diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-08-28 18:42:21 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-08-28 18:42:21 +0200 |
| commit | 733c8e4c349562fd02d0238be486ecbdf0640fd0 (patch) | |
| tree | 7a7b67f535581f091a9201048812b01cba66da44 /unicorn_mode | |
| parent | 80f175daac0e2dac12aad908abb19316e85552c8 (diff) | |
| download | AFLplusplus-733c8e4c349562fd02d0238be486ecbdf0640fd0.tar.gz | |
better neverzero with adc + neverzero for compcov
Diffstat (limited to 'unicorn_mode')
| -rw-r--r-- | unicorn_mode/patches/afl-unicorn-cpu-inl.h | 3 | ||||
| -rw-r--r-- | unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h | 36 |
2 files changed, 26 insertions, 13 deletions
diff --git a/unicorn_mode/patches/afl-unicorn-cpu-inl.h b/unicorn_mode/patches/afl-unicorn-cpu-inl.h index 28400357..187a0ce6 100644 --- a/unicorn_mode/patches/afl-unicorn-cpu-inl.h +++ b/unicorn_mode/patches/afl-unicorn-cpu-inl.h @@ -252,8 +252,7 @@ static inline void afl_maybe_log(struct uc_struct* uc, unsigned long cur_loc) { #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) asm volatile ( "incb (%0, %1, 1)\n" - "seto %%al\n" - "addb %%al, (%0, %1, 1)\n" + "adc $0, (%0, %1, 1)\n" : /* no out */ : "r" (uc->afl_area_ptr), "r" (afl_idx) : "memory", "eax" diff --git a/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h b/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h index 9e56484b..e59d7b15 100644 --- a/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h +++ b/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h @@ -32,13 +32,27 @@ #include "uc_priv.h" +#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) +# define INC_AFL_AREA(loc) \ + asm volatile ( \ + "incb (%0, %1, 1)\n" \ + "adc $0, (%0, %1, 1)\n" \ + : /* no out */ \ + : "r" (uc->afl_area_ptr), "r" (loc) \ + : "memory", "eax" \ + ) +#else +# define INC_AFL_AREA(loc) \ + uc->afl_area_ptr[loc]++ +#endif + void HELPER(afl_compcov_log_16)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1, uint64_t arg2) { struct uc_struct* uc = uc_ptr; if ((arg1 & 0xff) == (arg2 & 0xff)) { - uc->afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); } } @@ -48,11 +62,11 @@ void HELPER(afl_compcov_log_32)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1, struct uc_struct* uc = uc_ptr; if ((arg1 & 0xff) == (arg2 & 0xff)) { - uc->afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); if ((arg1 & 0xffff) == (arg2 & 0xffff)) { - uc->afl_area_ptr[cur_loc +1]++; + INC_AFL_AREA(cur_loc +1); if ((arg1 & 0xffffff) == (arg2 & 0xffffff)) { - uc->afl_area_ptr[cur_loc +2]++; + INC_AFL_AREA(cur_loc +2); } } } @@ -64,19 +78,19 @@ void HELPER(afl_compcov_log_64)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1, struct uc_struct* uc = uc_ptr; if ((arg1 & 0xff) == (arg2 & 0xff)) { - uc->afl_area_ptr[cur_loc]++; + INC_AFL_AREA(cur_loc); if ((arg1 & 0xffff) == (arg2 & 0xffff)) { - uc->afl_area_ptr[cur_loc +1]++; + INC_AFL_AREA(cur_loc +1); if ((arg1 & 0xffffff) == (arg2 & 0xffffff)) { - uc->afl_area_ptr[cur_loc +2]++; + INC_AFL_AREA(cur_loc +2); if ((arg1 & 0xffffffff) == (arg2 & 0xffffffff)) { - uc->afl_area_ptr[cur_loc +3]++; + INC_AFL_AREA(cur_loc +3); if ((arg1 & 0xffffffffff) == (arg2 & 0xffffffffff)) { - uc->afl_area_ptr[cur_loc +4]++; + INC_AFL_AREA(cur_loc +4); if ((arg1 & 0xffffffffffff) == (arg2 & 0xffffffffffff)) { - uc->afl_area_ptr[cur_loc +5]++; + INC_AFL_AREA(cur_loc +5); if ((arg1 & 0xffffffffffffff) == (arg2 & 0xffffffffffffff)) { - uc->afl_area_ptr[cur_loc +6]++; + INC_AFL_AREA(cur_loc +6); } } } |