remove dead code, code format

2025-06-14 11:08:06 +00:00 · 2023-06-22 09:24:00 +02:00
parent 224e884ba1
commit 90f83c13d0
8 changed files with 22 additions and 51 deletions
--- a/.custom-format.py
+++ b/.custom-format.py
@ -24,7 +24,7 @@ import importlib.metadata

 # string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # TODO: for future use

-CURRENT_LLVM = os.getenv('LLVM_VERSION', 15)
+CURRENT_LLVM = os.getenv('LLVM_VERSION', 16)
 CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "")


--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -18,6 +18,9 @@
    - fixed a bug inherited from vanilla AFL where a coverage of
      map[123] = 11 would be the same as map[1123] = 1
    - warn on crashing inputs
+  - afl-cc
+    - fixed an off-by-one instrumentation of iselect, hurting coverage a bit.
+      Thanks to @amykweon for spotting and fixing!


 ### Version ++4.07c (release)
--- a/include/alloc-inl.h
+++ b/include/alloc-inl.h
@ -322,7 +322,7 @@ static inline void DFL_ck_free(void *mem) {
 static inline void *DFL_ck_realloc(void *orig, u32 size) {

  void *ret;
-  u32 old_size = 0;
+  u32   old_size = 0;

  if (!size) {

@ -392,7 +392,7 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) {
 static inline u8 *DFL_ck_strdup(u8 *str) {

  void *ret;
-  u32 size;
+  u32   size;

  if (!str) return NULL;

@ -438,14 +438,14 @@ struct TRK_obj {

  void *ptr;
  char *file, *func;
-  u32 line;
+  u32   line;

 };

    #ifdef AFL_MAIN

 struct TRK_obj *TRK[ALLOC_BUCKETS];
-u32 TRK_cnt[ALLOC_BUCKETS];
+u32             TRK_cnt[ALLOC_BUCKETS];

      #define alloc_report() TRK_report()

--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
@ -225,10 +225,15 @@ llvmGetPassPluginInfo() {

 }

-#if LLVM_VERSION_MAJOR == 1
+#if LLVM_VERSION_MAJOR >= 16
 PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,
                                                  ModuleAnalysisManager &MAM) {

+#else
+PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,
+                                                  ModuleAnalysisManager &MAM) {
+
+#endif
  ModuleSanitizerCoverageAFL ModuleSancov(Options);
  auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
  auto  DTCallback = [&FAM](Function &F) -> const DominatorTree  *{
@ -243,50 +248,12 @@ PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,

  };

-  if (!ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
-    return PreservedAnalyses::all();
-
-  PreservedAnalyses PA = PreservedAnalyses::none();
-  // GlobalsAA is considered stateless and does not get invalidated unless
-  // explicitly invalidated; PreservedAnalyses::none() is not enough. Sanitizers
-  // make changes that require GlobalsAA to be invalidated.
-  PA.abandon<GlobalsAA>();
-  return PA;
-
-}
-
-#else
-  #if LLVM_VERSION_MAJOR >= 16
-PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M,
-                                                  ModuleAnalysisManager &MAM) {
-
-  #else
-PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,
-                                                  ModuleAnalysisManager &MAM) {
-
-  #endif
-  ModuleSanitizerCoverageAFL ModuleSancov(Options);
-  auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
-  auto DTCallback = [&FAM](Function &F) -> const DominatorTree * {
-
-    return &FAM.getResult<DominatorTreeAnalysis>(F);
-
-  };
-
-  auto PDTCallback = [&FAM](Function &F) -> const PostDominatorTree * {
-
-    return &FAM.getResult<PostDominatorTreeAnalysis>(F);
-
-  };
-
  if (ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
    return PreservedAnalyses::none();
  return PreservedAnalyses::all();

 }

-#endif
-
 std::pair<Value *, Value *> ModuleSanitizerCoverageAFL::CreateSecStartEnd(
    Module &M, const char *Section, Type *Ty) {

--- a/qemu_mode/libqasan/dlmalloc.c
+++ b/qemu_mode/libqasan/dlmalloc.c
@ -1762,7 +1762,7 @@ static FORCEINLINE void *win32direct_mmap(size_t size) {
 static FORCEINLINE int win32munmap(void *ptr, size_t size) {

  MEMORY_BASIC_INFORMATION minfo;
-  char *cptr = (char *)ptr;
+  char                    *cptr = (char *)ptr;

  while (size) {

--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@ -1542,8 +1542,8 @@ double get_runnable_processes(void) {
     processes well. */

  FILE *f = fopen("/proc/stat", "r");
-  u8 tmp[1024];
-  u32 val = 0;
+  u8    tmp[1024];
+  u32   val = 0;

  if (!f) { return 0; }

@ -2226,7 +2226,7 @@ void check_crash_handling(void) {
   *BSD, so we can just let it slide for now. */

  s32 fd = open("/proc/sys/kernel/core_pattern", O_RDONLY);
-  u8 fchar;
+  u8  fchar;

  if (fd < 0) { return; }

@ -2365,7 +2365,7 @@ void check_cpu_governor(afl_state_t *afl) {
  FATAL("Suboptimal CPU scaling governor");

 #elif defined __APPLE__
-  u64 min = 0, max = 0;
+  u64    min = 0, max = 0;
  size_t mlen = sizeof(min);
  if (afl->afl_env.afl_skip_cpufreq) return;

--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -164,7 +164,8 @@ static void usage(u8 *argv0, int more_help) {
      "\n"

      "Mutator settings:\n"
-      "  -a            - target expects ascii text input (prefer text mutators)\n"
+      "  -a            - target expects ascii text input (prefer text "
+      "mutators)\n"
      "  -g minlength  - set min length of generated fuzz input (default: 1)\n"
      "  -G maxlength  - set max length of generated fuzz input (default: "
      "%lu)\n"
--- a/utils/afl_network_proxy/afl-network-server.c
+++ b/utils/afl_network_proxy/afl-network-server.c
@ -173,7 +173,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) {
    }

    out_file = alloc_printf("%s/.afl-input-temp-%u", use_dir, getpid());
-	fsrv->out_file = out_file;
+    fsrv->out_file = out_file;

  }