Revert "Revert splitting libafl_edges_map_max and libafl_edges_map_in_use" (#2082)

* Revert "Revert splitting libafl_edges_map_max and libafl_edges_map_in_use (#2…"

This reverts commit c68b3816fb680b635f99c337f78185e699864705.

* all

* more

fuzzers/forkserver_libafl_cc/src/main.rs

@@ -25,7 +25,7 @@ use libafl_bolts::{
     tuples::{tuple_list, MatchName, Merge},
     AsMutSlice, Truncate,
 };
-use libafl_targets::{EDGES_MAP_PTR, EDGES_MAP_SIZE};
+use libafl_targets::{EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE};
 use nix::sys::signal::Signal;
 
 /// The commandline args this fuzzer accepts
@@ -86,7 +86,7 @@ struct Opt {
 
 #[allow(clippy::similar_names)]
 pub fn main() {
-    const MAP_SIZE: usize = EDGES_MAP_SIZE; //65536;
+    const MAP_SIZE: usize = EDGES_MAP_SIZE_IN_USE; //65536;
     let opt = Opt::parse();
 
     let corpus_dirs: Vec<PathBuf> = [opt.in_dir].to_vec();
@@ -99,7 +99,8 @@ pub fn main() {
     // let the forkserver know the shmid
     shmem.write_to_env("__AFL_SHM_ID").unwrap();
     let shmem_buf = shmem.as_mut_slice();
-    unsafe { EDGES_MAP_PTR = shmem_buf.as_mut_ptr() };
+    // the next line is not needed
+    // unsafe { EDGES_MAP_PTR = shmem_buf.as_mut_ptr() };
 
     // Create an observation channel using the signals map
     let edges_observer = unsafe {

fuzzers/fuzzbench_ctx/src/lib.rs

@@ -55,7 +55,7 @@ use libafl_bolts::{
 use libafl_targets::autotokens;
 use libafl_targets::{
     edges_map_mut_ptr, libfuzzer_initialize, libfuzzer_test_one_input, CmpLogObserver, CtxHook,
-    EDGES_MAP_SIZE,
+    EDGES_MAP_SIZE_IN_USE,
 };
 #[cfg(unix)]
 use nix::unistd::dup;
@@ -250,7 +250,7 @@ fn fuzz(
     let edges_observer = HitcountsMapObserver::new(unsafe {
         StdMapObserver::from_mut_slice(
             "edges",
-            OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_SIZE),
+            OwnedMutSlice::from_raw_parts_mut(edges_map_mut_ptr(), EDGES_MAP_SIZE_IN_USE),
         )
     })
     .track_indices();

fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs

@@ -47,7 +47,7 @@ use libafl_bolts::{
 };
 use libafl_qemu::{
     cmplog::{CmpLogMap, CmpLogObserver, QemuCmpLogChildHelper},
-    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE},
+    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE},
     elf::EasyElf,
     filter_qemu_args,
     hooks::QemuHooks,
@@ -208,7 +208,7 @@ fn fuzz(
 
     let mut shmem_provider = StdShMemProvider::new()?;
 
-    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE).unwrap();
+    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE_IN_USE).unwrap();
     let edges = edges_shmem.as_mut_slice();
     unsafe { EDGES_MAP_PTR = edges.as_mut_ptr() };
 
@@ -235,7 +235,7 @@ fn fuzz(
 
     // Create an observation channel using the coverage map
     let edges_observer = unsafe {
-        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE>::from_mut_ptr(
+        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE_IN_USE>::from_mut_ptr(
             "edges",
             edges.as_mut_ptr(),
         ))

fuzzers/qemu_cmin/src/fuzzer.rs

@@ -28,7 +28,7 @@ use libafl_bolts::{
     AsMutSlice, AsSlice,
 };
 use libafl_qemu::{
-    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE},
+    edges::{QemuEdgeCoverageChildHelper, EDGES_MAP_PTR, EDGES_MAP_SIZE_IN_USE},
     elf::EasyElf,
     emu::Emulator,
     ArchExtras, CallingConvention, GuestAddr, GuestReg, MmapPerms, Qemu, QemuExitReason,
@@ -158,12 +158,12 @@ pub fn fuzz() -> Result<(), Error> {
         },
     };
 
