Split edges_map_size and edges_map_size_alloc (#2012)

* two sizes

* rename

* build.rs

* rename

* capital

* FMT

* macro

* fuck

* fff

fuzzers/fuzzbench_ctx/src/lib.rs

@@ -55,7 +55,7 @@ use libafl_bolts::{
 use libafl_targets::autotokens;
 use libafl_targets::{
     edges_map_mut_ptr, libfuzzer_initialize, libfuzzer_test_one_input, CmpLogObserver, CtxHook,
-    EDGES_MAP_SIZE,
+    EDGES_MAP_SIZE_IN_USE,
 };
 #[cfg(unix)]
 use nix::unistd::dup;
@@ -250,7 +250,7 @@ fn fuzz(
     let edges_observer = HitcountsMapObserver::new(unsafe {
         StdMapObserver::from_mut_slice(
             "edges",
-            OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_SIZE),
+            OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_SIZE_IN_USE),
         )
     })
     .track_indices();

fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs

@@ -47,7 +47,7 @@ use libafl_bolts::{
 };
 use libafl_qemu::{
     cmplog::{CmpLogMap, CmpLogObserver, QemuCmpLogChildHelper},
-    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE},
+    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE},
     elf::EasyElf,
     filter_qemu_args,
     hooks::QemuHooks,
@@ -211,7 +211,7 @@ fn fuzz(
 
     let mut shmem_provider = StdShMemProvider::new()?;
 
-    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE).unwrap();
+    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE_IN_USE).unwrap();
     let edges = edges_shmem.as_mut_slice();
     unsafe { EDGES_MAP_PTR = edges.as_mut_ptr() };
 
@@ -238,7 +238,7 @@ fn fuzz(
 
     // Create an observation channel using the coverage map
     let edges_observer = unsafe {
-        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE>::from_mut_ptr(
+        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE_IN_USE>::from_mut_ptr(
             "edges",
             edges.as_mut_ptr(),
         ))

fuzzers/fuzzbench_forkserver/src/main.rs

@@ -224,7 +224,7 @@ fn fuzz(
     // a large initial map size that should be enough
     // to house all potential coverage maps for our targets
     // (we will eventually reduce the used size according to the actual map)
-    const MAP_SIZE: usize = 2_621_440;
+    const MAP_SIZE: usize = 65_536;
 
     let log = RefCell::new(OpenOptions::new().append(true).create(true).open(logfile)?);
 

fuzzers/fuzzbench_forkserver_cmplog/src/main.rs

@@ -225,7 +225,7 @@ fn fuzz(
     // a large initial map size that should be enough
     // to house all potential coverage maps for our targets
     // (we will eventually reduce the used size according to the actual map)
-    const MAP_SIZE: usize = 2_621_440;
+    const MAP_SIZE: usize = 65_536;
 
     let log = RefCell::new(OpenOptions::new().append(true).create(true).open(logfile)?);
 

fuzzers/qemu_cmin/src/fuzzer.rs

@@ -28,7 +28,7 @@ use libafl_bolts::{
     AsMutSlice, AsSlice,
 };
 use libafl_qemu::{
-    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE},
+    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE},
     elf::EasyElf,
     emu::Emulator,
     ArchExtras, CallingConvention, GuestAddr, GuestReg, MmapPerms, Qemu, QemuExitReason,
@@ -161,12 +161,12 @@ pub fn fuzz() -> Result<(), Error> {
         },
     };
 
-    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE).unwrap();
+    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE_IN_USE).unwrap();
     let edges = edges_shmem.as_mut_slice();
     unsafe { EDGES_MAP_PTR = edges.as_mut_ptr() };
 
     let edges_observer = unsafe {
-        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE>::from_mut_ptr(
+        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE_IN_USE>::from_mut_ptr(
             "edges",
             edges.as_mut_ptr(),
         ))

libafl_cc/build.rs

@@ -238,8 +238,9 @@ fn main() {
     println!("cargo:rerun-if-env-changed=LLVM_CXXFLAGS");
     println!("cargo:rerun-if-env-changed=LLVM_LDFLAGS");
     println!("cargo:rerun-if-env-changed=LLVM_VERSION");
-    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE");
+    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE_IN_USE");
     println!("cargo:rerun-if-env-changed=LIBAFL_ACCOUNTING_MAP_SIZE");
+    println!("cargo:rerun-if-env-changed=LIBAFL_DDG_MAP_SIZE");
     println!("cargo:rerun-if-changed=src/common-llvm.h");
     println!("cargo:rerun-if-changed=build.rs");
 
@@ -310,15 +311,23 @@ pub const LIBAFL_CC_LLVM_VERSION: Option<usize> = None;
     };
     let mut cxxflags: Vec<String> = cxxflags.split_whitespace().map(String::from).collect();
 
