From 996986bed5f2dd97a3d76f584d8eddc1203f8396 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 5 Sep 2020 12:11:48 +0200 Subject: first batch of changes --- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 147 ++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 instrumentation/afl-llvm-lto-instrumentlist.so.cc (limited to 'instrumentation/afl-llvm-lto-instrumentlist.so.cc') diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc new file mode 100644 index 00000000..a7331444 --- /dev/null +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -0,0 +1,147 @@ +/* + american fuzzy lop++ - LLVM-mode instrumentation pass + --------------------------------------------------- + + Written by Laszlo Szekeres and + Michal Zalewski + + LLVM integration design comes from Laszlo Szekeres. C bits copied-and-pasted + from afl-as.c are Michal's fault. + + Copyright 2015, 2016 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + + This library is plugged into LLVM when invoking clang through afl-clang-fast. + It tells the compiler to add code roughly equivalent to the bits discussed + in ../afl-as.h. + + */ + +#define AFL_LLVM_PASS + +#include "config.h" +#include "debug.h" + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "llvm/IR/DebugInfo.h" +#include "llvm/IR/BasicBlock.h" +#include "llvm/IR/IRBuilder.h" +#include "llvm/IR/LegacyPassManager.h" +#include "llvm/IR/Module.h" +#include "llvm/Support/Debug.h" +#include "llvm/Transforms/IPO/PassManagerBuilder.h" +#include "llvm/IR/CFG.h" + +#include "afl-llvm-common.h" + +using namespace llvm; + +namespace { + +class AFLcheckIfInstrument : public ModulePass { + + public: + static char ID; + AFLcheckIfInstrument() : ModulePass(ID) { + + if (getenv("AFL_DEBUG")) debug = 1; + + initInstrumentList(); + + } + + bool runOnModule(Module &M) override; + + // StringRef getPassName() const override { + + // return "American Fuzzy Lop Instrumentation"; + // } + + protected: + std::list myInstrumentList; + +}; + +} // namespace + +char AFLcheckIfInstrument::ID = 0; + +bool AFLcheckIfInstrument::runOnModule(Module &M) { + + /* Show a banner */ + + setvbuf(stdout, NULL, _IONBF, 0); + + if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) { + + SAYF(cCYA "afl-llvm-lto-instrumentlist" VERSION cRST + " by Marc \"vanHauser\" Heuse \n"); + + } else if (getenv("AFL_QUIET")) + + be_quiet = 1; + + for (auto &F : M) { + + if (F.size() < 1) continue; + + // fprintf(stderr, "F:%s\n", F.getName().str().c_str()); + + if (isInInstrumentList(&F)) { + + if (debug) + SAYF(cMGN "[D] " cRST "function %s is in the instrument file list\n", + F.getName().str().c_str()); + + } else { + + if (debug) + SAYF(cMGN "[D] " cRST + "function %s is NOT in the instrument file list\n", + F.getName().str().c_str()); + + auto & Ctx = F.getContext(); + AttributeList Attrs = F.getAttributes(); + AttrBuilder NewAttrs; + NewAttrs.addAttribute("skipinstrument"); + F.setAttributes( + Attrs.addAttributes(Ctx, AttributeList::FunctionIndex, NewAttrs)); + + } + + } + + return true; + +} + +static void registerAFLcheckIfInstrumentpass(const PassManagerBuilder &, + legacy::PassManagerBase &PM) { + + PM.add(new AFLcheckIfInstrument()); + +} + +static RegisterStandardPasses RegisterAFLcheckIfInstrumentpass( + PassManagerBuilder::EP_ModuleOptimizerEarly, + registerAFLcheckIfInstrumentpass); + +static RegisterStandardPasses RegisterAFLcheckIfInstrumentpass0( + PassManagerBuilder::EP_EnabledOnOptLevel0, + registerAFLcheckIfInstrumentpass); + -- cgit 1.4.1 From e769102491a4a5aa90afe57cce48211338133d3f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 30 Nov 2020 21:54:18 +0100 Subject: more DEBUGF --- include/debug.h | 10 +++++++ instrumentation/LLVMInsTrim.so.cc | 4 +-- instrumentation/afl-gcc-pass.so.cc | 36 +++++++++++------------ instrumentation/afl-llvm-common.cc | 34 ++++++++++----------- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 9 +++--- src/afl-cc.c | 18 ++++-------- src/afl-ld-lto.c | 10 ++++--- 7 files changed, 60 insertions(+), 61 deletions(-) (limited to 'instrumentation/afl-llvm-lto-instrumentlist.so.cc') diff --git a/include/debug.h b/include/debug.h index e6d3c3fc..5512023c 100644 --- a/include/debug.h +++ b/include/debug.h @@ -270,6 +270,16 @@ \ } while (0) +/* Show a prefixed debug output. */ + +#define DEBUGF(x...) \ + do { \ + \ + SAYF(cMGN "[D] " cBRI "DEBUG: " cRST x); \ + SAYF(cRST ""); \ + \ + } while (0) + /* Error-checking versions of read() and write() that call RPFATAL() as appropriate. */ diff --git a/instrumentation/LLVMInsTrim.so.cc b/instrumentation/LLVMInsTrim.so.cc index 61a420ba..6b3231e6 100644 --- a/instrumentation/LLVMInsTrim.so.cc +++ b/instrumentation/LLVMInsTrim.so.cc @@ -268,8 +268,8 @@ struct InsTrim : public ModulePass { for (auto &BB : F) if (BB.size() > 0) ++bb_cnt; - SAYF(cMGN "[D] " cRST "Function %s size %zu %u\n", - F.getName().str().c_str(), F.size(), bb_cnt); + DEBUGF("Function %s size %zu %u\n", F.getName().str().c_str(), F.size(), + bb_cnt); } diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index f94bb57f..e116e7d1 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -627,9 +627,8 @@ struct afl_pass : gimple_opt_pass { } if (debug) - SAYF(cMGN "[D] " cRST - "loaded allowlist with %zu file and %zu function entries\n", - allowListFiles.size(), allowListFunctions.size()); + DEBUGF("loaded allowlist with %zu file and %zu function entries\n", + allowListFiles.size(), allowListFunctions.size()); } @@ -702,9 +701,8 @@ struct afl_pass : gimple_opt_pass { } if (debug) - SAYF(cMGN "[D] " cRST - "loaded denylist with %zu file and %zu function entries\n", - denyListFiles.size(), denyListFunctions.size()); + DEBUGF("loaded denylist with %zu file and %zu function entries\n", + denyListFiles.size(), denyListFunctions.size()); } @@ -745,10 +743,10 @@ struct afl_pass : gimple_opt_pass { if (fnmatch(("*" + *it).c_str(), instFunction.c_str(), 0) == 0) { if (debug) - SAYF(cMGN "[D] " cRST - "Function %s is in the deny function list, " - "not instrumenting ... \n", - instFunction.c_str()); + DEBUGF( + "Function %s is in the deny function list, not " + "instrumenting ... \n", + instFunction.c_str()); return false; } @@ -825,10 +823,10 @@ struct afl_pass : gimple_opt_pass { if (fnmatch(("*" + *it).c_str(), instFunction.c_str(), 0) == 0) { if (debug) - SAYF(cMGN "[D] " cRST - "Function %s is in the allow function list, " - "instrumenting ... \n", - instFunction.c_str()); + DEBUGF( + "Function %s is in the allow function list, instrumenting " + "... \n", + instFunction.c_str()); return true; } @@ -859,11 +857,11 @@ struct afl_pass : gimple_opt_pass { if (fnmatch(("*" + *it).c_str(), source_file.c_str(), 0) == 0) { if (debug) - SAYF(cMGN "[D] " cRST - "Function %s is in the allowlist (%s), " - "instrumenting ... \n", - IDENTIFIER_POINTER(DECL_NAME(F->decl)), - source_file.c_str()); + DEBUGF( + "Function %s is in the allowlist (%s), instrumenting ... " + "\n", + IDENTIFIER_POINTER(DECL_NAME(F->decl)), + source_file.c_str()); return true; } diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 189b4ec6..21c4d204 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -173,9 +173,8 @@ void initInstrumentList() { } if (debug) - SAYF(cMGN "[D] " cRST - "loaded allowlist with %zu file and %zu function entries\n", - allowListFiles.size(), allowListFunctions.size()); + DEBUGF("loaded allowlist with %zu file and %zu function entries\n", + allowListFiles.size(), allowListFunctions.size()); } @@ -248,9 +247,8 @@ void initInstrumentList() { } if (debug) - SAYF(cMGN "[D] " cRST - "loaded denylist with %zu file and %zu function entries\n", - denyListFiles.size(), denyListFunctions.size()); + DEBUGF("loaded denylist with %zu file and %zu function entries\n", + denyListFiles.size(), denyListFunctions.size()); } @@ -409,10 +407,10 @@ bool isInInstrumentList(llvm::Function *F) { if (fnmatch(("*" + *it).c_str(), instFunction.c_str(), 0) == 0) { if (debug) - SAYF(cMGN "[D] " cRST - "Function %s is in the deny function list, " - "not