1 files changed, 30 insertions, 35 deletions
diff --git a/fix.m4 b/fix.m4
index d3ee7fa..de4e446 100644
--- a/fix.m4
+++ b/fix.m4
@@ -17,7 +17,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with taosc.  If not, see <https://www.gnu.org/licenses/>.
 
-set -ex -o pipefail
+set -eux -o pipefail
 save_exit_code() {
   set +e
   # TODO: make timeout configurable
@@ -39,63 +39,58 @@ test -x "$binary"
 opts="${@:3}" # TODO: interpolation
 
 test -d "$wd/exploits"
-test ! -z "$(ls -A "$wd/exploits")"
-mkdir -p "$wd/exit-codes"
+test -n "$(ls -A "$wd/exploits")"
 for exploit in "$wd/exploits"/*
 do
-  save_exit_code "$binary" "$opts" "$exploit"
-  echo $exit_code > "$wd/exit-codes/$(basename "$exploit")"
-done
-
-> "$wd/stack-trace"
-for exploit in "$wd/exploits"/*
-do
-  gdb --batch --ex run --ex backtrace --args \
+  gdb --batch --ex run --ex backtrace --args\
     "$binary" "$opts" "$exploit" 2>/dev/null |
     grep '^#[0-9]\+ \+0x[0-9a-f]\+' |
-    awk '!$7 || $7 == bin {print $1, $2}' "bin=$binary" >> "$wd/stack-trace"
-done
+    awk '!$7 || $7 == bin {print $1, $2}' "bin=$binary" |
+    sed 's/^#//'
+done | sort -n | uniq > "$wd/stack-trace"
 
-grep '^#0 0x[0-9a-f]\+$' "$wd/stack-trace" |
-  sed 's/^#0 0x0*//' > "$wd/return-blocks"
+grep '^0 0x[0-9a-f]\+$' "$wd/stack-trace" |
+  sed 's/^0 0x0*//' > "$wd/call-trace"
 # Stack trace contains return addresses, not call addresses:
 # https://devblogs.microsoft.com/oldnewthing?p=96116
-grep -v '^#0 0x[0-9a-f]\+$' "$wd/stack-trace" |
-  sort |
-  sed 's/^#[0-9]\+ 0x0*//' |
-  taosc-trace-call "$binary" >> "$wd/return-blocks"
+grep -v '^0 0x[0-9a-f]\+$' "$wd/stack-trace" |
+  sed 's/^[0-9]\+ 0x0*//' |
+  taosc-trace-call "$binary" >> "$wd/call-trace"
 
-> "$wd/jumps"
+rm -f "$wd/patch-location"
 pushd DATA_DIR > /dev/null
-taosc-scout "$binary" < "$wd/return-blocks" |
-  while read loc destinations
+trap 'popd > /dev/null' EXIT
+taosc-scout "$binary" < "$wd/call-trace" |
+  while read loc destinations && test ! -f "$wd/patch-location"
   do
-    e9tool -100 -M addr=0x$loc -P 'if dest()@jump goto' \
-      -o "$bin.$loc" "$binary"
+    e9tool -100 -M addr=0x$loc -P 'if dest()@jump goto' -o "$bin.jump" "$binary"
+    rm -f "$wd/destinations"
     for dest in $destinations
     do
       for exploit in "$wd/exploits"/*
       do
-        save_exit_code env TAOSC_DEST=0x$dest "$bin.$loc" "$opts" "$exploit"
-        if test $exit_code -ge 124 && test $exit_code -le 127 ||
-          test $exit_code -eq $(< "$wd/exit-codes/$(basename "$exploit")")
+        save_exit_code env TAOSC_DEST=0x$dest "$bin.jump" "$opts" "$exploit"
+        if test $exit_code -gt 128 ||
+          test $exit_code -ge 124 -a $exit_code -le 127 # timeout
         then
           continue 2 # next destination
         fi
       done
-      echo $loc $dest >> "$wd/jumps"
+      echo $loc > "$wd/patch-location"
+      echo $dest >> "$wd/destinations"
     done
   done 2>&1 1>/dev/null
-exit
+test -s "$wd/patch-location"
+test -s "$wd/destinations"
 
-afl-dyninst -x "$binary" "$bin.fuzzee"
-pushd DATA_DIR > /dev/null
-trap 'popd > /dev/null' EXIT
-e9tool -M addr=$address -P 'log(state)@collect'\
-  -o "$bin.collect" "$binary"
-e9tool -M addr=$address -P 'if dest(state)@patch goto'\
+patch_loc=0x$(< "$wd/patch-location")
+e9tool -M addr=$patch_loc -P 'log(state)@collect' -o "$bin.collect" "$binary"
+e9tool -M addr=$patch_loc -P 'if dest(state)@patch goto'\
   -o "$bin.patched" "$binary"
+exit
+stack_size=$(taosc-measure-stack "$binary" < "$wd/patch-location")
 
+afl-dyninst -x "$binary" "$bin.fuzzee"
 install -Dm 644 DATA_DIR/collection "$wd/vars/list"
 # TODO: augment number of executions
 afl-dyninst-env afl-fuzz -i "$wd/fuzz/exploits" -o "$wd/fuzz/crashes"\