fix 32-bit mode, fix weighting

2025-06-14 19:08:08 +00:00 · 2020-12-30 10:34:22 +01:00
parent 5d560c1ece
commit 0246fe9200
5 changed files with 51 additions and 37 deletions
--- a/2
+++ b/2
@ -414,7 +414,7 @@ afl-as: src/afl-as.c include/afl-as.h $(COMM_HDR) | test_x86
 	@ln -sf afl-as as

 src/afl-performance.o : $(COMM_HDR) src/afl-performance.c include/hash.h
-	$(CC) -Iinclude $(SPECIAL_PERFORMANCE) -O3 -fno-unroll-loops -c src/afl-performance.c -o src/afl-performance.o
+	$(CC) $(CFLAGS) -Iinclude $(SPECIAL_PERFORMANCE) -O3 -fno-unroll-loops -c src/afl-performance.c -o src/afl-performance.o

 src/afl-common.o : $(COMM_HDR) src/afl-common.c include/common.h
 	$(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-common.c -o src/afl-common.o
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@ -1667,21 +1667,21 @@ static void handle_existing_out_dir(afl_state_t *afl) {

  if (afl->in_place_resume && rmdir(fn)) {

-    time_t     cur_t = time(0);
-    struct tm  t;
+    time_t    cur_t = time(0);
+    struct tm t;
    localtime_r(&cur_t, &t);

 #ifndef SIMPLE_FILES

-    u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
-                           t.tm_year + 1900, t.tm_mon + 1, t.tm_mday,
-                           t.tm_hour, t.tm_min, t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);

 #else

-    u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
-                           t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min,
-                           t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);

 #endif                                                    /* ^!SIMPLE_FILES */

@ -1699,21 +1699,21 @@ static void handle_existing_out_dir(afl_state_t *afl) {

  if (afl->in_place_resume && rmdir(fn)) {

-    time_t     cur_t = time(0);
-    struct tm  t;
+    time_t    cur_t = time(0);
+    struct tm t;
    localtime_r(&cur_t, &t);

 #ifndef SIMPLE_FILES

-    u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
-                           t.tm_year + 1900, t.tm_mon + 1, t.tm_mday,
-                           t.tm_hour, t.tm_min, t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);

 #else

-    u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
-                           t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min,
-                           t.tm_sec);
+    u8 *nfn =
+        alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t.tm_year + 1900,
+                     t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec);

 #endif                                                    /* ^!SIMPLE_FILES */

--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@ -97,30 +97,43 @@ void create_alias_table(afl_state_t *afl) {

    double avg_exec_us = 0.0;
    double avg_bitmap_size = 0.0;
-    for (i = 0; i < n; i++) {
-
-      struct queue_entry *q = afl->queue_buf[i];
-      avg_exec_us += q->exec_us;
-      avg_bitmap_size += log(q->bitmap_size);
-
-    }
-
-    avg_exec_us /= afl->queued_paths;
-    avg_bitmap_size /= afl->queued_paths;
+    u32    active = 0;

    for (i = 0; i < n; i++) {

      struct queue_entry *q = afl->queue_buf[i];

-      q->weight = q->disabled ? 0 : compute_weight(afl, q, avg_exec_us, avg_bitmap_size);
-      q->perf_score = q->disabled ? 0 : calculate_score(afl, q);
+      // disabled entries might have timings and bitmap values
+      if (likely(!q->disabled)) {

-      sum += q->weight;
+        avg_exec_us += q->exec_us;
+        avg_bitmap_size += log(q->bitmap_size);
+        ++active;
+
+      }
+
+    }
+
+    avg_exec_us /= active;
+    avg_bitmap_size /= active;
+
+    for (i = 0; i < n; i++) {
+
+      struct queue_entry *q = afl->queue_buf[i];
+
+      if (likely(!q->disabled)) {
+
+        q->weight = compute_weight(afl, q, avg_exec_us, avg_bitmap_size);
+        q->perf_score = calculate_score(afl, q);
+        sum += q->weight;
+
+      }

    }

    for (i = 0; i < n; i++) {

+      // weight is always 0 for disabled entries
      P[i] = (afl->queue_buf[i]->weight * n) / sum;

    }
@ -139,8 +152,8 @@ void create_alias_table(afl_state_t *afl) {

    for (i = 0; i < n; i++) {

-      struct queue_entry *q = afl->queue_buf[i];
-      P[i] = (q->perf_score * n) / sum;
+      // perf_score is always 0 for disabled entries
+      P[i] = (afl->queue_buf[i]->perf_score * n) / sum;

    }

--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@ -456,7 +456,8 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,

  }

-  if (/* SHAPE_BYTES(h->shape) >= 1 && */ *status != 1) { /* avoid CodeQL warning on unsigned overflow */
+  /* avoid CodeQL warning on unsigned overflow */
+  if (/* SHAPE_BYTES(h->shape) >= 1 && */ *status != 1) {

    if (its_len >= 1 && *buf_8 == (u8)pattern && *o_buf_8 == (u8)o_pattern) {

--- a/src/afl-performance.c
+++ b/src/afl-performance.c
@ -56,13 +56,13 @@ inline AFL_RAND_RETURN rand_next(afl_state_t *afl) {
 // RomuTrio32
 inline AFL_RAND_RETURN rand_next(afl_state_t *afl) {

-  AFL_RAND_RETURN xp = afl->rand_seed[0], yp = afl->rand_seed[1],
-                  zp = afl->rand_seed[2];
+  AFL_RAND_RETURN xp = (u32)afl->rand_seed[0], yp = (u32)afl->rand_seed[1],
+                  zp = (u32)afl->rand_seed[2];
  afl->rand_seed[0] = 3323815723u * zp;
  afl->rand_seed[1] = yp - xp;
-  afl->rand_seed[1] = ROTL(afl->rand_seed[1], 6);
+  afl->rand_seed[1] = ROTL((u32)afl->rand_seed[1], 6);
  afl->rand_seed[2] = zp - yp;
-  afl->rand_seed[2] = ROTL(afl->rand_seed[2], 22);
+  afl->rand_seed[2] = ROTL((u32)afl->rand_seed[2], 22);
  return xp;

 }