instrumenting ... \n", - instFunction.c_str()); + DEBUGF( + "Function %s is in the deny function list, not instrumenting " + "... \n", + instFunction.c_str()); return false; } @@ -489,10 +487,10 @@ bool isInInstrumentList(llvm::Function *F) { if (fnmatch(("*" + *it).c_str(), instFunction.c_str(), 0) == 0) { if (debug) - SAYF(cMGN "[D] " cRST - "Function %s is in the allow function list, " - "instrumenting ... \n", - instFunction.c_str()); + DEBUGF( + "Function %s is in the allow function list, instrumenting " + "... \n", + instFunction.c_str()); return true; } @@ -523,10 +521,10 @@ bool isInInstrumentList(llvm::Function *F) { if (fnmatch(("*" + *it).c_str(), source_file.c_str(), 0) == 0) { if (debug) - SAYF(cMGN "[D] " cRST - "Function %s is in the allowlist (%s), " - "instrumenting ... \n", - F->getName().str().c_str(), source_file.c_str()); + DEBUGF( + "Function %s is in the allowlist (%s), instrumenting ... " + "\n", + F->getName().str().c_str(), source_file.c_str()); return true; } diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index a7331444..416dbb88 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -105,15 +105,14 @@ bool AFLcheckIfInstrument::runOnModule(Module &M) { if (isInInstrumentList(&F)) { if (debug) - SAYF(cMGN "[D] " cRST "function %s is in the instrument file list\n", - F.getName().str().c_str()); + DEBUGF("function %s is in the instrument file list\n", + F.getName().str().c_str()); } else { if (debug) - SAYF(cMGN "[D] " cRST - "function %s is NOT in the instrument file list\n", - F.getName().str().c_str()); + DEBUGF("function %s is NOT in the instrument file list\n", + F.getName().str().c_str()); auto & Ctx = F.getContext(); AttributeList Attrs = F.getAttributes(); diff --git a/src/afl-cc.c b/src/afl-cc.c index 6d39b890..cc9854b6 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -354,11 +354,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-B"; cc_params[cc_par_cnt++] = obj_path; - if (clang_mode) { + if (clang_mode) { cc_params[cc_par_cnt++] = "-no-integrated-as"; } - cc_params[cc_par_cnt++] = "-no-integrated-as"; - - } } if (compiler_mode == GCC_PLUGIN) { @@ -708,7 +705,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { } if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || - getenv("LAF_TRANSFORM_COMPARES") || getenv("AFL_LLVM_LAF_ALL") || lto_mode) { + getenv("LAF_TRANSFORM_COMPARES") || getenv("AFL_LLVM_LAF_ALL") || + lto_mode) { cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; @@ -1002,16 +1000,11 @@ int main(int argc, char **argv, char **envp) { } - if (strncmp(callname, "afl-clang", 9) == 0) { clang_mode = 1; - if (strncmp(callname, "afl-clang++", 11) == 0) { - - plusplus_mode = 1; - - } + if (strncmp(callname, "afl-clang++", 11) == 0) { plusplus_mode = 1; } } @@ -1085,8 +1078,7 @@ int main(int argc, char **argv, char **envp) { if (instrument_mode == 0) instrument_mode = INSTRUMENT_CFG; else if (instrument_mode != INSTRUMENT_CFG) - FATAL( - "you cannot set AFL_LLVM_INSTRUMENT and AFL_LLVM_INSTRIM together"); + FATAL("you cannot set AFL_LLVM_INSTRUMENT and AFL_LLVM_INSTRIM together"); } diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index e6ea1f1d..16feaa80 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -182,10 +182,12 @@ static void edit_params(int argc, char **argv) { instrim = 1; if (debug) - DEBUGF("passthrough=%s instrim=%d, gold_pos=%d, gold_present=%s inst_present=%s rt_present=%s rt_lto_present=%s\n", - passthrough ? "true" : "false", instrim, gold_pos, - gold_present ? "true" : "false", inst_present ? "true" : "false", - rt_present ? "true" : "false", rt_lto_present ? "true" : "false"); + DEBUGF( + "passthrough=%s instrim=%d, gold_pos=%d, gold_present=%s " + "inst_present=%s rt_present=%s rt_lto_present=%s\n", + passthrough ? "true" : "false", instrim, gold_pos, + gold_present ? "true" : "false", inst_present ? "true" : "false", + rt_present ? "true" : "false", rt_lto_present ? "true" : "false"); for (i = 1; i < argc; i++) { -- cgit 1.4.1