Initial version

diff --git a/CMakeLists.txt b/CMakeLists.txt
new file mode 100644 (file)
index 0000000..dec7d75
--- /dev/null
+++ b/CMakeLists.txt
@@ -0,0 +1,94 @@
+# based on dynamorio sample client cmakelists.txt
+# original disclaimer below
+
+# **********************************************************
+# Copyright (c) 2010-2014 Google, Inc.    All rights reserved.
+# Copyright (c) 2009-2010 VMware, Inc.    All rights reserved.
+# **********************************************************
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# * Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright notice,
+#   this list of conditions and the following disclaimer in the documentation
+#   and/or other materials provided with the distribution.
+#
+# * Neither the name of VMware, Inc. nor the names of its contributors may be
+#   used to endorse or promote products derived from this software without
+#   specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+# DAMAGE.
+
+cmake_minimum_required(VERSION 2.6)
+
+# We do not need libc, and we avoid a 10x size increase in both our
+# dll and pdb (plus we avoid stressing private library isolation) by
+# not using it (i#714).
+set(DynamoRIO_USE_LIBC ON)
+
+add_library(drafl SHARED drafl.c)
+configure_DynamoRIO_client(drafl)
+use_DynamoRIO_extension(drafl drmgr)
+use_DynamoRIO_extension(drafl drwrap)
+use_DynamoRIO_extension(drafl drx)
+# We keep our shared libs in the lib dir, not the bin dir:
+place_shared_lib_in_lib_dir(drafl)
+
+# ensure we rebuild if includes change
+add_dependencies(drafl api_headers)
+
+# Provide a hint for how to use the client
+if (NOT DynamoRIO_INTERNAL OR NOT "${CMAKE_GENERATOR}" MATCHES "Ninja")
+  add_custom_command(TARGET drafl
+    POST_BUILD
+    COMMAND ${CMAKE_COMMAND}
+    ARGS -E echo "Usage: pass to drconfig or drrun: -t drafl"
+    VERBATIM)
+endif ()
+
+if (WIN32 AND GENERATE_PDBS)
+  # XXX: this is in a lot of these files: can we address this once top-level?
+  append_property_string(TARGET drafl LINK_FLAGS "/debug")
+endif (WIN32 AND GENERATE_PDBS)
+
+install_target(drafl ${INSTALL_CLIENTS_LIB})
+
+set(INSTALL_DRLTRACE_CONFIG ${INSTALL_CLIENTS_BASE})
+
+if (X64)
+  set(CONFIG ${PROJECT_BINARY_DIR}/drafl.drrun64)
+else (X64)
+  set(CONFIG ${PROJECT_BINARY_DIR}/drafl.drrun32)
+endif (X64)
+
+if (UNIX)
+  set(LIB_EXT ".so")
+  set(LIB_PFX "lib")
+else (UNIX)
+  set(LIB_EXT ".dll")
+  set(LIB_PFX "")
+endif (UNIX)
+
+file(WRITE  ${CONFIG} "# drafl tool config file\n")
+file(APPEND ${CONFIG} "# DynamoRIO options: may as well optimize the bb lock\n")
+file(APPEND ${CONFIG} "DR_OP=-nop_initial_bblock\n")
+file(APPEND ${CONFIG} "# client tool path\n")
+file(APPEND ${CONFIG} "CLIENT_REL=${INSTALL_CLIENTS_LIB}/${LIB_PFX}drafl${LIB_EXT}\n")
+file(APPEND ${CONFIG} "# client tool options\n")
+file(APPEND ${CONFIG} "TOOL_OP=\n")
+
+DR_install(FILES "${CONFIG}" DESTINATION ${INSTALL_DRLTRACE_CONFIG})
+register_tool_file("drafl")

diff --git a/drafl.c b/drafl.c
new file mode 100644 (file)
index 0000000..0146cdd
--- /dev/null
+++ b/drafl.c
@@ -0,0 +1,199 @@
+/* ***************************************************************************
+ * Copyright (c) 2013-2014 Google, Inc.  All rights reserved.
+ * ***************************************************************************/
+
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright notice,
+ *   this list of conditions and the following disclaimer.
