SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix redundant xor in Ngram calculation (#1901)

Browse Source 
* fix double xor

* tmp

* clp

* no notnightly

* fix

* plural
This commit is contained in:
Dongjia "toka" Zhang 2024-03-07 14:49:01 +01:00 committed by GitHub
parent 2ac075024b
commit 9a2e7b0e64
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 50 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzers/libfuzzer_libpng_centralized/src/lib.rs
View File

@ -201,7 +201,7 @@ pub extern "C" fn libafl_main() {
// Create the executor for an in-process function with one observer for edge coverage and one for the execution time // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
let mut executor = InProcessExecutor::batched_timeouts( let mut executor = InProcessExecutor::batched_timeout(
&mut harness, &mut harness,
tuple_list!(edges_observer, time_observer), tuple_list!(edges_observer, time_observer),
&mut fuzzer, &mut fuzzer,

2
fuzzers/libfuzzer_libpng_launcher/src/lib.rs
View File

@ -202,7 +202,7 @@ pub extern "C" fn libafl_main() {
// Create the executor for an in-process function with one observer for edge coverage and one for the execution time // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
let mut executor = InProcessExecutor::batched_timeouts( let mut executor = InProcessExecutor::batched_timeout(
&mut harness, &mut harness,
tuple_list!(edges_observer, time_observer), tuple_list!(edges_observer, time_observer),
&mut fuzzer, &mut fuzzer,

61
libafl_targets/src/sancov_pcguard.rs
View File

@ -20,14 +20,33 @@ compile_error!(
"the libafl_targets `sancov_pcguard_edges` and `sancov_pcguard_hitcounts` features are mutually exclusive." "the libafl_targets `sancov_pcguard_edges` and `sancov_pcguard_hitcounts` features are mutually exclusive."
); );
#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
use core::ops::ShlAssign;
#[cfg(feature = "sancov_ngram4")] #[cfg(feature = "sancov_ngram4")]
#[rustversion::nightly] #[rustversion::nightly]
type Ngram4 = core::simd::u32x4; type Ngram4 = core::simd::u32x4;
#[cfg(feature = "sancov_ngram8")]
#[rustversion::nightly]
type Ngram8 = core::simd::u32x8;
/// The array holding the previous locs. This is required for NGRAM-4 instrumentation /// The array holding the previous locs. This is required for NGRAM-4 instrumentation
#[cfg(feature = "sancov_ngram4")] #[cfg(feature = "sancov_ngram4")]
#[rustversion::nightly] #[rustversion::nightly]
pub static mut PREV_ARRAY: Ngram4 = Ngram4::from_array([0, 0, 0, 0]); pub static mut PREV_ARRAY_4: Ngram4 = Ngram4::from_array([0, 0, 0, 0]);
#[cfg(feature = "sancov_ngram8")]
#[rustversion::nightly]
pub static mut PREV_ARRAY_8: Ngram8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0]);
#[cfg(feature = "sancov_ngram4")]
#[rustversion::nightly]
pub static SHR_4: Ngram4 = Ngram4::from_array([1, 1, 1, 1]);
#[cfg(feature = "sancov_ngram8")]
#[rustversion::nightly]
pub static SHR_8: Ngram8 = Ngram8::from_array([1, 1, 1, 1, 1, 1, 1, 1]);
/// The hook to initialize ngram everytime we run the harness /// The hook to initialize ngram everytime we run the harness
#[cfg(feature = "sancov_ngram4")] #[cfg(feature = "sancov_ngram4")]
@ -40,7 +59,7 @@ pub struct NgramHook {}
#[derive(Default, Debug, Clone, Copy)] #[derive(Default, Debug, Clone, Copy)]
pub struct CtxHook {} pub struct CtxHook {}
#[cfg(feature = "sancov_ngram4")] #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
#[rustversion::nightly] #[rustversion::nightly]
impl ExecutorHook for NgramHook { impl ExecutorHook for NgramHook {
fn init<E: HasObservers, S>(&mut self, _state: &mut S) {} fn init<E: HasObservers, S>(&mut self, _state: &mut S) {}
@ -51,8 +70,14 @@ impl ExecutorHook for NgramHook {
_mgr: &mut EM, _mgr: &mut EM,
_input: &I, _input: &I,
) { ) {
#[cfg(feature = "sancov_ngram4")]
unsafe { unsafe {
PREV_ARRAY = Ngram4::from_array([0, 0, 0, 0]); PREV_ARRAY_4 = Ngram4::from_array([0, 0, 0, 0]);
}
#[cfg(feature = "sancov_ngram8")]
unsafe {
PREV_ARRAY_8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0])
} }
} }
fn post_exec<EM, I, S, Z>( fn post_exec<EM, I, S, Z>(
@ -90,21 +115,31 @@ impl ExecutorHook for CtxHook {
} }
#[rustversion::nightly] #[rustversion::nightly]
#[cfg(feature = "sancov_ngram4")] #[allow(unused)]
unsafe fn update_ngram(mut pos: usize) -> usize { #[inline]
#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
unsafe fn update_ngram(pos: usize) -> usize {
let mut reduced = pos;
#[cfg(feature = "sancov_ngram4")] #[cfg(feature = "sancov_ngram4")]
{ {
PREV_ARRAY = PREV_ARRAY.rotate_elements_right::<1>(); PREV_ARRAY_4 = PREV_ARRAY_4.rotate_elements_right::<1>();
PREV_ARRAY.as_mut_array()[0] = pos as u32; PREV_ARRAY_4.shl_assign(SHR_4);
let reduced = PREV_ARRAY.reduce_xor() as usize; PREV_ARRAY_4.as_mut_array()[0] = pos as u32;
pos ^= reduced; reduced = PREV_ARRAY_4.reduce_xor() as usize;
pos %= EDGES_MAP_SIZE;
} }
pos #[cfg(feature = "sancov_ngram8")]
{
PREV_ARRAY_8 = PREV_ARRAY_8.rotate_elements_right::<1>();
PREV_ARRAY_8.shl_assign(SHR_8);
PREV_ARRAY_8.as_mut_array()[0] = pos as u32;
reduced = PREV_ARRAY_8.reduce_xor() as usize;
}
reduced %= EDGES_MAP_SIZE;
reduced
} }
#[rustversion::not(nightly)] #[rustversion::not(nightly)]
#[cfg(feature = "sancov_ngram4")] #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
unsafe fn update_ngram(pos: usize) -> usize { unsafe fn update_ngram(pos: usize) -> usize {
pos pos
} }
@ -124,7 +159,7 @@ extern "C" {
pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) { pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) {
let mut pos = *guard as usize; let mut pos = *guard as usize;
#[cfg(feature = "sancov_ngram4")] #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
{ {
pos = update_ngram(pos); pos = update_ngram(pos);
// println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE); // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE);