ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

more code format

Browse Source
This commit is contained in:
van Hauser
2020-03-09 08:30:28 +01:00
parent 0581f6ec00
commit 36ce9c1fb9
13 changed files with 143 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
examples/custom_mutators/example.c
View File

@ -38,18 +38,17 @@ void afl_custom_init(unsigned int seed) {
* produce data larger than max_size.
* @return Size of the mutated output.
*/
size_t afl_custom_fuzz(uint8_t **buf, size_t buf_size,
uint8_t *add_buf,size_t add_buf_size, // add_buf can be NULL
size_t afl_custom_fuzz(uint8_t **buf, size_t buf_size, uint8_t *add_buf,
size_t add_buf_size, // add_buf can be NULL
size_t max_size) {
// Make sure that the packet size does not exceed the maximum size expected by
// the fuzzer
size_t mutated_size = data_size <= max_size ? data_size : max_size;
if (mutated_size > buf_size)
*buf = realloc(*buf, mutated_size);
if (mutated_size > buf_size) *buf = realloc(*buf, mutated_size);
uint8_t* mutated_out = *buf;
uint8_t *mutated_out = *buf;
// Randomly select a command string to add as a header to the packet
memcpy(mutated_out, commands[rand() % 3], 3);
@ -147,7 +146,7 @@ int afl_custom_init_trim(uint8_t *buf, size_t buf_size) {
* the memory after saving the test case.
* @param[out] out_buf_size Pointer to the size of the trimmed test case
*/
void afl_custom_trim(uint8_t **out_buf, size_t* out_buf_size) {
void afl_custom_trim(uint8_t **out_buf, size_t *out_buf_size) {
*out_buf_size = trim_buf_size - 1;
@ -172,8 +171,10 @@ void afl_custom_trim(uint8_t **out_buf, size_t* out_buf_size) {
int afl_custom_post_trim(int success) {
if (success) {
++cur_step;
return cur_step;
}
return trimmming_steps;
@ -193,7 +194,8 @@ int afl_custom_post_trim(int success) {
* not produce data larger than max_size.
* @return Size of the mutated output.
*/
size_t afl_custom_havoc_mutation(uint8_t** buf, size_t buf_size, size_t max_size) {
size_t afl_custom_havoc_mutation(uint8_t **buf, size_t buf_size,
size_t max_size) {
if (buf_size == 0) {
@ -233,7 +235,7 @@ uint8_t afl_custom_havoc_mutation_probability(void) {
* @return Return True(1) if the fuzzer will fuzz the queue entry, and
* False(0) otherwise.
*/
uint8_t afl_custom_queue_get(const uint8_t* filename) {
uint8_t afl_custom_queue_get(const uint8_t *filename) {
return 1;
@ -248,8 +250,8 @@ uint8_t afl_custom_queue_get(const uint8_t* filename) {
* @param filename_new_queue File name of the new queue entry
* @param filename_orig_queue File name of the original queue entry
*/
void afl_custom_queue_new_entry(const uint8_t* filename_new_queue,
const uint8_t* filename_orig_queue) {
void afl_custom_queue_new_entry(const uint8_t *filename_new_queue,
const uint8_t *filename_orig_queue) {
/* Additional analysis on the original or new test case */