-    let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE")
+    let edges_map_size_in_use: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE")
+        .map_or(Ok(65_536), str::parse)
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
+    let edges_map_size_max: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_MAX")
         .map_or(Ok(2_621_440), str::parse)
-        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
-    cxxflags.push(format!("-DLIBAFL_EDGES_MAP_SIZE={edges_map_size}"));
+    cxxflags.push(format!("-DEDGES_MAP_SIZE_IN_USE={edges_map_size_in_use}"));
 
     let acc_map_size: usize = option_env!("LIBAFL_ACCOUNTING_MAP_SIZE")
         .map_or(Ok(65_536), str::parse)
         .expect("Could not parse LIBAFL_ACCOUNTING_MAP_SIZE");
-    cxxflags.push(format!("-DLIBAFL_ACCOUNTING_MAP_SIZE={acc_map_size}"));
+    cxxflags.push(format!("-DACCOUNTING_MAP_SIZE={acc_map_size}"));
+
+    let ddg_map_size: usize = option_env!("LIBAFL_DDG_MAP_SIZE")
+        .map_or(Ok(65_536), str::parse)
+        .expect("Could not parse LIBAFL_DDG_MAP_SIZE");
+    cxxflags.push(format!("-DDDG_MAP_SIZE={ddg_map_size}"));
 
     let llvm_version = find_llvm_version();
 
@@ -337,12 +346,17 @@ pub const LIBAFL_CC_LLVM_VERSION: Option<usize> = None;
         /// The path to the `clang++` executable
         pub const CLANGXX_PATH: &str = {clangcpp:?};
 
-        /// The size of the edges map
+        /// The default size of the edges map the fuzzer uses
-        pub const EDGES_MAP_SIZE: usize = {edges_map_size};
+        pub const EDGES_MAP_SIZE_IN_USE: usize = {edges_map_size_in_use};
+        /// The real allocated size of the edges map
+        pub const EDGES_MAP_SIZE_MAX: usize = {edges_map_size_max};
 
         /// The size of the accounting maps
         pub const ACCOUNTING_MAP_SIZE: usize = {acc_map_size};
 
+        /// The size of the ddg maps
+        pub const DDG_MAP_SIZE: usize = {acc_map_size};
+
         /// The llvm version used to build llvm passes
         pub const LIBAFL_CC_LLVM_VERSION: Option<usize> = {llvm_version:?};
         ",

libafl_cc/src/cfg.rs

@@ -95,9 +95,9 @@ where
     /// Inserts an edge into CFG.
     #[must_use]
     pub fn new() -> Self {
-        let map_size = option_env!("LIBAFL_EDGES_MAP_SIZE")
+        let map_size = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE")
             .map_or(Ok(65536), str::parse)
-            .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
+            .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
         Self {
             edges: (0..map_size).map(|_| None).collect(),
             func_to_entry_bb: HashMap::default(),

libafl_cc/src/coverage-accounting-pass.cc

@@ -45,7 +45,7 @@
 
 typedef uint32_t prev_loc_t;
 
-#define MAP_SIZE LIBAFL_ACCOUNTING_MAP_SIZE
+#define MAP_SIZE ACCOUNTING_MAP_SIZE
 
 #define SECURITY_SENSITIVE_FUNCS(CF)                          \
   static CF securitySensitiveFunctions[] = {                  \

libafl_cc/src/ctx-pass.cc

@@ -64,7 +64,7 @@
 
 using namespace llvm;
 
-#define MAP_SIZE LIBAFL_EDGES_MAP_SIZE
+#define MAP_SIZE EDGES_MAP_SIZE_IN_USE
 
 namespace {
 

libafl_cc/src/ddg-instr.cc

@@ -96,7 +96,7 @@
 #define MIN_FCN_SIZE 1
 #define VAR_NAME_LEN 264
 
-#define MAP_SIZE LIBAFL_EDGES_MAP_SIZE
+#define MAP_SIZE DDG_MAP_SIZE
 // #define MAP_SIZE 65536
 #define ALL_BIT_SET (MAP_SIZE - 1)
 // #define MAP_SIZE 255

libafl_qemu/src/edges.rs

@@ -7,7 +7,7 @@ use libafl_qemu_sys::GuestAddr;
 use libafl_qemu_sys::GuestPhysAddr;
 pub use libafl_targets::{
     edges_map_mut_ptr, edges_map_mut_slice, edges_max_num, std_edges_map_observer, EDGES_MAP,
-    EDGES_MAP_PTR, EDGES_MAP_PTR_NUM, EDGES_MAP_SIZE, MAX_EDGES_NUM,
+    EDGES_MAP_PTR, EDGES_MAP_PTR_NUM, EDGES_MAP_SIZE_IN_USE, MAX_EDGES_NUM,
 };
 use serde::{Deserialize, Serialize};
 
