From b3d16f7b8c19c3fb06cdbb2ef8df977b6b674b59 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 14 Oct 2024 09:45:59 +0200 Subject: update how AFL_EXIT_WHEN_DONE and colors of cycles done are working --- docs/env_variables.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index 3db46b36..ef67abec 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -424,9 +424,8 @@ checks or alter some of the more exotic semantics of the tool: types of automated jobs. - `AFL_EXIT_WHEN_DONE` causes afl-fuzz to terminate when all existing paths - have been fuzzed and there were no new finds for a while. This would be - normally indicated by the cycle counter in the UI turning green. May be - convenient for some types of automated jobs. + have been fuzzed and there were no new finds for a while. This is basically + when the fuzzing state says `state: finished` - Setting `AFL_EXPAND_HAVOC_NOW` will start in the extended havoc mode that includes costly mutations. afl-fuzz automatically enables this mode when -- cgit 1.4.1 From 4cc9232485618712a158ca8fddc42f1fee1c530f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Oct 2024 18:26:08 +0200 Subject: add AFL_OPT_LEVEL support --- docs/env_variables.md | 3 +++ include/envs.h | 2 +- src/afl-cc.c | 42 +++++++++++++++++++++++++++++++++++++++--- 3 files changed, 43 insertions(+), 4 deletions(-) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index ef67abec..4824860c 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -64,6 +64,9 @@ fairly broad use of environment variables instead: optimizations, set `AFL_DONT_OPTIMIZE`. However, if `-O...` and/or `-fno-unroll-loops` are set, these are not overridden. + - The optimization level can also be set with `AFL_OPT_LEVEL`, e.g. + `AFL_OPT_LEVEL=z` for `-Oz` + - Setting `AFL_HARDEN` automatically adds code hardening options when invoking the downstream compiler. This currently includes `-D_FORTIFY_SOURCE=2` and `-fstack-protector-all`. The setting is useful for catching non-crashing diff --git a/include/envs.h b/include/envs.h index 3accbda0..202de752 100644 --- a/include/envs.h +++ b/include/envs.h @@ -49,7 +49,7 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_PERSISTENT_RET", "AFL_FRIDA_STALKER_ADJACENT_BLOCKS", "AFL_FRIDA_STALKER_IC_ENTRIES", "AFL_FRIDA_STALKER_NO_BACKPATCH", "AFL_FRIDA_STATS_FILE", "AFL_FRIDA_STATS_INTERVAL", "AFL_FRIDA_TRACEABLE", - "AFL_FRIDA_VERBOSE", "AFL_OLD_FORKSERVER", + "AFL_FRIDA_VERBOSE", "AFL_OLD_FORKSERVER", "AFL_OPT_LEVEL", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_FUZZER_STATS_UPDATE_INTERVAL", "AFL_GDB", "AFL_GCC_ALLOWLIST", "AFL_GCC_DENYLIST", "AFL_GCC_BLOCKLIST", "AFL_GCC_INSTRUMENT_FILE", diff --git a/src/afl-cc.c b/src/afl-cc.c index 7afab850..677a6b2f 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -98,7 +98,8 @@ typedef enum { } compiler_mode_id; -static u8 cwd[4096]; +static u8 cwd[4096]; +static char opt_level = '3'; char instrument_mode_string[18][18] = { @@ -881,9 +882,17 @@ static void instrument_mode_old_environ(aflcc_state_t *aflcc) { */ static void instrument_mode_new_environ(aflcc_state_t *aflcc) { + u8 *ptr2; + + if ((ptr2 = getenv("AFL_OPT_LEVEL"))) { + + opt_level = ptr2[0]; // ignore invalid data + + } + if (!getenv("AFL_LLVM_INSTRUMENT")) { return; } - u8 *ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;"); + ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;"); while (ptr2) { @@ -2561,6 +2570,33 @@ void add_gcc_plugin(aflcc_state_t *aflcc) { } +char *get_opt_level() { + + static char levels[8][8] = {"-O0", "-O1", "-O2", "-O3", + "-Oz", "-Os", "-Ofast", "-Og"}; + switch (opt_level) { + + case '0': + return levels[0]; + case '1': + return