2.39b

afl-cmin

@@ -240,13 +240,23 @@ fi
 IN_COUNT=$((`ls -- "$IN_DIR" 2>/dev/null | wc -l`))
 
 if [ "$IN_COUNT" = "0" ]; then
-  echo "No inputs in the target directory - nothing to be done."
+  echo "[+] Hmm, no inputs in the target directory. Nothing to be done."
   rm -rf "$TRACE_DIR"
   exit 1
 fi
 
 FIRST_FILE=`ls "$IN_DIR" | head -1`
 
+# Make sure that we're not dealing with a directory.
+
+if [ -d "$IN_DIR/$FIRST_FILE" ]; then
+  echo "[-] Error: The target directory contains subdirectories - please fix." 1>&2
+  rm -rf "$TRACE_DIR"
+  exit 1
+fi
+
+# Check for the more efficient way to copy files...
+
 if ln "$IN_DIR/$FIRST_FILE" "$TRACE_DIR/.link_test" 2>/dev/null; then
   CP_TOOL=ln
 else
@@ -384,7 +394,7 @@ sort -k1,1 -s -u "$TRACE_DIR/.candidate_list" | \
   sed 's/^/BEST_FILE[/;s/ /]="/;s/$/"/' >"$TRACE_DIR/.candidate_script"
 
 if [ ! -s "$TRACE_DIR/.candidate_script" ]; then
-  echo "[-] Error: no traces obtained from test cases, check syntax!"
+  echo "[-] Error: no traces obtained from test cases, check syntax!" 1>&2
   test "$AFL_KEEP_TRACES" = "" && rm -rf "$TRACE_DIR"
   exit 1
 fi

config.h

@@ -21,7 +21,7 @@
 
 /* Version string: */
 
-#define VERSION             "2.38b"
+#define VERSION             "2.39b"
 
 /******************************************************
  *                                                    *

docs/ChangeLog

@@ -16,6 +16,16 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.31b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.39b:
+--------------
+
+  - Improved error reporting in afl-cmin. Suggested by floyd.
+
+  - Made a minor tweak to trace-pc-guard support. Suggested by kcc.
+
+  - Added a mention of afl-monitor.
+
 --------------
 Version 2.38b:
 --------------

docs/sister_projects.txt

@@ -148,6 +148,13 @@ afl-sid (Jacek Wielemborek)
 
   https://github.com/d33tah/afl-sid
 
+afl-monitor (Paul S. Ziegler)
+-----------------------------
+
+  Provides more detailed and versatile statistics about your running AFL jobs.
+
+  https://github.com/reflare/afl-monitor
+
 -----------------------------------------------------------
 Crash triage, coverage analysis, and other companion tools:
 -----------------------------------------------------------

llvm_mode/README.llvm

@@ -182,7 +182,9 @@ this way:
 
   AFL_TRACE_PC=1 make clean all
 
-Note that this mode is currently about 20-30% slower than "vanilla"
-afl-clang-fast, and about 5-10% slower than afl-clang. I am not entirely sure
-why.
+Note that this mode is currently about 20% slower than "vanilla" afl-clang-fast,
+and about 5-10% slower than afl-clang. This is likely because the
+instrumentation is not inlined, and instead involves a function call. On systems
+that support it, compiling your target with -flto should help.
+
 

llvm_mode/afl-clang-fast.c

@@ -315,7 +315,11 @@ int main(int argc, char** argv) {
 
   if (isatty(2) && !getenv("AFL_QUIET")) {
 
+#ifdef USE_TRACE_PC
+    SAYF(cCYA "afl-clang-fast [tpcg] " cBRI VERSION  cRST " by <[email protected]>\n");
+#else
     SAYF(cCYA "afl-clang-fast " cBRI VERSION  cRST " by <[email protected]>\n");
+#endif /* ^USE_TRACE_PC */
 
   }
 

llvm_mode/afl-llvm-rt.o.c

@@ -278,6 +278,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) {
   u32 inst_ratio = 100;
   u8* x;
 
+  if (start == stop || *start) return;
+
   x = getenv("AFL_INST_RATIO");
   if (x) inst_ratio = atoi(x);
 
@@ -286,6 +288,12 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) {
     abort();
   }
 
+  /* Make sure that the first element in the range is always set - we use that
+     to avoid duplicate calls (which can happen as an artifact of the underlying
+     implementation in LLVM). */
+
+  *(start++) = R(MAP_SIZE - 1) + 1;
+
   while (start < stop) {
 
     if (R(100) < inst_ratio) *start = R(MAP_SIZE - 1) + 1;