9
include/afl-fuzz.h
View File

@ -461,6 +461,7 @@ extern s32 cmplog_child_pid, cmplog_forksrv_pid;
/* Custom mutators */
struct custom_mutator {
const char* name;
void* dh;
@ -485,8 +486,8 @@ struct custom_mutator {
* @param[in] buf_size Size of the input/output data
* @param[in] add_buf Buffer containing the additional test case
* @param[in] add_buf_size Size of the additional test case
* @param[in] max_size Maximum size of the mutated output. The mutation must not
* produce data larger than max_size.
* @param[in] max_size Maximum size of the mutated output. The mutation must
* not produce data larger than max_size.
* @return Size of the mutated output.
*/
size_t (*afl_custom_fuzz)(u8** buf, size_t buf_size, u8* add_buf,
@ -574,7 +575,8 @@ struct custom_mutator {
* not produce data larger than max_size.
* @return Size of the mutated output.
*/
size_t (*afl_custom_havoc_mutation)(u8** buf, size_t buf_size, size_t max_size);
size_t (*afl_custom_havoc_mutation)(u8** buf, size_t buf_size,
size_t max_size);
/**
* Return the probability (in percentage) that afl_custom_havoc_mutation
@ -609,6 +611,7 @@ struct custom_mutator {
*/
void (*afl_custom_queue_new_entry)(const u8* filename_new_queue,
const u8* filename_orig_queue);
};
extern struct custom_mutator* mutator;

35
include/envs.h
View File

@ -1,11 +1,10 @@
const char *afl_environment_variables[] = {
"AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS",
"AFL_AUTORESUME",
"AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", "AFL_BENCH_UNTIL_CRASH",
"AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY",
"AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME",
"AFL_COMPCOV_LEVEL", "AFL_CUSTOM_MUTATOR_LIBRARY",
"AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE",
"AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY",
"AFL_CMIN_CRASHES_ONLY", "AFL_CODE_END", "AFL_CODE_START",
"AFL_COMPCOV_BINNAME", "AFL_COMPCOV_LEVEL", "AFL_CUSTOM_MUTATOR_LIBRARY",
"AFL_CUSTOM_MUTATOR_ONLY", "AFL_CXX", "AFL_DEBUG", "AFL_DEBUG_CHILD_OUTPUT",
//"AFL_DEFER_FORKSRV", // not implemented anymore, so warn additionally
"AFL_DISABLE_TRIM", "AFL_DONT_OPTIMIZE", "AFL_DUMB_FORKSRV",
@ -19,21 +18,19 @@ const char *afl_environment_variables[] = {
"AFL_LLVM_LAF_SPLIT_COMPARES_BITW", "AFL_LLVM_LAF_SPLIT_FLOATS",
"AFL_LLVM_LAF_SPLIT_SWITCHES", "AFL_LLVM_LAF_TRANSFORM_COMPARES",
"AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", "AFL_NO_AFFINITY",
"AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID",
"AFL_NO_ARITH", "AFL_NO_BUILTIN", "AFL_NO_CPU_RED", "AFL_NO_FORKSRV",
"AFL_NO_UI",
"AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH",
"AFL_NO_BUILTIN", "AFL_NO_CPU_RED", "AFL_NO_FORKSRV", "AFL_NO_UI",
"AFL_NO_X86", // not really an env but we dont want to warn on it
"AFL_PATH", "AFL_PERFORMANCE_FILE",
//"AFL_PERSISTENT", // not implemented anymore, so warn additionally
"AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE",
"AFL_QEMU_COMPCOV", "AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS",
"AFL_QEMU_DISABLE_CACHE", "AFL_QEMU_PERSISTENT_ADDR",
"AFL_QEMU_PERSISTENT_CNT", "AFL_QEMU_PERSISTENT_GPR",
"AFL_QEMU_PERSISTENT_HOOK", "AFL_QEMU_PERSISTENT_RET",
"AFL_QEMU_PERSISTENT_RETADDR_OFFSET", "AFL_QUIET",
"AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH", "AFL_SHUFFLE_QUEUE",
"AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ", "AFL_SKIP_CRASHES",
"AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE", "AFL_TRACE_PC",
"AFL_USE_ASAN", "AFL_USE_MSAN", "AFL_USE_TRACE_PC", "AFL_USE_UBSAN",
"AFL_WINE_PATH", NULL};
"AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV",
"AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE",
"AFL_QEMU_PERSISTENT_ADDR", "AFL_QEMU_PERSISTENT_CNT",
"AFL_QEMU_PERSISTENT_GPR", "AFL_QEMU_PERSISTENT_HOOK",
"AFL_QEMU_PERSISTENT_RET", "AFL_QEMU_PERSISTENT_RETADDR_OFFSET",
"AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH",
"AFL_SHUFFLE_QUEUE", "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ",
"AFL_SKIP_CRASHES", "AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE",
"AFL_TRACE_PC", "AFL_USE_ASAN", "AFL_USE_MSAN", "AFL_USE_TRACE_PC",
"AFL_USE_UBSAN", "AFL_WINE_PATH", NULL};

