diff options
| -rw-r--r-- | docs/Changelog.md | 1 | ||||
| -rw-r--r-- | docs/env_variables.md | 9 | ||||
| -rw-r--r-- | llvm_mode/README.laf-intel.md | 3 | ||||
| -rw-r--r-- | llvm_mode/afl-clang-fast.c | 17 | ||||
| -rw-r--r-- | src/afl-common.c | 2 |
5 files changed, 25 insertions, 7 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 71738913..08952717 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -24,6 +24,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - lowered minimum required llvm version to 3.4 (except LLVMInsTrim, which needs 3.8.0) - small change to cmplog to make it work with current llvm 11-dev + - added AFL_LLVM_LAF_ALL, sets all laf-intel settings - fixed afl-gcc/afl-as that could break on fast systems reusing pids in the same second - added lots of dictionaries from oss-fuzz, go-fuzz and Jakub Wilk diff --git a/docs/env_variables.md b/docs/env_variables.md index 2668be7d..867e937e 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -190,13 +190,18 @@ Then there are a few specific features that are only available in llvm_mode: to allow afl-fuzz to find otherwise rather impossible paths. It is not restricted to Intel CPUs ;-) - - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es - - Setting AFL_LLVM_LAF_TRANSFORM_COMPARES will split string compare functions + - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es + - Setting AFL_LLVM_LAF_SPLIT_COMPARES will split all floating point and 64, 32 and 16 bit integer CMP instructions + - Setting AFL_LLVM_LAF_SPLIT_FLOATS will split floating points, needs + AFL_LLVM_LAF_SPLIT_COMPARES to be set + + - Setting AFL_LLVM_LAF_ALL sets all of the above + See llvm_mode/README.laf-intel.md for more information. ### WHITELIST diff --git a/llvm_mode/README.laf-intel.md b/llvm_mode/README.laf-intel.md index 462c7bac..2fa4bc26 100644 --- a/llvm_mode/README.laf-intel.md +++ b/llvm_mode/README.laf-intel.md @@ -37,3 +37,6 @@ series of sign, exponent and mantissa comparisons followed by splitting each of them into 8 bit comparisons when necessary. It is activated with the `AFL_LLVM_LAF_SPLIT_FLOATS` setting, available only when `AFL_LLVM_LAF_SPLIT_COMPARES` is set. + +You can also set `AFL_LLVM_LAF_ALL` and have all of the above enabled :-) + diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 2cc40b62..2aeb0400 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -829,14 +829,14 @@ int main(int argc, char **argv, char **envp) { "AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n" "AFL_LLVM_SKIP_NEVERZERO: do not skip zero on trace counters\n" "AFL_LLVM_LAF_SPLIT_COMPARES: enable cascaded comparisons\n" - "AFL_LLVM_LAF_SPLIT_FLOATS: transform floating point comp. to " - "cascaded " - "comp.\n" + "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n" "AFL_LLVM_LAF_SPLIT_SWITCHES: casc. comp. in 'switch'\n" " to cascaded comparisons\n" + "AFL_LLVM_LAF_SPLIT_FLOATS: transform floating point comp. to " + "cascaded comp.\n" "AFL_LLVM_LAF_TRANSFORM_COMPARES: transform library comparison " "function calls\n" - "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n" + "AFL_LLVM_LAF_ALL: enables all LAF splits/transforms\n" "AFL_LLVM_WHITELIST: enable whitelisting (selective " "instrumentation)\n" "AFL_NO_BUILTIN: compile for use with libtokencap.so\n" @@ -925,6 +925,15 @@ int main(int argc, char **argv, char **envp) { check_environment_vars(envp); + if (getenv("AFL_LLVM_LAF_ALL")) { + + setenv("AFL_LLVM_LAF_SPLIT_SWITCHES", "1", 1); + setenv("AFL_LLVM_LAF_SPLIT_COMPARES", "1", 1); + setenv("AFL_LLVM_LAF_SPLIT_FLOATS", "1", 1); + setenv("AFL_LLVM_LAF_TRANSFORM_COMPARES", "1", 1); + + } + cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG"); if (!be_quiet && cmplog_mode) printf("CmpLog mode by <andreafioraldi@gmail.com>\n"); diff --git a/src/afl-common.c b/src/afl-common.c index 808c9812..1bb58a60 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -67,7 +67,7 @@ char *afl_environment_variables[] = { "AFL_LLVM_SKIPSINGLEBLOCK", "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", "AFL_LLVM_LAF_SPLIT_COMPARES", "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", "AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES", - "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR", + "AFL_LLVM_LAF_ALL", "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR", "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID", |