From ed10f3783bd8fab33ab5750f56bf87ed008f28ed Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 17 Oct 2021 13:05:33 +0200 Subject: new rtn cmplog: instrumentation side + supporting functions --- instrumentation/cmplog-routines-pass.cc | 225 +++++++++++++++++++++++++++++++- 1 file changed, 220 insertions(+), 5 deletions(-) (limited to 'instrumentation/cmplog-routines-pass.cc') diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 1e2610f2..56f1a083 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -87,12 +87,14 @@ char CmpLogRoutines::ID = 0; bool CmpLogRoutines::hookRtns(Module &M) { - std::vector calls, llvmStdStd, llvmStdC, gccStdStd, gccStdC; - LLVMContext & C = M.getContext(); + std::vector calls, llvmStdStd, llvmStdC, gccStdStd, gccStdC, + Memcmp, Strcmp, Strncmp; + LLVMContext &C = M.getContext(); Type *VoidTy = Type::getVoidTy(C); // PointerType *VoidPtrTy = PointerType::get(VoidTy, 0); IntegerType *Int8Ty = IntegerType::getInt8Ty(C); + IntegerType *Int32Ty = IntegerType::getInt32Ty(C); PointerType *i8PtrTy = PointerType::get(Int8Ty, 0); #if LLVM_VERSION_MAJOR < 9 @@ -184,6 +186,60 @@ bool CmpLogRoutines::hookRtns(Module &M) { FunctionCallee cmplogGccStdC = c4; #endif +#if LLVM_VERSION_MAJOR < 9 + Constant * +#else + FunctionCallee +#endif + c5 = M.getOrInsertFunction("__cmplog_rtn_hook_n", VoidTy, i8PtrTy, + i8PtrTy, Int32Ty +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR < 9 + Function *cmplogHookFnN = cast(c5); +#else + FunctionCallee cmplogHookFnN = c5; +#endif + +#if LLVM_VERSION_MAJOR < 9 + Constant * +#else + FunctionCallee +#endif + c6 = M.getOrInsertFunction("__cmplog_rtn_hook_strn", VoidTy, i8PtrTy, + i8PtrTy, Int32Ty +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR < 9 + Function *cmplogHookFnStrN = cast(c6); +#else + FunctionCallee cmplogHookFnStrN = c6; +#endif + +#if LLVM_VERSION_MAJOR < 9 + Constant * +#else + FunctionCallee +#endif + c7 = M.getOrInsertFunction("__cmplog_rtn_hook_str", VoidTy, i8PtrTy, + i8PtrTy +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR < 9 + Function *cmplogHookFnStr = cast(c7); +#else + FunctionCallee cmplogHookFnStr = c7; +#endif + GlobalVariable *AFLCmplogPtr = M.getNamedGlobal("__afl_cmp_map"); if (!AFLCmplogPtr) { @@ -214,12 +270,77 @@ bool CmpLogRoutines::hookRtns(Module &M) { if (callInst->getCallingConv() != llvm::CallingConv::C) continue; FunctionType *FT = Callee->getFunctionType(); + std::string FuncName = Callee->getName().str(); bool isPtrRtn = FT->getNumParams() >= 2 && !FT->getReturnType()->isVoidTy() && FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0)->isPointerTy(); + bool isPtrRtnN = FT->getNumParams() >= 3 && + !FT->getReturnType()->isVoidTy() && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0)->isPointerTy() && + FT->getParamType(2)->isIntegerTy(); + + bool isMemcmp = + (!FuncName.compare("memcmp") || !FuncName.compare("bcmp") || + !FuncName.compare("CRYPTO_memcmp") || + !FuncName.compare("OPENSSL_memcmp") || + !FuncName.compare("memcmp_const_time") || + !FuncName.compare("memcmpct")); + isMemcmp &= FT->getNumParams() == 3 && + FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0)->isPointerTy() && + FT->getParamType(1)->isPointerTy() && + FT->getParamType(2)->isIntegerTy(); + + bool isStrcmp = + (!FuncName.compare("strcmp") || !FuncName.compare("xmlStrcmp") || + !FuncName.compare("xmlStrEqual") || + !FuncName.compare("g_strcmp0") || + !FuncName.compare("curl_strequal") || + !FuncName.compare("strcsequal") || + !FuncName.compare("strcasecmp") || + !FuncName.compare("stricmp") || + !FuncName.compare("ap_cstr_casecmp") || + !FuncName.compare("OPENSSL_strcasecmp") || + !FuncName.compare("xmlStrcasecmp") || + !FuncName.compare("g_strcasecmp") || + !FuncName.compare("g_ascii_strcasecmp") || + !FuncName.compare("Curl_strcasecompare") || + !FuncName.compare("Curl_safe_strcasecompare") || + !FuncName.compare("cmsstrcasecmp") || + !FuncName.compare("strstr") || + !FuncName.compare("g_strstr_len") || + !FuncName.compare("ap_strcasestr") || + !FuncName.compare("xmlStrstr") || + !FuncName.compare("xmlStrcasestr") || + !FuncName.compare("g_str_has_prefix") || + !FuncName.compare("g_str_has_suffix")); + isStrcmp &= + FT->getNumParams() == 2 && FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == IntegerType::getInt8PtrTy(M.getContext()); + + bool isStrncmp = (!FuncName.compare("strncmp") || + !FuncName.compare("xmlStrncmp") || + !FuncName.compare("curl_strnequal") || + !FuncName.compare("strncasecmp") || + !FuncName.compare("strnicmp") || + !FuncName.compare("ap_cstr_casecmpn") || + !FuncName.compare("OPENSSL_strncasecmp") || + !FuncName.compare("xmlStrncasecmp") || + !FuncName.compare("g_ascii_strncasecmp") || + !FuncName.compare("Curl_strncasecompare") || + !FuncName.compare("g_strncasecmp")); + isStrncmp &= FT->getNumParams() == 3 && + FT->getReturnType()->isIntegerTy(32) && + FT->getParamType(0) == FT->getParamType(1) && + FT->getParamType(0) == + IntegerType::getInt8PtrTy(M.getContext()) && + FT->getParamType(2)->isIntegerTy(); + bool isGccStdStringStdString = Callee->getName().find("__is_charIT_EE7__value") != std::string::npos && @@ -267,13 +388,19 @@ bool CmpLogRoutines::hookRtns(Module &M) { */ if (isGccStdStringCString || isGccStdStringStdString || - isLlvmStdStringStdString || isLlvmStdStringCString) { + isLlvmStdStringStdString || isLlvmStdStringCString || isMemcmp || + isStrcmp || isStrncmp) { - isPtrRtn = false; + isPtrRtnN = isPtrRtn = false; } + if (isPtrRtnN) { isPtrRtn = false; } + if (isPtrRtn) { calls.push_back(callInst); } + if (isMemcmp || isPtrRtnN) { Memcmp.push_back(callInst); } + if (isStrcmp) { Strcmp.push_back(callInst); } + if (isStrncmp) { Strncmp.push_back(callInst); } if (isGccStdStringStdString) { gccStdStd.push_back(callInst); } if (isGccStdStringCString) { gccStdC.push_back(callInst); } if (isLlvmStdStringStdString) { llvmStdStd.push_back(callInst); } @@ -288,7 +415,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { } if (!calls.size() && !gccStdStd.size() && !gccStdC.size() && - !llvmStdStd.size() && !llvmStdC.size()) + !llvmStdStd.size() && !llvmStdC.size() && !Memcmp.size() && + Strcmp.size() && Strncmp.size()) return false; /* @@ -323,6 +451,93 @@ bool CmpLogRoutines::hookRtns(Module &M) { } + for (auto &callInst : Memcmp) { + + Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1), + *v3P = callInst->getArgOperand(2); + + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); + + std::vector args; + Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value * v3Pcasted = IRB.CreateZExtOrBitCast(v3P, Int32Ty); + args.push_back(v1Pcasted); + args.push_back(v2Pcasted); + args.push_back(v3Pcasted); + + IRB.CreateCall(cmplogHookFnN, args); + + // errs() << callInst->getCalledFunction()->getName() << "\n"; + + } + + for (auto &callInst : Strcmp) { + + Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1), + *v3P = callInst->getArgOperand(2); + + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); + + std::vector args; + Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value * v3Pcasted = IRB.CreateZExtOrBitCast(v3P, Int32Ty); + args.push_back(v1Pcasted); + args.push_back(v2Pcasted); + args.push_back(v3Pcasted); + + IRB.CreateCall(cmplogHookFnStr, args); + + // errs() << callInst->getCalledFunction()->getName() << "\n"; + + } + + for (auto &callInst : Strncmp) { + + Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1), + *v3P = callInst->getArgOperand(2); + + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); + + std::vector args; + Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value * v3Pcasted = IRB.CreateZExtOrBitCast(v3P, Int32Ty); + args.push_back(v1Pcasted); + args.push_back(v2Pcasted); + args.push_back(v3Pcasted); + + IRB.CreateCall(cmplogHookFnStrN, args); + + // errs() << callInst->getCalledFunction()->getName() << "\n"; + + } + for (auto &callInst : gccStdStd) { Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1); -- cgit 1.4.1 From e8cf04c90d730381eab3ef6c64ab957ab5ebc400 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 17 Oct 2021 13:20:32 +0200 Subject: fix --- instrumentation/cmplog-routines-pass.cc | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'instrumentation/cmplog-routines-pass.cc') diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 56f1a083..3d6467ba 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -482,8 +482,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { for (auto &callInst : Strcmp) { - Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1), - *v3P = callInst->getArgOperand(2); + Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1); IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); @@ -498,10 +497,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pcasted = IRB.CreateZExtOrBitCast(v3P, Int32Ty); args.push_back(v1Pcasted); args.push_back(v2Pcasted); - args.push_back(v3Pcasted); IRB.CreateCall(cmplogHookFnStr, args); @@ -527,7 +524,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pcasted = IRB.CreateZExtOrBitCast(v3P, Int32Ty); + Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int32Ty); args.push_back(v1Pcasted); args.push_back(v2Pcasted); args.push_back(v3Pcasted); -- cgit 1.4.1 From 4b4244bcf6cad5fdc897edef6ea810647a54ca9f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 17 Oct 2021 21:47:08 +0200 Subject: fix --- instrumentation/cmplog-routines-pass.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'instrumentation/cmplog-routines-pass.cc') diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 3d6467ba..50ced5d8 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -469,7 +469,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pcasted = IRB.CreateZExtOrBitCast(v3P, Int32Ty); + Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int32Ty); args.push_back(v1Pcasted); args.push_back(v2Pcasted); args.push_back(v3Pcasted); -- cgit 1.4.1 From 9c278df0385afb03a078e25e27a4763512d8831a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Oct 2021 00:21:33 +0200 Subject: try fix --- instrumentation/afl-compiler-rt.o.c | 4 ++-- instrumentation/cmplog-routines-pass.cc | 19 ++++++++++++++----- 2 files changed, 16 insertions(+), 7 deletions(-) (limited to 'instrumentation/cmplog-routines-pass.cc') diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 38beafb7..5caf57b3 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1880,7 +1880,7 @@ static int area_is_valid(void *ptr, size_t len) { } -void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u32 len) { +void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u64 len) { /* u32 i; @@ -1941,7 +1941,7 @@ void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u32 len) { } -void __cmplog_rtn_hook_strn(u8 *ptr1, u8 *ptr2, u32 len) { +void __cmplog_rtn_hook_strn(u8 *ptr1, u8 *ptr2, u64 len) { /* if (area_is_valid(ptr1, 32) <= 0 || area_is_valid(ptr2, 32) <= 0) return; diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 50ced5d8..854492b1 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -94,7 +94,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { Type *VoidTy = Type::getVoidTy(C); // PointerType *VoidPtrTy = PointerType::get(VoidTy, 0); IntegerType *Int8Ty = IntegerType::getInt8Ty(C); - IntegerType *Int32Ty = IntegerType::getInt32Ty(C); + IntegerType *Int64Ty = IntegerType::getInt64Ty(C); PointerType *i8PtrTy = PointerType::get(Int8Ty, 0); #if LLVM_VERSION_MAJOR < 9 @@ -192,7 +192,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { FunctionCallee #endif c5 = M.getOrInsertFunction("__cmplog_rtn_hook_n", VoidTy, i8PtrTy, - i8PtrTy, Int32Ty + i8PtrTy, Int64Ty #if LLVM_VERSION_MAJOR < 5 , NULL @@ -210,7 +210,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { FunctionCallee #endif c6 = M.getOrInsertFunction("__cmplog_rtn_hook_strn", VoidTy, i8PtrTy, - i8PtrTy, Int32Ty + i8PtrTy, Int64Ty #if LLVM_VERSION_MAJOR < 5 , NULL @@ -282,6 +282,15 @@ bool CmpLogRoutines::hookRtns(Module &M) { FT->getParamType(0) == FT->getParamType(1) && FT->getParamType(0)->isPointerTy() && FT->getParamType(2)->isIntegerTy(); + if (isPtrRtnN) { + auto intTyOp = dyn_cast(callInst->getArgOperand(2)->getType()); + if (intTyOp) { + if (intTyOp->getBitWidth() != 32 && intTyOp->getBitWidth() != 64) { + isPtrRtnN = false; + } + } + } + bool isMemcmp = (!FuncName.compare("memcmp") || !FuncName.compare("bcmp") || @@ -469,7 +478,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int32Ty); + Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int64Ty); args.push_back(v1Pcasted); args.push_back(v2Pcasted); args.push_back(v3Pcasted); @@ -524,7 +533,7 @@ bool CmpLogRoutines::hookRtns(Module &M) { std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int32Ty); + Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int64Ty); args.push_back(v1Pcasted); args.push_back(v2Pcasted); args.push_back(v3Pcasted); -- cgit 1.4.1 From 6403fa4f70ebb9c475a5debe027e210b171f478e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Oct 2021 00:41:16 +0200 Subject: fix --- instrumentation/cmplog-routines-pass.cc | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'instrumentation/cmplog-routines-pass.cc') diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 854492b1..5dd5dc39 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -283,14 +283,21 @@ bool CmpLogRoutines::hookRtns(Module &M) { FT->getParamType(0)->isPointerTy() && FT->getParamType(2)->isIntegerTy(); if (isPtrRtnN) { - auto intTyOp = dyn_cast(callInst->getArgOperand(2)->getType()); + + auto intTyOp = + dyn_cast(callInst->getArgOperand(2)->getType()); if (intTyOp) { - if (intTyOp->getBitWidth() != 32 && intTyOp->getBitWidth() != 64) { + + if (intTyOp->getBitWidth() != 32 && + intTyOp->getBitWidth() != 64) { + isPtrRtnN = false; + } + } - } + } bool isMemcmp = (!FuncName.compare("memcmp") || !FuncName.compare("bcmp") || @@ -478,7 +485,10 @@ bool CmpLogRoutines::hookRtns(Module &M) { std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int64Ty); + Value * v3Pbitcast = IRB.CreateBitCast( + v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits())); + Value *v3Pcasted = + IRB.CreateIntCast(v3Pbitcast, IntegerType::get(C, 64), false); args.push_back(v1Pcasted); args.push_back(v2Pcasted); args.push_back(v3Pcasted); @@ -533,7 +543,10 @@ bool CmpLogRoutines::hookRtns(Module &M) { std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pcasted = IRB.CreateTruncOrBitCast(v3P, Int64Ty); + Value * v3Pbitcast = IRB.CreateBitCast( + v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits())); + Value *v3Pcasted = + IRB.CreateIntCast(v3Pbitcast, IntegerType::get(C, 64), false); args.push_back(v1Pcasted); args.push_back(v2Pcasted); args.push_back(v3Pcasted); -- cgit 1.4.1 From 9325a4fcbb8eb4ed1d71f93de5301bf1a9a68253 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Nov 2021 10:28:22 +0100 Subject: http->https --- GNUmakefile | 2 +- GNUmakefile.gcc_plugin | 2 +- GNUmakefile.llvm | 2 +- TODO.md | 1 - afl-cmin.bash | 2 +- afl-plot | 2 +- afl-whatsup | 2 +- docs/Changelog.md | 2 +- docs/INSTALL.md | 2 +- docs/best_practices.md | 2 +- docs/interpreting_output.md | 2 +- docs/known_limitations.md | 2 +- docs/sister_projects.md | 12 ++++++------ docs/technical_details.md | 12 ++++++------ frida_mode/Scripting.md | 2 +- include/afl-as.h | 4 ++-- include/afl-fuzz.h | 2 +- include/afl-prealloc.h | 2 +- include/alloc-inl.h | 2 +- include/cmplog.h | 2 +- include/common.h | 2 +- include/config.h | 2 +- include/debug.h | 2 +- include/forkserver.h | 2 +- include/hash.h | 2 +- include/list.h | 2 +- include/sharedmem.h | 2 +- include/snapshot-inl.h | 2 +- include/types.h | 2 +- instrumentation/README.llvm.md | 2 +- instrumentation/afl-compiler-rt.o.c | 2 +- instrumentation/afl-gcc-pass.so.cc | 2 +- instrumentation/afl-llvm-dict2file.so.cc | 2 +- instrumentation/afl-llvm-lto-instrumentation.so.cc | 2 +- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 2 +- instrumentation/afl-llvm-pass.so.cc | 2 +- instrumentation/afl-llvm-rt-lto.o.c | 2 +- instrumentation/cmplog-instructions-pass.cc | 2 +- instrumentation/cmplog-routines-pass.cc | 2 +- instrumentation/cmplog-switches-pass.cc | 2 +- instrumentation/compare-transform-pass.so.cc | 2 +- instrumentation/split-compares-pass.so.cc | 2 +- instrumentation/split-switches-pass.so.cc | 2 +- qemu_mode/build_qemu_support.sh | 2 +- src/afl-analyze.c | 2 +- src/afl-as.c | 4 ++-- src/afl-cc.c | 2 +- src/afl-common.c | 2 +- src/afl-forkserver.c | 8 ++++---- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-cmplog.c | 2 +- src/afl-fuzz-extras.c | 2 +- src/afl-fuzz-init.c | 4 ++-- src/afl-fuzz-mutators.c | 2 +- src/afl-fuzz-one.c | 2 +- src/afl-fuzz-python.c | 2 +- src/afl-fuzz-queue.c | 2 +- src/afl-fuzz-redqueen.c | 2 +- src/afl-fuzz-run.c | 2 +- src/afl-fuzz-state.c | 2 +- src/afl-fuzz-stats.c | 2 +- src/afl-fuzz.c | 2 +- src/afl-gotcpu.c | 2 +- src/afl-ld-lto.c | 2 +- src/afl-performance.c | 2 +- src/afl-sharedmem.c | 2 +- src/afl-showmap.c | 2 +- src/afl-tmin.c | 2 +- test-instr.c | 2 +- unicorn_mode/build_unicorn_support.sh | 2 +- 70 files changed, 85 insertions(+), 86 deletions(-) (limited to 'instrumentation/cmplog-routines-pass.cc') diff --git a/GNUmakefile b/GNUmakefile index 0a6f3950..ad2642f3 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -10,7 +10,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # For Heiko: diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index bce97b2f..ed2725d7 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -17,7 +17,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # #TEST_MMAP=1 PREFIX ?= /usr/local diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index b802ef16..64e5beb2 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -12,7 +12,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # For Heiko: diff --git a/TODO.md b/TODO.md index 30676312..1d4270b4 100644 --- a/TODO.md +++ b/TODO.md @@ -2,7 +2,6 @@ ## TODO - - AFL_USE_TSAN to docs/env_variables.md after work over - screen update during input2stage - better autodetection of shifting runtime timeout values - Update afl->pending_not_fuzzed for MOpt diff --git a/afl-cmin.bash b/afl-cmin.bash index c77dfbc1..e25ddc74 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -11,7 +11,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # This tool tries to find the smallest subset of files in the input directory # that still trigger the full range of instrumentation data points seen in diff --git a/afl-plot b/afl-plot index 87b9caae..1ea1fc55 100755 --- a/afl-plot +++ b/afl-plot @@ -12,7 +12,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # get_abs_path() { diff --git a/afl-whatsup b/afl-whatsup index 9c2564c6..10a52f83 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -12,7 +12,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # This tool summarizes the status of any locally-running synchronized # instances of afl-fuzz. diff --git a/docs/Changelog.md b/docs/Changelog.md index cfeb8cc1..7c77a6bf 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -2760,7 +2760,7 @@ sending a mail to . - Updated the documentation and added notes_for_asan.txt. Based on feedback from Hanno Boeck, Ben Laurie, and others. - - Moved the project to http://lcamtuf.coredump.cx/afl/. + - Moved the project to https://lcamtuf.coredump.cx/afl/. ### Version 0.46b: diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 960de1af..cfa20dea 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -150,4 +150,4 @@ sysctl kern.sysv.shmseg=48 sysctl kern.sysv.shmall=98304 ``` -See [http://www.spy-hill.com/help/apple/SharedMemory.html](http://www.spy-hill.com/help/apple/SharedMemory.html) for documentation for these settings and how to make them permanent. \ No newline at end of file +See [https://www.spy-hill.com/help/apple/SharedMemory.html](https://www.spy-hill.com/help/apple/SharedMemory.html) for documentation for these settings and how to make them permanent. \ No newline at end of file diff --git a/docs/best_practices.md b/docs/best_practices.md index 0708d49d..5d07dd14 100644 --- a/docs/best_practices.md +++ b/docs/best_practices.md @@ -108,7 +108,7 @@ Four steps are required to do this and it also requires quite some knowledge of Follow this document on how to do this: [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md). If `PCGUARD` is used, then you need to follow this guide (needs llvm 12+!): - [http://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation](http://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation) + [https://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation](https://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumentation) Only exclude those functions from instrumentation that provide no value for coverage - that is if it does not process any fuzz data directly or indirectly (e.g. hash maps, thread management etc.). If however a function directly or indirectly handles fuzz data, then you should not put the function in a deny instrumentation list and rather live with the instability it comes with. diff --git a/docs/interpreting_output.md b/docs/interpreting_output.md index 327a0ac0..4bd705f2 100644 --- a/docs/interpreting_output.md +++ b/docs/interpreting_output.md @@ -56,7 +56,7 @@ Any existing output directory can be also used to resume aborted jobs; try: If you have gnuplot installed, you can also generate some pretty graphs for any active fuzzing task using afl-plot. For an example of how this looks like, -see [http://lcamtuf.coredump.cx/afl/plot/](http://lcamtuf.coredump.cx/afl/plot/). +see [https://lcamtuf.coredump.cx/afl/plot/](https://lcamtuf.coredump.cx/afl/plot/). You can also manually build and install afl-plot-ui, which is a helper utility for showing the graphs generated by afl-plot in a graphical window using GTK. diff --git a/docs/known_limitations.md b/docs/known_limitations.md index 2d8f84a5..a68c0a85 100644 --- a/docs/known_limitations.md +++ b/docs/known_limitations.md @@ -31,6 +31,6 @@ Here are some of the most important caveats for AFL: [https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop](https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop) - Occasionally, sentient machines rise against their creators. If this - happens to you, please consult [http://lcamtuf.coredump.cx/prep/](http://lcamtuf.coredump.cx/prep/). + happens to you, please consult [https://lcamtuf.coredump.cx/prep/](https://lcamtuf.coredump.cx/prep/). Beyond this, see [INSTALL.md](INSTALL.md) for platform-specific tips. diff --git a/docs/sister_projects.md b/docs/sister_projects.md index 5cb3a102..613bc778 100644 --- a/docs/sister_projects.md +++ b/docs/sister_projects.md @@ -15,7 +15,7 @@ instruction manual. Allows fuzz-testing of Python programs. Uses custom instrumentation and its own forkserver. -http://jwilk.net/software/python-afl +https://jwilk.net/software/python-afl ### Go-fuzz (Dmitry Vyukov) @@ -34,7 +34,7 @@ https://github.com/kmcallister/afl.rs Adds AFL-compatible instrumentation to OCaml programs. https://github.com/ocamllabs/opam-repo-dev/pull/23 -http://canopy.mirage.io/Posts/Fuzzing +https://canopy.mirage.io/Posts/Fuzzing ### AFL for GCJ Java and other GCC frontends (-) @@ -54,7 +54,7 @@ some programs to be fuzzed without the fork / execve overhead. (Similar functionality is now available as the "persistent" feature described in [the llvm_mode readme](../instrumentation/README.llvm.md)) -http://llvm.org/docs/LibFuzzer.html +https://llvm.org/docs/LibFuzzer.html ## TriforceAFL (Tim Newsham and Jesse Hertz) @@ -189,7 +189,7 @@ https://github.com/bshastry/afl-sancov Makes it easy to estimate memory usage limits when fuzzing with ASAN or MSAN. -http://jwilk.net/software/recidivm +https://jwilk.net/software/recidivm ### aflize (Jacek Wielemborek) @@ -274,7 +274,7 @@ https://goo.gl/j9EgFf A simple SQL shell designed specifically for fuzzing the underlying library. -http://www.sqlite.org/src/artifact/9e7e273da2030371 +https://www.sqlite.org/src/artifact/9e7e273da2030371 ### Support for Python mutation modules (Christian Holler) @@ -292,7 +292,7 @@ A similar guided approach as applied to fuzzing syscalls: https://github.com/google/syzkaller/wiki/Found-Bugs https://github.com/dvyukov/linux/commit/33787098ffaaa83b8a7ccf519913ac5fd6125931 -http://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf +https://events.linuxfoundation.org/sites/events/files/slides/AFL%20filesystem%20fuzzing%2C%20Vault%202016_0.pdf ### Kernel Snapshot Fuzzing using Unicornafl (Security in Telecommunications) diff --git a/docs/technical_details.md b/docs/technical_details.md index b0ca493e..b9d271d9 100644 --- a/docs/technical_details.md +++ b/docs/technical_details.md @@ -161,8 +161,8 @@ features of the underlying data format, as shown in this image: Several practical examples of the results of this algorithm are discussed here: - http://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html - http://lcamtuf.blogspot.com/2014/11/afl-fuzz-nobody-expects-cdata-sections.html + https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html + https://lcamtuf.blogspot.com/2014/11/afl-fuzz-nobody-expects-cdata-sections.html The synthetic corpus produced by this process is essentially a compact collection of "hmm, this does something new!" input files, and can be used to @@ -323,7 +323,7 @@ value of various fuzzing strategies and optimize their parameters so that they work equally well across a wide range of file types. The strategies used by afl-fuzz are generally format-agnostic and are discussed in more detail here: - http://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html + https://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html It is somewhat notable that especially early on, most of the work done by `afl-fuzz` is actually highly deterministic, and progresses to random stacked @@ -376,7 +376,7 @@ valid grammar for the tested parser. A discussion of how these features are implemented within afl-fuzz can be found here: - http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html + https://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html In essence, when basic, typically easily-obtained syntax tokens are combined together in a purely random manner, the instrumentation and the evolutionary @@ -429,7 +429,7 @@ thrown away. A detailed discussion of the value of this approach can be found here: - http://lcamtuf.blogspot.com/2014/11/afl-fuzz-crash-exploration-mode.html + https://lcamtuf.blogspot.com/2014/11/afl-fuzz-crash-exploration-mode.html The method uses instrumentation feedback to explore the state of the crashing program to get past the ambiguous faulting condition and then isolate the @@ -447,7 +447,7 @@ goes through `execve()`, linking, and libc initialization only once, and is then cloned from a stopped process image by leveraging copy-on-write. The implementation is described in more detail here: - http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html + https://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html The fork server is an integral aspect of the injected instrumentation and simply stops at the first instrumented function to await commands from diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md index f6017fad..691b03d1 100644 --- a/frida_mode/Scripting.md +++ b/frida_mode/Scripting.md @@ -302,7 +302,7 @@ Consider the [following](test/js/test2.c) test code... Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ #include diff --git a/include/afl-as.h b/include/afl-as.h index 3c12c68f..2a2e8ad7 100644 --- a/include/afl-as.h +++ b/include/afl-as.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This file houses the assembly-level instrumentation injected into fuzzed programs. The instrumentation stores XORed pairs of data: identifiers of the @@ -396,7 +396,7 @@ static const u8 *main_payload_32 = "\n"; /* The OpenBSD hack is due to lahf and sahf not being recognized by some - versions of binutils: http://marc.info/?l=openbsd-cvs&m=141636589924400 + versions of binutils: https://marc.info/?l=openbsd-cvs&m=141636589924400 The Apple code is a bit different when calling libc functions because they are doing relocations differently from everybody else. We also need diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index eaf55fb8..e73ea1a4 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This is the real deal: the program takes an instrumented binary and attempts a variety of basic fuzzing tricks, paying close attention to diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index fa6c9b70..87bbb1cc 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/include/alloc-inl.h b/include/alloc-inl.h index c914da5f..0c540330 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This allocator is not designed to resist malicious attackers (the canaries are small and predictable), but provides a robust and portable way to detect diff --git a/include/cmplog.h b/include/cmplog.h index 878ed60c..1c15d2b8 100644 --- a/include/cmplog.h +++ b/include/cmplog.h @@ -18,7 +18,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Shared code to handle the shared memory. This is used by the fuzzer as well the other components like afl-tmin, afl-showmap, etc... diff --git a/include/common.h b/include/common.h index 2ca44301..e3997aa4 100644 --- a/include/common.h +++ b/include/common.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Gather some functions common to multiple executables diff --git a/include/config.h b/include/config.h index 4630da0c..3aee9b00 100644 --- a/include/config.h +++ b/include/config.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/include/debug.h b/include/debug.h index f8df5711..feb7f52d 100644 --- a/include/debug.h +++ b/include/debug.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/include/forkserver.h b/include/forkserver.h index c6f7de00..7af01cb2 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -18,7 +18,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Shared code that implements a forkserver. This is used by the fuzzer as well the other components like afl-tmin. diff --git a/include/hash.h b/include/hash.h index 9319ab95..9bb34ff8 100644 --- a/include/hash.h +++ b/include/hash.h @@ -21,7 +21,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/include/list.h b/include/list.h index 7ec81cbe..d49e56da 100644 --- a/include/list.h +++ b/include/list.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This allocator is not designed to resist malicious attackers (the canaries are small and predictable), but provides a robust and portable way to detect diff --git a/include/sharedmem.h b/include/sharedmem.h index fdc947f9..93080d0f 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -18,7 +18,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Shared code to handle the shared memory. This is used by the fuzzer as well the other components like afl-tmin, afl-showmap, etc... diff --git a/include/snapshot-inl.h b/include/snapshot-inl.h index a18187ef..7234bbaa 100644 --- a/include/snapshot-inl.h +++ b/include/snapshot-inl.h @@ -18,7 +18,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/include/types.h b/include/types.h index 7b94fb83..e945f0f5 100644 --- a/include/types.h +++ b/include/types.h @@ -16,7 +16,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 5b1e60cc..dbb604f2 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -75,7 +75,7 @@ load modules (you'll see "Service unavailable" when loading afl-llvm-pass.so). To solve all your problems, you can grab pre-built binaries for your OS from: - http://llvm.org/releases/download.html + https://llvm.org/releases/download.html ...and then put the bin/ directory from the tarball at the beginning of your $PATH when compiling the feature and building packages later on. You don't need diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 9acab4e7..b2802a29 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -9,7 +9,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 3b7eb878..df2b6f2a 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -30,7 +30,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see . + along with this program. If not, see . */ diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 0a3e74b9..7c04c0c5 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -10,7 +10,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This library is plugged into LLVM when invoking clang through afl-clang-lto. diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index