ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuzzer_stat eps is now overall not current, clang-format fixed to v8

Browse Source
This commit is contained in:
van Hauser
2020-02-09 09:43:33 +01:00
parent 49acc388dd
commit e2ef242898
7 changed files with 104 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.custom-format.py
View File

@ -29,27 +29,29 @@ CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN")
if CLANG_FORMAT_BIN is None: if CLANG_FORMAT_BIN is None:
o = 0 o = 0
try: try:
p = subprocess.Popen(["clang-format", "--version"], stdout=subprocess.PIPE) p = subprocess.Popen(["clang-format-8", "--version"], stdout=subprocess.PIPE)
o, _ = p.communicate() o, _ = p.communicate()
o = str(o, "utf-8") o = str(o, "utf-8")
o = o[len("clang-format version "):].strip() o = o[len("clang-format version "):].strip()
o = o[:o.find(".")] o = o[:o.find(".")]
o = int(o) o = int(o)
except: pass except:
if o < 7: print ("clang-format-8 is needed. Aborted.")
if subprocess.call(['which', 'clang-format-7'], stdout=subprocess.PIPE) == 0: exit(1)
CLANG_FORMAT_BIN = 'clang-format-7' #if o < 7:
elif subprocess.call(['which', 'clang-format-8'], stdout=subprocess.PIPE) == 0: # if subprocess.call(['which', 'clang-format-7'], stdout=subprocess.PIPE) == 0:
CLANG_FORMAT_BIN = 'clang-format-8' # CLANG_FORMAT_BIN = 'clang-format-7'
elif subprocess.call(['which', 'clang-format-9'], stdout=subprocess.PIPE) == 0: # elif subprocess.call(['which', 'clang-format-8'], stdout=subprocess.PIPE) == 0:
CLANG_FORMAT_BIN = 'clang-format-9' # CLANG_FORMAT_BIN = 'clang-format-8'
elif subprocess.call(['which', 'clang-format-10'], stdout=subprocess.PIPE) == 0: # elif subprocess.call(['which', 'clang-format-9'], stdout=subprocess.PIPE) == 0:
CLANG_FORMAT_BIN = 'clang-format-10' # CLANG_FORMAT_BIN = 'clang-format-9'
else: # elif subprocess.call(['which', 'clang-format-10'], stdout=subprocess.PIPE) == 0:
print ("clang-format 7 or above is needed. Aborted.") # CLANG_FORMAT_BIN = 'clang-format-10'
exit(1) # else:
# print ("clang-format 7 or above is needed. Aborted.")
# exit(1)
else: else:
CLANG_FORMAT_BIN = 'clang-format' CLANG_FORMAT_BIN = 'clang-format-8'
COLUMN_LIMIT = 80 COLUMN_LIMIT = 80
for line in fmt.split("\n"): for line in fmt.split("\n"):

2
docs/Changelog.md
View File

@ -19,6 +19,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- CmpLog forkserver - CmpLog forkserver
- Redqueen input-2-state mutator (cmp instructions only ATM) - Redqueen input-2-state mutator (cmp instructions only ATM)
- all Python 2+3 versions supported now - all Python 2+3 versions supported now
- changed execs_per_sec in fuzzer_stats from "current" execs per second
(which is pointless) to total execs per second
- afl-clang-fast: - afl-clang-fast:
- show in the help output for which llvm version it was compiled for - show in the help output for which llvm version it was compiled for
- now does not need to be recompiled between trace-pc and pass - now does not need to be recompiled between trace-pc and pass

2
docs/status_screen.md
View File

@ -377,7 +377,7 @@ directory. This includes:
- `fuzzer_pid` - PID of the fuzzer process - `fuzzer_pid` - PID of the fuzzer process
- `cycles_done` - queue cycles completed so far - `cycles_done` - queue cycles completed so far
- `execs_done` - number of execve() calls attempted - `execs_done` - number of execve() calls attempted
- `execs_per_sec` - current number of execs per second - `execs_per_sec` - overall number of execs per second
- `paths_total` - total number of entries in the queue - `paths_total` - total number of entries in the queue
- `paths_found` - number of entries discovered through local fuzzing - `paths_found` - number of entries discovered through local fuzzing
- `paths_imported` - number of entries imported from other instances - `paths_imported` - number of entries imported from other instances

3
libdislocator/libdislocator.so.c
View File

@ -68,7 +68,8 @@
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
#if __STDC_VERSION__ < 201112L || (defined(__FreeBSD__) && __FreeBSD_version < 1200000) #if __STDC_VERSION__ < 201112L || \
(defined(__FreeBSD__) && __FreeBSD_version < 1200000)
// use this hack if not C11 // use this hack if not C11
typedef struct { typedef struct {

