diff options
Diffstat (limited to 'instrumentation')
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 7 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-common.h | 16 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-pass.so.cc | 13 | ||||
| -rw-r--r-- | instrumentation/cmplog-instructions-pass.cc | 33 | ||||
| -rw-r--r-- | instrumentation/split-switches-pass.so.cc | 6 |
5 files changed, 41 insertions, 34 deletions
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 1b9fdee3..a84f31e3 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1433,9 +1433,12 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { } else { + static u32 offset = 4; + while (start < stop) { - *(start++) = 4; + *(start++) = offset; + if (unlikely(++offset >= __afl_final_loc)) { offset = 4; } } @@ -1444,7 +1447,7 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { } x = getenv("AFL_INST_RATIO"); - if (x) inst_ratio = (u32)atoi(x); + if (x) { inst_ratio = (u32)atoi(x); } if (!inst_ratio || inst_ratio > 100) { diff --git a/instrumentation/afl-llvm-common.h b/instrumentation/afl-llvm-common.h index bd424e21..dee5f9fc 100644 --- a/instrumentation/afl-llvm-common.h +++ b/instrumentation/afl-llvm-common.h @@ -33,17 +33,17 @@ typedef long double max_align_t; #endif #if LLVM_VERSION_MAJOR >= 11 - #define MNAME M.getSourceFileName() - #define FMNAME F.getParent()->getSourceFileName() + #define MNAME M.getSourceFileName() + #define FMNAME F.getParent()->getSourceFileName() #else - #define MNAME std::string("") - #define FMNAME std::string("") + #define MNAME std::string("") + #define FMNAME std::string("") #endif -char * getBBName(const llvm::BasicBlock *BB); -bool isIgnoreFunction(const llvm::Function *F); -void initInstrumentList(); -bool isInInstrumentList(llvm::Function *F, std::string Filename); +char *getBBName(const llvm::BasicBlock *BB); +bool isIgnoreFunction(const llvm::Function *F); +void initInstrumentList(); +bool isInInstrumentList(llvm::Function *F, std::string Filename); unsigned long long int calculateCollisions(uint32_t edges); void scanForDangerousFunctions(llvm::Module *M); diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 899734f8..5246ba08 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -631,18 +631,23 @@ bool AFLCoverage::runOnModule(Module &M) { LoadInst *PrevLoc; if (ngram_size) { + PrevLoc = IRB.CreateLoad( #if LLVM_VERSION_MAJOR >= 14 - PrevLocTy, + PrevLocTy, #endif - AFLPrevLoc); + AFLPrevLoc); + } else { + PrevLoc = IRB.CreateLoad( #if LLVM_VERSION_MAJOR >= 14 - IRB.getInt32Ty(), + IRB.getInt32Ty(), #endif - AFLPrevLoc); + AFLPrevLoc); + } + PrevLoc->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); Value *PrevLocTrans; diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index a0b386d5..310f5585 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -478,27 +478,28 @@ bool CmpLogInstructions::hookInstrs(Module &M) { */ if (is_fp) { -/* - ConstantFP *i0 = dyn_cast<ConstantFP>(op0); - ConstantFP *i1 = dyn_cast<ConstantFP>(op1); - // BUG FIXME TODO: this is null ... but why? - // fprintf(stderr, "%p %p\n", i0, i1); - if (i0) { + /* + ConstantFP *i0 = dyn_cast<ConstantFP>(op0); + ConstantFP *i1 = dyn_cast<ConstantFP>(op1); + // BUG FIXME TODO: this is null ... but why? + // fprintf(stderr, "%p %p\n", i0, i1); + if (i0) { - cur_val = (uint64_t)i0->getValue().convertToDouble(); - if (last_val0 && last_val0 == cur_val) { skip = 1; } - last_val0 = cur_val; + cur_val = (uint64_t)i0->getValue().convertToDouble(); + if (last_val0 && last_val0 == cur_val) { skip = 1; } + last_val0 = cur_val; - } + } - if (i1) { + if (i1) { - cur_val = (uint64_t)i1->getValue().convertToDouble(); - if (last_val1 && last_val1 == cur_val) { skip = 1; } - last_val1 = cur_val; + cur_val = (uint64_t)i1->getValue().convertToDouble(); + if (last_val1 && last_val1 == cur_val) { skip = 1; } + last_val1 = cur_val; - } -*/ + } + + */ } else { diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index 85a35c2a..9f9e7eca 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -118,8 +118,6 @@ BasicBlock *SplitSwitchesTransform::switchConvert( std::vector<uint8_t> setSizes; std::vector<std::set<uint8_t> > byteSets(BytesInValue, std::set<uint8_t>()); - assert(ValTypeBitWidth >= 8 && ValTypeBitWidth <= 64); - /* for each of the possible cases we iterate over all bytes of the values * build a set of possible values at each byte position in byteSets */ for (CaseExpr &Case : Cases) { @@ -350,9 +348,9 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { /* If there is only the default destination or the condition checks 8 bit or * less, don't bother with the code below. */ - if (!SI->getNumCases() || bitw <= 8) { + if (SI->getNumCases() < 2 || bitw % 8 || bitw > 64) { - // if (!be_quiet) errs() << "skip trivial switch..\n"; + // if (!be_quiet) errs() << "skip switch..\n"; continue; } |