c2f61d34..cd43b437 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -10,7 +10,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This library is plugged into LLVM when invoking clang through afl-clang-lto. diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index ee2e5dd3..cf26f912 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -15,7 +15,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This library is plugged into LLVM when invoking clang through afl-clang-fast. It tells the compiler to add code roughly equivalent to the bits discussed diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 9b7e625e..21ce0cf9 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -18,7 +18,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This library is plugged into LLVM when invoking clang through afl-clang-fast. It tells the compiler to add code roughly equivalent to the bits discussed diff --git a/instrumentation/afl-llvm-rt-lto.o.c b/instrumentation/afl-llvm-rt-lto.o.c index e53785ff..eb346157 100644 --- a/instrumentation/afl-llvm-rt-lto.o.c +++ b/instrumentation/afl-llvm-rt-lto.o.c @@ -6,7 +6,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 01a8a637..80af05f0 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -11,7 +11,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 1e2610f2..01b7a373 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -11,7 +11,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index c42d44fe..aa719013 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -11,7 +11,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 288e8282..a1239040 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index e63be98c..7c652ca2 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -6,7 +6,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index 82f198aa..1e32a31d 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -5,7 +5,7 @@ * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * https://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 84f144be..71453a71 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -19,7 +19,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # This script downloads, patches, and builds a version of QEMU with # minor tweaks to allow non-instrumented binaries to be run under diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 09b01541..60cb1434 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -15,7 +15,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 A nifty utility that grabs an input file and takes a stab at explaining its structure by observing how changes to it affect the execution path. diff --git a/src/afl-as.c b/src/afl-as.c index 9af272f2..b644b82a 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -15,7 +15,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 The sole purpose of this wrapper is to preprocess assembly files generated by GCC / clang and inject the instrumentation bits included from afl-as.h. It @@ -101,7 +101,7 @@ static void edit_params(int argc, char **argv) { /* On MacOS X, the Xcode cctool 'as' driver is a bit stale and does not work with the code generated by newer versions of clang that are hand-built - by the user. See the thread here: http://goo.gl/HBWDtn. + by the user. See the thread here: https://goo.gl/HBWDtn. To work around this, when using clang and running without AFL_AS specified, we will actually call 'clang -c' instead of 'as -q' to diff --git a/src/afl-cc.c b/src/afl-cc.c index 5f77b097..8ff241ba 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -11,7 +11,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ diff --git a/src/afl-common.c b/src/afl-common.c index 26a0d54b..ec3b2f3f 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -15,7 +15,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Gather some functions common to multiple executables diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 80b295e0..b1769bfb 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -19,7 +19,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Shared code that implements a forkserver. This is used by the fuzzer as well the other components like afl-tmin. @@ -351,7 +351,7 @@ static void report_error_and_exit(int error) { /* Spins up fork server. The idea is explained here: - http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html + https://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html In essence, the instrumentation allows us to skip execve(), and just keep cloning a stopped child. So, we just execute once, and then send commands @@ -917,7 +917,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, MSG_ULIMIT_USAGE " /path/to/fuzzed_app )\n\n" - " Tip: you can use http://jwilk.net/software/recidivm to " + " Tip: you can use https://jwilk.net/software/recidivm to " "quickly\n" " estimate the required amount of virtual memory for the " "binary.\n\n" @@ -1017,7 +1017,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, MSG_ULIMIT_USAGE " /path/to/fuzzed_app )\n\n" - " Tip: you can use http://jwilk.net/software/recidivm to quickly\n" + " Tip: you can use https://jwilk.net/software/recidivm to quickly\n" " estimate the required amount of virtual memory for the " "binary.\n\n" diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 316067e4..f7b59f25 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -15,7 +15,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This is the real deal: the program takes an instrumented binary and attempts a variety of basic fuzzing tricks, paying close attention to diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index c2e9c80f..6fc926f0 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -17,7 +17,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Shared code to handle the shared memory. This is used by the fuzzer as well the other components like afl-tmin, afl-showmap, etc... diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 584241d4..0f0fe331 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -15,7 +15,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This is the real deal: the program takes an instrumented binary and attempts a variety of basic fuzzing tricks, paying close attention to diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 1170715f..9262d718 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -15,7 +15,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 This is the real deal: the program takes an instrumented binary and attempts a variety of basic fuzzing tricks, paying close attention to @@ -974,7 +974,7 @@ void perform_dry_run(afl_state_t *afl) { MSG_ULIMIT_USAGE " /path/to/binary [...] . + See . This is xoshiro256++ 1.0, one of our all-purpose, rock-solid generators. It has excellent (sub-ns) speed, a state (256 bits) that is large diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 22fe5a62..7fb8f821 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -17,7 +17,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 Shared code to handle the shared memory. This is used by the fuzzer as well the other components like afl-tmin, afl-showmap, etc... diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 3826e385..23ec0df0 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -18,7 +18,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 A very simple tool that runs the targeted binary and displays the contents of the trace bitmap in a human-readable form. Useful in diff --git a/src/afl-tmin.c b/src/afl-tmin.c index ce2a0b8f..8ce4bdd5 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -18,7 +18,7 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 A simple test case minimizer that takes an input file and tries to remove as much data as possible while keeping the binary in a crashing state diff --git a/test-instr.c b/test-instr.c index 13d4eb93..eaae50ef 100644 --- a/test-instr.c +++ b/test-instr.c @@ -7,7 +7,7 @@ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: - http://www.apache.org/licenses/LICENSE-2.0 + https://www.apache.org/licenses/LICENSE-2.0 */ #include diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index 