From afd2ea90dfdb9aa7668c482e7c427f95c4847843 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 20 Jan 2023 22:12:35 +0000 Subject: LLVM plugin 16+ support proposal. - Lifting the standard to C++17. - Beyond the cosmetic changes, it boils down to BasicBlock::getInstList being no longer available (and reading the header it is no accident). --- instrumentation/afl-llvm-common.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'instrumentation/afl-llvm-common.h') diff --git a/instrumentation/afl-llvm-common.h b/instrumentation/afl-llvm-common.h index dee5f9fc..0112c325 100644 --- a/instrumentation/afl-llvm-common.h +++ b/instrumentation/afl-llvm-common.h @@ -8,6 +8,7 @@ #include #include #include +#include #include #include "llvm/Config/llvm-config.h" @@ -35,6 +36,12 @@ typedef long double max_align_t; #if LLVM_VERSION_MAJOR >= 11 #define MNAME M.getSourceFileName() #define FMNAME F.getParent()->getSourceFileName() + #if LLVM_VERSION_MAJOR >= 16 + // None becomes deprecated + // the standard std::nullopt_t is recommended instead + // from C++17 and onwards. + constexpr std::nullopt_t None = std::nullopt; + #endif #else #define MNAME std::string("") #define FMNAME std::string("") -- cgit 1.4.1 From 8bc3fa1df286aac46a0a724f64e2e07010d2497e Mon Sep 17 00:00:00 2001 From: David CARLIER Date: Mon, 13 Feb 2023 23:00:15 +0000 Subject: LLVM cmplog factoring custom Instruction iterator with added restriction --- instrumentation/afl-llvm-common.cc | 18 ++++++++++++++++++ instrumentation/afl-llvm-common.h | 2 ++ instrumentation/cmplog-instructions-pass.cc | 15 --------------- instrumentation/cmplog-switches-pass.cc | 15 --------------- 4 files changed, 20 insertions(+), 30 deletions(-) (limited to 'instrumentation/afl-llvm-common.h') diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index dc34d191..b50269fe 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -582,6 +582,24 @@ bool isInInstrumentList(llvm::Function *F, std::string Filename) { } +template +Iterator Unique(Iterator first, Iterator last) { + static_assert(std::is_trivially_copyable< + typename std::iterator_traits + >::value_type, "Invalid underlying type"); + + while (first != last) { + + Iterator next(first); + last = std::remove(++next, last, *first); + first = next; + + } + + return last; + +} + // Calculate the number of average collisions that would occur if all // location IDs would be assigned randomly (like normal afl/afl++). // This uses the "balls in bins" algorithm. diff --git a/instrumentation/afl-llvm-common.h b/instrumentation/afl-llvm-common.h index 0112c325..8b8dc756 100644 --- a/instrumentation/afl-llvm-common.h +++ b/instrumentation/afl-llvm-common.h @@ -9,6 +9,7 @@ #include #include #include +#include #include #include "llvm/Config/llvm-config.h" @@ -53,6 +54,7 @@ void initInstrumentList(); bool isInInstrumentList(llvm::Function *F, std::string Filename); unsigned long long int calculateCollisions(uint32_t edges); void scanForDangerousFunctions(llvm::Module *M); +template Iterator Unique(Iterator, Iterator); #ifndef IS_EXTERN #define IS_EXTERN diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index bca1f927..c6fd7c56 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -138,21 +138,6 @@ llvmGetPassPluginInfo() { char CmpLogInstructions::ID = 0; #endif -template -Iterator Unique(Iterator first, Iterator last) { - - while (first != last) { - - Iterator next(first); - last = std::remove(++next, last, *first); - first = next; - - } - - return last; - -} - bool CmpLogInstructions::hookInstrs(Module &M) { std::vector icomps; diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index cd0ae76d..f4a9fbd7 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -131,21 +131,6 @@ llvmGetPassPluginInfo() { char CmplogSwitches::ID = 0; #endif -template -Iterator Unique(Iterator first, Iterator last) { - - while (first != last) { - - Iterator next(first); - last = std::remove(++next, last, *first); - first = next; - - } - - return last; - -} - bool CmplogSwitches::hookInstrs(Module &M) { std::vector switches; -- cgit 1.4.1 From b786558dea5fd5dca471a0e36a8b420ff6a65846 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 20 Feb 2023 15:43:54 +0100 Subject: Revert "LLVM cmplog factoring custom Instruction iterator with added restriction" This reverts commit 8bc3fa1df286aac46a0a724f64e2e07010d2497e. --- instrumentation/afl-llvm-common.cc | 18 ------------------ instrumentation/afl-llvm-common.h | 2 -- instrumentation/cmplog-instructions-pass.cc | 15 +++++++++++++++ instrumentation/cmplog-switches-pass.cc | 15 +++++++++++++++ 4 files changed, 30 insertions(+), 20 deletions(-) (limited to 'instrumentation/afl-llvm-common.h') diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index b50269fe..dc34d191 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -582,24 +582,6 @@ bool isInInstrumentList(llvm::Function *F, std::string Filename) { } -template -Iterator Unique(Iterator first, Iterator last) { - static_assert(std::is_trivially_copyable< - typename std::iterator_traits - >::value_type, "Invalid underlying type"); - - while (first != last) { - - Iterator next(first); - last = std::remove(++next, last, *first); - first = next; - - } - - return last; - -} - // Calculate the number of average collisions that would occur if all // location IDs would be assigned randomly (like normal afl/afl++). // This uses the "balls in bins" algorithm. diff --git a/instrumentation/afl-llvm-common.h b/instrumentation/afl-llvm-common.h index 8b8dc756..0112c325 100644 --- a/instrumentation/afl-llvm-common.h +++ b/instrumentation/afl-llvm-common.h @@ -9,7 +9,6 @@ #include #include #include -#include #include #include "llvm/Config/llvm-config.h" @@ -54,7 +53,6 @@ void initInstrumentList(); bool isInInstrumentList(llvm::Function *F, std::string Filename); unsigned long long int calculateCollisions(uint32_t edges); void scanForDangerousFunctions(llvm::Module *M); -template Iterator Unique(Iterator, Iterator); #ifndef IS_EXTERN #define IS_EXTERN diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index c6fd7c56..bca1f927 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -138,6 +138,21 @@ llvmGetPassPluginInfo() { char CmpLogInstructions::ID = 0; #endif +template +Iterator Unique(Iterator first, Iterator last) { + + while (first != last) { + + Iterator next(first); + last = std::remove(++next, last, *first); + first = next; + + } + + return last; + +} + bool CmpLogInstructions::hookInstrs(Module &M) { std::vector icomps; diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index f4a9fbd7..cd0ae76d 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -131,6 +131,21 @@ llvmGetPassPluginInfo() { char CmplogSwitches::ID = 0; #endif +template +Iterator Unique(Iterator first, Iterator last) { + + while (first != last) { + + Iterator next(first); + last = std::remove(++next, last, *first); + first = next; + + } + + return last; + +} + bool CmplogSwitches::hookInstrs(Module &M) { std::vector switches; -- cgit 1.4.1 From e6a05382b83817b245da51bcba16be5df56eb283 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 6 Mar 2023 09:59:52 +0100 Subject: fix IGNORE_PROBLEMS and update qemuafl --- docs/Changelog.md | 2 ++ instrumentation/afl-compiler-rt.o.c | 39 ++++++++++++++++++++++++------------- instrumentation/afl-llvm-common.h | 8 ++++---- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/qemuafl | 2 +- src/afl-fuzz-stats.c | 22 ++++++++++----------- 6 files changed, 44 insertions(+), 31 deletions(-) (limited to 'instrumentation/afl-llvm-common.h') diff --git a/docs/Changelog.md b/docs/Changelog.md index 8f71fd83..f4fa4382 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -11,6 +11,8 @@ - add CFI sanitizer variant to gcc targets - llvm 16 support (thanks to @devnexen!) - support llvm 15 native pcguard changes + - qemu_mode: + - fix _RANGES envs to allow hyphens in the filenames - new custom module: autotoken, grammar free fuzzer for text inputs - LTO autoken and llvm_mode: added AFL_LLVM_DICT2FILE_NO_MAIN support - better sanitizer default options support for all tools diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 9871d7f4..94022a65 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1539,12 +1539,16 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { if (start == stop || *start) return; x = getenv("AFL_INST_RATIO"); - if (x) { inst_ratio = (u32)atoi(x); } + if (x) { - if (!inst_ratio || inst_ratio > 100) { + inst_ratio = (u32)atoi(x); - fprintf(stderr, "[-] ERROR: Invalid AFL_INST_RATIO (must be 1-100).