@@ -553,7 +553,7 @@ where
     match meta.map.entry((src, dest)) {
         Entry::Occupied(e) => {
             let id = *e.get();
-            let nxt = (id as usize + 1) & (EDGES_MAP_SIZE - 1);
+            let nxt = (id as usize + 1) & (EDGES_MAP_SIZE_IN_USE - 1);
             unsafe {
                 MAX_EDGES_NUM = max(MAX_EDGES_NUM, nxt);
             }
@@ -562,7 +562,7 @@ where
         Entry::Vacant(e) => {
             let id = meta.current_id;
             e.insert(id);
-            meta.current_id = (id + 1) & (EDGES_MAP_SIZE as u64 - 1);
+            meta.current_id = (id + 1) & (EDGES_MAP_SIZE_IN_USE as u64 - 1);
             unsafe {
                 MAX_EDGES_NUM = meta.current_id as usize;
             }

libafl_sugar/src/forkserver.rs

@@ -83,7 +83,7 @@ impl<'a> ForkserverBytesCoverageSugar<'a> {
         // a large initial map size that should be enough
         // to house all potential coverage maps for our targets
         // (we will eventually reduce the used size according to the actual map)
-        const MAP_SIZE: usize = 2_621_440;
+        const MAP_SIZE: usize = 65_536;
 
         let conf = match self.configuration.as_ref() {
             Some(name) => EventConfig::from_name(name),

libafl_targets/build.rs

@@ -25,9 +25,12 @@ fn main() {
     let dest_path = Path::new(&out_dir).join("constants.rs");
     let mut constants_file = File::create(dest_path).expect("Could not create file");
 
-    let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE")
+    let edges_map_size_max: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_MAX")
         .map_or(Ok(TWO_MB), str::parse)
-        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_MAX");
+    let edges_map_size_in_use: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE")
+        .map_or(Ok(TWO_MB), str::parse)
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
     let cmp_map_size: usize = option_env!("LIBAFL_CMP_MAP_SIZE")
         .map_or(Ok(SIXTY_FIVE_KB), str::parse)
         .expect("Could not parse LIBAFL_CMP_MAP_SIZE");
@@ -40,13 +43,18 @@ fn main() {
     let acc_map_size: usize = option_env!("LIBAFL_ACCOUNTING_MAP_SIZE")
         .map_or(Ok(SIXTY_FIVE_KB), str::parse)
         .expect("Could not parse LIBAFL_ACCOUNTING_MAP_SIZE");
+    let ddg_map_size: usize = option_env!("LIBAFL_DDG_MAP_SIZE")
+        .map_or(Ok(SIXTY_FIVE_KB), str::parse)
+        .expect("Could not parse LIBAFL_DDG_MAP_SIZE");
 
     write!(
         constants_file,
         "// These constants are autogenerated by build.rs
 
-        /// The size of the edges map
+        /// The default size of the edges map the fuzzer uses
-        pub const EDGES_MAP_SIZE: usize = {edges_map_size};
+        pub const EDGES_MAP_SIZE_IN_USE: usize = {edges_map_size_in_use};
+        /// The real allocated size of the edges map
+        pub const EDGES_MAP_SIZE_MAX: usize = {edges_map_size_max};
         /// The size of the cmps map
         pub const CMP_MAP_SIZE: usize = {cmp_map_size};
         /// The width of the `CmpLog` map
@@ -55,15 +63,18 @@ fn main() {
         pub const CMPLOG_MAP_H: usize = {cmplog_map_h};
         /// The size of the accounting maps
         pub const ACCOUNTING_MAP_SIZE: usize = {acc_map_size};
+        /// The size of the accounting maps
+        pub const DDG_MAP_SIZE: usize = {ddg_map_size};        
 "
     )
     .expect("Could not write file");
 
-    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE");
+    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE_IN_USE");
     println!("cargo:rerun-if-env-changed=LIBAFL_CMP_MAP_SIZE");
     println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_W");
     println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_H");
     println!("cargo:rerun-if-env-changed=LIBAFL_ACCOUNTING_MAP_SIZE");
+    println!("cargo:rerun-if-env-changed=LIBAFL_DDG_MAP_SIZE");
 
     #[cfg(feature = "common")]
     {
@@ -147,8 +158,12 @@ fn main() {
 
         cc::Build::new()
             .file(src_dir.join("coverage.c"))
-            .define("EDGES_MAP_SIZE", Some(&*format!("{edges_map_size}")))
+            .define(
+                "EDGES_MAP_SIZE_MAX",
+                Some(&*format!("{edges_map_size_max}")),
+            )
             .define("ACCOUNTING_MAP_SIZE", Some(&*format!("{acc_map_size}")))
+            .define("DDG_MAP_SIZE", Some(&*format!("{ddg_map_size}")))
             .compile("coverage");
     }
 

libafl_targets/src/coverage.c

@@ -8,10 +8,10 @@ typedef uint32_t prev_loc_t;
 /* Maximum K for top-K context sensitivity */
 #define CTX_MAX_K 32U
 