6c376f8d..f9c0be7f 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -20,7 +20,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # This script downloads, patches, and builds a version of Unicorn with # minor tweaks to allow Unicorn-emulated binaries to be run under -- cgit 1.4.1 From 22827e807035a50394bac6a37406b19109fc655f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 1 Dec 2021 11:38:55 +0100 Subject: unify LLVM_VERSION_... usage --- instrumentation/SanitizerCoverageLTO.so.cc | 10 +-- instrumentation/SanitizerCoveragePCGUARD.so.cc | 24 ++--- instrumentation/afl-llvm-common.cc | 2 +- instrumentation/afl-llvm-lto-instrumentlist.so.cc | 8 +- instrumentation/afl-llvm-pass.so.cc | 30 ++----- instrumentation/cmplog-instructions-pass.cc | 82 ++++++++--------- instrumentation/cmplog-routines-pass.cc | 104 +++++++++++----------- instrumentation/cmplog-switches-pass.cc | 50 +++++------ instrumentation/compare-transform-pass.so.cc | 32 +++---- instrumentation/split-compares-pass.so.cc | 6 +- instrumentation/split-switches-pass.so.cc | 8 +- src/afl-cc.c | 24 ++--- 12 files changed, 183 insertions(+), 197 deletions(-) (limited to 'instrumentation/cmplog-routines-pass.cc') diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 37726607..bff85a0a 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1325,7 +1325,7 @@ void ModuleSanitizerCoverage::instrumentFunction( } else -#if LLVM_VERSION_MAJOR > 13 +#if LLVM_VERSION_MAJOR >= 14 if (t->getTypeID() == llvm::Type::FixedVectorTyID) { FixedVectorType *tt = dyn_cast(t); @@ -1468,7 +1468,7 @@ GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection( *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, Constant::getNullValue(ArrayTy), "__sancov_gen_"); -#if LLVM_VERSION_MAJOR > 12 +#if LLVM_VERSION_MAJOR >= 13 if (TargetTriple.supportsCOMDAT() && (TargetTriple.isOSBinFormatELF() || !F.isInterposable())) if (auto Comdat = getOrCreateFunctionComdat(F, TargetTriple)) @@ -1628,10 +1628,10 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (Options.TracePC) { IRB.CreateCall(SanCovTracePC) -#if LLVM_VERSION_MAJOR < 12 - ->cannotMerge(); // gets the PC using GET_CALLER_PC. -#else +#if LLVM_VERSION_MAJOR >= 12 ->setCannotMerge(); // gets the PC using GET_CALLER_PC. +#else + ->cannotMerge(); // gets the PC using GET_CALLER_PC. #endif } diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 76bb2448..3574b0e4 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -36,7 +36,8 @@ #include "llvm/Support/CommandLine.h" #include "llvm/Support/Debug.h" #include "llvm/Support/SpecialCaseList.h" -#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) +#if LLVM_VERSION_MAJOR >= 11 || \ + (LLVM_VERSION_MAJOR == 10 && LLVM_VERSION_MINOR >= 1) #include "llvm/Support/VirtualFileSystem.h" #endif #include "llvm/Support/raw_ostream.h" @@ -127,7 +128,7 @@ class ModuleSanitizerCoverage { public: ModuleSanitizerCoverage( const SanitizerCoverageOptions &Options = SanitizerCoverageOptions() -#if LLVM_MAJOR > 10 +#if (LLVM_VERSION_MAJOR >= 11) , const SpecialCaseList *Allowlist = nullptr, const SpecialCaseList *Blocklist = nullptr @@ -215,7 +216,7 @@ class ModuleSanitizerCoverageLegacyPass : public ModulePass { public: ModuleSanitizerCoverageLegacyPass( const SanitizerCoverageOptions &Options = SanitizerCoverageOptions() -#if LLVM_VERSION_MAJOR > 10 +#if LLVM_VERSION_MAJOR >= 11 , const std::vector &AllowlistFiles = std::vector(), @@ -233,7 +234,7 @@ class ModuleSanitizerCoverageLegacyPass : public ModulePass { bool runOnModule(Module &M) override { ModuleSanitizerCoverage ModuleSancov(Options -#if LLVM_MAJOR > 10 +#if (LLVM_VERSION_MAJOR >= 11) , Allowlist.get(), Blocklist.get() #endif @@ -283,7 +284,7 @@ PreservedAnalyses ModuleSanitizerCoveragePass::run(Module & M, ModuleAnalysisManager &MAM) { ModuleSanitizerCoverage ModuleSancov(Options -#if LLVM_MAJOR > 10 +#if (LLVM_VERSION_MAJOR >= 11) , Allowlist.get(), Blocklist.get() #endif @@ -749,7 +750,7 @@ GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection( *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, Constant::getNullValue(ArrayTy), "__sancov_gen_"); -#if LLVM_VERSION_MAJOR > 12 +#if LLVM_VERSION_MAJOR >= 13 if (TargetTriple.supportsCOMDAT() && (TargetTriple.isOSBinFormatELF() || !F.isInterposable())) if (auto Comdat = getOrCreateFunctionComdat(F, TargetTriple)) @@ -762,7 +763,8 @@ GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection( #endif Array->setSection(getSectionName(Section)); -#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) +#if (LLVM_VERSION_MAJOR >= 11) || \ + (LLVM_VERSION_MAJOR == 10 && LLVM_VERSION_MINOR >= 1) Array->setAlignment(Align(DL->getTypeStoreSize(Ty).getFixedSize())); #else Array->setAlignment(Align(4)); // cheating @@ -868,7 +870,7 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function & F, } -#if LLVM__MAJOR > 11 +#if (LLVM_VERSION_MAJOR >= 12) else if (t->getTypeID() == llvm::Type::FixedVectorTyID) { FixedVectorType *tt = dyn_cast(t); @@ -962,7 +964,7 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function & F, } else -#if LLVM_VERSION_MAJOR > 13 +#if LLVM_VERSION_MAJOR >= 14 if (t->getTypeID() == llvm::Type::FixedVectorTyID) { FixedVectorType *tt = dyn_cast(t); @@ -1484,7 +1486,7 @@ INITIALIZE_PASS_END(ModuleSanitizerCoverageLegacyPass, "sancov", ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass( const SanitizerCoverageOptions &Options -#if LLVM_MAJOR > 10 +#if (LLVM_VERSION_MAJOR >= 11) , const std::vector &AllowlistFiles, const std::vector &BlocklistFiles @@ -1492,7 +1494,7 @@ ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass( ) { return new ModuleSanitizerCoverageLegacyPass(Options -#if LLVM_MAJOR > 10 +#if (LLVM_VERSION_MAJOR >= 11) , AllowlistFiles, BlocklistFiles #endif diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 3239ea91..e5e367a7 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -281,7 +281,7 @@ void scanForDangerousFunctions(llvm::Module *M) { if (!M) return; -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) for (GlobalIFunc &IF : M->ifuncs()) { diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index cf26f912..906af879 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -116,14 +116,14 @@ bool AFLcheckIfInstrument::runOnModule(Module &M) { auto & Ctx = F.getContext(); AttributeList Attrs = F.getAttributes(); -#if LLVM_VERSION_MAJOR < 14 +#if LLVM_VERSION_MAJOR >= 14 + AttributeList NewAttrs = Attrs.addFnAttribute(Ctx, "skipinstrument"); + F.setAttributes(NewAttrs); +#else AttrBuilder NewAttrs; NewAttrs.addAttribute("skipinstrument"); F.setAttributes( Attrs.addAttributes(Ctx, AttributeList::FunctionIndex, NewAttrs)); -#else - AttributeList NewAttrs = Attrs.addFnAttribute(Ctx, "skipinstrument"); - F.setAttributes(NewAttrs); #endif } diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 21ce0cf9..8e22fde8 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -52,7 +52,7 @@ typedef long double max_align_t; #include "llvm/Support/MathExtras.h" #include "llvm/Transforms/IPO/PassManagerBuilder.h" -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) #include "llvm/IR/DebugInfo.h" #include "llvm/IR/CFG.h" @@ -114,7 +114,7 @@ uint64_t PowerOf2Ceil(unsigned in) { #endif /* #if LLVM_VERSION_STRING >= "4.0.1" */ -#if LLVM_VERSION_MAJOR > 4 || \ +#if LLVM_VERSION_MAJOR >= 5 || \ (LLVM_VERSION_MAJOR == 4 && LLVM_VERSION_PATCH >= 1) #define AFL_HAVE_VECTOR_INTRINSICS 1 #endif @@ -662,22 +662,7 @@ bool AFLCoverage::runOnModule(Module &M) { /* Update bitmap */ if (use_threadsafe_counters) { /* Atomic */ - /* - #if LLVM_VERSION_MAJOR < 9 - if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug - in llvm - // is then fixed - #else - if (!skip_nozero) { - - #endif - // register MapPtrIdx in a todo list - todo.push_back(MapPtrIdx); - - } else { - - */ + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, #if LLVM_VERSION_MAJOR >= 13 llvm::MaybeAlign(1), @@ -696,13 +681,12 @@ bool AFLCoverage::runOnModule(Module &M) { Value *Incr = IRB.CreateAdd(Counter, One); -#if LLVM_VERSION_MAJOR < 9 - if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug in llvm - // is then fixed -#else +#if LLVM_VERSION_MAJOR >= 9 if (!skip_nozero) { +#else + if (neverZero_counters_str != NULL) { + #endif /* hexcoder: Realize a counter that skips zero during overflow. * Once this counter reaches its maximum value, it next increments to diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index a7b7aac8..07f80b2c 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -37,7 +37,7 @@ #include "llvm/Pass.h" #include "llvm/Analysis/ValueTracking.h" -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) #include "llvm/IR/Verifier.h" #include "llvm/IR/DebugInfo.h" @@ -66,11 +66,11 @@ class CmpLogInstructions : public ModulePass { bool runOnModule(Module &M) override; -#if LLVM_VERSION_MAJOR < 4 - const char *getPassName() const override { +#if LLVM_VERSION_MAJOR >= 4 + StringRef getPassName() const override { #else - StringRef getPassName() const override { + const char *getPassName() const override { #endif return "cmplog instructions"; @@ -113,10 +113,10 @@ bool CmpLogInstructions::hookInstrs(Module &M) { IntegerType *Int64Ty = IntegerType::getInt64Ty(C); IntegerType *Int128Ty = IntegerType::getInt128Ty(C); -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c1 = M.getOrInsertFunction("__cmplog_ins_hook1", VoidTy, Int8Ty, Int8Ty, Int8Ty @@ -125,16 +125,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns1 = cast(c1); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns1 = c1; +#else + Function *cmplogHookIns1 = cast(c1); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c2 = M.getOrInsertFunction("__cmplog_ins_hook2", VoidTy, Int16Ty, Int16Ty, Int8Ty @@ -143,16 +143,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns2 = cast(c2); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns2 = c2; +#else + Function *cmplogHookIns2 = cast(c2); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c4 = M.getOrInsertFunction("__cmplog_ins_hook4", VoidTy, Int32Ty, Int32Ty, Int8Ty @@ -161,16 +161,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns4 = cast(c4); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns4 = c4; +#else + Function *cmplogHookIns4 = cast(c4); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c8 = M.getOrInsertFunction("__cmplog_ins_hook8", VoidTy, Int64Ty, Int64Ty, Int8Ty @@ -179,16 +179,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns8 = cast(c8); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns8 = c8; +#else + Function *cmplogHookIns8 = cast(c8); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c16 = M.getOrInsertFunction("__cmplog_ins_hook16", VoidTy, Int128Ty, Int128Ty, Int8Ty @@ -203,10 +203,10 @@ bool CmpLogInstructions::hookInstrs(Module &M) { FunctionCallee cmplogHookIns16 = c16; #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif cN = M.getOrInsertFunction("__cmplog_ins_hookN", VoidTy, Int128Ty, Int128Ty, Int8Ty, Int8Ty @@ -215,10 +215,10 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookInsN = cast(cN); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookInsN = cN; +#else + Function *cmplogHookInsN = cast(cN); #endif GlobalVariable *AFLCmplogPtr = M.getNamedGlobal("__afl_cmp_map"); @@ -338,7 +338,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { } -#if LLVM_MAJOR > 11 +#if (LLVM_VERSION_MAJOR >= 12) vector_cnt = tt->getElementCount().getKnownMinValue(); ty0 = tt->getElementType(); #endif @@ -359,7 +359,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { max_size = 80; else if (ty0->isFP128Ty() || ty0->isPPC_FP128Ty()) max_size = 128; -#if LLVM_MAJOR > 11 +#if (LLVM_VERSION_MAJOR >= 12) else if (ty0->getTypeID() != llvm::Type::PointerTyID && !be_quiet) fprintf(stderr, "Warning: unsupported cmp type for cmplog: %u!\n", ty0->getTypeID()); @@ -371,7 +371,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { if (ty0->isVectorTy()) { -#if LLVM_MAJOR > 11 +#if (LLVM_VERSION_MAJOR >= 12) VectorType *tt = dyn_cast(ty0); if (!tt) { @@ -397,7 +397,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { } else { -#if LLVM_MAJOR > 11 +#if (LLVM_VERSION_MAJOR >= 12) if (ty0->getTypeID() != llvm::Type::PointerTyID && !be_quiet) { fprintf(stderr, "Warning: unsupported cmp type for cmplog: %u\n", diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index fb514edc..0565875e 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -36,7 +36,7 @@ #include "llvm/Pass.h" #include "llvm/Analysis/ValueTracking.h" -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) #include "llvm/IR/Verifier.h" #include "llvm/IR/DebugInfo.h" @@ -65,11 +65,11 @@ class CmpLogRoutines : public ModulePass { bool runOnModule(Module &M) override; -#if LLVM_VERSION_MAJOR < 4 - const char *getPassName() const override { +#if LLVM_VERSION_MAJOR >= 4 + StringRef getPassName() const override { #else - StringRef getPassName() const override { + const char *getPassName() const override { #endif return "cmplog routines"; @@ -97,10 +97,10 @@ bool CmpLogRoutines::hookRtns(Module &M) { IntegerType *Int64Ty = IntegerType::getInt64Ty(C); PointerType *i8PtrTy = PointerType::get(Int8Ty, 0); -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c = M.getOrInsertFunction("__cmplog_rtn_hook", VoidTy, i8PtrTy, i8PtrTy #if LLVM_VERSION_MAJOR < 5 @@ -108,16 +108,16 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookFn = cast(c); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookFn = c; +#else + Function *cmplogHookFn = cast(c); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c1 = M.getOrInsertFunction("__cmplog_rtn_llvm_stdstring_stdstring", VoidTy, i8PtrTy, i8PtrTy @@ -126,16 +126,16 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogLlvmStdStd = cast(c1); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogLlvmStdStd = c1; +#else + Function *cmplogLlvmStdStd = cast(c1); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c2 = M.getOrInsertFunction("__cmplog_rtn_llvm_stdstring_cstring", VoidTy, i8PtrTy, i8PtrTy @@ -144,16 +144,16 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogLlvmStdC = cast(c2); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogLlvmStdC = c2; +#else + Function *cmplogLlvmStdC = cast(c2); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c3 = M.getOrInsertFunction("__cmplog_rtn_gcc_stdstring_stdstring", VoidTy, i8PtrTy, i8PtrTy @@ -162,16 +162,16 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogGccStdStd = cast(c3); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogGccStdStd = c3; +#else + Function *cmplogGccStdStd = cast(c3); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c4 = M.getOrInsertFunction("__cmplog_rtn_gcc_stdstring_cstring", VoidTy, i8PtrTy, i8PtrTy @@ -180,16 +180,16 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogGccStdC = cast(c4); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogGccStdC = c4; +#else + Function *cmplogGccStdC = cast(c4); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c5 = M.getOrInsertFunction("__cmplog_rtn_hook_n", VoidTy, i8PtrTy, i8PtrTy, Int64Ty @@ -198,16 +198,16 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookFnN = cast(c5); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookFnN = c5; +#else + Function *cmplogHookFnN = cast(c5); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c6 = M.getOrInsertFunction("__cmplog_rtn_hook_strn", VoidTy, i8PtrTy, i8PtrTy, Int64Ty @@ -216,16 +216,16 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookFnStrN = cast(c6); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookFnStrN = c6; +#else + Function *cmplogHookFnStrN = cast(c6); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c7 = M.getOrInsertFunction("__cmplog_rtn_hook_str", VoidTy, i8PtrTy, i8PtrTy @@ -234,10 +234,10 @@ bool CmpLogRoutines::hookRtns(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookFnStr = cast(c7); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookFnStr = c7; +#else + Function *cmplogHookFnStr = cast(c7); #endif GlobalVariable *AFLCmplogPtr = M.getNamedGlobal("__afl_cmp_map"); diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index aa719013..bcd5f8bd 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -37,7 +37,7 @@ #include "llvm/Pass.h" #include "llvm/Analysis/ValueTracking.h" -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) #include "llvm/IR/Verifier.h" #include "llvm/IR/DebugInfo.h" @@ -112,10 +112,10 @@ bool CmpLogInstructions::hookInstrs(Module &M) { IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType *Int64Ty = IntegerType::getInt64Ty(C); -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c1 = M.getOrInsertFunction("__cmplog_ins_hook1", VoidTy, Int8Ty, Int8Ty, Int8Ty @@ -124,16 +124,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns1 = cast(c1); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns1 = c1; +#else + Function *cmplogHookIns1 = cast(c1); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c2 = M.getOrInsertFunction("__cmplog_ins_hook2", VoidTy, Int16Ty, Int16Ty, Int8Ty @@ -142,16 +142,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns2 = cast(c2); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns2 = c2; +#else + Function *cmplogHookIns2 = cast(c2); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c4 = M.getOrInsertFunction("__cmplog_ins_hook4", VoidTy, Int32Ty, Int32Ty, Int8Ty @@ -160,16 +160,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns4 = cast(c4); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns4 = c4; +#else + Function *cmplogHookIns4 = cast(c4); #endif -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c8 = M.getOrInsertFunction("__cmplog_ins_hook8", VoidTy, Int64Ty, Int64Ty, Int8Ty @@ -178,10 +178,10 @@ bool CmpLogInstructions::hookInstrs(Module &M) { NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - Function *cmplogHookIns8 = cast(c8); -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee cmplogHookIns8 = c8; +#else + Function *cmplogHookIns8 = cast(c8); #endif GlobalVariable *AFLCmplogPtr = M.getNamedGlobal("__afl_cmp_map"); diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 1ec2bbfe..ef3bd66b 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -35,7 +35,7 @@ #include "llvm/Pass.h" #include "llvm/Analysis/ValueTracking.h" -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) #include "llvm/IR/Verifier.h" #include "llvm/IR/DebugInfo.h" @@ -64,11 +64,11 @@ class CompareTransform : public ModulePass { bool runOnModule(Module &M) override; -#if LLVM_VERSION_MAJOR < 4 - const char *getPassName() const override { +#if LLVM_VERSION_MAJOR >= 4 + StringRef getPassName() const override { #else - StringRef getPassName() const override { + const char *getPassName() const override { #endif return "transforms compare functions"; @@ -100,17 +100,17 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, IntegerType * Int32Ty = IntegerType::getInt32Ty(C); IntegerType * Int64Ty = IntegerType::getInt64Ty(C); -#if LLVM_VERSION_MAJOR < 9 - Function *tolowerFn; -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee tolowerFn; +#else + Function * tolowerFn; #endif { -#if LLVM_VERSION_MAJOR < 9 - Constant * -#else +#if LLVM_VERSION_MAJOR >= 9 FunctionCallee +#else + Constant * #endif c = M.getOrInsertFunction("tolower", Int32Ty, Int32Ty #if LLVM_VERSION_MAJOR < 5 @@ -118,10 +118,10 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, NULL #endif ); -#if LLVM_VERSION_MAJOR < 9 - tolowerFn = cast(c); -#else +#if LLVM_VERSION_MAJOR >= 9 tolowerFn = c; +#else + tolowerFn = cast(c); #endif } @@ -496,10 +496,10 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, PHINode *PN = PHINode::Create( Int32Ty, (next_lenchk_bb ? 2 : 1) * unrollLen + 1, "cmp_phi"); -#if LLVM_VERSION_MAJOR < 8 - TerminatorInst *term = bb->getTerminator(); -#else +#if LLVM_VERSION_MAJOR >= 8 Instruction *term = bb->getTerminator(); +#else + TerminatorInst *term = bb->getTerminator(); #endif BranchInst::Create(next_lenchk_bb ? next_lenchk_bb : next_cmp_bb, bb); term->eraseFromParent(); diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index d1254e40..95485be9 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -34,7 +34,7 @@ #include "llvm/IR/Module.h" #include "llvm/IR/IRBuilder.h" -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) #include "llvm/IR/Verifier.h" #include "llvm/IR/DebugInfo.h" @@ -796,7 +796,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { LLVMContext &C = M.getContext(); -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) const DataLayout &dl = M.getDataLayout(); @@ -1398,7 +1398,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { bool brokenDebug = false; if (verifyModule(M, &errs() -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) , &brokenDebug // 9th May 2016 diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index 1e32a31d..c0fa7c9c 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -37,7 +37,7 @@ #include "llvm/Analysis/ValueTracking.h" #include "llvm/IR/IRBuilder.h" -#if LLVM_VERSION_MAJOR > 3 || \ +#if LLVM_VERSION_MAJOR >= 4 || \ (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) #include "llvm/IR/Verifier.h" #include "llvm/IR/DebugInfo.h" @@ -369,10 +369,10 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { CaseVector Cases; for (SwitchInst::CaseIt i = SI->case_begin(), e = SI->case_end(); i != e; ++i) -#if LLVM_VERSION_MAJOR < 5 - Cases.push_back(CaseExpr(i.getCaseValue(), i.getCaseSuccessor())); -#else +#if LLVM_VERSION_MAJOR >= 5 Cases.push_back(CaseExpr(i->getCaseValue(), i->getCaseSuccessor())); +#else + Cases.push_back(CaseExpr(i.getCaseValue(), i.getCaseSuccessor())); #endif /* bugfix thanks to pbst * round up bytesChecked (in case getBitWidth() % 8 != 0) */ diff --git a/src/afl-cc.c b/src/afl-cc.c index 9c6e9b3e..6bdb9572 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -574,7 +574,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (instrument_mode == INSTRUMENT_PCGUARD) { -#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) +#if LLVM_MAJOR >= 11 || (LLVM_MAJOR == 10 && LLVM_MINOR >= 1) #if defined __ANDROID__ || ANDROID cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; instrument_mode = INSTRUMENT_LLVMNATIVE; @@ -1167,7 +1167,7 @@ int main(int argc, char **argv, char **envp) { } -#if (LLVM_MAJOR > 2) +#if (LLVM_MAJOR >= 3) if ((ptr = find_object("SanitizerCoverageLTO.so", argv[0])) != NULL) { @@ -1196,7 +1196,7 @@ int main(int argc, char **argv, char **envp) { } -#if (LLVM_MAJOR > 2) +#if (LLVM_MAJOR >= 3) if (strncmp(callname, "afl-clang-fast", 14) == 0) { @@ -1724,8 +1724,8 @@ int main(int argc, char **argv, char **envp) { compiler_mode == LTO ? " [SELECTED]" : "", have_llvm ? "AVAILABLE" : "unavailable!", compiler_mode == LLVM ? " [SELECTED]" : "", - LLVM_MAJOR > 6 ? "DEFAULT" : " ", - LLVM_MAJOR > 6 ? " " : "DEFAULT", + LLVM_MAJOR >= 7 ? "DEFAULT" : " ", + LLVM_MAJOR >= 7 ? " " : "DEFAULT", have_gcc_plugin ? "AVAILABLE" : "unavailable!", compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", have_gcc ? "AVAILABLE" : "unavailable!", @@ -1826,12 +1826,12 @@ int main(int argc, char **argv, char **envp) { " AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by " "filename\n"); -#if LLVM_MAJOR < 9 +#if LLVM_MAJOR >= 9 #define COUNTER_BEHAVIOUR \ - " AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n" + " AFL_LLVM_SKIP_NEVERZERO: do not skip zero on trace counters\n" #else #define COUNTER_BEHAVIOUR \ - " AFL_LLVM_SKIP_NEVERZERO: do not skip zero on trace counters\n" + " AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n" #endif if (have_llvm) SAYF( @@ -1905,7 +1905,7 @@ int main(int argc, char **argv, char **envp) { "consult the README.md, especially section 3.1 about instrumenting " "targets.\n\n"); -#if (LLVM_MAJOR > 2) +#if (LLVM_MAJOR >= 3) if (have_lto) SAYF("afl-cc LTO with ld=%s %s\n", AFL_REAL_LD, AFL_CLANG_FLTO); if (have_llvm) @@ -1967,9 +1967,7 @@ int main(int argc, char **argv, char **envp) { if (instrument_mode == 0 && compiler_mode < GCC_PLUGIN) { -#if LLVM_MAJOR <= 6 - instrument_mode = INSTRUMENT_AFL; -#else +#if LLVM_MAJOR >= 7 #if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1) if (have_instr_env) { @@ -1984,6 +1982,8 @@ int main(int argc, char **argv, char **envp) { #endif instrument_mode = INSTRUMENT_PCGUARD; +#else + instrument_mode = INSTRUMENT_AFL; #endif } -- cgit 1.4.1