Fix redundant xor in Ngram calculation (AFLplusplus#1901)

* fix double xor * tmp * clp * no notnightly * fix * plural
rmalmain · Mar 7, 2024 · 9a2e7b0 · 9a2e7b0
1 parent 2ac0750
commit 9a2e7b0
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 15 deletions.
diff --git a/fuzzers/libfuzzer_libpng_centralized/src/lib.rs b/fuzzers/libfuzzer_libpng_centralized/src/lib.rs
@@ -201,7 +201,7 @@ pub extern "C" fn libafl_main() {
 
         // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
         #[cfg(target_os = "linux")]
-        let mut executor = InProcessExecutor::batched_timeouts(
+        let mut executor = InProcessExecutor::batched_timeout(
             &mut harness,
             tuple_list!(edges_observer, time_observer),
             &mut fuzzer,

diff --git a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs
@@ -202,7 +202,7 @@ pub extern "C" fn libafl_main() {
 
         // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
         #[cfg(target_os = "linux")]
-        let mut executor = InProcessExecutor::batched_timeouts(
+        let mut executor = InProcessExecutor::batched_timeout(
             &mut harness,
             tuple_list!(edges_observer, time_observer),
             &mut fuzzer,

diff --git a/libafl_targets/src/sancov_pcguard.rs b/libafl_targets/src/sancov_pcguard.rs
@@ -20,14 +20,33 @@ compile_error!(
     "the libafl_targets `sancov_pcguard_edges` and `sancov_pcguard_hitcounts` features are mutually exclusive."
 );
 
+#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
+use core::ops::ShlAssign;
+
 #[cfg(feature = "sancov_ngram4")]
 #[rustversion::nightly]
 type Ngram4 = core::simd::u32x4;
 
+#[cfg(feature = "sancov_ngram8")]
+#[rustversion::nightly]
+type Ngram8 = core::simd::u32x8;
+
 /// The array holding the previous locs. This is required for NGRAM-4 instrumentation
 #[cfg(feature = "sancov_ngram4")]
 #[rustversion::nightly]
-pub static mut PREV_ARRAY: Ngram4 = Ngram4::from_array([0, 0, 0, 0]);
+pub static mut PREV_ARRAY_4: Ngram4 = Ngram4::from_array([0, 0, 0, 0]);
+
+#[cfg(feature = "sancov_ngram8")]
+#[rustversion::nightly]
+pub static mut PREV_ARRAY_8: Ngram8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0]);
+
+#[cfg(feature = "sancov_ngram4")]
+#[rustversion::nightly]
+pub static SHR_4: Ngram4 = Ngram4::from_array([1, 1, 1, 1]);
+
+#[cfg(feature = "sancov_ngram8")]
+#[rustversion::nightly]
+pub static SHR_8: Ngram8 = Ngram8::from_array([1, 1, 1, 1, 1, 1, 1, 1]);
 
 /// The hook to initialize ngram everytime we run the harness
 #[cfg(feature = "sancov_ngram4")]
@@ -40,7 +59,7 @@ pub struct NgramHook {}
 #[derive(Default, Debug, Clone, Copy)]
 pub struct CtxHook {}
 
-#[cfg(feature = "sancov_ngram4")]
+#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
 #[rustversion::nightly]
 impl ExecutorHook for NgramHook {
     fn init<E: HasObservers, S>(&mut self, _state: &mut S) {}
@@ -51,8 +70,14 @@ impl ExecutorHook for NgramHook {
         _mgr: &mut EM,
         _input: &I,
     ) {
+        #[cfg(feature = "sancov_ngram4")]
         unsafe {
-            PREV_ARRAY = Ngram4::from_array([0, 0, 0, 0]);
+            PREV_ARRAY_4 = Ngram4::from_array([0, 0, 0, 0]);
+        }
+
+        #[cfg(feature = "sancov_ngram8")]
+        unsafe {
+            PREV_ARRAY_8 = Ngram8::from_array([0, 0, 0, 0, 0, 0, 0, 0])
         }
     }
     fn post_exec<EM, I, S, Z>(
@@ -90,21 +115,31 @@ impl ExecutorHook for CtxHook {
 }
 
 #[rustversion::nightly]
-#[cfg(feature = "sancov_ngram4")]
-unsafe fn update_ngram(mut pos: usize) -> usize {
+#[allow(unused)]
+#[inline]
+#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
+unsafe fn update_ngram(pos: usize) -> usize {
+    let mut reduced = pos;
     #[cfg(feature = "sancov_ngram4")]
     {
-        PREV_ARRAY = PREV_ARRAY.rotate_elements_right::<1>();
-        PREV_ARRAY.as_mut_array()[0] = pos as u32;
-        let reduced = PREV_ARRAY.reduce_xor() as usize;
-        pos ^= reduced;
-        pos %= EDGES_MAP_SIZE;
+        PREV_ARRAY_4 = PREV_ARRAY_4.rotate_elements_right::<1>();
+        PREV_ARRAY_4.shl_assign(SHR_4);
+        PREV_ARRAY_4.as_mut_array()[0] = pos as u32;
+        reduced = PREV_ARRAY_4.reduce_xor() as usize;
     }
-    pos
+    #[cfg(feature = "sancov_ngram8")]
+    {
+        PREV_ARRAY_8 = PREV_ARRAY_8.rotate_elements_right::<1>();
+        PREV_ARRAY_8.shl_assign(SHR_8);
+        PREV_ARRAY_8.as_mut_array()[0] = pos as u32;
+        reduced = PREV_ARRAY_8.reduce_xor() as usize;
+    }
+    reduced %= EDGES_MAP_SIZE;
+    reduced
 }
 
 #[rustversion::not(nightly)]
-#[cfg(feature = "sancov_ngram4")]
+#[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
 unsafe fn update_ngram(pos: usize) -> usize {
     pos
 }
@@ -124,7 +159,7 @@ extern "C" {
 pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) {
     let mut pos = *guard as usize;
 
-    #[cfg(feature = "sancov_ngram4")]
+    #[cfg(any(feature = "sancov_ngram4", feature = "sancov_ngram8"))]
     {
         pos = update_ngram(pos);
         // println!("Wrinting to {} {}", pos, EDGES_MAP_SIZE);