48
qemu_mode/patches/afl-qemu-cpu-translate-inl.h
View File

@ -299,7 +299,6 @@ static void gpr_saving(TCGv *cpu_regs, int regs_num) {
} }
static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) { static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) {
if (persistent_save_gpr) { if (persistent_save_gpr) {
@ -349,29 +348,29 @@ static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) {
// SP = 13, LINK = 14 // SP = 13, LINK = 14
#define AFL_QEMU_TARGET_ARM_SNIPPET \ #define AFL_QEMU_TARGET_ARM_SNIPPET \
if (is_persistent) { \ if (is_persistent) { \
\ \
if (dc->pc == afl_persistent_addr) { \ if (dc->pc == afl_persistent_addr) { \
\ \
if (persistent_save_gpr) gpr_saving(cpu_R, AFL_REGS_NUM); \ if (persistent_save_gpr) gpr_saving(cpu_R, AFL_REGS_NUM); \
\ \
if (afl_persistent_ret_addr == 0) { \ if (afl_persistent_ret_addr == 0) { \
\ \
TCGv_ptr paddr = tcg_const_ptr(afl_persistent_addr); \ TCGv_ptr paddr = tcg_const_ptr(afl_persistent_addr); \
tcg_gen_mov_i32(cpu_R[14], paddr); \ tcg_gen_mov_i32(cpu_R[14], paddr); \
tcg_temp_free_ptr(paddr); \ tcg_temp_free_ptr(paddr); \
\ \
} \ } \
\ \
if (!persistent_save_gpr) tcg_gen_afl_call0(&afl_persistent_loop); \ if (!persistent_save_gpr) tcg_gen_afl_call0(&afl_persistent_loop); \
\ \
} else if (afl_persistent_ret_addr && dc->pc == afl_persistent_ret_addr) {\ } else if (afl_persistent_ret_addr && dc->pc == afl_persistent_ret_addr) { \
\ \
gen_bx_im(dc, afl_persistent_addr); \ gen_bx_im(dc, afl_persistent_addr); \
\ \
} \ } \
\ \
} }
// SP = 31, LINK = 30 // SP = 31, LINK = 30
@ -400,3 +399,4 @@ static void restore_state_for_persistent(TCGv *cpu_regs, int regs_num, int sp) {
} \ } \
\ \
} }

