From 5570601fea1bdd6ee84d941ff9628f613e09ce72 Mon Sep 17 00:00:00 2001 From: Dongjia Zhang Date: Fri, 20 May 2022 14:26:28 +0900 Subject: [PATCH] Small refactoring of nits in #635 (#636) * fix * more * fmt * fix * fix * fix * fix * fmt * fmt * fix --- libafl/src/bolts/cli.rs | 4 ++-- libafl/src/bolts/mod.rs | 17 +++++++++++++++++ libafl_frida/src/coverage_rt.rs | 10 ++-------- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/libafl/src/bolts/cli.rs b/libafl/src/bolts/cli.rs index e8dadb3e7a..e30fafc399 100644 --- a/libafl/src/bolts/cli.rs +++ b/libafl/src/bolts/cli.rs @@ -124,7 +124,7 @@ pub struct FuzzerOptions { pub stdout: String, /// the name of the configuration to use - #[clap(short, long, default_value = "default configuration")] + #[clap(long, default_value = "default configuration")] pub configuration: String, /// enable Address Sanitizer (ASAN) @@ -278,7 +278,7 @@ pub struct FuzzerOptions { /// Spawn a client in each of the provided cores. Use 'all' to select all available /// cores. 'none' to run a client without binding to any core. /// ex: '1,2-4,6' selects the cores 1, 2, 3, 4, and 6. - #[clap(long, default_value = "0", parse(try_from_str = Cores::from_cmdline))] + #[clap(short = 'c', long, default_value = "0", parse(try_from_str = Cores::from_cmdline))] pub cores: Cores, /// port on which the broker should listen diff --git a/libafl/src/bolts/mod.rs b/libafl/src/bolts/mod.rs index 640e6fabba..8595f8f1c0 100644 --- a/libafl/src/bolts/mod.rs +++ b/libafl/src/bolts/mod.rs @@ -110,6 +110,23 @@ pub fn current_time() -> time::Duration { time::Duration::from_millis(millis) } +/// Given a u64 number, return a hashed number using this mixing function +/// This function is used to hash an address into a more random number (used in `libafl_frida`). +/// Mixing function: +#[inline] +#[must_use] +pub fn xxh3_rrmxmx_mixer(v: u64) -> u64 { + let tmp = (v >> 32) + ((v & 0xffffffff) << 32); + let bitflip = 0x1cad21f72c81017c ^ 0xdb979082e96dd4de; + let mut h64 = tmp ^ bitflip; + h64 = h64.rotate_left(49) & h64.rotate_left(24); + h64 = h64.wrapping_mul(0x9FB21C651E98DF25); + h64 ^= (h64 >> 35) + 8; + h64 = h64.wrapping_mul(0x9FB21C651E98DF25); + h64 ^= h64 >> 28; + h64 +} + /// Gets current nanoseconds since [`UNIX_EPOCH`] #[must_use] #[inline] diff --git a/libafl_frida/src/coverage_rt.rs b/libafl_frida/src/coverage_rt.rs index a83c429d84..9c22a2c50d 100644 --- a/libafl_frida/src/coverage_rt.rs +++ b/libafl_frida/src/coverage_rt.rs @@ -14,6 +14,7 @@ use frida_gum::instruction_writer::{Aarch64Register, IndexMode}; use frida_gum::{instruction_writer::InstructionWriter, stalker::StalkerOutput}; use crate::helper::FridaRuntime; +use libafl::bolts::xxh3_rrmxmx_mixer; /// (Default) map size for frida coverage reporting pub const MAP_SIZE: usize = 64 * 1024; @@ -154,14 +155,7 @@ impl CoverageRuntime { /// Emits coverage mapping into the current basic block. #[inline] pub fn emit_coverage_mapping(&mut self, address: u64, output: &StalkerOutput) { - let tmp = (address >> 32) + ((address & 0xffffffff) << 32); - let bitflip = 0x1cad21f72c81017c ^ 0xdb979082e96dd4de; - let mut h64 = tmp ^ bitflip; - h64 = h64.rotate_left(49) & h64.rotate_left(24); - h64 = h64.wrapping_mul(0x9FB21C651E98DF25); - h64 ^= (h64 >> 35) + 8; - h64 = h64.wrapping_mul(0x9FB21C651E98DF25); - h64 ^= h64 >> 28; + let h64 = xxh3_rrmxmx_mixer(address); let writer = output.writer(); #[allow(clippy::cast_possible_wrap)] // gum redzone size is u32, we need an offset as i32.