diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-30 22:40:09 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-30 22:40:09 +0100 |
| commit | 95a98fb3e805d94a3db82d5da21e9a00a79dbdf2 (patch) | |
| tree | 4de4f17f898a4f0632098c9902614217fa2e53eb /llvm_mode/afl-llvm-rt.o.c | |
| parent | b8bad5a2273b0cddd0244a7f37c20150a08af475 (diff) | |
| download | afl++-95a98fb3e805d94a3db82d5da21e9a00a79dbdf2.tar.gz | |
cmplog runtime for LLVM
Diffstat (limited to 'llvm_mode/afl-llvm-rt.o.c')
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 123 |
1 files changed, 0 insertions, 123 deletions
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index c3d1ba7d..9632844f 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -66,9 +66,6 @@ u32 __afl_prev_loc; __thread u32 __afl_prev_loc; #endif -struct cmp_map* __afl_cmp_map; -__thread u32 __afl_cmp_counter; - /* Running in persistent mode? */ static u8 is_persistent; @@ -129,27 +126,6 @@ static void __afl_map_shm(void) { } - if (getenv("__AFL_CMPLOG_MODE__")) { - - id_str = getenv(CMPLOG_SHM_ENV_VAR); - - if (id_str) { - - u32 shm_id = atoi(id_str); - - __afl_cmp_map = shmat(shm_id, NULL, 0); - - if (__afl_cmp_map == (void*)-1) _exit(1); - - } - - } else if (getenv("AFL_CMPLOG")) { - - // during compilation, do this to avoid segfault - __afl_cmp_map = calloc(sizeof(struct cmp_map), 1); - - } - } /* Fork server logic. */ @@ -322,105 +298,6 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) { } -///// CmpLog instrumentation - -void __sanitizer_cov_trace_cmp1(uint8_t Arg1, uint8_t Arg2) { - - return; - -} - -void __sanitizer_cov_trace_cmp2(uint16_t Arg1, uint16_t Arg2) { - - uintptr_t k = (uintptr_t)__builtin_return_address(0); - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; - - u32 hits = __afl_cmp_map->headers[k].hits; - __afl_cmp_map->headers[k].hits = hits + 1; - // if (!__afl_cmp_map->headers[k].cnt) - // __afl_cmp_map->headers[k].cnt = __afl_cmp_counter++; - - __afl_cmp_map->headers[k].shape = 1; - //__afl_cmp_map->headers[k].type = CMP_TYPE_INS; - - hits &= CMP_MAP_H - 1; - __afl_cmp_map->log[k][hits].v0 = Arg1; - __afl_cmp_map->log[k][hits].v1 = Arg2; - -} - -void __sanitizer_cov_trace_cmp4(uint32_t Arg1, uint32_t Arg2) { - - uintptr_t k = (uintptr_t)__builtin_return_address(0); - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; - - u32 hits = __afl_cmp_map->headers[k].hits; - __afl_cmp_map->headers[k].hits = hits + 1; - - __afl_cmp_map->headers[k].shape = 3; - - hits &= CMP_MAP_H - 1; - __afl_cmp_map->log[k][hits].v0 = Arg1; - __afl_cmp_map->log[k][hits].v1 = Arg2; - -} - -void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) { - - uintptr_t k = (uintptr_t)__builtin_return_address(0); - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; - - u32 hits = __afl_cmp_map->headers[k].hits; - __afl_cmp_map->headers[k].hits = hits + 1; - - __afl_cmp_map->headers[k].shape = 7; - - hits &= CMP_MAP_H - 1; - __afl_cmp_map->log[k][hits].v0 = Arg1; - __afl_cmp_map->log[k][hits].v1 = Arg2; - -} - -#if defined(__APPLE__) -#pragma weak __sanitizer_cov_trace_const_cmp1 = __sanitizer_cov_trace_cmp1 -#pragma weak __sanitizer_cov_trace_const_cmp2 = __sanitizer_cov_trace_cmp2 -#pragma weak __sanitizer_cov_trace_const_cmp4 = __sanitizer_cov_trace_cmp4 -#pragma weak __sanitizer_cov_trace_const_cmp8 = __sanitizer_cov_trace_cmp8 -#else -void __sanitizer_cov_trace_const_cmp1(uint8_t Arg1, uint8_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp1"))); -void __sanitizer_cov_trace_const_cmp2(uint16_t Arg1, uint16_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp2"))); -void __sanitizer_cov_trace_const_cmp4(uint32_t Arg1, uint32_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp4"))); -void __sanitizer_cov_trace_const_cmp8(uint64_t Arg1, uint64_t Arg2) - __attribute__((alias("__sanitizer_cov_trace_cmp8"))); -#endif /* defined(__APPLE__) */ - -void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { - - for (uint64_t i = 0; i < Cases[0]; i++) { - - uintptr_t k = (uintptr_t)__builtin_return_address(0) + i; - k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; - - u32 hits = __afl_cmp_map->headers[k].hits; - __afl_cmp_map->headers[k].hits = hits + 1; - - __afl_cmp_map->headers[k].shape = 7; - - hits &= CMP_MAP_H - 1; - __afl_cmp_map->log[k][hits].v0 = Val; - __afl_cmp_map->log[k][hits].v1 = Cases[i + 2]; - - } - -} - /* The following stuff deals with supporting -fsanitize-coverage=trace-pc-guard. It remains non-operational in the traditional, plugin-backed LLVM mode. For more info about 'trace-pc-guard', see README.llvm. |