diff options
| author | van Hauser <vh@thc.org> | 2021-12-14 22:10:19 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-14 22:10:19 +0100 |
| commit | 02fba1cc7e8709c8e0961454136a64f373e4f9ff (patch) | |
| tree | 4268feaff62895b2a2ef2b793c36534f5771bda5 | |
| parent | 22e2362f0fd5685548696f487639104a0059e3eb (diff) | |
| parent | 2564eb6f8c8ed49b0ec30e1e297ad93067e8f1f2 (diff) | |
| download | afl++-02fba1cc7e8709c8e0961454136a64f373e4f9ff.tar.gz | |
Merge pull request #1215 from AFLplusplus/dev
Push to stable
| -rwxr-xr-x | afl-whatsup | 36 | ||||
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | instrumentation/SanitizerCoverageLTO.so.cc | 8 | ||||
| -rw-r--r-- | instrumentation/SanitizerCoveragePCGUARD.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-common.cc | 10 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-common.h | 10 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-dict2file.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-lto-instrumentlist.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-pass.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/cmplog-instructions-pass.cc | 2 | ||||
| -rw-r--r-- | instrumentation/cmplog-routines-pass.cc | 2 | ||||
| -rw-r--r-- | instrumentation/cmplog-switches-pass.cc | 2 | ||||
| -rw-r--r-- | instrumentation/compare-transform-pass.so.cc | 2 | ||||
| -rw-r--r-- | instrumentation/split-compares-pass.so.cc | 6 | ||||
| -rw-r--r-- | instrumentation/split-switches-pass.so.cc | 2 |
15 files changed, 52 insertions, 38 deletions
diff --git a/afl-whatsup b/afl-whatsup index 10a52f83..c9abbe91 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -91,9 +91,9 @@ TOTAL_CRASHES=0 TOTAL_PFAV=0 TOTAL_PENDING=0 -# Time since last path / crash / hang, formatted as string +# Time since last find / crash / hang, formatted as string FMT_TIME="0 days 0 hours" -FMT_PATH="${RED}none seen yet${NC}" +FMT_FIND="${RED}none seen yet${NC}" FMT_CRASH="none seen yet" FMT_HANG="none seen yet" @@ -135,7 +135,7 @@ fmt_duration() FIRST=true TOTAL_WCOP= -TOTAL_LAST_PATH=0 +TOTAL_LAST_FIND=0 for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do @@ -169,7 +169,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do fi DEAD_CNT=$((DEAD_CNT + 1)) - last_path=0 + last_find=0 if [ "$PROCESS_DEAD" = "" ]; then @@ -183,17 +183,17 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do EXEC_SEC=0 test -z "$RUN_UNIX" -o "$RUN_UNIX" = 0 || EXEC_SEC=$((execs_done / RUN_UNIX)) - PATH_PERC=$((cur_path * 100 / paths_total)) + PATH_PERC=$((cur_item * 100 / corpus_count)) TOTAL_TIME=$((TOTAL_TIME + RUN_UNIX)) TOTAL_EPS=$((TOTAL_EPS + EXEC_SEC)) TOTAL_EXECS=$((TOTAL_EXECS + execs_done)) - TOTAL_CRASHES=$((TOTAL_CRASHES + unique_crashes)) + TOTAL_CRASHES=$((TOTAL_CRASHES + saved_crashes)) TOTAL_PENDING=$((TOTAL_PENDING + pending_total)) TOTAL_PFAV=$((TOTAL_PFAV + pending_favs)) - if [ "$last_path" -gt "$TOTAL_LAST_PATH" ]; then - TOTAL_LAST_PATH=$last_path + if [ "$last_find" -gt "$TOTAL_LAST_FIND" ]; then + TOTAL_LAST_FIND=$last_find fi if [ "$SUMMARY_ONLY" = "" ]; then @@ -210,7 +210,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do echo " ${RED}slow execution, $EXEC_SEC execs/sec${NC}" fi - fmt_duration $last_path && FMT_PATH=$DUR_STRING + fmt_duration $last_find && FMT_FIND=$DUR_STRING fmt_duration $last_crash && FMT_CRASH=$DUR_STRING fmt_duration $last_hang && FMT_HANG=$DUR_STRING FMT_CWOP="not available" @@ -220,7 +220,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do test "$cycles_wo_finds" -gt 50 && FMT_CWOP="${RED}$cycles_wo_finds${NC}" } - echo " last_path : $FMT_PATH" + echo " last_find : $FMT_FIND" echo " last_crash : $FMT_CRASH" echo " last_hang : $FMT_HANG" echo " cycles_wo_finds : $FMT_CWOP" @@ -229,12 +229,12 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do MEM_USAGE=$(ps aux | grep $fuzzer_pid | grep -v grep | awk '{print $4}') echo " cpu usage $CPU_USAGE%, memory usage $MEM_USAGE%" - echo " cycle $((cycles_done + 1)), lifetime speed $EXEC_SEC execs/sec, path $cur_path/$paths_total (${PATH_PERC}%)" + echo " cycles $((cycles_done + 1)), lifetime speed $EXEC_SEC execs/sec, items $cur_item/$corpus_count (${PATH_PERC}%)" - if [ "$unique_crashes" = "0" ]; then + if [ "$saved_crashes" = "0" ]; then echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, no crashes yet" else - echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, crash count $unique_crashes (!)" + echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, crashes saved $saved_crashes (!)" fi echo @@ -243,7 +243,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do done -# Formatting for total time, time since last path, crash, and hang +# Formatting for total time, time since last find, crash, and hang fmt_duration $((CUR_TIME - TOTAL_TIME)) && FMT_TIME=$DUR_STRING # Formatting for total execution FMT_EXECS="0 millions" @@ -263,7 +263,7 @@ TOTAL_DAYS=$((TOTAL_TIME / 60 / 60 / 24)) TOTAL_HRS=$(((TOTAL_TIME / 60 / 60) % 24)) test -z "$TOTAL_WCOP" && TOTAL_WCOP="not available" -fmt_duration $TOTAL_LAST_PATH && TOTAL_LAST_PATH=$DUR_STRING +fmt_duration $TOTAL_LAST_FIND && TOTAL_LAST_FIND=$DUR_STRING test "$TOTAL_TIME" = "0" && TOTAL_TIME=1 @@ -293,15 +293,15 @@ echo " Cumulative speed : $TOTAL_EPS execs/sec" if [ "$ALIVE_CNT" -gt "0" ]; then echo " Average speed : $((TOTAL_EPS / ALIVE_CNT)) execs/sec" fi -echo " Pending paths : $TOTAL_PFAV faves, $TOTAL_PENDING total" +echo " Pending items : $TOTAL_PFAV faves, $TOTAL_PENDING total" if [ "$ALIVE_CNT" -gt "1" ]; then echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)" fi -echo " Crashes found : $TOTAL_CRASHES locally unique" +echo " Crashes saved : $TOTAL_CRASHES" echo "Cycles without finds : $TOTAL_WCOP" -echo " Time without finds : $TOTAL_LAST_PATH" +echo " Time without finds : $TOTAL_LAST_FIND" echo exit 0 diff --git a/docs/Changelog.md b/docs/Changelog.md index 00502efe..0253222b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -51,6 +51,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - new cmplog mode (incompatible with older afl++ versions) - support llvm IR select instrumentation for default PCGUARD and LTO - fix for shared linking on MacOS + - better selective instrumentation AFL_LLVM_{ALLOW|DENY}LIST + on filename matching (requires llvm 11 or newer) - fixed a potential crash in targets for LAF string handling - added AFL_USE_TSAN thread sanitizer support - llvm and LTO mode modified to work with new llvm 14-dev (again. again.) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index aa1826cd..597a24b1 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -386,10 +386,10 @@ bool ModuleSanitizerCoverage::instrumentModule( if (Options.CoverageType == SanitizerCoverageOptions::SCK_None) return false; /* if (Allowlist && - !Allowlist->inSection("coverage", "src", M.getSourceFileName())) + !Allowlist->inSection("coverage", "src", MNAME)) return false; if (Blocklist && - Blocklist->inSection("coverage", "src", M.getSourceFileName())) + Blocklist->inSection("coverage", "src", MNAME)) return false; */ BlockList.clear(); @@ -518,7 +518,7 @@ bool ModuleSanitizerCoverage::instrumentModule( for (auto &F : M) { - if (!isInInstrumentList(&F) || !F.size()) { continue; } + if (!isInInstrumentList(&F, MNAME) || !F.size()) { continue; } for (auto &BB : F) { @@ -1263,7 +1263,7 @@ void ModuleSanitizerCoverage::instrumentFunction( // afl++ START if (!F.size()) return; - if (!isInInstrumentList(&F)) return; + if (!isInInstrumentList(&F, FMNAME)) return; // afl++ END if (Options.CoverageType >= SanitizerCoverageOptions::SCK_Edge) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 7b1d1d40..c422d858 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -660,7 +660,7 @@ void ModuleSanitizerCoverage::instrumentFunction( Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) { if (F.empty()) return; - if (!isInInstrumentList(&F)) return; + if (!isInInstrumentList(&F, FMNAME)) return; if (F.getName().find(".module_ctor") != std::string::npos) return; // Should not instrument sanitizer init functions. diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index e5e367a7..9483da83 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -401,7 +401,7 @@ static std::string getSourceName(llvm::Function *F) { } -bool isInInstrumentList(llvm::Function *F) { +bool isInInstrumentList(llvm::Function *F, std::string Filename) { bool return_default = true; @@ -448,6 +448,8 @@ bool isInInstrumentList(llvm::Function *F) { std::string source_file = getSourceName(F); + if (source_file.empty()) { source_file = Filename; } + if (!source_file.empty()) { for (std::list<std::string>::iterator it = denyListFiles.begin(); @@ -478,7 +480,7 @@ bool isInInstrumentList(llvm::Function *F) { if (!be_quiet) WARNF( "No debug information found for function %s, will be " - "instrumented (recompile with -g -O[1-3]).", + "instrumented (recompile with -g -O[1-3] and use a modern llvm).", F->getName().str().c_str()); } @@ -528,6 +530,8 @@ bool isInInstrumentList(llvm::Function *F) { std::string source_file = getSourceName(F); + if (source_file.empty()) { source_file = Filename; } + if (!source_file.empty()) { for (std::list<std::string>::iterator it = allowListFiles.begin(); @@ -563,7 +567,7 @@ bool isInInstrumentList(llvm::Function *F) { if (!be_quiet) WARNF( "No debug information found for function %s, will not be " - "instrumented (recompile with -g -O[1-3]).", + "instrumented (recompile with -g -O[1-3] and use a modern llvm).", F->getName().str().c_str()); return false; diff --git a/instrumentation/afl-llvm-common.h b/instrumentation/afl-llvm-common.h index a1561d9c..bd424e21 100644 --- a/instrumentation/afl-llvm-common.h +++ b/instrumentation/afl-llvm-common.h @@ -32,10 +32,18 @@ typedef long double max_align_t; #include "llvm/Support/CFG.h" #endif +#if LLVM_VERSION_MAJOR >= 11 + #define MNAME M.getSourceFileName() + #define FMNAME F.getParent()->getSourceFileName() +#else + #define MNAME std::string("") + #define FMNAME std::string("") +#endif + char * getBBName(const llvm::BasicBlock *BB); bool isIgnoreFunction(const llvm::Function *F); void initInstrumentList(); -bool isInInstrumentList(llvm::Function *F); +bool isInInstrumentList(llvm::Function *F, std::string Filename); unsigned long long int calculateCollisions(uint32_t edges); void scanForDangerousFunctions(llvm::Module *M); diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index bf07a154..5e7faba7 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -156,7 +156,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { for (auto &F : M) { if (isIgnoreFunction(&F)) continue; - if (!isInInstrumentList(&F) || !F.size()) { continue; } + if (!isInInstrumentList(&F, MNAME) || !F.size()) { continue; } /* Some implementation notes. * diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index 906af879..bac02977 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -102,7 +102,7 @@ bool AFLcheckIfInstrument::runOnModule(Module &M) { // fprintf(stderr, "F:%s\n", F.getName().str().c_str()); - if (isInInstrumentList(&F)) { + if (isInInstrumentList(&F, MNAME)) { if (debug) DEBUGF("function %s is in the instrument file list\n", diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 640aa4dd..be0bcbc8 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -438,7 +438,7 @@ bool AFLCoverage::runOnModule(Module &M) { fprintf(stderr, "FUNCTION: %s (%zu)\n", F.getName().str().c_str(), F.size()); - if (!isInInstrumentList(&F)) { continue; } + if (!isInInstrumentList(&F, MNAME)) { continue; } if (F.size() < function_minimum_size) { continue; } diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 054caee2..a521960b 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -236,7 +236,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 82c2fa4d..076d2779 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -255,7 +255,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index 4f6f2eca..8501d514 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -199,7 +199,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 2ced37c5..3f6a6763 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -130,7 +130,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, * strcmp/memcmp/strncmp/strcasecmp/strncasecmp */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 451258d9..0f00fa96 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -176,7 +176,7 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { * all integer comparisons with >= and <= predicates to the icomps vector */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { @@ -820,7 +820,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { * functions were executed only these four predicates should exist */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { @@ -1463,7 +1463,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { * compare instructions. Save them into the worklist for later. */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index c0fa7c9c..85a35c2a 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -309,7 +309,7 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { * all switches to switches vector for later processing */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F, MNAME)) continue; for (auto &BB : F) { |