diff options
| author | van Hauser <vh@thc.org> | 2020-01-15 10:10:25 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-01-15 10:10:25 +0100 |
| commit | d1d5e7c02a4b17f42b6334f258899d6543c9142c (patch) | |
| tree | ce67a3a546827a13c9b871b60831d581c2ad7527 | |
| parent | d0ea8f84334a36133c289c711c233d1f5a1a8045 (diff) | |
| download | afl++-d1d5e7c02a4b17f42b6334f258899d6543c9142c.tar.gz | |
blacklist function support for llvm_mode
| -rw-r--r-- | TODO | 3 | ||||
| -rw-r--r-- | docs/ChangeLog | 3 | ||||
| -rw-r--r-- | llvm_mode/LLVMInsTrim.so.cc | 24 | ||||
| -rw-r--r-- | llvm_mode/afl-clang-fast.c | 3 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-pass.so.cc | 27 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 14 |
6 files changed, 62 insertions, 12 deletions
diff --git a/TODO b/TODO index 259fbd0a..e935eafa 100644 --- a/TODO +++ b/TODO @@ -2,6 +2,9 @@ Roadmap 2.61+: ============== +Makefile: + - -march=native -Ofast -flto=full + afl-fuzz: - sync_fuzzers(): only masters sync from all, slaves only sync from master diff --git a/docs/ChangeLog b/docs/ChangeLog index f034d251..a94a2038 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -20,7 +20,8 @@ Version ++2.60d (develop): - afl-fuzz: - now prints the real python version support compiled in - afl-clang-fast now shows in the help output for which llvm version it - was compiled for. + was compiled for + - added blacklisted function check in llvm_mode - added fix from Debian project to compile libdislocator and libtokencap diff --git a/llvm_mode/LLVMInsTrim.so.cc b/llvm_mode/LLVMInsTrim.so.cc index 552cf580..11451b43 100644 --- a/llvm_mode/LLVMInsTrim.so.cc +++ b/llvm_mode/LLVMInsTrim.so.cc @@ -94,6 +94,28 @@ struct InsTrim : public ModulePass { } + // ripped from aflgo + static bool isBlacklisted(const Function *F) { + + static const SmallVector<std::string, 4> Blacklist = { + + "asan.", + "llvm.", + "sancov.", + "__ubsan_handle_", + + }; + + for (auto const &BlacklistFunc : Blacklist) { + + if (F->getName().startswith(BlacklistFunc)) { return true; } + + } + + return false; + + } + bool runOnModule(Module &M) override { char be_quiet = 0; @@ -240,6 +262,8 @@ struct InsTrim : public ModulePass { } + if (isBlacklisted(&F)) continue; + std::unordered_set<BasicBlock *> MS; if (!MarkSetOpt) { diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 2b359cdf..b322b762 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -444,7 +444,8 @@ int main(int argc, char** argv) { "You can specify custom next-stage toolchain via AFL_CC and AFL_CXX. " "Setting\n" "AFL_HARDEN enables hardening optimizations in the compiled code.\n\n" - "afl-clang-fast was built for llvm %s with the llvm binary path of \"%s\".\n\n", + "afl-clang-fast was built for llvm %s with the llvm binary path of " + "\"%s\".\n\n", BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR); exit(1); diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index 0b3db4ed..15cc6127 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -75,6 +75,28 @@ class AFLCoverage : public ModulePass { } + // ripped from aflgo + static bool isBlacklisted(const Function *F) { + + static const SmallVector<std::string, 4> Blacklist = { + + "asan.", + "llvm.", + "sancov.", + "__ubsan_handle_", + + }; + + for (auto const &BlacklistFunc : Blacklist) { + + if (F->getName().startswith(BlacklistFunc)) { return true; } + + } + + return false; + + } + bool runOnModule(Module &M) override; // StringRef getPassName() const override { @@ -156,13 +178,11 @@ bool AFLCoverage::runOnModule(Module &M) { /* Instrument all the things! */ - const char *IntrinsicPrefix = "llvm."; int inst_blocks = 0; for (auto &F : M) { - auto Fname = F.getName(); - if (Fname.startswith(IntrinsicPrefix)) continue; + if (isBlacklisted(&F)) continue; for (auto &BB : F) { @@ -377,6 +397,7 @@ bool AFLCoverage::runOnModule(Module &M) { inst_blocks++; } + } /* Say something nice. */ diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 18f32ae8..7679403b 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -334,9 +334,9 @@ void show_stats(void) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (dumb_mode) { @@ -413,9 +413,9 @@ void show_stats(void) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", DTD(cur_ms, last_hang_time), tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -443,9 +443,9 @@ void show_stats(void) { SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored), ((double)queued_favored) * 100 / queued_paths); @@ -514,7 +514,7 @@ void show_stats(void) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); |