diff options
| author | van Hauser <vh@thc.org> | 2020-08-11 01:31:44 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-08-11 01:31:44 +0200 |
| commit | 432638404f40594ae163b6e1b92fcfd51b59d59a (patch) | |
| tree | cd53c41f5ac98d6f8669f603b9da5f3453aaf44e | |
| parent | 1e38c10efb572efac2638366f18a1cf23acd7c2b (diff) | |
| download | afl++-432638404f40594ae163b6e1b92fcfd51b59d59a.tar.gz | |
ignoring ifuncs on fixed map LTO
| -rw-r--r-- | llvm_mode/afl-llvm-lto-instrumentation.so.cc | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 1933ed8d..abc836aa 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -219,21 +219,30 @@ bool AFLLTOPass::runOnModule(Module &M) { */ - if (map_addr) + std::vector<std::string> module_block_list; + + if (map_addr) { + for (GlobalIFunc &IF : M.ifuncs()) { + + StringRef ifunc_name = IF.getName(); + Constant *r = IF.getResolver(); + StringRef r_name = cast<Function>(r->getOperand(0))->getName(); + if (!be_quiet) + fprintf(stderr, "Found an ifunc with name %s that points to resolver function %s, we cannot instrument this, putting it into a block list.\n", + ifunc_name.str().c_str(), r_name.str().c_str()); - // No clue how to follow these up and find the resolver function. - // If we would know that resolver function name we could just skip - // instrumenting it and everything would be fine :-( - // StringRef ifunc_name = IF.getName(); - // Constant *r = IF.getResolver(); - FATAL( - "Target uses ifunc attribute for %s, fixed map cannot be used, " - "remove AFL_LLVM_MAP_ADDR", - IF.getName().str().c_str()); + module_block_list.push_back(r_name.str()); } + // next up: ctors run before __afl_init() + + // TODO + + + } + /* Instrument all the things! */ int inst_blocks = 0; @@ -250,6 +259,24 @@ bool AFLLTOPass::runOnModule(Module &M) { if (F.size() < function_minimum_size) continue; if (isIgnoreFunction(&F)) continue; + if (module_block_list.size()) { + + for (auto bname : module_block_list) { + + std::string fname = F.getName().str(); + + if (fname.compare(bname) == 0) { + + if (!be_quiet) + WARNF("Skipping instrumentation of ifunc resolver function %s", + fname.c_str()); + + } + + } + + } + // the instrument file list check AttributeList Attrs = F.getAttributes(); if (Attrs.hasAttribute(-1, StringRef("skipinstrument"))) { |