From a08fadf3cb0b0beffc0e4f9e6400eebf95b8f48b Mon Sep 17 00:00:00 2001
From: Thomas HUET <git@thomash.fr>
Date: Mon, 6 Feb 2017 19:29:27 +0100
Subject: [PATCH] 2.39b

---
 afl-cmin                   | 14 ++++++++++++--
 config.h                   |  2 +-
 docs/ChangeLog             | 10 ++++++++++
 docs/sister_projects.txt   |  7 +++++++
 llvm_mode/README.llvm      |  8 +++++---
 llvm_mode/afl-clang-fast.c |  4 ++++
 llvm_mode/afl-llvm-rt.o.c  |  8 ++++++++
 7 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/afl-cmin b/afl-cmin
index 5af4b774..70e5dac2 100755
--- a/afl-cmin
+++ b/afl-cmin
@@ -240,13 +240,23 @@ fi
 IN_COUNT=$((`ls -- "$IN_DIR" 2>/dev/null | wc -l`))
 
 if [ "$IN_COUNT" = "0" ]; then
-  echo "No inputs in the target directory - nothing to be done."
+  echo "[+] Hmm, no inputs in the target directory. Nothing to be done."
   rm -rf "$TRACE_DIR"
   exit 1
 fi
 
 FIRST_FILE=`ls "$IN_DIR" | head -1`
 
+# Make sure that we're not dealing with a directory.
+
+if [ -d "$IN_DIR/$FIRST_FILE" ]; then
+  echo "[-] Error: The target directory contains subdirectories - please fix." 1>&2
+  rm -rf "$TRACE_DIR"
+  exit 1
+fi
+
+# Check for the more efficient way to copy files...
+
 if ln "$IN_DIR/$FIRST_FILE" "$TRACE_DIR/.link_test" 2>/dev/null; then
   CP_TOOL=ln
 else
@@ -384,7 +394,7 @@ sort -k1,1 -s -u "$TRACE_DIR/.candidate_list" | \
   sed 's/^/BEST_FILE[/;s/ /]="/;s/$/"/' >"$TRACE_DIR/.candidate_script"
 
 if [ ! -s "$TRACE_DIR/.candidate_script" ]; then
-  echo "[-] Error: no traces obtained from test cases, check syntax!"
+  echo "[-] Error: no traces obtained from test cases, check syntax!" 1>&2
   test "$AFL_KEEP_TRACES" = "" && rm -rf "$TRACE_DIR"
   exit 1
 fi
diff --git a/config.h b/config.h
index 2fdef500..511235b6 100644
--- a/config.h
+++ b/config.h
@@ -21,7 +21,7 @@
 
 /* Version string: */
 
-#define VERSION             "2.38b"
+#define VERSION             "2.39b"
 
 /******************************************************
  *                                                    *
diff --git a/docs/ChangeLog b/docs/ChangeLog
index 3eb01a73..1112df2f 100644
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@@ -16,6 +16,16 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.31b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.39b:
+--------------
+
+  - Improved error reporting in afl-cmin. Suggested by floyd.
+
+  - Made a minor tweak to trace-pc-guard support. Suggested by kcc.
+
+  - Added a mention of afl-monitor.
+
 --------------
 Version 2.38b:
 --------------
diff --git a/docs/sister_projects.txt b/docs/sister_projects.txt
index 1434e37f..4a7ebdc2 100644
--- a/docs/sister_projects.txt
+++ b/docs/sister_projects.txt
@@ -148,6 +148,13 @@ afl-sid (Jacek Wielemborek)
 
   https://github.com/d33tah/afl-sid
 
+afl-monitor (Paul S. Ziegler)
+-----------------------------
+
+  Provides more detailed and versatile statistics about your running AFL jobs.
+
+  https://github.com/reflare/afl-monitor
+
 -----------------------------------------------------------
 Crash triage, coverage analysis, and other companion tools:
 -----------------------------------------------------------
diff --git a/llvm_mode/README.llvm b/llvm_mode/README.llvm
index d96d8c31..349d0e2f 100644
--- a/llvm_mode/README.llvm
+++ b/llvm_mode/README.llvm
@@ -182,7 +182,9 @@ this way:
 
   AFL_TRACE_PC=1 make clean all
 
-Note that this mode is currently about 20-30% slower than "vanilla"
-afl-clang-fast, and about 5-10% slower than afl-clang. I am not entirely sure
-why.
+Note that this mode is currently about 20% slower than "vanilla" afl-clang-fast,
+and about 5-10% slower than afl-clang. This is likely because the
+instrumentation is not inlined, and instead involves a function call. On systems
+that support it, compiling your target with -flto should help.
+
 
diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
index 4f7fe475..d4202a63 100644
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@@ -315,7 +315,11 @@ int main(int argc, char** argv) {
 
   if (isatty(2) && !getenv("AFL_QUIET")) {
 
+#ifdef USE_TRACE_PC
+    SAYF(cCYA "afl-clang-fast [tpcg] " cBRI VERSION  cRST " by <lszekeres@google.com>\n");
+#else
     SAYF(cCYA "afl-clang-fast " cBRI VERSION  cRST " by <lszekeres@google.com>\n");
+#endif /* ^USE_TRACE_PC */
 
   }
 
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
index 905c76ff..ed3a664c 100644
--- a/llvm_mode/afl-llvm-rt.o.c
+++ b/llvm_mode/afl-llvm-rt.o.c
@@ -278,6 +278,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) {
   u32 inst_ratio = 100;
   u8* x;
 
+  if (start == stop || *start) return;
+
   x = getenv("AFL_INST_RATIO");
   if (x) inst_ratio = atoi(x);
 
@@ -286,6 +288,12 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) {
     abort();
   }
 
+  /* Make sure that the first element in the range is always set - we use that
+     to avoid duplicate calls (which can happen as an artifact of the underlying
+     implementation in LLVM). */
+
+  *(start++) = R(MAP_SIZE - 1) + 1;
+
   while (start < stop) {
 
     if (R(100) < inst_ratio) *start = R(MAP_SIZE - 1) + 1;