Skip to content

Commit 1db3b81

Browse files
vanhauser-thcvanhauser-thc
committed
dump cc
1 parent 0a16ea7 commit 1db3b81

File tree

5 files changed

+64
-13
lines changed

5 files changed

+64
-13
lines changed

TODO.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
- afl-showmap -f support
1212
- afl-fuzz multicore wrapper script
1313
- when trimming then perform crash detection
14+
- cyclomatic complexity: 2 + calls + edges - blocks
1415

1516

1617
## Should

include/envs.h

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -21,18 +21,18 @@ static char *afl_environment_variables[] = {
2121
"AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CC_COMPILER",
2222
"AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY", "AFL_CMPLOG_ONLY_NEW",
2323
"AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME",
24-
"AFL_CMPLOG_MAX_LEN", "AFL_COMPCOV_LEVEL", "AFL_CRASH_EXITCODE",
25-
"AFL_CRASHING_SEEDS_AS_NEW_CRASH", "AFL_CUSTOM_MUTATOR_LIBRARY",
26-
"AFL_CUSTOM_MUTATOR_ONLY", "AFL_CUSTOM_INFO_PROGRAM",
27-
"AFL_CUSTOM_INFO_PROGRAM_ARGV", "AFL_CUSTOM_INFO_PROGRAM_INPUT",
28-
"AFL_CUSTOM_INFO_OUT", "AFL_CXX", "AFL_CYCLE_SCHEDULES", "AFL_DEBUG",
29-
"AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", "AFL_DEBUG_UNICORN",
30-
"AFL_DISABLE_REDUNDANT", "AFL_NO_REDUNDANT", "AFL_DISABLE_TRIM",
31-
"AFL_NO_TRIM", "AFL_DISABLE_LLVM_INSTRUMENTATION", "AFL_DONT_OPTIMIZE",
32-
"AFL_DRIVER_STDERR_DUPLICATE_FILENAME", "AFL_DUMB_FORKSRV",
33-
"AFL_EARLY_FORKSERVER", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE",
34-
"AFL_EXIT_ON_TIME", "AFL_EXIT_ON_SEED_ISSUES", "AFL_FAST_CAL",
35-
"AFL_FINAL_SYNC", "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS",
24+
"AFL_DUMP_CYCLOMATIC_COMPLEXITY", "AFL_CMPLOG_MAX_LEN", "AFL_COMPCOV_LEVEL",
25+
"AFL_CRASH_EXITCODE", "AFL_CRASHING_SEEDS_AS_NEW_CRASH",
26+
"AFL_CUSTOM_MUTATOR_LIBRARY", "AFL_CUSTOM_MUTATOR_ONLY",
27+
"AFL_CUSTOM_INFO_PROGRAM", "AFL_CUSTOM_INFO_PROGRAM_ARGV",
28+
"AFL_CUSTOM_INFO_PROGRAM_INPUT", "AFL_CUSTOM_INFO_OUT", "AFL_CXX",
29+
"AFL_CYCLE_SCHEDULES", "AFL_DEBUG", "AFL_DEBUG_CHILD", "AFL_DEBUG_GDB",
30+
"AFL_DEBUG_UNICORN", "AFL_DISABLE_REDUNDANT", "AFL_NO_REDUNDANT",
31+
"AFL_DISABLE_TRIM", "AFL_NO_TRIM", "AFL_DISABLE_LLVM_INSTRUMENTATION",
32+
"AFL_DONT_OPTIMIZE", "AFL_DRIVER_STDERR_DUPLICATE_FILENAME",
33+
"AFL_DUMB_FORKSRV", "AFL_EARLY_FORKSERVER", "AFL_ENTRYPOINT",
34+
"AFL_EXIT_WHEN_DONE", "AFL_EXIT_ON_TIME", "AFL_EXIT_ON_SEED_ISSUES",
35+
"AFL_FAST_CAL", "AFL_FINAL_SYNC", "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS",
3636
"AFL_FRIDA_DRIVER_NO_HOOK", "AFL_FRIDA_EXCLUDE_RANGES",
3737
"AFL_FRIDA_INST_CACHE_SIZE", "AFL_FRIDA_INST_COVERAGE_ABSOLUTE",
3838
"AFL_FRIDA_INST_COVERAGE_FILE", "AFL_FRIDA_INST_DEBUG_FILE",

instrumentation/SanitizerCoveragePCGUARD.so.cc

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -195,7 +195,7 @@ class ModuleSanitizerCoverageAFL
195195

196196
SanitizerCoverageOptions Options;
197197

198-
uint32_t instr = 0, selects = 0, unhandled = 0;
198+
uint32_t instr = 0, selects = 0, unhandled = 0, dump_cc = 0;
199199
GlobalVariable *AFLMapPtr = NULL;
200200
ConstantInt *One = NULL;
201201
ConstantInt *Zero = NULL;
@@ -330,6 +330,8 @@ bool ModuleSanitizerCoverageAFL::instrumentModule(
330330

331331
if (getenv("AFL_DEBUG")) { debug = 1; }
332332

333+
if (getenv("AFL_DUMP_CYCLOMATIC_COMPLEXITY")) { dump_cc = 1; }
334+
333335
if ((isatty(2) && !getenv("AFL_QUIET")) || debug) {
334336

335337
SAYF(cCYA "SanitizerCoveragePCGUARD" VERSION cRST "\n");
@@ -638,6 +640,8 @@ void ModuleSanitizerCoverageAFL::instrumentFunction(
638640
// InjectTraceForCmp(F, CmpTraceTargets);
639641
// InjectTraceForSwitch(F, SwitchTraceTargets);
640642

643+
if (dump_cc) { calcCyclomaticComplexity(&F); }
644+
641645
}
642646

643647
GlobalVariable *ModuleSanitizerCoverageAFL::CreateFunctionLocalArrayInSection(

instrumentation/afl-llvm-common.cc

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,51 @@ static std::list<std::string> allowListFunctions;
2626
static std::list<std::string> denyListFiles;
2727
static std::list<std::string> denyListFunctions;
2828

29+
unsigned int calcCyclomaticComplexity(llvm::Function *F) {
30+
31+
unsigned int numBlocks = 0;
32+
unsigned int numEdges = 0;
33+
unsigned int numCalls = 0;
34+
35+
// Iterate through each basic block in the function
36+
for (BasicBlock &BB : *F) {
37+
38+
// count all nodes == basic blocks
39+
numBlocks++;
40+
// Count the number of successors (outgoing edges)
41+
for (BasicBlock *Succ : successors(&BB)) {
42+
43+
// count edges for CC
44+
numEdges++;
45+
(void)(Succ);
46+
47+
}
48+
49+
for (Instruction &I : BB) {
50+
51+
// every call is also an edge, so we need to count the calls too
52+
if (isa<CallInst>(&I) || isa<InvokeInst>(&I)) { numCalls++; }
53+
54+
}
55+
56+
}
57+
58+
// Cyclomatic Complexity V(G) = E - N + 2P
59+
// For a single function, P (number of connected components) is 1
60+
// Calls are considered to be an edge
61+
unsigned int CC = 2 + numCalls + numEdges - numBlocks;
62+
63+
// if (debug) {
64+
65+
fprintf(stderr, "CyclomaticComplexity for %s: %u\n",
66+
F->getName().str().c_str(), CC);
67+
68+
//}
69+
70+
return CC;
71+
72+
}
73+
2974
char *getBBName(const llvm::BasicBlock *BB) {
3075

3176
static char *name;

instrumentation/afl-llvm-common.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ void initInstrumentList();
5555
bool isInInstrumentList(llvm::Function *F, std::string Filename);
5656
unsigned long long int calculateCollisions(uint32_t edges);
5757
void scanForDangerousFunctions(llvm::Module *M);
58+
unsigned int calcCyclomaticComplexity(llvm::Function *F);
5859

5960
#ifndef IS_EXTERN
6061
#define IS_EXTERN

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy