ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 03:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

try macos fix

Browse Source
This commit is contained in:
vanhauser-thc
2025-02-12 09:15:55 +01:00
parent a441f517e7
commit 47954cd04c
3 changed files with 63 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
include/coverage-32.h
View File

@ -1,8 +1,15 @@
#ifndef _COVERAGE_H
#define _COVERAGE_H
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
u32 skim(const u32 *virgin, const u32 *current, const u32 *current_end); #define _AFL_INTSIZEVAR u32
u32 classify_word(u32 word);
u32 skim(const u32 *virgin, const u32 *current, const u32 *current_end);
u32 classify_word(u32 word);
void classify_counts_mem(u32 *mem, u32 size);
inline u32 classify_word(u32 word) { inline u32 classify_word(u32 word) {
@ -126,3 +133,5 @@ inline u32 skim(const u32 *virgin, const u32 *current, const u32 *current_end) {
} }
#endif

15
include/coverage-64.h
View File

@ -1,12 +1,19 @@
#ifndef _COVERAGE_H
#define _COVERAGE_H
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
#define _AFL_INTSIZEVAR u64
#if (defined(__AVX512F__) && defined(__AVX512DQ__)) || defined(__AVX2__) #if (defined(__AVX512F__) && defined(__AVX512DQ__)) || defined(__AVX2__)
#include <immintrin.h> #include <immintrin.h>
#endif #endif
u32 skim(const u64 *virgin, const u64 *current, const u64 *current_end); u32 skim(const u64 *virgin, const u64 *current, const u64 *current_end);
u64 classify_word(u64 word); u64 classify_word(u64 word);
void classify_counts_mem(u64 *mem, u32 size);
inline u64 classify_word(u64 word) { inline u64 classify_word(u64 word) {
@ -134,7 +141,7 @@ inline u32 skim(const u64 *virgin, const u64 *current, const u64 *current_end) {
/* All bytes are zero. */ /* All bytes are zero. */
if (likely(mask == 0xff)) continue; if (likely(mask == 0xff)) continue;
/* Look for nonzero bytes and check for new bits. */ /* Look for nonzero bytes and check for new bits. */
#define UNROLL(x) \ #define UNROLL(x) \
if (unlikely(!(mask & (1 << x)) && classify_word(current[x]) & virgin[x])) \ if (unlikely(!(mask & (1 << x)) && classify_word(current[x]) & virgin[x])) \
return 1 return 1
@ -208,3 +215,5 @@ inline u32 skim(const u64 *virgin, const u64 *current, const u64 *current_end) {
#endif #endif
#endif

79
src/afl-fuzz-bitmap.c
View File

@ -28,6 +28,45 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include "asanfuzz.h" #include "asanfuzz.h"
static u16 count_class_lookup16[65536];
/* Destructively simplify trace by eliminating hit count information
and replacing it with 0x80 or 0x01 depending on whether the tuple
is hit or not. Called on every new crash or timeout, should be
reasonably fast. */
static const u8 simplify_lookup[256] = {
[0] = 1, [1 ... 255] = 128
};
/* Destructively classify execution counts in a trace. This is used as a
preprocessing step for any newly acquired traces. Called on every exec,
must be fast. */
static const u8 count_class_lookup8[256] = {
[0] = 0,
[1] = 1,
[2] = 2,
[3] = 4,
[4 ... 7] = 8,
[8 ... 15] = 16,
[16 ... 31] = 32,
[32 ... 127] = 64,
[128 ... 255] = 128
};
/* Import coverage processing routines. */
#ifdef WORD_SIZE_64
#include "coverage-64.h"
#else
#include "coverage-32.h"
#endif
#if !defined NAME_MAX #if !defined NAME_MAX
#define NAME_MAX _XOPEN_NAME_MAX #define NAME_MAX _XOPEN_NAME_MAX
#endif #endif
@ -146,36 +185,6 @@ u32 count_non_255_bytes(afl_state_t *afl, u8 *mem) {
} }
/* Destructively simplify trace by eliminating hit count information
and replacing it with 0x80 or 0x01 depending on whether the tuple
is hit or not. Called on every new crash or timeout, should be
reasonably fast. */
const u8 simplify_lookup[256] = {
[0] = 1, [1 ... 255] = 128
};
/* Destructively classify execution counts in a trace. This is used as a
preprocessing step for any newly acquired traces. Called on every exec,
must be fast. */
const u8 count_class_lookup8[256] = {
[0] = 0,
[1] = 1,
[2] = 2,
[3] = 4,
[4 ... 7] = 8,
[8 ... 15] = 16,
[16 ... 31] = 32,
[32 ... 127] = 64,
[128 ... 255] = 128
};
u16 count_class_lookup16[65536];
void init_count_class16(void) { void init_count_class16(void) {
u32 b1, b2; u32 b1, b2;
@ -193,14 +202,6 @@ void init_count_class16(void) {
} }
/* Import coverage processing routines. */
#ifdef WORD_SIZE_64
#include "coverage-64.h"
#else
#include "coverage-32.h"
#endif
/* Check if the current execution path brings anything new to the table. /* Check if the current execution path brings anything new to the table.
Update virgin bits to reflect the finds. Returns 1 if the only change is Update virgin bits to reflect the finds. Returns 1 if the only change is
the hit-count for a particular tuple; 2 if there are new tuples seen. the hit-count for a particular tuple; 2 if there are new tuples seen.
@ -538,7 +539,7 @@ u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem,
memcpy(afl->san_fsrvs[0].trace_bits, afl->fsrv.trace_bits, memcpy(afl->san_fsrvs[0].trace_bits, afl->fsrv.trace_bits,
afl->fsrv.map_size); afl->fsrv.map_size);
classify_counts_mem((u64 *)afl->san_fsrvs[0].trace_bits, classify_counts_mem((_AFL_INTSIZEVAR *)afl->san_fsrvs[0].trace_bits,
afl->fsrv.map_size); afl->fsrv.map_size);
simplify_trace(afl, afl->san_fsrvs[0].trace_bits); simplify_trace(afl, afl->san_fsrvs[0].trace_bits);