libaf_targets: new structure to isolate sancov

fuzzers/libfuzzer_stb_image/Cargo.toml

@@ -17,7 +17,8 @@ debug = true
 
 [dependencies]
 libafl = { path = "../../libafl/" }
-libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_edges", "sancov_cmplog", "libfuzzer"] }
+
+libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_edges", "libfuzzer"] }
 
 [build-dependencies]
 cc = { version = "1.0", features = ["parallel"] }

libafl_targets/Cargo.toml

@@ -13,9 +13,11 @@ edition = "2018"
 [features]
 default = []
 libfuzzer = []
+sancov_pcguard_edges = []
+sancov_pcguard_hitcounts = []
 sancov_value_profile = []
 sancov_cmplog = []
-pcguard = ["pcguard_hitcounts"]
+sancov_pcguard = ["sancov_pcguard_hitcounts"]
 clippy = [] # Ignore compiler warnings during clippy
 
 [build-dependencies]

libafl_targets/src/cmplog.h

@@ -30,7 +30,7 @@ extern CmpLogMap libafl_cmplog_map;
 extern uint8_t libafl_cmplog_enabled;
 
 
-void __libafl_targets_cmplog(uintptr_t k, uint8_t shape, uint64_t arg1, uint64_t arg2) {
+static void __libafl_targets_cmplog(uintptr_t k, uint8_t shape, uint64_t arg1, uint64_t arg2) {
 
 
   if (!libafl_cmplog_enabled) return;

libafl_targets/src/lib.rs

@@ -1,8 +1,5 @@
 //! `libafl_targets` contains runtime code, injected in the target itself during compilation.
 
-#[macro_use]
-extern crate serde_big_array;
-
 #[cfg(any(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
 pub mod sancov_pcguard;
 #[cfg(any(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
@@ -13,6 +10,9 @@ pub mod libfuzzer;
 #[cfg(feature = "libfuzzer")]
 pub use libfuzzer::*;
 
+pub mod coverage;
+pub use coverage::*;
+
 pub mod value_profile;
 pub use value_profile::*;
 

libafl_targets/src/sancov_cmp.c

@@ -33,6 +33,9 @@ void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
   __libafl_targets_value_profile1(k, arg1, arg2);
 #endif
+#ifdef SANCOV_CMPLOG
+  __libafl_targets_cmplog(k, 1, (uint64_t)arg1, (uint64_t)arg2);
+#endif
 
 }
 
@@ -47,6 +50,9 @@ void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
   __libafl_targets_value_profile2(k, arg1, arg2);
 #endif
+#ifdef SANCOV_CMPLOG
+  __libafl_targets_cmplog(k, 2, (uint64_t)arg1, (uint64_t)arg2);
+#endif
 
 }
 
@@ -61,6 +67,9 @@ void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
   __libafl_targets_value_profile4(k, arg1, arg2);
 #endif
+#ifdef SANCOV_CMPLOG
+  __libafl_targets_cmplog(k, 4, (uint64_t)arg1, (uint64_t)arg2);
+#endif
 
 }
 
@@ -81,6 +90,9 @@ void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
   __libafl_targets_value_profile8(k, arg1, arg2);
 #endif
+#ifdef SANCOV_CMPLOG
+  __libafl_targets_cmplog(k, 8, (uint64_t)arg1, (uint64_t)arg2);
+#endif
 
 }
 
@@ -88,6 +100,8 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
 
   uintptr_t rt = RETADDR;
 
+  // if (!cases[1]) return;
+
   for (uint64_t i = 0; i < cases[0]; i++) {
 
     uintptr_t k = rt + i;
@@ -110,6 +124,10 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
         break;
     }
 #endif
+#ifdef SANCOV_CMPLOG
+    __libafl_targets_cmplog(k, cases[1] / 8, val, cases[i + 2]);
+#endif
+
 
 
   }

libafl_targets/src/sancov_pcguard.rs

@@ -1,6 +1,6 @@
 //! [`LLVM` `PcGuard`](https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards) runtime for `LibAFL`.
 
-use crate::coverage::{EDGES_MAP, EDGES_MAP_SIZE, MAX_EDGES_NUM};
+use crate::coverage::*;
 
 #[cfg(all(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
 #[cfg(not(any(doc, feature = "clippy")))]