levels[1]; + case '2': + return levels[2]; + case 'z': + return levels[4]; + case 's': + return levels[5]; + case 'f': + return levels[6]; + case 'g': + return levels[7]; + default: + return levels[3]; + + } + +} + /* Add some miscellaneous params required by our instrumentation. */ void add_misc_params(aflcc_state_t *aflcc) { @@ -2592,7 +2628,7 @@ void add_misc_params(aflcc_state_t *aflcc) { if (!getenv("AFL_DONT_OPTIMIZE")) { insert_param(aflcc, "-g"); - if (!aflcc->have_o) insert_param(aflcc, "-O3"); + if (!aflcc->have_o) insert_param(aflcc, get_opt_level()); if (!aflcc->have_unroll) insert_param(aflcc, "-funroll-loops"); // if (strlen(aflcc->march_opt) > 1 && aflcc->march_opt[0] == '-') // insert_param(aflcc, aflcc->march_opt); -- cgit 1.4.1 From a11488b9dcc71e5b52876e8c11ea6ee231e433ba Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Oct 2024 18:27:10 +0200 Subject: changelog --- docs/Changelog.md | 2 ++ docs/env_variables.md | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'docs/env_variables.md') diff --git a/docs/Changelog.md b/docs/Changelog.md index 48f67803..8a445084 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -37,6 +37,8 @@ - new runtime (!) variable: `AFL_OLD_FORKSERVER` to use the old vanilla AFL type forkserver. Useful for symcc/symqemu/nautilus/etc. with AFL_LLVM_INSTRUMENT=CLASSIC + - new compile time variable: `AFL_OPT_LEVEL` to set a specific optimization + level, default is `3` - code formatting updated to llvm 18 - improved custom_mutators/aflpp/standalone/aflpp-standalone - added custom_mutators/autotokens/standalone/autotokens-standalone diff --git a/docs/env_variables.md b/docs/env_variables.md index 4824860c..d0789105 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -65,7 +65,7 @@ fairly broad use of environment variables instead: `-fno-unroll-loops` are set, these are not overridden. - The optimization level can also be set with `AFL_OPT_LEVEL`, e.g. - `AFL_OPT_LEVEL=z` for `-Oz` + `AFL_OPT_LEVEL=z` for `-Oz`, default is `3` - Setting `AFL_HARDEN` automatically adds code hardening options when invoking the downstream compiler. This currently includes `-D_FORTIFY_SOURCE=2` and -- cgit 1.4.1 From 04d2476b324f5c6124c665b24989d15dd61f0f2b Mon Sep 17 00:00:00 2001 From: rapt0r Date: Sun, 20 Oct 2024 16:00:17 +0900 Subject: doc: add description for AFL_GCC_DISABLE_VERSION_CHECK --- docs/env_variables.md | 5 +++++ src/afl-cc.c | 2 ++ 2 files changed, 7 insertions(+) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index d0789105..d1edb6fd 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -326,6 +326,11 @@ mode. [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information. + Setting `AFL_GCC_DISABLE_VERSION_CHECK=1` will disable the GCC plugin + version check if the target GCC plugin differs from the system-installed + version, resolving issues caused by version mismatches between GCC and + the plugin. + Setting `AFL_GCC_OUT_OF_LINE=1` will instruct afl-gcc-fast to instrument the code with calls to an injected subroutine instead of the much more efficient inline instrumentation. diff --git a/src/afl-cc.c b/src/afl-cc.c index 677a6b2f..6f634b53 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2958,6 +2958,8 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { SAYF( "\nGCC Plugin-specific environment variables:\n" " AFL_GCC_CMPLOG: log operands of comparisons (RedQueen mutator)\n" + " AFL_GCC_DISABLE_VERSION_CHECK: disable GCC plugin version " + "control\n" " AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n" " AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n" " AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by " -- cgit 1.4.1