-    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE).unwrap();
+    let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_SIZE_IN_USE).unwrap();
     let edges = edges_shmem.as_mut_slice();
     unsafe { EDGES_MAP_PTR = edges.as_mut_ptr() };
 
     let edges_observer = unsafe {
-        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE>::from_mut_ptr(
+        HitcountsMapObserver::new(ConstMapObserver::<_, EDGES_MAP_SIZE_IN_USE>::from_mut_ptr(
             "edges",
             edges.as_mut_ptr(),
         ))

libafl_cc/build.rs

@@ -238,7 +238,7 @@ fn main() {
     println!("cargo:rerun-if-env-changed=LLVM_CXXFLAGS");
     println!("cargo:rerun-if-env-changed=LLVM_LDFLAGS");
     println!("cargo:rerun-if-env-changed=LLVM_VERSION");
-    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE");
+    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE_IN_USE");
     println!("cargo:rerun-if-env-changed=LIBAFL_ACCOUNTING_MAP_SIZE");
     println!("cargo:rerun-if-env-changed=LIBAFL_DDG_MAP_SIZE");
     println!("cargo:rerun-if-changed=src/common-llvm.h");
@@ -311,10 +311,13 @@ pub const LIBAFL_CC_LLVM_VERSION: Option<usize> = None;
     };
     let mut cxxflags: Vec<String> = cxxflags.split_whitespace().map(String::from).collect();
 
-    let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE")
+    let edges_map_size_in_use: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE")
         .map_or(Ok(65_536), str::parse)
-        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
-    cxxflags.push(format!("-DEDGES_MAP_SIZE={edges_map_size}"));
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
+    let edges_map_size_max: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_MAX")
+        .map_or(Ok(2_621_440), str::parse)
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
+    cxxflags.push(format!("-DEDGES_MAP_SIZE_IN_USE={edges_map_size_in_use}"));
 
     let acc_map_size: usize = option_env!("LIBAFL_ACCOUNTING_MAP_SIZE")
         .map_or(Ok(65_536), str::parse)
@@ -344,7 +347,9 @@ pub const LIBAFL_CC_LLVM_VERSION: Option<usize> = None;
         pub const CLANGXX_PATH: &str = {clangcpp:?};
 
         /// The default size of the edges map the fuzzer uses
-        pub const EDGES_MAP_SIZE: usize = {edges_map_size};
+        pub const EDGES_MAP_SIZE_IN_USE: usize = {edges_map_size_in_use};
+        /// The real allocated size of the edges map
+        pub const EDGES_MAP_SIZE_MAX: usize = {edges_map_size_max};
 
         /// The size of the accounting maps
         pub const ACCOUNTING_MAP_SIZE: usize = {acc_map_size};

libafl_cc/src/cfg.rs

@@ -95,9 +95,9 @@ where
     /// Inserts an edge into CFG.
     #[must_use]
     pub fn new() -> Self {
-        let map_size = option_env!("LIBAFL_EDGES_MAP_SIZE")
+        let map_size = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE")
             .map_or(Ok(65536), str::parse)
-            .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
+            .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
         Self {
             edges: (0..map_size).map(|_| None).collect(),
             func_to_entry_bb: HashMap::default(),

libafl_cc/src/ctx-pass.cc

@@ -64,7 +64,7 @@
 
 using namespace llvm;
 
-#define MAP_SIZE EDGES_MAP_SIZE
+#define MAP_SIZE EDGES_MAP_SIZE_IN_USE
 
 namespace {
 

libafl_qemu/src/edges.rs

@@ -7,7 +7,7 @@ use libafl_qemu_sys::GuestAddr;
 use libafl_qemu_sys::GuestPhysAddr;
 pub use libafl_targets::{
     edges_map_mut_ptr, edges_map_mut_slice, edges_max_num, std_edges_map_observer, EDGES_MAP,
-    EDGES_MAP_PTR, EDGES_MAP_PTR_NUM, EDGES_MAP_SIZE, MAX_EDGES_NUM,
+    EDGES_MAP_PTR, EDGES_MAP_PTR_NUM, EDGES_MAP_SIZE_IN_USE, MAX_EDGES_NUM,
 };
 use serde::{Deserialize, Serialize};
 