103
src/afl-fuzz-stats.c
View File

@ -65,59 +65,62 @@ void write_stats_file(double bitmap_cvg, double stability, double eps) {
if (getrusage(RUSAGE_CHILDREN, &rus)) rus.ru_maxrss = 0; if (getrusage(RUSAGE_CHILDREN, &rus)) rus.ru_maxrss = 0;
fprintf(f, fprintf(
"start_time : %llu\n" f,
"last_update : %llu\n" "start_time : %llu\n"
"fuzzer_pid : %d\n" "last_update : %llu\n"
"cycles_done : %llu\n" "fuzzer_pid : %d\n"
"execs_done : %llu\n" "cycles_done : %llu\n"
"execs_per_sec : %0.02f\n" "execs_done : %llu\n"
"paths_total : %u\n" "execs_per_sec : %0.02f\n"
"paths_favored : %u\n" // "real_execs_per_sec: %0.02f\n" // damn the name is too long
"paths_found : %u\n" "paths_total : %u\n"
"paths_imported : %u\n" "paths_favored : %u\n"
"max_depth : %u\n" "paths_found : %u\n"
"cur_path : %u\n" /* Must match find_start_position() */ "paths_imported : %u\n"
"pending_favs : %u\n" "max_depth : %u\n"
"pending_total : %u\n" "cur_path : %u\n" /* Must match find_start_position() */
"variable_paths : %u\n" "pending_favs : %u\n"
"stability : %0.02f%%\n" "pending_total : %u\n"
"bitmap_cvg : %0.02f%%\n" "variable_paths : %u\n"
"unique_crashes : %llu\n" "stability : %0.02f%%\n"
"unique_hangs : %llu\n" "bitmap_cvg : %0.02f%%\n"
"last_path : %llu\n" "unique_crashes : %llu\n"
"last_crash : %llu\n" "unique_hangs : %llu\n"
"last_hang : %llu\n" "last_path : %llu\n"
"execs_since_crash : %llu\n" "last_crash : %llu\n"
"exec_timeout : %u\n" "last_hang : %llu\n"
"slowest_exec_ms : %llu\n" "execs_since_crash : %llu\n"
"peak_rss_mb : %lu\n" "exec_timeout : %u\n"
"afl_banner : %s\n" "slowest_exec_ms : %llu\n"
"afl_version : " VERSION "peak_rss_mb : %lu\n"
"\n" "afl_banner : %s\n"
"target_mode : %s%s%s%s%s%s%s%s\n" "afl_version : " VERSION
"command_line : %s\n", "\n"
start_time / 1000, get_cur_time() / 1000, getpid(), "target_mode : %s%s%s%s%s%s%s%s\n"
queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps, queued_paths, "command_line : %s\n",
queued_favored, queued_discovered, queued_imported, max_depth, start_time / 1000, get_cur_time() / 1000, getpid(),
current_entry, pending_favored, pending_not_fuzzed, queued_variable, queue_cycle ? (queue_cycle - 1) : 0, total_execs,
stability, bitmap_cvg, unique_crashes, unique_hangs, /*eps,*/ total_execs / ((double)(get_cur_time() - start_time) / 1000),
last_path_time / 1000, last_crash_time / 1000, last_hang_time / 1000, queued_paths, queued_favored, queued_discovered, queued_imported,
total_execs - last_crash_execs, exec_tmout, slowest_exec_ms, max_depth, current_entry, pending_favored, pending_not_fuzzed,
queued_variable, stability, bitmap_cvg, unique_crashes, unique_hangs,
last_path_time / 1000, last_crash_time / 1000, last_hang_time / 1000,
total_execs - last_crash_execs, exec_tmout, slowest_exec_ms,
#ifdef __APPLE__ #ifdef __APPLE__
(unsigned long int)(rus.ru_maxrss >> 20), (unsigned long int)(rus.ru_maxrss >> 20),
#else #else
(unsigned long int)(rus.ru_maxrss >> 10), (unsigned long int)(rus.ru_maxrss >> 10),
#endif #endif
use_banner, unicorn_mode ? "unicorn" : "", qemu_mode ? "qemu " : "", use_banner, unicorn_mode ? "unicorn" : "", qemu_mode ? "qemu " : "",
dumb_mode ? " dumb " : "", no_forkserver ? "no_forksrv " : "", dumb_mode ? " dumb " : "", no_forkserver ? "no_forksrv " : "",
crash_mode ? "crash " : "", persistent_mode ? "persistent " : "", crash_mode ? "crash " : "", persistent_mode ? "persistent " : "",
deferred_mode ? "deferred " : "", deferred_mode ? "deferred " : "",
(unicorn_mode || qemu_mode || dumb_mode || no_forkserver || (unicorn_mode || qemu_mode || dumb_mode || no_forkserver || crash_mode ||
crash_mode || persistent_mode || deferred_mode) persistent_mode || deferred_mode)
? "" ? ""
: "default", : "default",
orig_cmdline); orig_cmdline);
/* ignore errors */ /* ignore errors */
fclose(f); fclose(f);

9
src/afl-showmap.c
View File

@ -926,7 +926,7 @@ int main(int argc, char** argv) {
int done = 0; int done = 0;
u8 infile[4096], outfile[4096]; u8 infile[4096], outfile[4096];
#if !defined(DT_REG) #if !defined(DT_REG)
struct stat statbuf; struct stat statbuf;
#endif #endif
dev_null_fd = open("/dev/null", O_RDWR); dev_null_fd = open("/dev/null", O_RDWR);
@ -974,15 +974,14 @@ int main(int argc, char** argv) {
if (dir_ent->d_name[0] == '.') if (dir_ent->d_name[0] == '.')
continue; // skip anything that starts with '.' continue; // skip anything that starts with '.'
#if defined(DT_REG) /* Posix and Solaris do not know d_type and DT_REG */ #if defined(DT_REG) /* Posix and Solaris do not know d_type and DT_REG */
if (dir_ent->d_type != DT_REG) continue; // only regular files if (dir_ent->d_type != DT_REG) continue; // only regular files
#endif #endif
snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name); snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name);
#if !defined(DT_REG) /* use stat() */ #if !defined(DT_REG) /* use stat() */
if (-1 == stat(infile, &statbuf) if (-1 == stat(infile, &statbuf) || !S_ISREG(statbuf.st_mode)) continue;
|| !S_ISREG(statbuf.st_mode)) continue;
#endif #endif
snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name); snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name);