diff --git a/afl_transforms/tools/zax/zax_base.cpp b/afl_transforms/tools/zax/zax_base.cpp
index 0885eb1217989462904782f1b10db5faea476567..68b6e5a8e13ddb8177fcfb937e5daf248d659bcb 100644
--- a/afl_transforms/tools/zax/zax_base.cpp
+++ b/afl_transforms/tools/zax/zax_base.cpp
@@ -676,26 +676,55 @@ void ZaxBase_t::filterBlocksByDomgraph(BasicBlockSet_t& p_in_out, const Dominat
{
if(!m_domgraph_optimize)
return;
+
+ if(m_verbose)
+ {
+ cout<<"And the Dominator graph is:" <<endl;
+ cout<<*dg<<endl;
+ }
+
auto copy=p_in_out;
for(auto block : copy)
{
- auto &successors = block->getSuccessors();
+ const auto &dominates = dg->getDominated(block);
- const auto is_leaf_block = successors.size() == 0;
+ const auto is_dg_leaf = dominates.size()==1; // leaf in the dom tree -- we dominate ourselves.
+ // this is leaf of cfg: successors.size() == 0;
- const auto is_non_dominated=
+ const auto is_dominated=
[&](const BasicBlock_t* successor) -> bool
{
const auto &dominators = dg->getDominators(successor);
return dominators.find(block) != end(dominators);
};
+ const auto is_non_dominated= [&](const BasicBlock_t* successor) -> bool
+ {
+ return !is_dominated(successor);
+ };
+
+ auto &successors = block->getSuccessors();
auto non_dominator_successor_it = find_if(ALLOF(successors), is_non_dominated);
const auto has_non_dominator_successor = non_dominator_successor_it != end(successors);
- const auto keep = (is_leaf_block || has_non_dominator_successor);
+ const auto keep = (is_dg_leaf || has_non_dominator_successor);
if(!keep)
{
p_in_out.erase(block);
m_num_domgraph_blocks_elided++;
+ if(m_verbose)
+ {
+ cout<<"Eliding instrumentation in block id = " << dec << block->getInstructions()[0]->getBaseID() << endl;
+ cout<<"is_dg_leaf = " << boolalpha << is_dg_leaf << endl;
+ cout<<"has_non_dom_successor = " << boolalpha << has_non_dominator_successor << endl;
+ }
+ }
+ else
+ {
+ if(m_verbose)
+ {
+ cout<<"Instrumenting block id = " << dec << block->getInstructions()[0]->getBaseID() << endl;
+ cout<<"is_dg_leaf = " << boolalpha << is_dg_leaf << endl;
+ cout<<"has_non_dom_successor = " << boolalpha << has_non_dominator_successor << endl;
+ }
}
}
}
@@ -824,11 +853,19 @@ int ZaxBase_t::execute()
if (m_verbose)
cout << "num blocks to keep (baseline): " << keepers.size() << endl;
- if(!has_domgraph_warnings)
- filterBlocksByDomgraph(keepers,dom_graphp.get());
+ if(has_domgraph_warnings)
+ {
+ if(m_verbose)
+ {
+ cout << " Domgraph has warnings, eliding domgraph filter" << endl;
+ cout << " And the domgraph is: " << endl;
+ cout << *dom_graphp << endl;
+ }
+ }
+ filterBlocksByDomgraph(keepers,dom_graphp.get());
if (m_verbose)
- cout << "num blocks to keep (after filter dom): " << keepers.size() << endl;
+ cout << "num blocks to keep (after filter dom): " << keepers.size() << " / " << cfgp->getBlocks().size() << endl;
if (m_graph_optimize)
{
diff --git a/bin/zafl.sh b/bin/zafl.sh
index aa7961930094110904964708d743ae46acf998c6..8a88bdc1d784bffae536b342525cde135ca9f4bd 100755
--- a/bin/zafl.sh
+++ b/bin/zafl.sh
@@ -25,7 +25,7 @@ usage()
echo " -G, --no-graph-optimization Do not use control flow graph optimizations (default)"
echo " -d, --domgraph-optimization Use Dominator graph optimizations"
echo " -D, --no-domgraph-optimization Do not use Dominator graph optimizations (default)"
- echo " -t, --tempdir Specify location of analysis directory"
+ echo " -t, --tempdir <dir> Specify location of analysis results directory"
echo " -e, --entry Specify fork server entry point"
echo " -E, --exit Specify fork server exit point(s)"
echo " -u, --untracer Specify untracer instrumentation"
@@ -36,6 +36,7 @@ usage()
echo " -M, --disable-fixed-map Disable fixed address tracing map (default)"
echo " -i, --enable-floating-instrumentation Select best instrumentation point within basic block (default)"
echo " -I, --disable-floating-instrumentation Use first instruction for instrumentation in basic blocks"
+ echo " -v Verbose mode"
echo
}