Use FNV32A for code location hashing.

Author: jwilk

.travis.yml

@@ -20,8 +20,8 @@ install:
 script:
 - python setup.py install
 - export PATH="$PWD/deps/bin:$PATH"
-- echo 0 | py-afl-showmap -q -o out0 python test.py
-- echo 1 | py-afl-showmap -q -o out1 python test.py
+- echo 0 | afl-showmap -q -o out0 python test.py
+- echo 1 | afl-showmap -q -o out1 python test.py
 - '! diff -u out0 out1'
 - find -name "*.rst" | xargs -L1 -t -I{} rst2xml.py --strict {} /dev/null
 

afl.pyx

@@ -19,6 +19,7 @@
 # SOFTWARE.
 
 #cython: autotestdict=False
+#cython: c_string_encoding=default
 
 '''
 American fuzzy lop fork server and instrumentation for pure-Python code
@@ -38,17 +39,38 @@ DEF MAP_SIZE = 1 << MAP_SIZE_POW2
 
 from cpython.exc cimport PyErr_SetFromErrno
 from libc cimport errno
+from libc.string cimport strlen
+from libc.stdint cimport uint32_t
+from libc.stddef cimport size_t
 
 cdef extern from 'sys/shm.h':
     unsigned char *shmat(int shmid, void *shmaddr, int shmflg)
 
 cdef unsigned char *afl_area = NULL
 cdef unsigned long prev_location = 0
 
+DEF FNV32_INIT = 0x811C9DC5U
+DEF FNV32_PRIME = 0x01000193U
+
+cdef inline uint32_t fnv32a(const char *key, size_t len, size_t offset):
+    # 32-bit Fowler–Noll–Vo hash function
+    cdef uint32_t h = FNV32_INIT
+    while len > 0:
+        h ^= <unsigned char> key[0];
+        h *= FNV32_PRIME
+        len -= 1
+        key += 1
+    while offset > 0:
+        h ^= <unsigned char> offset;
+        h *= FNV32_PRIME
+        offset >>= 8
+    return h
+
 def trace(frame, event, arg):
     global prev_location
     cdef unsigned long location, offset
-    location = hash((frame.f_code.co_filename, frame.f_lineno))
+    cdef const char * filename = frame.f_code.co_filename
+    location = fnv32a(filename, strlen(filename), frame.f_lineno)
     location %= MAP_SIZE
     offset = location ^ prev_location
     prev_location = location // 2

doc/changelog

@@ -1,13 +1,15 @@
 python-afl (0.3) UNRELEASED; urgency=low
 
   * Implement persistent mode.
-  * Don't verify the value of PYTHONHASHSEED.
-    Having it set is not strictly necessary, although the py-afl-* tools still
-    set it to 0.
-  * Remove the AflError class. It was only used for PYTHONHASHSEED check.
+  * Don't rely on the Python hash() function for computing code location
+    identifiers.
+  * Don't set PYTHONHASHSEED in py-afl-fuzz.
+  * Remove the py-afl-showmap command.
+    afl-showmap proper can be now used for Python code.
+  * Remove the AflError class. It was only used for checking PYTHONHASHSEED.
   * Run Cython only in those setup.py commands that actually build extensions.
 
- -- Jakub Wilk <jwilk@jwilk.net>  Sat, 29 Aug 2015 23:41:49 +0200
+ -- Jakub Wilk <jwilk@jwilk.net>  Sun, 30 Aug 2015 18:48:52 +0200
 
 python-afl (0.2.1) unstable; urgency=low
 

py-afl-fuzz

@@ -1,5 +1,4 @@
 #!/bin/sh
-export PYTHONHASHSEED=0
 export AFL_SKIP_CHECKS=1 # AFL << 1.20b
 export AFL_SKIP_BIN_CHECK=1 # AFL >= 1.20b
 export AFL_DUMB_FORKSRV=1

py-afl-showmap

@@ -72,7 +72,7 @@ def __iter__(self):
     author='Jakub Wilk',
     author_email='jwilk@jwilk.net',
     ext_modules=lazylist(cython_build.cythonize('afl.pyx')),
-    scripts=['py-afl-fuzz', 'py-afl-showmap'],
+    scripts=['py-afl-fuzz'],
 )
 
 # vim:ts=4 sts=4 sw=4 et