+ *
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ *
+ * * Neither the name of Google, Inc. nor the names of its contributors may be
+ *   used to endorse or promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL GOOGLE, INC. OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ */
+
+#include "dr_api.h"
+#include "drmgr.h"
+#include "drwrap.h"
+#include "drx.h"
+#include "../common/utils.h"
+#include <string.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/shm.h>
+#include <unistd.h>
+
+#include "afl-0.40b/config.h"
+
+typedef unsigned char u8;
+typedef unsigned int  u32;
+
+static u8 *afl_area_ptr = 0;
+static u32 afl_prev_loc = 0;
+static u32 afl_setup_failure = 0;
+static u32 afl_temp = 0;
+static u32 afl_fork_pid = 0;
+
+static void
+event_exit(void)
+{
+    if (outf != STDERR)
+        dr_close_file(outf);
+    drx_exit();
+    drwrap_exit();
+    drmgr_exit();
+}
+
+static dr_emit_flags_t
+event_basic_block(void *drcontext, void *tag, instrlist_t *bb,
+                  bool for_trace, bool translating)
+{
+    return DR_EMIT_DEFAULT;
+}
+
+static void afl_die()
+{
+    exit(0);
+}
+
+static void afl_store(u32 loc)
+{
+    /*
+    xorl __afl_prev_loc, %ecx                                    ecx = loc ^ afl_prev_loc
+    xorl %ecx, __afl_prev_loc                                    afl_prev_loc = afl_prev_loc ^ (loc ^ afl_prev_loc) == loc
+    xorl $" STRINGIFY(MAP_SIZE-1) ", __afl_prev_loc              afl_prev_loc = afl_prev_loc ^ (MAP_SIZE - 1)
+    */
+
+    u32 index = loc;
+#ifndef COVERAGE_ONLY
+    index = afl_prev_loc ^ loc;
+    afl_prev_loc = loc ^ (MAP_SIZE - 1);
+#endif
+
+    u8 *ptr = afl_area_ptr + index;
+#ifdef COVERAGE_ONLY
+    (*index) |= 1;
+#else
+    ++(*index);
+#endif
+}
+
+
+static void
+afl_maybe_log(u32 loc)
+{
+    if (afl_area_ptr == 0)
+        afl_setup();
+
+    afl_store(loc);
+}
+
+static void afl_setup()
+{
+    char *s = getenv(SHM_ENV_VAR);
+    if (!s)
+    {
+        afl_setup_failure = 1;
+        return;
+    }
+
+    int shm_id = atoi(s);
+    void *result = shmat(shm_id, 0, 0);
+
+    if (result == (void *)-1)
+    {
+        afl_setup_failure = 1;
+        return;
+    }
+
+    afl_area_ptr = result;
+
+    afl_forkserver();
+}
+
+
+static void afl_forkserver()
+{
+    write(FORKSRV_FD+1, &afl_temp, 4);
+    while (1)
+    {
+        int n = read(FORKSRV_FD, &afl_temp, 4);
+        if (n != 4)
+            afl_die();
+
+        afl_fork_pid = fork();
+        if (afl_fork_pid 0)
+            afl_die();
+
+        if (afl_fork_pid != 0) // parent
+        {
+            write(FORKSRV_FD+1, &afl_fork_pid, 4);
+            int err = waitpid(afl_fork_pid, &afl_temp, WUNTRACED);
+            if (err <= 0)
+                afl_die();
+
+            write(FORKSRV_FD+1, &afl_temp, 4);
+            // will loop indefinitely
+        }
+        else  // child
+        {
+            close(FORKSRV_FD);
+            close(FORKSRV_FD+1);
+            break;
+            // will return to afl_setup -> afl_maybe_log and store the current location
+        }
+    }
+}
+
+
+DR_EXPORT void
+dr_init(client_id_t id)
+{
+    module_data_t *exe;
+    IF_DEBUG(bool ok;)
+
+    dr_set_client_name("DrAFL", "https://code.google.com/p/american-fuzzy-lop/");
+
+
+    IF_DEBUG(ok = )
+        drmgr_init();
+    ASSERT(ok, "drmgr failed to initialize");
+    IF_DEBUG(ok = )
+        drwrap_init();
+    ASSERT(ok, "drwrap failed to initialize");
+    IF_DEBUG(ok = )
+        drx_init();
+    ASSERT(ok, "drx failed to initialize");
+
+
+    dr_register_exit_event(event_exit);
+#ifdef UNIX
+    dr_register_fork_init_event(event_fork);
+#endif
+    drmgr_register_module_load_event(event_module_load);
+    drmgr_register_module_unload_event(event_module_unload);
+
+#ifdef WINDOWS
+    dr_enable_console_printing();
+#endif
+
+    open_log_file();
+}