diff options
| author | van Hauser <vh@thc.org> | 2020-04-11 07:32:42 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-11 07:32:42 +0200 |
| commit | 68f269437d0f502a5a091a6ed62cf8d71d0148d6 (patch) | |
| tree | ae9c05498f11ceba352656a18941498bdd46fcce /llvm_mode/afl-llvm-lto-instrumentation.so.cc | |
| parent | 29ee3a1ffca2aa5a3939beb84d7c6a81621f3355 (diff) | |
| download | afl++-68f269437d0f502a5a091a6ed62cf8d71d0148d6.tar.gz | |
Autodictionary (#309)
* lto module clean-up * step 1/3 * step 1/3 completed * if tmp is ever made non-static * parts 2 and 3 - autodictionary is complete * variable map_size support * variable map size: changed overlooked functions * remove debug for autodict * 64 bit alignment of map size * fix review comments * force 64 bit alignment on both sides * typo * better map transfer, display snapshot in UI * update readme
Diffstat (limited to 'llvm_mode/afl-llvm-lto-instrumentation.so.cc')
| -rw-r--r-- | llvm_mode/afl-llvm-lto-instrumentation.so.cc | 45 |
1 files changed, 28 insertions, 17 deletions
diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 28f6bf9e..5cdf0b70 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -468,15 +468,13 @@ bool AFLLTOPass::runOnModule(Module &M) { TmpConstStr.append("\0", 1); ConstStr = StringRef(TmpConstStr); - if (isSizedcmp && constLen > sizedLen) { constLen = sizedLen; } + if (isSizedcmp && constLen > sizedLen) constLen = sizedLen; - /* - if (!be_quiet) - errs() << callInst->getCalledFunction()->getName() << ": len " - << constLen << ": " << ConstStr << "\n"; - */ + if (debug) + errs() << callInst->getCalledFunction()->getName() << ": len " + << constLen << ": " << ConstStr << "\n"; - if (constLen && constLen < MAX_DICT_FILE) + if (constLen >= MIN_AUTO_EXTRA && constLen <= MAX_DICT_FILE) dictionary.push_back(ConstStr.str().substr(0, constLen)); } @@ -514,14 +512,22 @@ bool AFLLTOPass::runOnModule(Module &M) { if (getenv("AFL_LLVM_LTO_DONTWRITEID") == NULL) { - GlobalVariable *AFLFinalLoc = new GlobalVariable( - M, Int32Ty, true, GlobalValue::ExternalLinkage, 0, "__afl_final_loc", - 0, GlobalVariable::GeneralDynamicTLSModel, 0, false); - ConstantInt *const_loc = - ConstantInt::get(Int32Ty, (((afl_global_id + 8) >> 3) << 3)); - StoreInst *StoreFinalLoc = IRB.CreateStore(const_loc, AFLFinalLoc); - StoreFinalLoc->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); + uint32_t write_loc = afl_global_id; + + if (afl_global_id % 8) write_loc = (((afl_global_id + 8) >> 3) << 3); + + if (write_loc <= MAP_SIZE && write_loc <= 0x800000) { + + GlobalVariable *AFLFinalLoc = new GlobalVariable( + M, Int32Ty, true, GlobalValue::ExternalLinkage, 0, + "__afl_final_loc", 0, GlobalVariable::GeneralDynamicTLSModel, 0, + false); + ConstantInt *const_loc = ConstantInt::get(Int32Ty, write_loc); + StoreInst * StoreFinalLoc = IRB.CreateStore(const_loc, AFLFinalLoc); + StoreFinalLoc->setMetadata(M.getMDKindID("nosanitize"), + MDNode::get(C, None)); + + } } @@ -537,7 +543,9 @@ bool AFLLTOPass::runOnModule(Module &M) { } - if (!be_quiet) printf("AUTODICTIONARY: %lu strings found\n", count); + if (!be_quiet) + printf("AUTODICTIONARY: %lu string%s found\n", count, + count == 1 ? "" : "s"); if (count) { @@ -549,13 +557,16 @@ bool AFLLTOPass::runOnModule(Module &M) { } + count = 0; + for (auto token : dictionary) { - if (offset + token.length() < 0xfffff0) { + if (offset + token.length() < 0xfffff0 && count < MAX_AUTO_EXTRAS) { ptr[offset++] = (uint8_t)token.length(); memcpy(ptr + offset, token.c_str(), token.length()); offset += token.length(); + count++; } |