 0) { + + if (common_fuzz_stuff(afl, mutated_buf, (u32)mutated_size)) { + + goto abandon_entry; + + } - /* If we're finding new stuff, let's run for a bit longer, limits - permitting. */ + /* If we're finding new stuff, let's run for a bit longer, limits + permitting. */ - if (afl->queued_paths != havoc_queued) { + if (afl->queued_paths != havoc_queued) { - if (perf_score <= afl->havoc_max_mult * 100) { + if (perf_score <= afl->havoc_max_mult * 100) { - afl->stage_max *= 2; - perf_score *= 2; + afl->stage_max *= 2; + perf_score *= 2; + + } + + havoc_queued = afl->queued_paths; + + } } - havoc_queued = afl->queued_paths; + /* `(afl->)out_buf` may have been changed by the call to custom_fuzz */ + /* TODO: Only do this when `mutated_buf` == `out_buf`? Branch vs Memcpy. */ + memcpy(out_buf, in_buf, len); } } - /* `(afl->)out_buf` may have been changed by the call to custom_fuzz */ - /* TODO: Only do this when `mutated_buf` == `out_buf`? Branch vs Memcpy. */ - memcpy(out_buf, in_buf, len); - } + } ); + + if (!has_custom_fuzz) goto havoc_stage; new_hit_cnt = afl->queued_paths + afl->unique_crashes; @@ -1803,20 +1816,25 @@ havoc_stage: havoc_queued = afl->queued_paths; - u8 stacked_custom = (afl->mutator && afl->mutator->afl_custom_havoc_mutation); - u8 stacked_custom_prob = 6; // like one of the default mutations in havoc + if (afl->custom_mutators_count) { - if (stacked_custom && afl->mutator->afl_custom_havoc_mutation_probability) { + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - stacked_custom_prob = - afl->mutator->afl_custom_havoc_mutation_probability(afl->mutator->data); - if (stacked_custom_prob > 100) { + if (el->stacked_custom && el->afl_custom_havoc_mutation_probability) { - FATAL( - "The probability returned by afl_custom_havoc_mutation_propability " - "has to be in the range 0-100."); + el->stacked_custom_prob = + el->afl_custom_havoc_mutation_probability(el->data); + if (el->stacked_custom_prob > 100) { - } + FATAL( + "The probability returned by afl_custom_havoc_mutation_propability " + "has to be in the range 0-100."); + + } + + } + + } ); } @@ -1831,29 +1849,36 @@ havoc_stage: for (i = 0; i < use_stacking; ++i) { - if (stacked_custom && rand_below(afl, 100) < stacked_custom_prob) { + if (afl->custom_mutators_count) { + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - u8 * custom_havoc_buf = NULL; - size_t new_len = afl->mutator->afl_custom_havoc_mutation( - afl->mutator->data, out_buf, temp_len, &custom_havoc_buf, MAX_FILE); - if (unlikely(!custom_havoc_buf)) { + if (el->stacked_custom && rand_below(afl, 100) < el->stacked_custom_prob) { - FATAL("Error in custom_havoc (return %zd)", new_len); + u8 * custom_havoc_buf = NULL; + size_t new_len = el->afl_custom_havoc_mutation( + el->data, out_buf, temp_len, &custom_havoc_buf, MAX_FILE); + if (unlikely(!custom_havoc_buf)) { - } + FATAL("Error in custom_havoc (return %zd)", new_len); - if (likely(new_len > 0 && custom_havoc_buf)) { + } - temp_len = new_len; - if (out_buf != custom_havoc_buf) { + if (likely(new_len > 0 && custom_havoc_buf)) { - ck_maybe_grow(BUF_PARAMS(out), temp_len); - memcpy(out_buf, custom_havoc_buf, temp_len); + temp_len = new_len; + if (out_buf != custom_havoc_buf) { - } + ck_maybe_grow(BUF_PARAMS(out), temp_len); + memcpy(out_buf, custom_havoc_buf, temp_len); - } + } + + } + } + + } ); } switch (rand_below( diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 64cabcad..a65add55 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -295,88 +295,94 @@ void deinit_py(void *py_mutator) { } -void load_custom_mutator_py(afl_state_t *afl, char *module_name) { +struct custom_mutator * load_custom_mutator_py(afl_state_t *afl, char *module_name) { - afl->mutator = ck_alloc(sizeof(struct custom_mutator)); - afl->mutator->pre_save_buf = NULL; - afl->mutator->pre_save_size = 0; + struct custom_mutator * mutator; - afl->mutator->name = module_name; + mutator = ck_alloc(sizeof(struct custom_mutator)); + mutator->pre_save_buf = NULL; + mutator->pre_save_size = 0; + + mutator->name = module_name; ACTF("Loading Python mutator library from '%s'...", module_name); py_mutator_t *py_mutator; py_mutator = init_py_module(afl, module_name); - afl->mutator->data = py_mutator; + mutator->data = py_mutator; if (!py_mutator) { FATAL("Failed to load python mutator."); } PyObject **py_functions = py_mutator->py_functions; if (py_functions[PY_FUNC_INIT]) { - afl->mutator->afl_custom_init = unsupported; + mutator->afl_custom_init = unsupported; } if (py_functions[PY_FUNC_DEINIT]) { - afl->mutator->afl_custom_deinit = deinit_py; + mutator->afl_custom_deinit = deinit_py; } /* "afl_custom_fuzz" should not be NULL, but the interface of Python mutator is quite different from the custom mutator. */ - afl->mutator->afl_custom_fuzz = fuzz_py; + mutator->afl_custom_fuzz = fuzz_py; if (py_functions[PY_FUNC_PRE_SAVE]) { - afl->mutator->afl_custom_pre_save = pre_save_py; + mutator->afl_custom_pre_save = pre_save_py; } if (py_functions[PY_FUNC_INIT_TRIM]) { - afl->mutator->afl_custom_init_trim = init_trim_py; + mutator->afl_custom_init_trim = init_trim_py; } if (py_functions[PY_FUNC_POST_TRIM]) { - afl->mutator->afl_custom_post_trim = post_trim_py; + mutator->afl_custom_post_trim = post_trim_py; } - if (py_functions[PY_FUNC_TRIM]) { afl->mutator->afl_custom_trim = trim_py; } + if (py_functions[PY_FUNC_TRIM]) { mutator->afl_custom_trim = trim_py; } if (py_functions[PY_FUNC_HAVOC_MUTATION]) { - afl->mutator->afl_custom_havoc_mutation = havoc_mutation_py; + mutator->afl_custom_havoc_mutation = havoc_mutation_py; } if (py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY]) { - afl->mutator->afl_custom_havoc_mutation_probability = + mutator->afl_custom_havoc_mutation_probability = havoc_mutation_probability_py; } if (py_functions[PY_FUNC_QUEUE_GET]) { - afl->mutator->afl_custom_queue_get = queue_get_py; + mutator->afl_custom_queue_get = queue_get_py; } if (py_functions[PY_FUNC_QUEUE_NEW_ENTRY]) { - afl->mutator->afl_custom_queue_new_entry = queue_new_entry_py; + mutator->afl_custom_queue_new_entry = queue_new_entry_py; } + + OKF("Python mutator '%s' installed successfully.", module_name); /* Initialize the custom mutator */ init_py(afl, py_mutator, rand_below(afl, 0xFFFFFFFF)); + return mutator; + } size_t pre_save_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf) { diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index f998c06b..c33751d9 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -140,15 +140,20 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { afl->last_path_time = get_cur_time(); - if (afl->mutator && afl->mutator->afl_custom_queue_new_entry) { + if (afl->custom_mutators_count) { - u8 *fname_orig = NULL; + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - /* At the initialization stage, queue_cur is NULL */ - if (afl->queue_cur) { fname_orig = afl->queue_cur->fname; } + if ( el->afl_custom_queue_new_entry) { + u8 *fname_orig = NULL; - afl->mutator->afl_custom_queue_new_entry(afl->mutator->data, fname, - fname_orig); + /* At the initialization stage, queue_cur is NULL */ + if (afl->queue_cur) fname_orig = afl->queue_cur->fname; + + el->afl_custom_queue_new_entry(el->data, fname, fname_orig); + } + + } ); } diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index b7f7f29c..3876dec7 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -89,21 +89,41 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { #endif - if (unlikely(afl->mutator && afl->mutator->afl_custom_pre_save)) { + if (unlikely(afl->custom_mutators_count)) { u8 *new_buf = NULL; + ssize_t new_size = len; + void * new_mem = mem; - size_t new_size = afl->mutator->afl_custom_pre_save(afl->mutator->data, mem, - len, &new_buf); + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if (unlikely(!new_buf)) { + if (el->afl_custom_pre_save) { + new_size = el->afl_custom_pre_save( + el->data, new_mem, new_size, &new_buf + ); + + } + + new_mem = new_buf; + + } ); + + if (unlikely(!new_buf && (new_size <= 0))) { FATAL("Custom_pre_save failed (ret: %lu)", (long unsigned)new_size); + } else if (likely(new_buf)) { + + /* everything as planned. use the new data. */ + afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); + + } else { + + /* custom mutators do not has a custom_pre_save function */ + afl_fsrv_write_to_testcase(&afl->fsrv, mem, len); + } - /* everything as planned. use the new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); } else { @@ -513,10 +533,23 @@ void sync_fuzzers(afl_state_t *afl) { u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Custom mutator trimmer */ - if (afl->mutator && afl->mutator->afl_custom_trim) { + if (afl->custom_mutators_count) { + + u8 trimmed_case = 0; + bool custom_trimmed = false; + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_trim) { + + trimmed_case = trim_case_custom(afl, q, in_buf, el); + custom_trimmed = true; + } - return trim_case_custom(afl, q, in_buf); + } ); + if (custom_trimmed) return trimmed_case; + } u8 needs_write = 0, fault = 0; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 3cbb2d8c..032cf01d 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -792,7 +792,7 @@ void show_stats(afl_state_t *afl) { } - if (afl->mutator) { + if (afl->custom_mutators_count) { sprintf(tmp, "%s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 64973260..14765981 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1077,7 +1077,7 @@ int main(int argc, char **argv_orig, char **envp) { setup_dirs_fds(afl); - setup_custom_mutator(afl); + setup_custom_mutators(afl); setup_cmdline_file(afl, argv + optind); @@ -1365,7 +1365,7 @@ stop_fuzzing: fclose(afl->fsrv.plot_file); destroy_queue(afl); destroy_extras(afl); - destroy_custom_mutator(afl); + destroy_custom_mutators(afl); afl_shm_deinit(&afl->shm); afl_fsrv_deinit(&afl->fsrv); if (afl->orig_cmdline) { ck_free(afl->orig_cmdline); } -- cgit v1.2.3 From fa84e52af0cf1869a8abbff2f48a9c55e2d447d4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 9 May 2020 11:35:54 +0200 Subject: custom mutator code enhancements and code-format --- src/afl-fuzz-mutators.c | 56 ++++++++++++++++++++++++++++--------------------- src/afl-fuzz-one.c | 48 ++++++++++++++++++++++++------------------ src/afl-fuzz-python.c | 19 +++++------------ src/afl-fuzz-queue.c | 6 ++++-- src/afl-fuzz-run.c | 22 +++++++++---------- 5 files changed, 80 insertions(+), 71 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 23f15945..027add49 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -28,15 +28,15 @@ struct custom_mutator *load_custom_mutator(afl_state_t *, const char *); #ifdef USE_PYTHON -struct custom_mutator * load_custom_mutator_py(afl_state_t *, char *); +struct custom_mutator *load_custom_mutator_py(afl_state_t *, char *); #endif void setup_custom_mutators(afl_state_t *afl) { /* Try mutator library first */ - struct custom_mutator * mutator; - u8 * fn = getenv("AFL_CUSTOM_MUTATOR_LIBRARY"); - u32 prev_mutator_count = 0; + struct custom_mutator *mutator; + u8 * fn = afl->afl_env.afl_custom_mutator_library; + u32 prev_mutator_count = 0; if (fn) { @@ -44,9 +44,9 @@ void setup_custom_mutators(afl_state_t *afl) { FATAL( "MOpt and custom mutator are mutually exclusive. We accept pull " "requests that integrates MOpt with the optional mutators " - "(custom/radamsa/redquenn/...)."); + "(custom/radamsa/redqueen/...)."); - u8 *fn_token = (u8 *)strsep((char **)&fn, ";"); + u8 *fn_token = (u8 *)strsep((char **)&fn, ";:,"); if (likely(!fn_token)) { @@ -58,14 +58,22 @@ void setup_custom_mutators(afl_state_t *afl) { while (fn_token) { - prev_mutator_count = afl->custom_mutators_count; - mutator = load_custom_mutator(afl, fn_token); - list_append(&afl->custom_mutator_list, mutator); - afl->custom_mutators_count++; - if (prev_mutator_count > afl->custom_mutators_count) FATAL("Maximum Custom Mutator count reached."); - fn_token = (u8 *)strsep((char **)&fn, ";"); + if (*fn_token) { // strsep can be empty if ";;" + + if (afl->not_on_tty && afl->debug) + SAYF("[Custom] Processing: %s\n", fn_token); + prev_mutator_count = afl->custom_mutators_count; + mutator = load_custom_mutator(afl, fn_token); + list_append(&afl->custom_mutator_list, mutator); + afl->custom_mutators_count++; + if (prev_mutator_count > afl->custom_mutators_count) + FATAL("Maximum Custom Mutator count reached."); + fn_token = (u8 *)strsep((char **)&fn, ";:,"); + + } } + } } @@ -85,7 +93,7 @@ void setup_custom_mutators(afl_state_t *afl) { } - struct custom_mutator * mutator = load_custom_mutator_py(afl, module_name); + struct custom_mutator *mutator = load_custom_mutator_py(afl, module_name); afl->custom_mutators_count++; list_append(&afl->custom_mutator_list, mutator); @@ -113,14 +121,16 @@ void destroy_custom_mutators(afl_state_t *afl) { if (el->dh) dlclose(el->dh); if (el->pre_save_buf) { + ck_free(el->pre_save_buf); el->pre_save_buf = NULL; el->pre_save_size = 0; + } ck_free(el); - } ); + }); } @@ -212,17 +222,18 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { /* Initialize the custom mutator */ if (mutator->afl_custom_init) - mutator->data = - mutator->afl_custom_init(afl, rand_below(afl, 0xFFFFFFFF)); + mutator->data = mutator->afl_custom_init(afl, rand_below(afl, 0xFFFFFFFF)); mutator->stacked_custom = (mutator && mutator->afl_custom_havoc_mutation); - mutator->stacked_custom_prob = 6; // like one of the default mutations in havoc + mutator->stacked_custom_prob = + 6; // like one of the default mutations in havoc return mutator; } -u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, struct custom_mutator *mutator) { +u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, + struct custom_mutator *mutator) { u8 needs_write = 0, fault = 0; u32 trim_exec = 0; @@ -235,8 +246,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, struct /* Initialize trimming in the custom mutator */ afl->stage_cur = 0; - afl->stage_max = - mutator->afl_custom_init_trim(mutator->data, in_buf, q->len); + afl->stage_max = mutator->afl_custom_init_trim(mutator->data, in_buf, q->len); if (unlikely(afl->stage_max) < 