@@ -553,7 +553,7 @@ where
     match meta.map.entry((src, dest)) {
         Entry::Occupied(e) => {
             let id = *e.get();
-            let nxt = (id as usize + 1) & (EDGES_MAP_SIZE - 1);
+            let nxt = (id as usize + 1) & (EDGES_MAP_SIZE_IN_USE - 1);
             unsafe {
                 MAX_EDGES_NUM = max(MAX_EDGES_NUM, nxt);
             }
@@ -562,7 +562,7 @@ where
         Entry::Vacant(e) => {
             let id = meta.current_id;
             e.insert(id);
-            meta.current_id = (id + 1) & (EDGES_MAP_SIZE as u64 - 1);
+            meta.current_id = (id + 1) & (EDGES_MAP_SIZE_IN_USE as u64 - 1);
             unsafe {
                 MAX_EDGES_NUM = meta.current_id as usize;
             }

libafl_targets/build.rs

@@ -2,6 +2,7 @@
 
 use std::{env, fs::File, io::Write, path::Path};
 
+const TWO_MB: usize = 2_621_440;
 const SIXTY_FIVE_KB: usize = 65_536;
 
 #[rustversion::nightly]
@@ -24,9 +25,12 @@ fn main() {
     let dest_path = Path::new(&out_dir).join("constants.rs");
     let mut constants_file = File::create(dest_path).expect("Could not create file");
 
-    let edges_map_size: usize = option_env!("LIBAFL_EDGES_MAP_SIZE")
+    let edges_map_size_max: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_MAX")
+        .map_or(Ok(TWO_MB), str::parse)
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_MAX");
+    let edges_map_size_in_use: usize = option_env!("LIBAFL_EDGES_MAP_SIZE_IN_USE")
         .map_or(Ok(SIXTY_FIVE_KB), str::parse)
-        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE");
+        .expect("Could not parse LIBAFL_EDGES_MAP_SIZE_IN_USE");
     let cmp_map_size: usize = option_env!("LIBAFL_CMP_MAP_SIZE")
         .map_or(Ok(SIXTY_FIVE_KB), str::parse)
         .expect("Could not parse LIBAFL_CMP_MAP_SIZE");
@@ -48,7 +52,9 @@ fn main() {
         "// These constants are autogenerated by build.rs
 
         /// The default size of the edges map the fuzzer uses
-        pub const EDGES_MAP_SIZE: usize = {edges_map_size};
+        pub const EDGES_MAP_SIZE_IN_USE: usize = {edges_map_size_in_use};
+        /// The real allocated size of the edges map
+        pub const EDGES_MAP_SIZE_MAX: usize = {edges_map_size_max};
         /// The size of the cmps map
         pub const CMP_MAP_SIZE: usize = {cmp_map_size};
         /// The width of the `CmpLog` map
@@ -63,7 +69,7 @@ fn main() {
     )
     .expect("Could not write file");
 
-    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE");
+    println!("cargo:rerun-if-env-changed=LIBAFL_EDGES_MAP_SIZE_IN_USE");
     println!("cargo:rerun-if-env-changed=LIBAFL_CMP_MAP_SIZE");
     println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_W");
     println!("cargo:rerun-if-env-changed=LIBAFL_CMPLOG_MAP_H");
@@ -152,7 +158,10 @@ fn main() {
 
         cc::Build::new()
             .file(src_dir.join("coverage.c"))
-            .define("EDGES_MAP_SIZE", Some(&*format!("{edges_map_size}")))
+            .define(
+                "EDGES_MAP_SIZE_MAX",
+                Some(&*format!("{edges_map_size_max}")),
+            )
             .define("ACCOUNTING_MAP_SIZE", Some(&*format!("{acc_map_size}")))
             .define("DDG_MAP_SIZE", Some(&*format!("{ddg_map_size}")))
             .compile("coverage");

libafl_targets/src/coverage.c

@@ -8,7 +8,7 @@ typedef uint32_t prev_loc_t;
 /* Maximum K for top-K context sensitivity */
 #define CTX_MAX_K 32U
 