7
qemu_mode/patches/afl-qemu-tcg-runtime-inl.h
View File

@ -34,7 +34,7 @@
#include "afl-qemu-common.h"
#include "tcg.h"
void HELPER(afl_entry_routine)(CPUArchState *env) {
void HELPER(afl_entry_routine)(CPUArchState* env) {
afl_forkserver(ENV_GET_CPU(env));
@ -171,7 +171,7 @@ static int area_is_mapped(void* ptr, size_t len) {
}
void HELPER(afl_cmplog_rtn)(CPUX86State *env) {
void HELPER(afl_cmplog_rtn)(CPUX86State* env) {
#if defined(TARGET_X86_64)
@ -182,7 +182,7 @@ void HELPER(afl_cmplog_rtn)(CPUX86State *env) {
target_ulong* stack = g2h(env->regs[R_ESP]);
if (!area_is_mapped(stack, sizeof(target_ulong)*2)) return;
if (!area_is_mapped(stack, sizeof(target_ulong) * 2)) return;
// when this hook is executed, the retaddr is not on stack yet
void* ptr1 = g2h(stack[0]);
@ -217,3 +217,4 @@ void HELPER(afl_cmplog_rtn)(CPUX86State *env) {
ptr2, 32);
}

2
src/afl-fuzz-globals.c
View File

@ -256,7 +256,7 @@ u8 *cmplog_binary;
s32 cmplog_child_pid, cmplog_forksrv_pid;
/* Custom mutator */
struct custom_mutator* mutator;
struct custom_mutator *mutator;
/* Interesting values, as per config.h */

3
src/afl-fuzz-init.c
View File

@ -1036,7 +1036,8 @@ static void handle_existing_out_dir(void) {
fclose(f);
/* Autoresume treats a normal run as in_place_resume if a valid out dir already exists */
/* Autoresume treats a normal run as in_place_resume if a valid out dir
* already exists */
if (!in_place_resume && autoresume) {

