better examples

instrumentation/afl-compiler-rt.o.c

@@ -174,8 +174,8 @@ static void __afl_map_shm_fuzz() {
     u8 *map = NULL;
 
 #ifdef USEMMAP
-    const char *   shm_file_path = id_str;
+    const char *shm_file_path = id_str;
-    int            shm_fd = -1;
+    int         shm_fd = -1;
 
     /* create the shared memory segment as if it was a file */
     shm_fd = shm_open(shm_file_path, O_RDWR, 0600);
@@ -414,8 +414,8 @@ static void __afl_map_shm(void) {
   if (id_str) {
 
 #ifdef USEMMAP
-    const char *   shm_file_path = id_str;
+    const char *    shm_file_path = id_str;
-    int            shm_fd = -1;
+    int             shm_fd = -1;
     struct cmp_map *shm_base = NULL;
 
     /* create the shared memory segment as if it was a file */

src/afl-sharedmem.c

@@ -252,10 +252,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
 
     shm_str = alloc_printf("%d", shm->shm_id);
 
-    /* If somebody is asking us to fuzz instrumented binaries in non-instrumented
+    /* If somebody is asking us to fuzz instrumented binaries in
-       mode, we don't want them to detect instrumentation, since we won't be
+       non-instrumented mode, we don't want them to detect instrumentation,
-       sending fork server commands. This should be replaced with better
+       since we won't be sending fork server commands. This should be replaced
-       auto-detection later on, perhaps? */
+       with better auto-detection later on, perhaps? */
 
     setenv(SHM_ENV_VAR, shm_str, 1);
 

utils/persistent_mode/persistent_demo.c

@@ -27,9 +27,15 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>
 
 /* Main entry point. */
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   ssize_t len;                               /* how much input did we read? */
@@ -42,7 +48,7 @@ int main(int argc, char **argv) {
      and similar hiccups. */
 
   __AFL_INIT();
-  while (__AFL_LOOP(1000)) {
+  while (__AFL_LOOP(UINT_MAX)) {
 
     /*** PLACEHOLDER CODE ***/
 

utils/persistent_mode/persistent_demo_new.c

@@ -27,6 +27,7 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>
 
 /* this lets the source compile without afl-clang-fast/lto */
 #ifndef __AFL_FUZZ_TESTCASE_LEN
@@ -47,6 +48,11 @@ __AFL_FUZZ_INIT();
 
 /* Main entry point. */
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   ssize_t        len;                        /* how much input did we read? */
@@ -60,7 +66,7 @@ int main(int argc, char **argv) {
   __AFL_INIT();
   buf = __AFL_FUZZ_TESTCASE_BUF;  // this must be assigned before __AFL_LOOP!
 
-  while (__AFL_LOOP(1000)) {  // increase if you have good stability
+  while (__AFL_LOOP(UINT_MAX)) {  // increase if you have good stability
 
     len = __AFL_FUZZ_TESTCASE_LEN;  // do not use the macro directly in a call!
 

utils/persistent_mode/test-instr.c

@@ -17,15 +17,21 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <limits.h>
 
 __AFL_FUZZ_INIT();
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   __AFL_INIT();
   unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
 
-  while (__AFL_LOOP(2147483647)) {  // MAX_INT if you have 100% stability
+  while (__AFL_LOOP(UINT_MAX)) {  // if you have 100% stability
 
     unsigned int len = __AFL_FUZZ_TESTCASE_LEN;