-extern uint8_t __afl_area_ptr_local[EDGES_MAP_SIZE];
+extern uint8_t __afl_area_ptr_local[EDGES_MAP_SIZE_MAX];
 uint8_t       *__afl_area_ptr = __afl_area_ptr_local;
 
 extern uint8_t __ddg_area_ptr_local[DDG_MAP_SIZE];

libafl_targets/src/coverage.rs

@@ -5,11 +5,11 @@ use alloc::string::String;
 #[cfg(any(target_os = "linux", target_vendor = "apple"))]
 use libafl::{mutators::Tokens, Error};
 
-use crate::{ACCOUNTING_MAP_SIZE, DDG_MAP_SIZE, EDGES_MAP_SIZE};
+use crate::{ACCOUNTING_MAP_SIZE, DDG_MAP_SIZE, EDGES_MAP_SIZE_IN_USE, EDGES_MAP_SIZE_MAX};
 
 /// The map for edges.
 #[no_mangle]
-pub static mut __afl_area_ptr_local: [u8; EDGES_MAP_SIZE] = [0; EDGES_MAP_SIZE];
+pub static mut __afl_area_ptr_local: [u8; EDGES_MAP_SIZE_MAX] = [0; EDGES_MAP_SIZE_MAX];
 pub use __afl_area_ptr_local as EDGES_MAP;
 
 /// The map for data dependency
@@ -62,7 +62,7 @@ pub fn autotokens() -> Result<Tokens, Error> {
 
 /// The size of the map for edges.
 #[no_mangle]
-pub static mut __afl_map_size: usize = EDGES_MAP_SIZE;
+pub static mut __afl_map_size: usize = EDGES_MAP_SIZE_IN_USE;
 pub use __afl_map_size as EDGES_MAP_PTR_NUM;
 use libafl::observers::StdMapObserver;
 use libafl_bolts::ownedref::OwnedMutSlice;

libafl_targets/src/sancov_pcguard.rs

@@ -14,14 +14,13 @@ use libafl::executors::{hooks::ExecutorHook, HasObservers};
     feature = "sancov_pcguard_hitcounts",
     feature = "sancov_ctx",
     feature = "sancov_ngram4",
-    feature = "sancov_ngram8",
 ))]
 use crate::coverage::EDGES_MAP;
 use crate::coverage::MAX_EDGES_NUM;
 #[cfg(feature = "pointer_maps")]
 use crate::coverage::{EDGES_MAP_PTR, EDGES_MAP_PTR_NUM};
 #[cfg(feature = "sancov_ngram4")]
-use crate::EDGES_MAP_SIZE;
+use crate::EDGES_MAP_SIZE_IN_USE;
 
 #[cfg(all(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
 #[cfg(not(any(doc, feature = "clippy")))]
@@ -190,7 +189,7 @@ unsafe fn update_ngram(pos: usize) -> usize {
         PREV_ARRAY_8.as_mut_array()[0] = pos as u32;
         reduced = PREV_ARRAY_8.reduce_xor() as usize;
     }
-    reduced %= EDGES_MAP_SIZE;
+    reduced %= EDGES_MAP_SIZE_IN_USE;
     reduced
 }
 
@@ -219,13 +218,13 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) {
     #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
     {
         pos = update_ngram(pos);
-        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE);
+        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE_IN_USE);
     }
 
     #[cfg(feature = "sancov_ctx")]
     {
         pos ^= __afl_prev_ctx as usize;
-        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE);
+        // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE_IN_USE);
     }
 
     #[cfg(feature = "pointer_maps")]
@@ -282,7 +281,7 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard_init(mut start: *mut u32
         #[cfg(not(feature = "pointer_maps"))]
         {
             MAX_EDGES_NUM = MAX_EDGES_NUM.wrapping_add(1);
-            assert!((MAX_EDGES_NUM <= EDGES_MAP.len()), "The number of edges reported by SanitizerCoverage exceed the size of the edges map ({}). Use the LIBAFL_EDGES_MAP_SIZE env to increase it at compile time.", EDGES_MAP.len());
+            assert!((MAX_EDGES_NUM <= EDGES_MAP.len()), "The number of edges reported by SanitizerCoverage exceed the size of the edges map ({}). Use the LIBAFL_EDGES_MAP_SIZE_IN_USE env to increase it at compile time.", EDGES_MAP.len());
         }
     }
 }