diff options
| author | h1994st <h1994st@gmail.com> | 2020-03-06 16:28:26 -0500 |
|---|---|---|
| committer | h1994st <h1994st@gmail.com> | 2020-03-06 16:28:26 -0500 |
| commit | a10a3f2fa75f16bf7781a3c02cd23eab7164cff1 (patch) | |
| tree | 653138ebd36b80fd9fd3faa31eedd8666e185135 /llvm_mode/NOTES | |
| parent | 9e5c4973eb8f9b2f007bb1fe10976a4634c0ea6a (diff) | |
| parent | 2287534ec6dd68b06a5052caa4ab3305d15861ec (diff) | |
| download | afl++-a10a3f2fa75f16bf7781a3c02cd23eab7164cff1.tar.gz | |
Merge branch 'master' of https://github.com/vanhauser-thc/AFLplusplus
Diffstat (limited to 'llvm_mode/NOTES')
| -rw-r--r-- | llvm_mode/NOTES | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/llvm_mode/NOTES b/llvm_mode/NOTES new file mode 100644 index 00000000..9aee7f46 --- /dev/null +++ b/llvm_mode/NOTES @@ -0,0 +1,88 @@ + +markNodes + -> + +whitelist: + set meta information/context to functions? ask llvm-dev + setAttribute/hasAttribute? + +afl-ld: + handle(=instrument) .a archives on the cmdline + +afl-pass-lto-instrument.so: + either a or b: + a) use instrim + b) start in main() or _init() and first otherwise (warn!) + keep list of done functions + final: go through function list and instrument those missing + + + +--------------------------- + + + +for (auto &module : Ctx.getModules()) { + auto &functionList = module->getModule()->getFunctionList(); + for (auto &function : functionList) { + for (auto &bb : function) { + for (auto &instruction : bb) { + if (CallInst *callInst = dyn_cast<CallInst>(&instruction)) { + if (Function *calledFunction = callInst->getCalledFunction()) { + if (calledFunction->getName().startswith("llvm.dbg.declare")) { + + +for (auto &U : F.getUsers()) { <- unbekannt + if (auto CS = CallSite(U)) { + if (CS->getCalledFunction() == F) + +getCalledValue()->stripPointerCasts() + -> for indirect calls + + +CallGraph(M) + + + +#include "llvm/IR/CallSite.h" + +unsigned int indirect_call_cnt = 0; + + printf("Function: %s\n", F.getName().str().c_str()); + int cnt=0; + for (auto *U : F.users()) { +// auto *I = dyn_cast<Instruction>(U); +// if (I) { +// if (cast<CallInst>(I)->getCalledFunction()->getName() == F.getName()) { +// printf("DIRECT CALL %s->%s->%s\n", cast<CallInst>(I)->getParent()->getParent()->getName().str().c_str(), cast<CallInst>(I)->getCalledFunction()->getName().str().c_str(), F.getName().str().c_str()); +// } +printf("Callsite #%d\n", ++cnt); + CallSite CS(U); + auto *I = CS.getInstruction(); + if (I) { + Value *called = CS.getCalledValue()->stripPointerCasts(); + Function* f = dyn_cast<Function>(called); + if (f->getName().size() > 0) { + printf("test %s->%s->%s\n", cast<CallInst>(I)->getParent()->getParent()->getName().str().c_str(), f->getName().str().c_str(), F.getName().str().c_str()); + if (f->getName() == F.getName()) { + printf("CALL %s->%s->%s\n", cast<CallInst>(I)->getParent()->getParent()->getName().str().c_str(), f->getName().str().c_str(), F.getName().str().c_str()); + } + } else + printf("FOO %s->...->%s\n", cast<CallInst>(I)->getParent()->getParent()->getName().str().c_str(), F.getName().str().c_str()); + if (cast<CallInst>(I)->getCalledFunction()->getName() == F.getName()) { + printf("DIRECT %s->%s->%s\n", cast<CallInst>(I)->getParent()->getParent()->getName().str().c_str(), cast<CallInst>(I)->getCalledFunction()->getName().str().c_str(), F.getName().str().c_str()); + } + } else { + printf("WE MISSED SOMETHING HERE!!\n"); + indirect_call_cnt++; + } + } + +oder: + for (auto *U : F.users()) { + if (auto CS = CallSite(U->getUser())) { + if (CS->isCallee(&U)) { + // foo + } + } + } |