0) { FATAL("custom_init_trim error ret: %d", afl->stage_max); @@ -299,8 +309,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, struct } /* Tell the custom mutator that the trimming was successful */ - afl->stage_cur = - mutator->afl_custom_post_trim(mutator->data, 1); + afl->stage_cur = mutator->afl_custom_post_trim(mutator->data, 1); if (afl->not_on_tty && afl->debug) { @@ -312,8 +321,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, struct } else { /* Tell the custom mutator that the trimming was unsuccessful */ - afl->stage_cur = - mutator->afl_custom_post_trim(mutator->data, 0); + afl->stage_cur = mutator->afl_custom_post_trim(mutator->data, 0); if (unlikely(afl->stage_cur < 0)) { FATAL("Error ret in custom_post_trim: %d", afl->stage_cur); diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index dff1606a..ddd15c84 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -384,17 +384,21 @@ u8 fuzz_one_original(afl_state_t *afl) { #else - if (unlikely(afl->custom_mutators_count )) { + if (unlikely(afl->custom_mutators_count)) { /* The custom mutator will decide to skip this test case or not. */ LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if (el->afl_custom_queue_get && !el->afl_custom_queue_get(el->data, afl->queue_cur->fname)) { + if (el->afl_custom_queue_get && + !el->afl_custom_queue_get(el->data, afl->queue_cur->fname)) { + return 1; + } - } ); + }); + } if (likely(afl->pending_favored)) { @@ -1660,13 +1664,14 @@ custom_mutator_stage: orig_hit_cnt = afl->queued_paths + afl->unique_crashes; - LIST_FOREACH (&afl->custom_mutator_list, struct custom_mutator, { + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if ( el->afl_custom_fuzz ) { + if (el->afl_custom_fuzz) { has_custom_fuzz = true; - for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { + for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; + ++afl->stage_cur) { struct queue_entry *target; u32 tid; @@ -1698,7 +1703,7 @@ custom_mutator_stage: /* Make sure that the target has a reasonable length. */ while (target && (target->len < 2 || target == afl->queue_cur) && - afl->queued_paths > 1) { + afl->queued_paths > 1) { target = target->next; ++afl->splicing_with; @@ -1717,9 +1722,9 @@ custom_mutator_stage: u8 *mutated_buf = NULL; - size_t mutated_size = el->afl_custom_fuzz( - el->data, out_buf, len, &mutated_buf, new_buf, target->len, - max_seed_size); + size_t mutated_size = + el->afl_custom_fuzz(el->data, out_buf, len, &mutated_buf, new_buf, + target->len, max_seed_size); if (unlikely(!mutated_buf)) { @@ -1754,15 +1759,15 @@ custom_mutator_stage: } /* `(afl->)out_buf` may have been changed by the call to custom_fuzz */ - /* TODO: Only do this when `mutated_buf` == `out_buf`? Branch vs Memcpy. */ + /* TODO: Only do this when `mutated_buf` == `out_buf`? Branch vs Memcpy. + */ memcpy(out_buf, in_buf, len); } } - - } ); + }); if (!has_custom_fuzz) goto havoc_stage; @@ -1827,14 +1832,15 @@ havoc_stage: if (el->stacked_custom_prob > 100) { FATAL( - "The probability returned by afl_custom_havoc_mutation_propability " + "The probability returned by " + "afl_custom_havoc_mutation_propability " "has to be in the range 0-100."); } } - - } ); + + }); } @@ -1850,10 +1856,11 @@ havoc_stage: for (i = 0; i < use_stacking; ++i) { if (afl->custom_mutators_count) { - + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if (el->stacked_custom && rand_below(afl, 100) < el->stacked_custom_prob) { + if (el->stacked_custom && + rand_below(afl, 100) < el->stacked_custom_prob) { u8 * custom_havoc_buf = NULL; size_t new_len = el->afl_custom_havoc_mutation( @@ -1877,8 +1884,9 @@ havoc_stage: } } - - } ); + + }); + } switch (rand_below( diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index a65add55..e90d91d1 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -295,9 +295,10 @@ void deinit_py(void *py_mutator) { } -struct custom_mutator * load_custom_mutator_py(afl_state_t *afl, char *module_name) { +struct custom_mutator *load_custom_mutator_py(afl_state_t *afl, + char * module_name) { - struct custom_mutator * mutator; + struct custom_mutator *mutator; mutator = ck_alloc(sizeof(struct custom_mutator)); mutator->pre_save_buf = NULL; @@ -313,17 +314,9 @@ struct custom_mutator * load_custom_mutator_py(afl_state_t *afl, char *module_na PyObject **py_functions = py_mutator->py_functions; - if (py_functions[PY_FUNC_INIT]) { + if (py_functions[PY_FUNC_INIT]) { mutator->afl_custom_init = unsupported; } - mutator->afl_custom_init = unsupported; - - } - - if (py_functions[PY_FUNC_DEINIT]) { - - mutator->afl_custom_deinit = deinit_py; - - } + if (py_functions[PY_FUNC_DEINIT]) { mutator->afl_custom_deinit = deinit_py; } /* "afl_custom_fuzz" should not be NULL, but the interface of Python mutator is quite different from the custom mutator. */ @@ -374,8 +367,6 @@ struct custom_mutator * load_custom_mutator_py(afl_state_t *afl, char *module_na } - - OKF("Python mutator '%s' installed successfully.", module_name); /* Initialize the custom mutator */ diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index c33751d9..cfeb6c5e 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -144,16 +144,18 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if ( el->afl_custom_queue_new_entry) { + if (el->afl_custom_queue_new_entry) { + u8 *fname_orig = NULL; /* At the initialization stage, queue_cur is NULL */ if (afl->queue_cur) fname_orig = afl->queue_cur->fname; el->afl_custom_queue_new_entry(el->data, fname, fname_orig); + } - } ); + }); } diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 3876dec7..4a22dad6 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -91,22 +91,22 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { if (unlikely(afl->custom_mutators_count)) { - u8 *new_buf = NULL; + u8 * new_buf = NULL; ssize_t new_size = len; - void * new_mem = mem; + void * new_mem = mem; LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { if (el->afl_custom_pre_save) { - new_size = el->afl_custom_pre_save( - el->data, new_mem, new_size, &new_buf - ); + + new_size = + el->afl_custom_pre_save(el->data, new_mem, new_size, &new_buf); } new_mem = new_buf; - } ); + }); if (unlikely(!new_buf && (new_size <= 0))) { @@ -124,7 +124,6 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { } - } else { /* boring uncustom. */ @@ -535,21 +534,22 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Custom mutator trimmer */ if (afl->custom_mutators_count) { - u8 trimmed_case = 0; + u8 trimmed_case = 0; bool custom_trimmed = false; LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { if (el->afl_custom_trim) { - + trimmed_case = trim_case_custom(afl, q, in_buf, el); custom_trimmed = true; + } - } ); + }); if (custom_trimmed) return trimmed_case; - + } u8 needs_write = 0, fault = 0; -- cgit v1.2.3 From c380819e02b3c36bc116f938e6685b5c315df827 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 9 May 2020 11:58:47 +0200 Subject: remove debug output --- src/afl-fuzz.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 14765981..aaf615e9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -648,10 +648,7 @@ int main(int argc, char **argv_orig, char **envp) { } afl->limit_time_puppet = limit_time_puppet2; - - SAYF("limit_time_puppet %d\n", afl->limit_time_puppet); afl->swarm_now = 0; - if (afl->limit_time_puppet == 0) { afl->key_puppet = 1; } int i; -- cgit v1.2.3 From 515de0d68d30a4e69fe5fb971c622391185fc4ba Mon Sep 17 00:00:00 2001 From: David CARLIER Date: Sat, 9 May 2020 23:21:26 +0100 Subject: Illumos biuld fix (#357) --- src/afl-analyze.c | 2 +- src/afl-as.c | 2 +- src/afl-fuzz-stats.c | 4 ++-- src/afl-showmap.c | 2 +- src/afl-tmin.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 8f48b1d0..4e973672 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -723,7 +723,7 @@ static void set_up_environment(void) { } - prog_in = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, getpid()); + prog_in = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); } diff --git a/src/afl-as.c b/src/afl-as.c index 486a6afa..cf7f8bb6 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -233,7 +233,7 @@ static void edit_params(int argc, char **argv) { } modified_file = - alloc_printf("%s/.afl-%u-%u.s", tmp_dir, getpid(), (u32)time(NULL)); + alloc_printf("%s/.afl-%u-%u.s", tmp_dir, (u32)getpid(), (u32)time(NULL)); wrap_things_up: diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 032cf01d..014ed34d 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -72,7 +72,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, "start_time : %llu\n" "last_update : %llu\n" "run_time : %llu\n" - "fuzzer_pid : %d\n" + "fuzzer_pid : %u\n" "cycles_done : %llu\n" "cycles_wo_finds : %llu\n" "execs_done : %llu\n" @@ -106,7 +106,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, "target_mode : %s%s%s%s%s%s%s%s\n" "command_line : %s\n", afl->start_time / 1000, cur_time / 1000, - (cur_time - afl->start_time) / 1000, getpid(), + (cur_time - afl->start_time) / 1000, (u32)getpid(), afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds, afl->fsrv.total_execs, afl->fsrv.total_execs / diff --git a/src/afl-showmap.c b/src/afl-showmap.c index a51d520d..784d323d 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -865,7 +865,7 @@ int main(int argc, char **argv_orig, char **envp) { } - stdin_file = alloc_printf("%s/.afl-showmap-temp-%u", use_dir, getpid()); + stdin_file = alloc_printf("%s/.afl-showmap-temp-%u", use_dir, (u32)getpid()); unlink(stdin_file); atexit(at_exit_handler); fsrv->out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 98568473..e15dc72d 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -619,7 +619,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) { } - out_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, getpid()); + out_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, (u32)getpid()); } -- cgit v1.2.3 From 2e553bcd69a6852e7feb7e87ce757babfcb26df0 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 10 May 2020 10:24:24 +0200 Subject: code-format --- src/afl-showmap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 784d323d..ed59f2f5 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -865,7 +865,8 @@ int main(int argc, char **argv_orig, char **envp) { } - stdin_file = alloc_printf("%s/.afl-showmap-temp-%u", use_dir, (u32)getpid()); + stdin_file = + alloc_printf("%s/.afl-showmap-temp-%u", use_dir, (u32)getpid()); unlink(stdin_file); atexit(at_exit_handler); fsrv->out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); -- cgit v1.2.3 From 26f8708fede1b15e6a93709d0baa2e5f481e082d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 10 May 2020 11:35:31 +0200 Subject: fix warning, code format --- src/afl-analyze.c | 2 +- src/afl-as.c | 6 ++--- src/afl-common.c | 2 +- src/afl-fuzz-init.c | 68 +++++++++++++++++++++++++-------------------------- src/afl-fuzz-python.c | 62 +++++++++++++++++++++++----------------------- src/afl-fuzz.c | 12 ++++----- src/afl-gotcpu.c | 56 +++++++++++++++++++++--------------------- src/afl-sharedmem.c | 6 ++--- src/afl-showmap.c | 2 +- src/afl-tmin.c | 2 +- 10 files changed, 109 insertions(+), 109 deletions(-) (limited to 'src') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 4e973672..6b67da43 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -27,7 +27,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -#include "android-ashmem.h" +# include "android-ashmem.h" #endif #include "config.h" #include "types.h" diff --git a/src/afl-as.c b/src/afl-as.c index cf7f8bb6..83bb7e96 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -79,9 +79,9 @@ static u8 use_64bit = 1; static u8 use_64bit = 0; -#ifdef __APPLE__ -#error "Sorry, 32-bit Apple platforms are not supported." -#endif /* __APPLE__ */ +# ifdef __APPLE__ +# error "Sorry, 32-bit Apple platforms are not supported." +# endif /* __APPLE__ */ #endif /* ^WORD_SIZE_64 */ diff --git a/src/afl-common.c b/src/afl-common.c index d9d57863..70dde2f0 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -34,7 +34,7 @@ /* Detect @@ in args. */ #ifndef __glibc__ -#include +# include #endif #include #include diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 32481887..7f4fa3d9 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -33,11 +33,11 @@ void bind_to_free_cpu(afl_state_t *afl) { -#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) +# if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) cpu_set_t c; -#elif defined(__NetBSD__) +# elif defined(__NetBSD__) cpuset_t * c; -#endif +# endif u8 cpu_used[4096] = {0}; u32 i; @@ -51,7 +51,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } -#if defined(__linux__) +# if defined(__linux__) DIR * d; struct dirent *de; d = opendir("/proc"); @@ -112,7 +112,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } closedir(d); -#elif defined(__FreeBSD__) || defined(__DragonFly__) +# elif defined(__FreeBSD__) || defined(__DragonFly__) struct kinfo_proc *procs; size_t nprocs; size_t proccount; @@ -133,7 +133,7 @@ void bind_to_free_cpu(afl_state_t *afl) { for (i = 0; i < proccount; i++) { -#if defined(__FreeBSD__) +# if defined(__FreeBSD__) if (!strcmp(procs[i].ki_comm, "idle")) continue; // fix when ki_oncpu = -1 @@ -143,16 +143,16 @@ void bind_to_free_cpu(afl_state_t *afl) { if (oncpu != -1 && oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 60) cpu_used[oncpu] = 1; -#elif defined(__DragonFly__) +# elif defined(__DragonFly__) if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && procs[i].kp_lwp.kl_pctcpu > 10) cpu_used[procs[i].kp_lwp.kl_cpuid] = 1; -#endif +# endif } ck_free(procs); -#elif defined(__NetBSD__) +# elif defined(__NetBSD__) struct kinfo_proc2 *procs; size_t nprocs; size_t proccount; @@ -181,15 +181,15 @@ void bind_to_free_cpu(afl_state_t *afl) { } ck_free(procs); -#else -#warning \ - "For this platform we do not have free CPU binding code yet. If possible, please supply a PR to https://github.com/AFLplusplus/AFLplusplus" -#endif +# else +# warning \ + "For this platform we do not have free CPU binding code yet. If possible, please supply a PR to