-extern uint8_t __afl_area_ptr_local[EDGES_MAP_SIZE];
+extern uint8_t __afl_area_ptr_local[EDGES_MAP_SIZE_MAX];
 uint8_t       *__afl_area_ptr = __afl_area_ptr_local;
 
-extern uint8_t __ddg_area_ptr_local[EDGES_MAP_SIZE];
+extern uint8_t __ddg_area_ptr_local[DDG_MAP_SIZE];
 uint8_t       *__ddg_area_ptr = __ddg_area_ptr_local;
 
 extern uint32_t __afl_acc_memop_ptr_local[ACCOUNTING_MAP_SIZE];

libafl_targets/src/coverage.rs

@@ -5,16 +5,16 @@ use alloc::string::String;
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 use libafl::{mutators::Tokens, Error};
 
-use crate::{ACCOUNTING_MAP_SIZE, EDGES_MAP_SIZE};
+use crate::{ACCOUNTING_MAP_SIZE, DDG_MAP_SIZE, EDGES_MAP_SIZE_MAX};
 
 /// The map for edges.
 #[no_mangle]
-pub static mut __afl_area_ptr_local: [u8; EDGES_MAP_SIZE] = [0; EDGES_MAP_SIZE];
+pub static mut __afl_area_ptr_local: [u8; EDGES_MAP_SIZE_MAX] = [0; EDGES_MAP_SIZE_MAX];
 pub use __afl_area_ptr_local as EDGES_MAP;
 
 /// The map for data dependency
 #[no_mangle]
-pub static mut __ddg_area_ptr_local: [u8; EDGES_MAP_SIZE] = [0; EDGES_MAP_SIZE];
+pub static mut __ddg_area_ptr_local: [u8; DDG_MAP_SIZE] = [0; DDG_MAP_SIZE];
 pub use __ddg_area_ptr_local as DDG_MAP;
 
 /// The map for accounting mem writes.
@@ -62,7 +62,7 @@ pub fn autotokens() -> Result<Tokens, Error> {
 
 /// The size of the map for edges.
 #[no_mangle]
-pub static mut __afl_map_size: usize = EDGES_MAP_SIZE;
+pub static mut __afl_map_size: usize = EDGES_MAP_SIZE_MAX;
 pub use __afl_map_size as EDGES_MAP_PTR_NUM;
 use libafl::observers::StdMapObserver;
 use libafl_bolts::ownedref::OwnedMutSlice;

libafl_targets/src/sancov_pcguard.rs

@@ -18,7 +18,7 @@ use crate::coverage::MAX_EDGES_NUM;
 #[cfg(feature = "pointer_maps")]
 use crate::coverage::{EDGES_MAP_PTR, EDGES_MAP_PTR_NUM};
 #[cfg(feature = "sancov_ngram4")]
-use crate::EDGES_MAP_SIZE;
+use crate::EDGES_MAP_SIZE_IN_USE;
 
 #[cfg(all(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
 #[cfg(not(any(doc, feature = "clippy")))]
@@ -187,7 +187,7 @@ unsafe fn update_ngram(pos: usize) -> usize {
         PREV_ARRAY_8.as_mut_array()[0] = pos as u32;
         reduced = PREV_ARRAY_8.reduce_xor() as usize;
     }
-    reduced %= EDGES_MAP_SIZE;
+    reduced %= EDGES_MAP_SIZE_IN_USE;
     reduced
 }
 
@@ -216,13 +216,13 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) {
     #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
     {
         pos = update_ngram(pos);
-        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE);
+        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE_IN_USE);
     }
 
     #[cfg(feature = "sancov_ctx")]
     {
         pos ^= __afl_prev_ctx as usize;
-        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE);
+        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE_IN_USE);
     }
 
     #[cfg(feature = "pointer_maps")]
@@ -279,7 +279,7 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard_init(mut start: *mut u32
         #[cfg(not(feature = "pointer_maps"))]
         {
             MAX_EDGES_NUM = MAX_EDGES_NUM.wrapping_add(1);
-            // assert!((MAX_EDGES_NUM <= EDGES_MAP.len()), "The number of edges reported by SanitizerCoverage exceed the size of the edges map ({}). Use the LIBAFL_EDGES_MAP_SIZE env to increase it at compile time.", EDGES_MAP.len());
+            assert!((MAX_EDGES_NUM <= EDGES_MAP.len()), "The number of edges reported by SanitizerCoverage exceed the size of the edges map ({}). Use the LIBAFL_EDGES_MAP_SIZE_IN_USE env to increase it at compile time.", EDGES_MAP.len());
         }
     }
 }