33
src/afl-fuzz-mutators.c
View File

@ -36,6 +36,7 @@ void setup_custom_mutator(void) {
u8* fn = getenv("AFL_CUSTOM_MUTATOR_LIBRARY");
if (fn) {
if (limit_time_sig)
FATAL(
"MOpt and custom mutator are mutually exclusive. We accept pull "
@ -45,6 +46,7 @@ void setup_custom_mutator(void) {
load_custom_mutator(fn);
return;
}
/* Try Python module */
@ -65,6 +67,7 @@ void setup_custom_mutator(void) {
load_custom_mutator_py(module_name);
}
#else
if (getenv("AFL_PYTHON_MODULE"))
FATAL("Your AFL binary was built without Python support");
@ -75,16 +78,20 @@ void setup_custom_mutator(void) {
void destroy_custom_mutator(void) {
if (mutator) {
if (mutator->dh)
dlclose(mutator->dh);
else {
/* Python mutator */
#ifdef USE_PYTHON
finalize_py_module();
#endif
}
ck_free(mutator);
}
}
@ -104,8 +111,7 @@ void load_custom_mutator(const char* fn) {
/* Mutator */
/* "afl_custom_init", optional for backward compatibility */
mutator->afl_custom_init = dlsym(dh, "afl_custom_init");
if (!mutator->afl_custom_init)
WARNF("Symbol 'afl_custom_init' not found.");
if (!mutator->afl_custom_init) WARNF("Symbol 'afl_custom_init' not found.");
/* "afl_custom_fuzz" or "afl_custom_mutator", required */
mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_fuzz");
@ -133,8 +139,7 @@ void load_custom_mutator(const char* fn) {
/* "afl_custom_trim", optional */
mutator->afl_custom_trim = dlsym(dh, "afl_custom_trim");
if (!mutator->afl_custom_trim)
WARNF("Symbol 'afl_custom_trim' not found.");
if (!mutator->afl_custom_trim) WARNF("Symbol 'afl_custom_trim' not found.");
/* "afl_custom_post_trim", optional */
mutator->afl_custom_post_trim = dlsym(dh, "afl_custom_post_trim");
@ -158,7 +163,8 @@ void load_custom_mutator(const char* fn) {
WARNF("Symbol 'afl_custom_havoc_mutation' not found.");
/* "afl_custom_havoc_mutation", optional */
mutator->afl_custom_havoc_mutation_probability = dlsym(dh, "afl_custom_havoc_mutation_probability");
mutator->afl_custom_havoc_mutation_probability =
dlsym(dh, "afl_custom_havoc_mutation_probability");
if (!mutator->afl_custom_havoc_mutation_probability)
WARNF("Symbol 'afl_custom_havoc_mutation_probability' not found.");
@ -175,8 +181,7 @@ void load_custom_mutator(const char* fn) {
OKF("Custom mutator '%s' installed successfully.", fn);
/* Initialize the custom mutator */
if (mutator->afl_custom_init)
mutator->afl_custom_init(UR(0xFFFFFFFF));
if (mutator->afl_custom_init) mutator->afl_custom_init(UR(0xFFFFFFFF));
}
@ -309,8 +314,7 @@ void load_custom_mutator_py(const char* module_name) {
mutator->name = module_name;
ACTF("Loading Python mutator library from '%s'...", module_name);
if (py_functions[PY_FUNC_INIT])
mutator->afl_custom_init = init_py;
if (py_functions[PY_FUNC_INIT]) mutator->afl_custom_init = init_py;
/* "afl_custom_fuzz" should not be NULL, but the interface of Python mutator
is quite different from the custom mutator. */
@ -325,14 +329,14 @@ void load_custom_mutator_py(const char* module_name) {
if (py_functions[PY_FUNC_POST_TRIM])
mutator->afl_custom_post_trim = post_trim_py;
if (py_functions[PY_FUNC_TRIM])
mutator->afl_custom_trim = trim_py;
if (py_functions[PY_FUNC_TRIM]) mutator->afl_custom_trim = trim_py;
if (py_functions[PY_FUNC_HAVOC_MUTATION])
mutator->afl_custom_havoc_mutation = havoc_mutation_py;
if (py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY])
mutator->afl_custom_havoc_mutation_probability = havoc_mutation_probability_py;
mutator->afl_custom_havoc_mutation_probability =
havoc_mutation_probability_py;
if (py_functions[PY_FUNC_QUEUE_GET])
mutator->afl_custom_queue_get = queue_get_py;
@ -343,8 +347,9 @@ void load_custom_mutator_py(const char* module_name) {
OKF("Python mutator '%s' installed successfully.", module_name);
/* Initialize the custom mutator */
if (mutator->afl_custom_init)
mutator->afl_custom_init(UR(0xFFFFFFFF));
if (mutator->afl_custom_init) mutator->afl_custom_init(UR(0xFFFFFFFF));
}
#endif

