diff options
| author | vanhauser-thc <vh@thc.org> | 2021-12-14 10:15:00 +0100 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-12-14 10:15:09 +0100 |
| commit | 75ac9c013c6c39eeb3c3e826fa2d368fa09975a4 (patch) | |
| tree | b464809ccf86b21e96013ae417ca2ce5d96c7c32 | |
| parent | c6bad07d75aa36671ebc32a722566cb145414b08 (diff) | |
| download | afl++-75ac9c013c6c39eeb3c3e826fa2d368fa09975a4.tar.gz | |
better instrumentlist filename detection
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | instrumentation/SanitizerCoverageLTO.so.cc | 8 | ||||
| -rw-r--r-- | instrumentation/SanitizerCoveragePCGUARD.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-common.cc | 10 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-common.h | 10 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-dict2file.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-lto-instrumentlist.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-pass.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/cmplog-instructions-pass.cc | 2 | ||||
| -rw-r--r-- | instrumentation/cmplog-routines-pass.cc | 2 | ||||
| -rw-r--r-- | instrumentation/cmplog-switches-pass.cc | 2 | ||||
| -rw-r--r-- | instrumentation/compare-transform-pass.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/split-compares-pass.so.cc | 6 | ||||
| -rw-r--r-- | instrumentation/split-switches-pass.so.cc | 2 |
14 files changed, 34 insertions, 20 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 00502efe..0253222b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -51,6 +51,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - new cmplog mode (incompatible with older afl++ versions) - support llvm IR select instrumentation for default PCGUARD and LTO - fix for shared linking on MacOS + - better selective instrumentation AFL_LLVM_{ALLOW|DENY}LIST + on filename matching (requires llvm 11 or newer) - fixed a potential crash in targets for LAF string handling - added AFL_USE_TSAN thread sanitizer support - llvm and LTO mode modified to work with new llvm 14-dev (again. again.) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index aa1826cd..597a24b1 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -386,10 +386,10 @@ bool ModuleSanitizerCoverage::instrumentModule( if (Options.CoverageType == SanitizerCoverageOptions::SCK_None) return false; /* if (Allowlist && - !Allowlist->inSection("coverage", "src", M.getSourceFileName())) + !Allowlist->inSection("coverage", "src", MNAME)) return false; if (Blocklist && - Blocklist->inSection("coverage", "src", M.getSourceFileName())) + Blocklist->inSection("coverage", "src", MNAME)) return false; */ BlockList.clear(); @@ -518,7 +518,7 @@ bool ModuleSanitizerCoverage::instrumentModule( for (auto &F : M) { - if (!isInInstrumentList(&F) || !F.size()) { continue; } + if (!isInInstrumentList(&F, MNAME) || !F.size()) { continue; } for (auto &BB : F) { @@ -1263,7 +1263,7 @@ void ModuleSanitizerCoverage::instrumentFunction( // afl++ START if (!F.size()) return; - if (!isInInstrumentList(&F)) return; + if (!isInInstrumentList(&F, FMNAME)) return; // afl++ END if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 7b1d1d40..c422d858 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -660,7 +660,7 @@ void ModuleSanitizerCoverage::instrumentFunction( Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) { if (F.empty()) return; - if (!isInInstrumentList(&F)) return; + if (!isInInstrumentList(&F, FMNAME)) return; if (F.getName().find(".module_ctor") != std::string::npos) return; // Should not instrument sanitizer init functions. diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index e5e367a7..9483da83 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -401,7 +401,7 @@ static std::string getSourceName(llvm::Function *F) { } -bool isInInstrumentList(llvm::Function *F) { +bool isInInstrumentList(llvm::Function *F, std::string Filename) { bool return_default = true; @@ -448,6 +448,8 @@ bool isInInstrumentList(llvm::Function *F) { std::string source_file = getSourceName(F); + if (source_file.empty()) { source_file = Filename; } + if (!source_file.empty()) { for (std::list<std::string>::iterator it = denyListFiles.begin(); @@ -478,7 +480,7 @@ bool isInInstrumentList(llvm::Function *F) { if (!be_quiet) WARNF( "No debug information found for function %s, will be " - "instrumented (recompile with -g -O[1-3]).", + "instrumented (recompile with -g -O[1-3] and use a modern llvm).", F->getName().str().c_str()); } @@ -528,6 +530,8 @@ bool isInInstrumentList(llvm::Function *F) { std::string source_file = getSourceName(F); + if (source_file.empty()) { source_file = Filename; } + if (!source_file.empty()) { for (std::list<std::string>::iterator it = allowListFiles.begin(); @@ -563,7 +567,7 @@ bool isInInstrumentList(llvm::Function *F) { if (!be_quiet) WARNF( "No debug information found for function %s, will not be " - "instrumented (recompile with -g -O[1-3]).", + "instrumented (recompile with -g -O[1-3] and use a modern llvm).", F->getName().str().c_str()); return false; diff --git a/instrumentation/afl-llvm-common.h b/instrumentation/afl-llvm-common.h index a1561d9c..bd424e21 100644 --- a/instrumentation/afl-llvm-common.h +++ b/instrumentation/afl-llvm-common.h @@ -32,10 +32,18 @@ typedef long double max_align_t; #include "llvm/Support/CFG.h" #endif +#if LLVM_VERSION_MAJOR >= 11 + #define MNAME M.getSourceFileName() + #define FMNAME F.getParent()->getSourceFileName() +#else + #define MNAME std::string("") + #define FMNAME std::string("") +#endif + char * getBBName(const llvm::BasicBlock *BB); bool isIgnoreFunction(const llvm::Function *F); void initInstrumentList(); -bool isInInstrumentList(llvm::Function *F); +bool isInInstrumentList(llvm::Function *F, std::string Filename); unsigned long long int calculateCollisions(uint32_t edges); void scanForDangerousFunctions(llvm::Module *M); diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index bf07a154..5e7faba7 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -156,7 +156,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { for (auto &F : M) { if (isIgnoreFunction(&F)) continue; - if (!isInInstrumentList(&F) || !F.size()) { continue; } + if (!isInInstrumentList(&F, MNAME) || !F.size()) { continue; } /* Some implementation notes. * diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index 906af879..bac02977 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -102,7 +102,7 @@ bool AFLcheckIfInstrument::runOnModule(Module &M) { // fprintf(stderr, "F:%s\n", F.getName().str().c_str()); - if (isInInstrumentList(&F)) { + if (isInInstrumentList(&F, MNAME)) { if (debug) DEBUGF("function %s is in the instrument file list\n", diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 640aa4dd..be0bcbc8 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -438,7 +438,7 @@ bool AFLCoverage::runOnModule(Module &M) { fprintf(stderr, "FUNCTION: %s (%zu)\n", F.getName().str().c_str(), F.size()); - if (!isInInstrumentList(&F)) { continue; } + if (!isInInstrumentList(&F, MNAME)) { continue; } if (F.size() < function_minimum_size) { continue; } diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 054caee2..a521960b 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -236,7 +236,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 82c2fa4d..076d2779 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -255,7 +255,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index 4f6f2eca..8501d514 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -199,7 +199,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 2ced37c5..3f6a6763 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -130,7 +130,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, * strcmp/memcmp/strncmp/strcasecmp/strncasecmp */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 451258d9..0f00fa96 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -176,7 +176,7 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { * all integer comparisons with >= and <= predicates to the icomps vector */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { @@ -820,7 +820,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { * functions were executed only these four predicates should exist */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { @@ -1463,7 +1463,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { * compare instructions. Save them into the worklist for later. */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index c0fa7c9c..85a35c2a 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -309,7 +309,7 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { * all switches to switches vector for later processing */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { |