2.38b

legend-issue · Feb 6, 2017 · aa63ca2 · aa63ca2
1 parent 583fe7d
commit aa63ca2
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 3 deletions.
diff --git a/config.h b/config.h
@@ -21,7 +21,7 @@
 
 /* Version string: */
 
-#define VERSION             "2.37b"
+#define VERSION             "2.38b"
 
 /******************************************************
  *                                                    *

diff --git a/docs/ChangeLog b/docs/ChangeLog
@@ -16,6 +16,13 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.31b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.38b:
+--------------
+
+  - Added -mllvm -sanitizer-coverage-block-threshold=0 to trace-pc-guard
+    mode, as suggested by Kostya Serebryany.
+
 --------------
 Version 2.37b:
 --------------

diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
@@ -121,6 +121,8 @@ static void edit_params(u32 argc, char** argv) {
 
 #ifdef USE_TRACE_PC
   cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard";
+  cc_params[cc_par_cnt++] = "-mllvm";
+  cc_params[cc_par_cnt++] = "-sanitizer-coverage-block-threshold=0";
 #else
   cc_params[cc_par_cnt++] = "-Xclang";
   cc_params[cc_par_cnt++] = "-load";

diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
@@ -34,6 +34,10 @@
 #include <sys/wait.h>
 #include <sys/types.h>
 
+/* This is a somewhat ugly hack for the experimental 'trace-pc-guard' mode.
+   Basically, we need to make sure that the forkserver is initialized after
+   the LLVM-generated runtime initialization pass, not before. */
+
 #ifdef USE_TRACE_PC
 #  define CONST_PRIO 5
 #else
@@ -260,14 +264,14 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) {
    The first function (__sanitizer_cov_trace_pc_guard) is called back on every
    edge (as opposed to every basic block). */
 
-
 void __sanitizer_cov_trace_pc_guard(uint32_t* guard) {
   __afl_area_ptr[*guard]++;
 }
 
 
 /* Init callback. Populates instrumentation IDs. Note that we're using
-   ID of 0 as a special value to indicate non-instrumented bits. */
+   ID of 0 as a special value to indicate non-instrumented bits. That may
+   still touch the bitmap, but in a fairly harmless way. */
 
 void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) {