diff options
Diffstat (limited to 'llvm_mode')
| -rw-r--r-- | llvm_mode/LLVMInsTrim.so.cc | 95 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 2 |
2 files changed, 69 insertions, 28 deletions
diff --git a/llvm_mode/LLVMInsTrim.so.cc b/llvm_mode/LLVMInsTrim.so.cc index 08d3f68f..afe89ec7 100644 --- a/llvm_mode/LLVMInsTrim.so.cc +++ b/llvm_mode/LLVMInsTrim.so.cc @@ -382,19 +382,64 @@ struct InsTrim : public ModulePass { } - auto *EBB = &F.getEntryBlock(); - if (succ_begin(EBB) == succ_end(EBB)) { + // Bugfix #1: remove single block function instrumentation - MS.insert(EBB); - total_rs += 1; + for (BasicBlock &BB : F) { - } + if (MarkSetOpt && MS.find(&BB) == MS.end()) { - for (BasicBlock &BB : F) { + // Bugfix #2: instrument blocks that should be but InsTrim + // doesn't due to an algorithmic bug + int more_than_one = -1; + + for (pred_iterator PI = pred_begin(&BB), E = pred_end(&BB); PI != E; + ++PI) { + + BasicBlock *Pred = *PI; + int count = 0; + + if (more_than_one == -1) more_than_one = 0; + for (succ_iterator SI = succ_begin(Pred), E = succ_end(Pred); + SI != E; ++SI) { + + BasicBlock *Succ = *SI; + if (Succ != NULL) count++; + + } + + if (count > 1) more_than_one = 1; + + } + + if (more_than_one != 1) continue; + for (succ_iterator SI = succ_begin(&BB), E = succ_end(&BB); SI != E; + ++SI) { + + BasicBlock *Succ = *SI; + if (Succ != NULL && MS.find(Succ) == MS.end()) { + + int cnt = 0; + for (succ_iterator SI2 = succ_begin(Succ), E2 = succ_end(Succ); + SI2 != E2; ++SI2) { + + BasicBlock *Succ2 = *SI2; + if (Succ2 != NULL) cnt++; + + } - if (MS.find(&BB) == MS.end()) { continue; } - IRBuilder<> IRB(&*BB.getFirstInsertionPt()); - IRB.CreateStore(ConstantInt::get(Int32Ty, genLabel()), OldPrev); + if (cnt == 0) { + + // fprintf(stderr, "INSERT!\n"); + MS.insert(Succ); + total_rs += 1; + + } + + } + + } + + } } @@ -402,33 +447,24 @@ struct InsTrim : public ModulePass { for (BasicBlock &BB : F) { - auto PI = pred_begin(&BB); - auto PE = pred_end(&BB); if (MarkSetOpt && MS.find(&BB) == MS.end()) { continue; } IRBuilder<> IRB(&*BB.getFirstInsertionPt()); Value * L = NULL; - if (PI == PE) { - L = ConstantInt::get(Int32Ty, genLabel()); + auto *PN = PHINode::Create(Int32Ty, 0, "", &*BB.begin()); + DenseMap<BasicBlock *, unsigned> PredMap; + for (auto PI = pred_begin(&BB), PE = pred_end(&BB); PI != PE; ++PI) { - } else { - - auto *PN = PHINode::Create(Int32Ty, 0, "", &*BB.begin()); - DenseMap<BasicBlock *, unsigned> PredMap; - for (auto PI = pred_begin(&BB), PE = pred_end(&BB); PI != PE; ++PI) { - - BasicBlock *PBB = *PI; - auto It = PredMap.insert({PBB, genLabel()}); - unsigned Label = It.first->second; - PN->addIncoming(ConstantInt::get(Int32Ty, Label), PBB); - - } - - L = PN; + BasicBlock *PBB = *PI; + auto It = PredMap.insert({PBB, genLabel()}); + unsigned Label = It.first->second; + PN->addIncoming(ConstantInt::get(Int32Ty, Label), PBB); } + L = PN; + /* Load prev_loc */ LoadInst *PrevLoc = IRB.CreateLoad(OldPrev); PrevLoc->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); @@ -475,6 +511,11 @@ struct InsTrim : public ModulePass { IRB.CreateStore(Incr, MapPtrIdx) ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + // Bugfix #3: save the actually location ID to OldPrev + Value *Shr = IRB.CreateLShr(L, One); + IRB.CreateStore(Shr, OldPrev) + ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + total_instr++; } diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 53852320..93b03bb2 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -129,7 +129,7 @@ static void __afl_map_shm(void) { __afl_area_ptr[0] = 1; } - + id_str = getenv(CMPLOG_SHM_ENV_VAR); if (id_str) { |