https://github.com/AFLplusplus/AFLplusplus" +# endif size_t cpu_start = 0; try: -#ifndef __ANDROID__ +# ifndef __ANDROID__ for (i = cpu_start; i < afl->cpu_core_count; i++) { if (!cpu_used[i]) { break; } @@ -198,12 +198,12 @@ void bind_to_free_cpu(afl_state_t *afl) { if (i == afl->cpu_core_count) { -#else +# else for (i = afl->cpu_core_count - cpu_start - 1; i > -1; i--) if (!cpu_used[i]) break; if (i == -1) { -#endif +# endif SAYF("\n" cLRD "[-] " cRST "Uh-oh, looks like all %d CPU cores on your system are allocated to\n" @@ -221,16 +221,16 @@ void bind_to_free_cpu(afl_state_t *afl) { afl->cpu_aff = i; -#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) +# if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) CPU_ZERO(&c); CPU_SET(i, &c); -#elif defined(__NetBSD__) +# elif defined(__NetBSD__) c = cpuset_create(); if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); -#endif +# endif -#if defined(__linux__) +# if defined(__linux__) if (sched_setaffinity(0, sizeof(c), &c)) { if (cpu_start == afl->cpu_core_count) { @@ -246,7 +246,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } -#elif defined(__FreeBSD__) || defined(__DragonFly__) +# elif defined(__FreeBSD__) || defined(__DragonFly__) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) { if (cpu_start == afl->cpu_core_count) @@ -258,7 +258,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } -#elif defined(__NetBSD__) +# elif defined(__NetBSD__) if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { if (cpu_start == afl->cpu_core_count) @@ -271,10 +271,10 @@ if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { } cpuset_destroy(c); -#else +# else // this will need something for other platforms // TODO: Solaris/Illumos has processor_bind ... might worth a try -#endif +# endif } @@ -1565,7 +1565,7 @@ void check_crash_handling(void) { until I get a box to test the code. So, for now, we check for crash reporting the awful way. */ -#if !TARGET_OS_IPHONE +# if !TARGET_OS_IPHONE if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash$'")) return; SAYF( @@ -1583,7 +1583,7 @@ void check_crash_handling(void) { " launchctl unload -w ${SL}/LaunchAgents/${PL}.plist\n" " sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist\n"); -#endif +# endif if (!get_afl_env("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) FATAL("Crash reporter detected"); @@ -1778,26 +1778,26 @@ void get_core_count(afl_state_t *afl) { /* On *BSD systems, we can just use a sysctl to get the number of CPUs. */ -#ifdef __APPLE__ +# ifdef __APPLE__ if (sysctlbyname("hw.logicalcpu", &afl->cpu_core_count, &s, NULL, 0) < 0) return; -#else +# else int s_name[2] = {CTL_HW, HW_NCPU}; if (sysctl(s_name, 2, &afl->cpu_core_count, &s, NULL, 0) < 0) return; -#endif /* ^__APPLE__ */ +# endif /* ^__APPLE__ */ #else -#ifdef HAVE_AFFINITY +# ifdef HAVE_AFFINITY afl->cpu_core_count = sysconf(_SC_NPROCESSORS_ONLN); -#else +# else FILE *f = fopen("/proc/stat", "r"); u8 tmp[1024]; @@ -1809,7 +1809,7 @@ void get_core_count(afl_state_t *afl) { fclose(f); -#endif /* ^HAVE_AFFINITY */ +# endif /* ^HAVE_AFFINITY */ #endif /* ^(__APPLE__ || __FreeBSD__ || __OpenBSD__) */ @@ -2102,12 +2102,12 @@ void check_binary(afl_state_t *afl, u8 *fname) { #else -#if !defined(__arm__) && !defined(__arm64__) +# if !defined(__arm__) && !defined(__arm64__) if ((f_data[0] != 0xCF || f_data[1] != 0xFA || f_data[2] != 0xED) && (f_data[0] != 0xCA || f_data[1] != 0xFE || f_data[2] != 0xBA)) FATAL("Program '%s' is not a 64-bit or universal Mach-O binary", afl->fsrv.target_path); -#endif +# endif #endif /* ^!__APPLE__ */ diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index e90d91d1..c8b58a1b 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -37,9 +37,9 @@ static void *unsupported(afl_state_t *afl, unsigned int seed) { /* sorry for this makro... it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */ -#define BUF_PARAMS(name) \ - (void **)&((py_mutator_t *)py_mutator)->name##_buf, \ - &((py_mutator_t *)py_mutator)->name##_size +# define BUF_PARAMS(name) \ + (void **)&((py_mutator_t *)py_mutator)->name##_buf, \ + &((py_mutator_t *)py_mutator)->name##_size static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, u8 *add_buf, size_t add_buf_size, size_t max_size) { @@ -72,11 +72,11 @@ static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, PyTuple_SetItem(py_args, 1, py_value); /* max_size */ -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 py_value = PyLong_FromLong(max_size); -#else +# else py_value = PyInt_FromLong(max_size); -#endif +# endif if (!py_value) { Py_DECREF(py_args); @@ -118,11 +118,11 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { Py_Initialize(); -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 PyObject *py_name = PyUnicode_FromString(module_name); -#else +# else PyObject *py_name = PyString_FromString(module_name); -#endif +# endif py->py_module = PyImport_Import(py_name); Py_DECREF(py_name); @@ -243,11 +243,11 @@ static void init_py(afl_state_t *afl, py_mutator_t *py_mutator, /* Provide the init function a seed for the Python RNG */ py_args = PyTuple_New(1); -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 py_value = PyLong_FromLong(seed); -#else +# else py_value = PyInt_FromLong(seed); -#endif +# endif if (!py_value) { @@ -440,11 +440,11 @@ s32 init_trim_py(void *py_mutator, u8 *buf, size_t buf_size) { if (py_value != NULL) { -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 u32 retcnt = (u32)PyLong_AsLong(py_value); -#else +# else u32 retcnt = PyInt_AsLong(py_value); -#endif +# endif Py_DECREF(py_value); return retcnt; @@ -479,11 +479,11 @@ s32 post_trim_py(void *py_mutator, u8 success) { if (py_value != NULL) { -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 u32 retcnt = (u32)PyLong_AsLong(py_value); -#else +# else u32 retcnt = PyInt_AsLong(py_value); -#endif +# endif Py_DECREF(py_value); return retcnt; @@ -543,11 +543,11 @@ size_t havoc_mutation_py(void *py_mutator, u8 *buf, size_t buf_size, PyTuple_SetItem(py_args, 0, py_value); /* max_size */ -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 py_value = PyLong_FromLong(max_size); -#else +# else py_value = PyInt_FromLong(max_size); -#endif +# endif if (!py_value) { Py_DECREF(py_args); @@ -625,11 +625,11 @@ u8 queue_get_py(void *py_mutator, const u8 *filename) { py_args = PyTuple_New(1); // File name -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 py_value = PyUnicode_FromString(filename); -#else +# else py_value = PyString_FromString(filename); -#endif +# endif if (!py_value) { Py_DECREF(py_args); @@ -675,11 +675,11 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, py_args = PyTuple_New(2); // New queue -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 py_value = PyUnicode_FromString(filename_new_queue); -#else +# else py_value = PyString_FromString(filename_new_queue); -#endif +# endif if (!py_value) { Py_DECREF(py_args); @@ -693,11 +693,11 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, py_value = Py_None; if (filename_orig_queue) { -#if PY_MAJOR_VERSION >= 