diff options
| author | van Hauser <vh@thc.org> | 2020-03-10 07:14:42 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-03-10 07:14:42 +0100 |
| commit | 1148a2d0d1ce43ab89e14eefb70bc410726838c4 (patch) | |
| tree | 4c2a69940d07cb2fadd8b8a5cbbfdb7f902c8d36 /llvm_mode | |
| parent | 38d9aedb26d6c4530763a29fe7695155a21ffbbc (diff) | |
| download | afl++-1148a2d0d1ce43ab89e14eefb70bc410726838c4.tar.gz | |
document new environment variables and code format
Diffstat (limited to 'llvm_mode')
| -rw-r--r-- | llvm_mode/LLVMInsTrim.so.cc | 13 | ||||
| -rw-r--r-- | llvm_mode/MarkNodes.cc | 13 | ||||
| -rw-r--r-- | llvm_mode/README.instrim.md | 9 |
3 files changed, 24 insertions, 11 deletions
diff --git a/llvm_mode/LLVMInsTrim.so.cc b/llvm_mode/LLVMInsTrim.so.cc index 0fddad24..229d7d24 100644 --- a/llvm_mode/LLVMInsTrim.so.cc +++ b/llvm_mode/LLVMInsTrim.so.cc @@ -54,7 +54,7 @@ struct InsTrim : public ModulePass { protected: std::list<std::string> myWhitelist; - uint32_t function_minimum_size = 1; + uint32_t function_minimum_size = 1; private: std::mt19937 generator; @@ -387,15 +387,18 @@ struct InsTrim : public ModulePass { } - if (function_minimum_size < 2) { + if (function_minimum_size < 2) { + for (BasicBlock &BB : F) { - if (MS.find(&BB) == MS.end()) { - continue; - } + + if (MS.find(&BB) == MS.end()) { continue; } IRBuilder<> IRB(&*BB.getFirstInsertionPt()); IRB.CreateStore(ConstantInt::get(Int32Ty, genLabel()), OldPrev); + } + } + } for (BasicBlock &BB : F) { diff --git a/llvm_mode/MarkNodes.cc b/llvm_mode/MarkNodes.cc index b8587826..cff6c90a 100644 --- a/llvm_mode/MarkNodes.cc +++ b/llvm_mode/MarkNodes.cc @@ -393,10 +393,9 @@ bool MarkSubGraph(uint32_t ss, uint32_t tt) { MakeUniq(TopoOrder[i]); } - - // Check if there is an empty path. - if (NextMarked[tt].count(TopoOrder[0]) > 0) - return true; + + // Check if there is an empty path. + if (NextMarked[tt].count(TopoOrder[0]) > 0) return true; return false; } @@ -422,7 +421,7 @@ void MarkVertice() { timeStamp = 0; uint32_t t = 0; - bool emptyPathExists = true; + bool emptyPathExists = true; while (s != t) { @@ -430,10 +429,12 @@ void MarkVertice() { t = DominatorTree::idom[t]; } - + if (emptyPathExists) { + // Mark all exit blocks to catch the empty path. Marked.insert(t_Pred[0].begin(), t_Pred[0].end()); + } } diff --git a/llvm_mode/README.instrim.md b/llvm_mode/README.instrim.md index b40dbb18..5c3f32c8 100644 --- a/llvm_mode/README.instrim.md +++ b/llvm_mode/README.instrim.md @@ -19,6 +19,15 @@ see how often the loop has been rerun. This again is a tradeoff for speed for less path information. To enable this mode set `AFL_LLVM_INSTRIM_LOOPHEAD=1`. +There is an additional optimization option that skips single block +functions. In 95% of the C targets and (guess) 50% of the C++ targets +it is good to enable this, as otherwise pointless instrumentation occurs. +The corner case where we want this instrumentation is when vtable/call table +is used and the index to that vtable/call table is not set in specific +basic blocks. +To enable skipping these (most of the time) unnecessary instrumentations set +`AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK=1` + ## Background The paper: [InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing] |