ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 09:41:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

do not instrument icmp/fcmp if result is used in select

Browse Source
This commit is contained in:
vanhauser-thc 2025-05-11 19:27:23 +02:00
parent 231a4b1937
commit adeaa714ce
1 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
instrumentation/SanitizerCoveragePCGUARD.so.cc
View File

@ -821,13 +821,16 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
}
bool instrumentInst = false;
bool instrumentInst = false;
ICmpInst *icmp;
FCmpInst *fcmp;
if (isa<FCmpInst>(&IN) || isa<ICmpInst>(&IN) || isa<SelectInst>(&IN)) {
if ((icmp = dyn_cast<ICmpInst>(&IN)) ||
(fcmp = dyn_cast<FCmpInst>(&IN)) || isa<SelectInst>(&IN)) {
// || isa<PHINode>(&IN)
bool usedInBranch = false;
bool usedInBranch = false, usedInSelectDecision = false;
for (auto *U : IN.users()) {
@ -838,9 +841,23 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
}
if (auto *sel = dyn_cast<SelectInst>(U)) {
if (icmp && sel->getCondition() == icmp) {
usedInSelectDecision = true;
} else if (fcmp && sel->getCondition() == fcmp) {
usedInSelectDecision = true;
}
}
}
if (!usedInBranch) {
if (!usedInBranch && !usedInSelectDecision) {
// errs() << "Instrument! " << *(&IN) << "\n";
instrumentInst = true;
@ -1004,13 +1021,16 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
}
bool instrumentInst = false;
bool instrumentInst = false;
ICmpInst *icmp;
FCmpInst *fcmp;
if (isa<FCmpInst>(&IN) || isa<ICmpInst>(&IN) || isa<SelectInst>(&IN)) {
if ((icmp = dyn_cast<ICmpInst>(&IN)) ||
(fcmp = dyn_cast<FCmpInst>(&IN)) || isa<SelectInst>(&IN)) {
// || isa<PHINode>(&IN)
bool usedInBranch = false;
bool usedInBranch = false, usedInSelectDecision = false;
for (auto *U : IN.users()) {
@ -1021,9 +1041,23 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
}
if (auto *sel = dyn_cast<SelectInst>(U)) {
if (icmp && sel->getCondition() == icmp) {
usedInSelectDecision = true;
} else if (fcmp && sel->getCondition() == fcmp) {
usedInSelectDecision = true;
}
}
}
if (!usedInBranch) {
if (!usedInBranch && !usedInSelectDecision) {
// errs() << "Instrument! " << *(&IN) << "\n";
instrumentInst = true;
@ -1037,8 +1071,6 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
Value *result = nullptr;
uint32_t vector_cnt = 0;
SelectInst *selectInst;
ICmpInst *icmp;
FCmpInst *fcmp;
// PHINode *phi = nullptr, *newPhi = nullptr;
IRBuilder<> IRB(IN.getNextNode());