3 +# if PY_MAJOR_VERSION >= 3 py_value = PyUnicode_FromString(filename_orig_queue); -#else +# else py_value = PyString_FromString(filename_orig_queue); -#endif +# endif if (!py_value) { Py_DECREF(py_args); @@ -724,7 +724,7 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, } -#undef BUF_PARAMS +# undef BUF_PARAMS #endif /* USE_PYTHON */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index aaf615e9..29ec8fd5 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -853,7 +853,7 @@ int main(int argc, char **argv_orig, char **envp) { } -#if defined(__SANITIZE_ADDRESS__) +# if defined(__SANITIZE_ADDRESS__) if (afl->fsrv.mem_limit) { WARNF("in the ASAN build we disable all memory limits"); @@ -861,7 +861,7 @@ int main(int argc, char **argv_orig, char **envp) { } -#endif +# endif setup_signal_handlers(); check_asan_opts(); @@ -1054,9 +1054,9 @@ int main(int argc, char **argv_orig, char **envp) { get_core_count(afl); -#ifdef HAVE_AFFINITY +# ifdef HAVE_AFFINITY bind_to_free_cpu(afl); -#endif /* HAVE_AFFINITY */ +# endif /* HAVE_AFFINITY */ check_crash_handling(); check_cpu_governor(afl); @@ -1352,12 +1352,12 @@ stop_fuzzing: } -#ifdef PROFILING +# ifdef PROFILING SAYF(cYEL "[!] " cRST "Profiling information: %llu ms total work, %llu ns/run\n", time_spent_working / 1000000, time_spent_working / afl->fsrv.total_execs); -#endif +# endif fclose(afl->fsrv.plot_file); destroy_queue(afl); diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index ab7aad5c..573ad4dc 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -32,11 +32,11 @@ #define AFL_MAIN #ifndef _GNU_SOURCE -#define _GNU_SOURCE +# define _GNU_SOURCE #endif #ifdef __ANDROID__ -#include "android-ashmem.h" +# include "android-ashmem.h" #endif #include #include @@ -55,22 +55,22 @@ #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \ defined(__APPLE__) || defined(__DragonFly__) -#define HAVE_AFFINITY 1 -#if defined(__FreeBSD__) || defined(__DragonFly__) -#include -#include -#if defined(__FreeBSD__) -#include -#endif -#define cpu_set_t cpuset_t -#elif defined(__NetBSD__) -#include -#include -#elif defined(__APPLE__) -#include -#include -#include -#endif +# define HAVE_AFFINITY 1 +# if defined(__FreeBSD__) || defined(__DragonFly__) +# include +# include +# if defined(__FreeBSD__) +# include +# endif +# define cpu_set_t cpuset_t +# elif defined(__NetBSD__) +# include +# include +# elif defined(__APPLE__) +# include +# include +# include +# endif #endif /* __linux__ || __FreeBSD__ || __NetBSD__ || __APPLE__ */ /* Get CPU usage in microseconds. */ @@ -163,46 +163,46 @@ int main(int argc, char **argv) { if (!fr) { u32 util_perc; -#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) +# if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) cpu_set_t c; CPU_ZERO(&c); CPU_SET(i, &c); -#elif defined(__NetBSD__) +# elif defined(__NetBSD__) cpuset_t *c; c = cpuset_create(); if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); -#elif defined(__APPLE__) +# elif defined(__APPLE__) thread_affinity_policy_data_t c = {i}; thread_port_t native_thread = pthread_mach_thread_np(pthread_self()); if (thread_policy_set(native_thread, THREAD_AFFINITY_POLICY, (thread_policy_t)&c, 1) != KERN_SUCCESS) PFATAL("thread_policy_set failed"); -#endif +# endif -#if defined(__FreeBSD__) || defined(__DragonFly__) +# if defined(__FreeBSD__) || defined(__DragonFly__) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) PFATAL("pthread_setaffinity_np failed"); -#endif +# endif -#if defined(__NetBSD__) +# if defined(__NetBSD__) if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) PFATAL("pthread_setaffinity_np failed"); cpuset_destroy(c); -#endif +# endif -#if defined(__linux__) +# if defined(__linux__) if (sched_setaffinity(0, sizeof(c), &c)) { PFATAL("sched_setaffinity failed for cpu %d", i); } -#endif +# endif util_perc = measure_preemption(CTEST_CORE_TRG_MS); diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index e024eb18..d52a8e0d 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -27,7 +27,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -#include "android-ashmem.h" +# include "android-ashmem.h" #endif #include "config.h" #include "types.h" @@ -56,8 +56,8 @@ #include #ifndef USEMMAP -#include -#include +# include +# include #endif static list_t shm_list = {.element_prealloc_count = 0}; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index ed59f2f5..6d16e9c4 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -32,7 +32,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -#include "android-ashmem.h" +# include "android-ashmem.h" #endif #include "config.h" #include "types.h" diff --git a/src/afl-tmin.c b/src/afl-tmin.c index e15dc72d..7ac76366 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -30,7 +30,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -#include "android-ashmem.h" +# include "android-ashmem.h" #endif #include "config.h" -- cgit v1.2.3 From 30bfd44dfd9f442d5514a7100d76d1fd3d9deb74 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 10 May 2020 12:09:37 +0200 Subject: indenting preprocessor directives breaks compilation and cant be fixed, reverting ... :-( --- src/afl-analyze.c | 2 +- src/afl-as.c | 6 ++--- src/afl-common.c | 2 +- src/afl-fuzz-init.c | 68 ++++++++++++++++++++++++------------------------- src/afl-fuzz-python.c | 70 +++++++++++++++++++++++++-------------------------- src/afl-fuzz.c | 12 ++++----- src/afl-gotcpu.c | 56 ++++++++++++++++++++--------------------- src/afl-sharedmem.c | 6 ++--- src/afl-showmap.c | 2 +- src/afl-tmin.c | 2 +- 10 files changed, 113 insertions(+), 113 deletions(-) (limited to 'src') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 6b67da43..4e973672 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -27,7 +27,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -# include "android-ashmem.h" +#include "android-ashmem.h" #endif #include "config.h" #include "types.h" diff --git a/src/afl-as.c b/src/afl-as.c index 83bb7e96..cf7f8bb6 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -79,9 +79,9 @@ static u8 use_64bit = 1; static u8 use_64bit = 0; -# ifdef __APPLE__ -# error "Sorry, 32-bit Apple platforms are not supported." -# endif /* __APPLE__ */ +#ifdef __APPLE__ +#error "Sorry, 32-bit Apple platforms are not supported." +#endif /* __APPLE__ */ #endif /* ^WORD_SIZE_64 */ diff --git a/src/afl-common.c b/src/afl-common.c index 70dde2f0..d9d57863 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -34,7 +34,7 @@ /* Detect @@ in args. */ #ifndef __glibc__ -# include +#include #endif #include #include diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 7f4fa3d9..32481887 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -33,11 +33,11 @@ void bind_to_free_cpu(afl_state_t *afl) { -# if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) cpu_set_t c; -# elif defined(__NetBSD__) +#elif defined(__NetBSD__) cpuset_t * c; -# endif +#endif u8 cpu_used[4096] = {0}; u32 i; @@ -51,7 +51,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } -# if defined(__linux__) +#if