16
src/afl-fuzz-one.c
View File

@ -359,8 +359,7 @@ u8 fuzz_one_original(char** argv) {
/* The custom mutator will decide to skip this test case or not. */
if (!mutator->afl_custom_queue_get(queue_cur->fname))
return 1;
if (!mutator->afl_custom_queue_get(queue_cur->fname)) return 1;
}
@ -1598,9 +1597,8 @@ custom_mutator_stage:
ck_read(fd, new_buf, target->len, target->fname);
close(fd);
size_t mutated_size = mutator->afl_custom_fuzz(&out_buf, len,
new_buf, target->len,
max_seed_size);
size_t mutated_size = mutator->afl_custom_fuzz(&out_buf, len, new_buf,
target->len, max_seed_size);
ck_free(new_buf);
@ -1694,7 +1692,9 @@ havoc_stage:
stacked_custom_prob = mutator->afl_custom_havoc_mutation_probability();
if (stacked_custom_prob > 100)
FATAL("The probability returned by afl_custom_havoc_mutation_propability has to be in the range 0-100.");
FATAL(
"The probability returned by afl_custom_havoc_mutation_propability "
"has to be in the range 0-100.");
}
@ -1711,8 +1711,8 @@ havoc_stage:
if (stacked_custom && UR(100) < stacked_custom_prob) {
temp_len = mutator->afl_custom_havoc_mutation(&out_buf, temp_len,
MAX_FILE);
temp_len =
mutator->afl_custom_havoc_mutation(&out_buf, temp_len, MAX_FILE);
}

18
src/afl-fuzz-python.c
View File

@ -80,6 +80,7 @@ int init_py_module(u8* module_name) {
py_notrim = 1;
} else if ((py_idx >= PY_FUNC_HAVOC_MUTATION) &&
(py_idx <= PY_FUNC_QUEUE_NEW_ENTRY)) {
// Implenting the havoc and queue API is optional for now
@ -140,6 +141,7 @@ void finalize_py_module() {
}
void init_py(unsigned int seed) {
PyObject *py_args, *py_value;
/* Provide the init function a seed for the Python RNG */
@ -171,6 +173,7 @@ void init_py(unsigned int seed) {
return;
}
}
size_t fuzz_py(u8** buf, size_t buf_size, u8* add_buf, size_t add_buf_size,
@ -224,8 +227,7 @@ size_t fuzz_py(u8** buf, size_t buf_size, u8* add_buf, size_t add_buf_size,
if (py_value != NULL) {
mutated_size = PyByteArray_Size(py_value);
if (buf_size < mutated_size)
*buf = ck_realloc(*buf, mutated_size);
if (buf_size < mutated_size) *buf = ck_realloc(*buf, mutated_size);
memcpy(*buf, PyByteArray_AsString(py_value), mutated_size);
Py_DECREF(py_value);
@ -414,8 +416,7 @@ size_t havoc_mutation_py(u8** buf, size_t buf_size, size_t max_size) {
if (py_value != NULL) {
mutated_size = PyByteArray_Size(py_value);
if (buf_size < mutated_size)
*buf = ck_realloc(*buf, mutated_size);
if (buf_size < mutated_size) *buf = ck_realloc(*buf, mutated_size);
memcpy(*buf, PyByteArray_AsString(py_value), mutated_size);
@ -436,7 +437,8 @@ u8 havoc_mutation_probability_py(void) {
PyObject *py_args, *py_value;
py_args = PyTuple_New(0);
py_value = PyObject_CallObject(py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY], py_args);
py_value = PyObject_CallObject(
py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY], py_args);
Py_DECREF(py_args);
if (py_value != NULL) {
@ -491,7 +493,7 @@ u8 queue_get_py(const u8* filename) {
}
return (u8) ret & 0xFF;
return (u8)ret & 0xFF;
} else {
@ -545,8 +547,8 @@ void queue_new_entry_py(const u8* filename_new_queue,
PyTuple_SetItem(py_args, 1, py_value);
// Call
py_value = PyObject_CallObject(py_functions[PY_FUNC_QUEUE_NEW_ENTRY],
py_args);
py_value =
PyObject_CallObject(py_functions[PY_FUNC_QUEUE_NEW_ENTRY], py_args);
Py_DECREF(py_args);
if (py_value == NULL) {