\n"); - abort(); + if (!inst_ratio || inst_ratio > 100) { + + fprintf(stderr, "[-] ERROR: Invalid AFL_INST_RATIO (must be 1-100).\n"); + abort(); + + } } @@ -1568,10 +1572,16 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { while (start < stop) { - if (likely(inst_ratio == 100) || R(100) < inst_ratio) - *start = offset; - else - *start = 0; // write to map[0] + if (likely(inst_ratio == 100) || R(100) < inst_ratio) { + + *(start++) = offset; + + } else { + + *(start++) = 0; // write to map[0] + + } + if (unlikely(++offset >= __afl_final_loc)) { offset = 4; } } @@ -1592,12 +1602,15 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { while (start < stop) { - if (likely(inst_ratio == 100) || R(100) < inst_ratio) - *start = ++__afl_final_loc; - else - *start = 0; // write to map[0] + if (likely(inst_ratio == 100) || R(100) < inst_ratio) { + + *(start++) = ++__afl_final_loc; - start++; + } else { + + *(start++) = 0; // write to map[0] + + } } diff --git a/instrumentation/afl-llvm-common.h b/instrumentation/afl-llvm-common.h index 0112c325..16a13da5 100644 --- a/instrumentation/afl-llvm-common.h +++ b/instrumentation/afl-llvm-common.h @@ -37,10 +37,10 @@ typedef long double max_align_t; #define MNAME M.getSourceFileName() #define FMNAME F.getParent()->getSourceFileName() #if LLVM_VERSION_MAJOR >= 16 - // None becomes deprecated - // the standard std::nullopt_t is recommended instead - // from C++17 and onwards. - constexpr std::nullopt_t None = std::nullopt; +// None becomes deprecated +// the standard std::nullopt_t is recommended instead +// from C++17 and onwards. +constexpr std::nullopt_t None = std::nullopt; #endif #else #define MNAME std::string("") diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 9c68f02c..39e41f79 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -a8af9cbde7 +74c583b11a diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index a8af9cbd..74c583b1 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit a8af9cbde71e333ce72a46f15e655d0b82ed0939 +Subproject commit 74c583b11ac508b90660723da7ee9ff7ff77ee92 diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 26e1a50e..53ab8c77 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -672,12 +672,11 @@ void show_stats_normal(afl_state_t *afl) { /* If no coverage was found yet, check whether run time is greater than * exit_on_time. */ - if (unlikely( - !afl->non_instrumented_mode && afl->afl_env.afl_exit_on_time && - ((afl->last_find_time && - (cur_ms - afl->last_find_time) > afl->exit_on_time) || - (!afl->last_find_time && (cur_ms - afl->start_time) - > afl->exit_on_time)))) { + if (unlikely(!afl->non_instrumented_mode && afl->afl_env.afl_exit_on_time && + ((afl->last_find_time && + (cur_ms - afl->last_find_time) > afl->exit_on_time) || + (!afl->last_find_time && + (cur_ms - afl->start_time) > afl->exit_on_time)))) { afl->stop_soon = 2; @@ -1476,12 +1475,11 @@ void show_stats_pizza(afl_state_t *afl) { /* If no coverage was found yet, check whether run time is greater than * exit_on_time. */ - if (unlikely( - !afl->non_instrumented_mode && afl->afl_env.afl_exit_on_time && - ((afl->last_find_time && - (cur_ms - afl->last_find_time) > afl->exit_on_time) || - (!afl->last_find_time && (cur_ms - afl->start_time) - > afl->exit_on_time)))) { + if (unlikely(!afl->non_instrumented_mode && afl->afl_env.afl_exit_on_time && + ((afl->last_find_time && + (cur_ms - afl->last_find_time) > afl->exit_on_time) || + (!afl->last_find_time && + (cur_ms - afl->start_time) > afl->exit_on_time)))) { afl->stop_soon = 2; -- cgit 1.4.1