final touches

instrumentation/SanitizerCoverageLTO.so.cc

@@ -1394,10 +1394,14 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
   uint32_t                 inst_save = inst, save_global = afl_global_id;
   uint32_t                 inst_in_this_func = 0;
   Function                *caller = NULL;
+  LoadInst                *PrevCtxLoad = NULL;
 
   CTX_add = NULL;
 
-  if (debug) fprintf(stderr, "Function: %s\n", F.getName().str().c_str());
+  if (debug)
+    fprintf(stderr,
+            "Function: %s (%u %u) XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n",
+            F.getName().str().c_str(), inst, afl_global_id);
 
   if (instrument_ctx) {
 
@@ -1585,7 +1589,8 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
             Value               *CTX_offset;
             BasicBlock::iterator IP = BB.getFirstInsertionPt();
             IRBuilder<>          IRB(&(*IP));
-            LoadInst            *PrevCtxLoad = IRB.CreateLoad(
+
+            PrevCtxLoad = IRB.CreateLoad(
 #if LLVM_VERSION_MAJOR >= 14
                 IRB.getInt32Ty(),
 #endif
@@ -1608,20 +1613,78 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
 
           }
 
+          // bool loaded = false, multicall = false;
+          for (auto &IN : BB) {
+
+            // check all calls and where callee count == 1 instrument
+            // our current caller_id to __afl_ctx
+            if (auto callInst = dyn_cast<CallInst>(&IN)) {
+
+              Function *Callee = callInst->getCalledFunction();
+              if (countCallers(Callee) == 1) {
+
+                if (debug)
+                  fprintf(stderr, "DEBUG: %s call to %s with only one caller\n",
+                          F.getName().str().c_str(),
+                          Callee->getName().str().c_str());
+                /* if (loaded == false || multicall == true) { // } */
+                IRBuilder<> Builder(IN.getContext());
+                Builder.SetInsertPoint(callInst);
+                StoreInst *StoreCtx =
+                    Builder.CreateStore(PrevCtxLoad, AFLContext);
+                StoreCtx->setMetadata("nosanitize", N);
+                // multicall = false; loaded = true;
+
+              }  // else { multicall = true; }
+
+            }
+
+          }
+
+        }
+
+      }
+
     }
 
     inst = inst_save;
 
   }
 
-    }
-
-  }
+  /*  if (debug)
+      fprintf(stderr, "Next instrumentation (%u-%u=%u %u-%u=%u)\n", inst,
+              inst_save, inst - inst_save, afl_global_id, save_global,
+              afl_global_id - save_global);*/
 
   for (auto &BB : F) {
 
+    skip_next = 0;
+
+    /*
+        uint32_t j = 0;
+        fprintf(stderr, "BB %p ============================================\n",
+                CTX_add);*/
+
     for (auto &IN : BB) {
 
+      /*      j++;
+            uint32_t           i = 1;
+            std::string        errMsg;
+            raw_string_ostream os(errMsg);
+            IN.print(os);
+            fprintf(stderr, "Next instruction, BB size now %zu: %02u %s\n",
+         BB.size(), j, os.str().c_str()); for (auto &IN2 : BB) {
+
+              std::string        errMsg2;
+              raw_string_ostream os2(errMsg2);
+              IN2.print(os2);
+              fprintf(
+                  stderr, "%s %02u: %s\n",
+                  strcmp(os.str().c_str(), os2.str().c_str()) == 0 ? ">>>" : "
+         ", i++, os2.str().c_str());
+
+            }*/
+
       CallInst *callInst = nullptr;
 
       if ((callInst = dyn_cast<CallInst>(&IN))) {
@@ -1665,13 +1728,11 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
 
       SelectInst *selectInst = nullptr;
 
-      /*
-            std::string errMsg;
-            raw_string_ostream os(errMsg);
-            IN.print(os);
-            fprintf(stderr, "X(%u): %s\n", skip_next, os.str().c_str());
-      */
-      if (!skip_next && (selectInst = dyn_cast<SelectInst>(&IN))) {
+      if ((selectInst = dyn_cast<SelectInst>(&IN))) {
+
+        if (!skip_next) {
+
+          // fprintf(stderr, "Select in\n");
 
           uint32_t    vector_cnt = 0;
           Value      *condition = selectInst->getCondition();
@@ -1800,7 +1861,8 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
 
             if (use_threadsafe_counters) {
 
-            IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One,
+              IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx,
+                                  One,
 #if LLVM_VERSION_MAJOR >= 13
                                   llvm::MaybeAlign(1),
 #endif
@@ -1833,15 +1895,19 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
           }
 
           skip_next = 1;
+          // fprintf(stderr, "Select out\n");
 
         } else {
 
+          // fprintf(stderr, "Select skip\n");
           skip_next = 0;
 
         }
 
       }
 
+    }
+
     // if (shouldInstrumentBlock(F, &BB, DT, PDT, Options))
     //   BlocksToInstrument.push_back(&BB);
 
@@ -1862,6 +1928,11 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
   InjectCoverage(F, BlocksToInstrument, IsLeafFunc);
   // InjectCoverageForIndirectCalls(F, IndirCalls);
 
+  /*if (debug)
+    fprintf(stderr, "Done instrumentation (%u-%u=%u %u-%u=%u)\n", inst,
+            inst_save, inst - inst_save, afl_global_id, save_global,
+            afl_global_id - save_global);*/
+
   if (inst_in_this_func && call_counter > 1) {
 
     if (inst_in_this_func != afl_global_id - save_global) {

src/afl-cc.c

@@ -1103,8 +1103,6 @@ static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) {
 
   }
 
-  fprintf(stderr, "X %u %u\n", aflcc->compiler_mode, LTO);
-
   if (aflcc->instrument_opt_mode && aflcc->compiler_mode != LLVM &&
       !((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) &&
         aflcc->compiler_mode == LTO))