2
src/afl-fuzz-run.c
View File

@ -662,7 +662,7 @@ void sync_fuzzers(char** argv) {
ck_write(id_fd, &next_min_accept, sizeof(u32), qd_synced_path);
close_sync:
close_sync:
close(id_fd);
closedir(qd);
ck_free(qd_path);

6
src/afl-fuzz.c
View File

@ -119,7 +119,8 @@ static void usage(u8* argv0, int more_help) {
" if using QEMU, just use -c 0.\n\n"
"Fuzzing behavior settings:\n"
" -N - do not unlink the fuzzing input file (only for devices etc.!)\n"
" -N - do not unlink the fuzzing input file (only for "
"devices etc.!)\n"
" -d - quick & dirty mode (skips deterministic steps)\n"
" -n - fuzz without instrumentation (dumb mode)\n"
" -x dir - optional fuzzer dictionary (see README.md, its really "
@ -752,8 +753,7 @@ int main(int argc, char** argv, char** envp) {
if (get_afl_env("AFL_AUTORESUME")) {
autoresume = 1;
if (in_place_resume)
SAYF("AFL_AUTORESUME has no effect for '-i -'");
if (in_place_resume) SAYF("AFL_AUTORESUME has no effect for '-i -'");
}

3
src/afl-showmap.c
View File

@ -731,8 +731,7 @@ int main(int argc, char** argv, char** envp) {
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
if (getenv("AFL_QUIET") != NULL)
be_quiet = 1;
if (getenv("AFL_QUIET") != NULL) be_quiet = 1;
while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqZQUWbcrh")) > 0)

20
src/afl-tmin.c
View File

@ -99,7 +99,6 @@ static volatile u8 stop_soon; /* Ctrl-C pressed? */
static u8 qemu_mode;
/*
* forkserver section
*/
@ -826,7 +825,8 @@ finalize_all:
"%0.02f%% (to %u byte%s)\n" cGRA " Characters simplified : " cRST
"%0.02f%%\n" cGRA " Number of execs done : " cRST "%u\n" cGRA
" Fruitless execs : " cRST "termination=%u crash=%u\n\n",
100 - ((double)in_len) * 100 / orig_len, in_len, in_len == 1 ? "" : "s",
100 - ((double)in_len) * 100 / orig_len, in_len,
in_len == 1 ? "" : "s",
((double)(alpha_d_total)) * 100 / (in_len ? in_len : 1), total_execs,
missed_paths, missed_crashes);
return;
@ -1146,7 +1146,8 @@ int main(int argc, char** argv, char** envp) {
case 'e':
if (edges_only) FATAL("Multiple -e options not supported");
if (hang_mode) FATAL("Edges only and hang mode are mutually exclusive.");
if (hang_mode)
FATAL("Edges only and hang mode are mutually exclusive.");
edges_only = 1;
break;
@ -1237,7 +1238,8 @@ int main(int argc, char** argv, char** envp) {
/* Minimizes a testcase to the minimum that still times out */
if (hang_mode) FATAL("Multipe -H options not supported");
if (edges_only) FATAL("Edges only and hang mode are mutually exclusive.");
if (edges_only)
FATAL("Edges only and hang mode are mutually exclusive.");
hang_mode = 1;
break;
@ -1314,11 +1316,15 @@ int main(int argc, char** argv, char** envp) {
run_target(use_argv, in_data, in_len, 1);
if (hang_mode && !child_timed_out)
FATAL("Target binary did not time out but hang minimization mode "
"(-H) was set (-t %u).", exec_tmout);
FATAL(
"Target binary did not time out but hang minimization mode "
"(-H) was set (-t %u).",
exec_tmout);
if (child_timed_out && !hang_mode)
FATAL("Target binary times out (adjusting -t may help). Use -H to minimize a hang.");
FATAL(
"Target binary times out (adjusting -t may help). Use -H to minimize a "
"hang.");
if (hang_mode) {