defined(__linux__) DIR * d; struct dirent *de; d = opendir("/proc"); @@ -112,7 +112,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } closedir(d); -# elif defined(__FreeBSD__) || defined(__DragonFly__) +#elif defined(__FreeBSD__) || defined(__DragonFly__) struct kinfo_proc *procs; size_t nprocs; size_t proccount; @@ -133,7 +133,7 @@ void bind_to_free_cpu(afl_state_t *afl) { for (i = 0; i < proccount; i++) { -# if defined(__FreeBSD__) +#if defined(__FreeBSD__) if (!strcmp(procs[i].ki_comm, "idle")) continue; // fix when ki_oncpu = -1 @@ -143,16 +143,16 @@ void bind_to_free_cpu(afl_state_t *afl) { if (oncpu != -1 && oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 60) cpu_used[oncpu] = 1; -# elif defined(__DragonFly__) +#elif defined(__DragonFly__) if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && procs[i].kp_lwp.kl_pctcpu > 10) cpu_used[procs[i].kp_lwp.kl_cpuid] = 1; -# endif +#endif } ck_free(procs); -# elif defined(__NetBSD__) +#elif defined(__NetBSD__) struct kinfo_proc2 *procs; size_t nprocs; size_t proccount; @@ -181,15 +181,15 @@ void bind_to_free_cpu(afl_state_t *afl) { } ck_free(procs); -# else -# warning \ - "For this platform we do not have free CPU binding code yet. If possible, please supply a PR to https://github.com/AFLplusplus/AFLplusplus" -# endif +#else +#warning \ + "For this platform we do not have free CPU binding code yet. If possible, please supply a PR to https://github.com/AFLplusplus/AFLplusplus" +#endif size_t cpu_start = 0; try: -# ifndef __ANDROID__ +#ifndef __ANDROID__ for (i = cpu_start; i < afl->cpu_core_count; i++) { if (!cpu_used[i]) { break; } @@ -198,12 +198,12 @@ void bind_to_free_cpu(afl_state_t *afl) { if (i == afl->cpu_core_count) { -# else +#else for (i = afl->cpu_core_count - cpu_start - 1; i > -1; i--) if (!cpu_used[i]) break; if (i == -1) { -# endif +#endif SAYF("\n" cLRD "[-] " cRST "Uh-oh, looks like all %d CPU cores on your system are allocated to\n" @@ -221,16 +221,16 @@ void bind_to_free_cpu(afl_state_t *afl) { afl->cpu_aff = i; -# if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) CPU_ZERO(&c); CPU_SET(i, &c); -# elif defined(__NetBSD__) +#elif defined(__NetBSD__) c = cpuset_create(); if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); -# endif +#endif -# if defined(__linux__) +#if defined(__linux__) if (sched_setaffinity(0, sizeof(c), &c)) { if (cpu_start == afl->cpu_core_count) { @@ -246,7 +246,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } -# elif defined(__FreeBSD__) || defined(__DragonFly__) +#elif defined(__FreeBSD__) || defined(__DragonFly__) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) { if (cpu_start == afl->cpu_core_count) @@ -258,7 +258,7 @@ void bind_to_free_cpu(afl_state_t *afl) { } -# elif defined(__NetBSD__) +#elif defined(__NetBSD__) if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { if (cpu_start == afl->cpu_core_count) @@ -271,10 +271,10 @@ if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { } cpuset_destroy(c); -# else +#else // this will need something for other platforms // TODO: Solaris/Illumos has processor_bind ... might worth a try -# endif +#endif } @@ -1565,7 +1565,7 @@ void check_crash_handling(void) { until I get a box to test the code. So, for now, we check for crash reporting the awful way. */ -# if !TARGET_OS_IPHONE +#if !TARGET_OS_IPHONE if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash$'")) return; SAYF( @@ -1583,7 +1583,7 @@ void check_crash_handling(void) { " launchctl unload -w ${SL}/LaunchAgents/${PL}.plist\n" " sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist\n"); -# endif +#endif if (!get_afl_env("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) FATAL("Crash reporter detected"); @@ -1778,26 +1778,26 @@ void get_core_count(afl_state_t *afl) { /* On *BSD systems, we can just use a sysctl to get the number of CPUs. */ -# ifdef __APPLE__ +#ifdef __APPLE__ if (sysctlbyname("hw.logicalcpu", &afl->cpu_core_count, &s, NULL, 0) < 0) return; -# else +#else int s_name[2] = {CTL_HW, HW_NCPU}; if (sysctl(s_name, 2, &afl->cpu_core_count, &s, NULL, 0) < 0) return; -# endif /* ^__APPLE__ */ +#endif /* ^__APPLE__ */ #else -# ifdef HAVE_AFFINITY +#ifdef HAVE_AFFINITY afl->cpu_core_count = sysconf(_SC_NPROCESSORS_ONLN); -# else +#else FILE *f = fopen("/proc/stat", "r"); u8 tmp[1024]; @@ -1809,7 +1809,7 @@ void get_core_count(afl_state_t *afl) { fclose(f); -# endif /* ^HAVE_AFFINITY */ +#endif /* ^HAVE_AFFINITY */ #endif /* ^(__APPLE__ || __FreeBSD__ || __OpenBSD__) */ @@ -2102,12 +2102,12 @@ void check_binary(afl_state_t *afl, u8 *fname) { #else -# if !defined(__arm__) && !defined(__arm64__) +#if !defined(__arm__) && !defined(__arm64__) if ((f_data[0] != 0xCF || f_data[1] != 0xFA || f_data[2] != 0xED) && (f_data[0] != 0xCA || f_data[1] != 0xFE || f_data[2] != 0xBA)) FATAL("Program '%s' is not a 64-bit or universal Mach-O binary", afl->fsrv.target_path); -# endif +#endif #endif /* ^!__APPLE__ */ diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index c8b58a1b..832dba06 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -37,9 +37,9 @@ static void *unsupported(afl_state_t *afl, unsigned int seed) { /* sorry for this makro... it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */ -# define BUF_PARAMS(name) \ - (void **)&((py_mutator_t *)py_mutator)->name##_buf, \ - &((py_mutator_t *)py_mutator)->name##_size +#define BUF_PARAMS(name) \ + (void **)&((py_mutator_t *)py_mutator)->name##_buf, \ + &((py_mutator_t *)py_mutator)->name##_size static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, u8 *add_buf, size_t add_buf_size, size_t max_size) { @@ -71,12 +71,12 @@ static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, PyTuple_SetItem(py_args, 1, py_value); - /* max_size */ -# if PY_MAJOR_VERSION >= 3 +/* max_size */ +#if PY_MAJOR_VERSION >= 3 py_value = PyLong_FromLong(max_size); -# else +#else py_value = PyInt_FromLong(max_size); -# endif +#endif if (!py_value) { Py_DECREF(py_args); @@ -118,11 +118,11 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { Py_Initialize(); -# if PY_MAJOR_VERSION >= 3 +#if PY_MAJOR_VERSION >= 3 PyObject *py_name = PyUnicode_FromString(module_name); -# else +#else PyObject *py_name = PyString_FromString(module_name); -# endif +#endif py->py_module = PyImport_Import(py_name); Py_DECREF(py_name); @@ -243,11 +243,11 @@ static void init_py(afl_state_t *afl, py_mutator_t *py_mutator, /* Provide the init function a seed for the Python RNG */ py_args = PyTuple_New(1); -# if PY_MAJOR_VERSION >= 3 +#if PY_MAJOR_VERSION >= 3 py_value = PyLong_FromLong(seed); -# else +#else py_value = PyInt_FromLong(seed); -# endif +#endif if (!py_value) { @@ -440,11 +440,11 @@ s32 init_trim_py(void *py_mutator, u8 *buf, size_t buf_size) { if (py_value != NULL) { -# if PY_MAJOR_VERSION >= 3 +#if PY_MAJOR_VERSION >= 3 u32 retcnt = (u32)PyLong_AsLong(py_value); -# else +#else u32 retcnt = PyInt_AsLong(py_value); -# endif +#endif Py_DECREF(py_value); return retcnt; @@ -479,11 +479,11 @@ s32 post_trim_py(void *py_mutator, u8 success) { if (py_value != NULL) { -# if PY_MAJOR_VERSION >= 3 +#if PY_MAJOR_VERSION >= 3 u32 retcnt = (u32)PyLong_AsLong(py_value); -# else +#else u32 retcnt = PyInt_AsLong(py_value); -# endif +#endif Py_DECREF(py_value); return retcnt; @@ -542,12 +542,12 @@ size_t havoc_mutation_py(void *py_mutator, u8 *buf, size_t buf_size, PyTuple_SetItem(py_args, 0, py_value); - /* max_size */ -# if PY_MAJOR_VERSION >= 3 +/* max_size */ +#if PY_MAJOR_VERSION >= 3 py_value = PyLong_FromLong(max_size); -# else +#else py_value = PyInt_FromLong(max_size); -# endif +#endif if (!py_value) { Py_DECREF(py_args); @@ -624,12 +624,12 @@ u8 queue_get_py(void *py_mutator, const u8 *filename) { py_args = PyTuple_New(1); - // File name -# if PY_MAJOR_VERSION >= 3 +// File name +#if PY_MAJOR_VERSION >= 3 py_value = PyUnicode_FromString(filename); -# else +#else py_value = PyString_FromString(filename); -# endif +#endif if (!py_value) { Py_DECREF(py_args); @@ -674,12 +674,12 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, py_args = PyTuple_New(2); - // New queue -# if PY_MAJOR_VERSION >= 3 +// New queue +#if PY_MAJOR_VERSION >= 3 py_value = PyUnicode_FromString(filename_new_queue); -# else +#else py_value = PyString_FromString(filename_new_queue); -# endif +#endif if (!py_value) { Py_DECREF(py_args); @@ -693,11 +693,11 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, py_value = Py_None; if (filename_orig_queue) { -# if PY_MAJOR_VERSION >= 3 +#if PY_MAJOR_VERSION >= 3 py_value = PyUnicode_FromString(filename_orig_queue); -# else +#else py_value = PyString_FromString(filename_orig_queue); -# endif +#endif if (!py_value) { Py_DECREF(py_args); @@ -724,7 +724,7 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, } -# undef BUF_PARAMS +#undef BUF_PARAMS #endif /* USE_PYTHON */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 29ec8fd5..aaf615e9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -853,7 +853,7 @@ int main(int argc, char **argv_orig, char **envp) { } -# if defined(__SANITIZE_ADDRESS__) +#if defined(__SANITIZE_ADDRESS__) if (afl->fsrv.mem_limit) { WARNF("in the ASAN build we disable all memory limits"); @@ -861,7 +861,7 @@ int main(int argc, char **argv_orig, char **envp) { } -# endif +#endif setup_signal_handlers(); check_asan_opts(); @@ -1054,9 +1054,9 @@ int main(int argc, char **argv_orig, char **envp) { get_core_count(afl); -# ifdef HAVE_AFFINITY +#ifdef HAVE_AFFINITY bind_to_free_cpu(afl); -# endif /* HAVE_AFFINITY */ +#endif /* HAVE_AFFINITY */ check_crash_handling(); check_cpu_governor(afl); @@ -1352,12 +1352,12 @@ stop_fuzzing: } -# ifdef PROFILING +#ifdef PROFILING SAYF(cYEL "[!] " cRST "Profiling information: %llu ms total work, %llu ns/run\n", time_spent_working / 1000000, time_spent_working / afl->fsrv.total_execs); -# endif +#endif fclose(afl->fsrv.plot_file); destroy_queue(afl); diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index 573ad4dc..ab7aad5c 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -32,11 +32,11 @@ #define AFL_MAIN #ifndef _GNU_SOURCE -# define _GNU_SOURCE +#define _GNU_SOURCE #endif #ifdef __ANDROID__ -# include "android-ashmem.h" +#include "android-ashmem.h" #endif #include #include @@ -55,22 +55,22 @@ #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \ defined(__APPLE__) || defined(__DragonFly__) -# define HAVE_AFFINITY 1 -# if defined(__FreeBSD__) || defined(__DragonFly__) -# include -# include -# if defined(__FreeBSD__) -# include -# endif -# define cpu_set_t cpuset_t -# elif defined(__NetBSD__) -# include -# include -# elif defined(__APPLE__) -# include -# include -# include -# endif +#define HAVE_AFFINITY 1 +#if defined(__FreeBSD__) || defined(__DragonFly__) +#include +#include +#if defined(__FreeBSD__) +#include +#endif +#define cpu_set_t cpuset_t +#elif defined(__NetBSD__) +#include +#include +#elif defined(__APPLE__) +#include +#include +#include +#endif #endif /* __linux__ || __FreeBSD__ || __NetBSD__ || __APPLE__ */ /* Get CPU usage in microseconds. */ @@ -163,46 +163,46 @@ int main(int argc, char **argv) { if (!fr) { u32 util_perc; -# if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) cpu_set_t c; CPU_ZERO(&c); CPU_SET(i, &c); -# elif defined(__NetBSD__) +#elif defined(__NetBSD__) cpuset_t *c; c = cpuset_create(); if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); -# elif defined(__APPLE__) +#elif defined(__APPLE__) thread_affinity_policy_data_t c = {i}; thread_port_t native_thread = pthread_mach_thread_np(pthread_self()); if (thread_policy_set(native_thread, THREAD_AFFINITY_POLICY, (thread_policy_t)&c, 1) != KERN_SUCCESS) PFATAL("thread_policy_set failed"); -# endif +#endif -# if defined(__FreeBSD__) || defined(__DragonFly__) +#if defined(__FreeBSD__) || defined(__DragonFly__) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) PFATAL("pthread_setaffinity_np failed"); -# endif +#endif -# if defined(__NetBSD__) +#if defined(__NetBSD__) if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) PFATAL("pthread_setaffinity_np failed"); cpuset_destroy(c); -# endif +#endif -# if defined(__linux__) +#if defined(__linux__) if (sched_setaffinity(0, sizeof(c), &c)) { PFATAL("sched_setaffinity failed for cpu %d", i); } -# endif +#endif util_perc = measure_preemption(CTEST_CORE_TRG_MS); diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index d52a8e0d..e024eb18 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -27,7 +27,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -# include "android-ashmem.h" +#include "android-ashmem.h" #endif #include "config.h" #include "types.h" @@ -56,8 +56,8 @@ #include #ifndef USEMMAP -# include -# include +#include +#include #endif static list_t shm_list = {.element_prealloc_count = 0}; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 6d16e9c4..ed59f2f5 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -32,7 +32,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -# include "android-ashmem.h" +#include "android-ashmem.h" #endif #include "config.h" #include "types.h" diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 7ac76366..e15dc72d 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -30,7 +30,7 @@ #define AFL_MAIN #ifdef __ANDROID__ -# include "android-ashmem.h" +#include "android-ashmem.h" #endif #include "config.h" -- cgit v1.2.3 From 8bb10c3bf120ae29e0b4a97558b32671784b8383 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 12 May 2020 09:20:02 +0200 Subject: fix issue in describe_op showing time inside src --- src/afl-fuzz-bitmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 2289183c..d4966889 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -437,13 +437,13 @@ u8 *describe_op(afl_state_t *afl, u8 hnb) { sprintf(ret, "src:%06u", afl->current_entry); - sprintf(ret + strlen(ret), ",time:%llu", get_cur_time() - afl->start_time); - if (afl->splicing_with >= 0) { sprintf(ret + strlen(ret), "+%06d", afl->splicing_with); } + + sprintf(ret + strlen(ret), ",time:%llu", get_cur_time() - afl->start_time); sprintf(ret + strlen(ret), ",op:%s", afl->stage_short); -- cgit v1.2.3