From f37c4c86622c5e0ea10e0a0249e203c412c2db2e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 5 Jul 2023 13:03:17 +0200 Subject: update llvm recommendations --- instrumentation/README.llvm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'instrumentation') diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 126cf1a2..34b80c85 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -7,7 +7,7 @@ For the GCC-based instrumentation, see ## 1) Introduction -! llvm_mode works with llvm versions 3.8 up to 13 ! +! llvm_mode works with llvm versions 3.8 up to 17 - but 13+ is recommended ! The code in this directory allows you to instrument programs for AFL++ using true compiler-level instrumentation, instead of the more crude assembly-level -- cgit 1.4.1 From b547a6ab0d0e94fc141b0c013f44c1aa02cb78cc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 Jul 2023 17:43:09 +0200 Subject: nits --- afl-cmin | 2 +- instrumentation/SanitizerCoverageLTO.so.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'instrumentation') diff --git a/afl-cmin b/afl-cmin index f3ae4304..23532b63 100755 --- a/afl-cmin +++ b/afl-cmin @@ -425,7 +425,7 @@ BEGIN { cmd = "stat --version 2>/dev/null" cmd | getline statversion close(cmd) - if (statversion ~ /GNU coreutils/) { + if (statversion ~ /GNU coreutils/ || statversion ~ /BusyBox/) { stat_format = "-c '%s %n'" # GNU } else { stat_format = "-f '%z %N'" # *BSD, MacOS diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index d7b03634..c70fbd4f 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1081,7 +1081,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( } if (!be_quiet) - printf("AUTODICTIONARY: %lu string%s found\n", count, + printf("AUTODICTIONARY: %zu string%s found\n", count, count == 1 ? "" : "s"); if (count) { -- cgit 1.4.1 From a46d27fad51a8fdd905bb8771bd73eeb2c054895 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 Jul 2023 18:29:21 +0200 Subject: nits --- instrumentation/split-compares-pass.so.cc | 2 +- src/afl-common.c | 2 +- src/afl-forkserver.c | 8 ++++---- test/test-libextensions.sh | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) (limited to 'instrumentation') diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 6eafb332..09463fc5 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -1740,7 +1740,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { if (!be_quiet && !debug) { errs() << "Split-floatingpoint-compare-pass: " << count - << " FP comparisons splitted\n"; + << " FP comparisons split\n"; } diff --git a/src/afl-common.c b/src/afl-common.c index 3e1ec09d..a6f83f6d 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -403,7 +403,7 @@ u8 *find_binary(u8 *fname) { FATAL( "Unexpected overflow when processing ENV. This should never " - "happend."); + "happened."); } diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 7322f1ad..ba7cdd66 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -667,13 +667,13 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) { case Abort: - NYX_PRE_FATAL(fsrv, "Error: Nyx abort occured..."); + NYX_PRE_FATAL(fsrv, "Error: Nyx abort occurred..."); break; case IoError: NYX_PRE_FATAL(fsrv, "Error: QEMU-Nyx has died..."); break; case Error: - NYX_PRE_FATAL(fsrv, "Error: Nyx runtime error has occured..."); + NYX_PRE_FATAL(fsrv, "Error: Nyx runtime error has occurred..."); break; default: break; @@ -1581,7 +1581,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, FATAL("FixMe: Nyx InvalidWriteToPayload handler is missing"); break; case Abort: - FATAL("Error: Nyx abort occured..."); + FATAL("Error: Nyx abort occurred..."); case IoError: if (*stop_soon_p) { @@ -1595,7 +1595,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, break; case Error: - FATAL("Error: Nyx runtime error has occured..."); + FATAL("Error: Nyx runtime error has occurred..."); break; } diff --git a/test/test-libextensions.sh b/test/test-libextensions.sh index 40a898c8..f7f86de5 100755 --- a/test/test-libextensions.sh +++ b/test/test-libextensions.sh @@ -5,7 +5,7 @@ test -z "$AFL_CC" && unset AFL_CC $ECHO "$BLUE[*] Testing: shared library extensions" -cc $CFLAGS -o test-compcov test-compcov.c > /dev/null 2>&1 +cc $CFLAGS -O0 -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { -- cgit 1.4.1 From 127c345161769c513275fed9d64de12536ee979d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 13 Jul 2023 14:26:26 +0200 Subject: nts --- frida_mode/src/instrument/instrument_arm32.c | 2 +- frida_mode/src/instrument/instrument_arm64.c | 2 +- include/config.h | 8 ++++++++ instrumentation/SanitizerCoveragePCGUARD.so.cc | 1 + instrumentation/afl-compiler-rt.o.c | 6 ------ 5 files changed, 11 insertions(+), 8 deletions(-) (limited to 'instrumentation') diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 2e123247..c1e3f187 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -15,7 +15,7 @@ static GHashTable *coverage_blocks = NULL; extern __thread guint64 instrument_previous_pc; -__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[2UL << 20]; +__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_INITIAL_SIZE]; #pragma pack(push, 1) typedef struct { diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index a8d30dc1..2256f941 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -22,7 +22,7 @@ gboolean instrument_cache_enabled = FALSE; gsize instrument_cache_size = 0; static GHashTable *coverage_blocks = NULL; -__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[2UL << 20]; +__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_INITIAL_SIZE]; #pragma pack(push, 1) typedef struct { diff --git a/include/config.h b/include/config.h index 8585041e..16f4b613 100644 --- a/include/config.h +++ b/include/config.h @@ -446,7 +446,15 @@ after changing this - otherwise, SEGVs may ensue. */ #define MAP_SIZE_POW2 16 + +/* Do not change this unless you really know what you are doing. */ + #define MAP_SIZE (1U << MAP_SIZE_POW2) +#if MAP_SIZE <= 65536 + #define MAP_INITIAL_SIZE (2 << 20) // = 2097152 +#else + #define MAP_INITIAL_SIZE MAP_SIZE +#endif /* Maximum allocator request size (keep well under INT_MAX): */ diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 7d614f43..98c5973c 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -227,6 +227,7 @@ llvmGetPassPluginInfo() { PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, ModuleAnalysisManager &MAM) { + ModuleSanitizerCoverageAFL ModuleSancov(Options); auto &FAM = MAM.getResult(M).getManager(); auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 3f8b519b..dd9aae77 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -87,12 +87,6 @@ is used for instrumentation output before __afl_map_shm() has a chance to run. It will end up as .comm, so it shouldn't be too wasteful. */ -#if MAP_SIZE <= 65536 - #define MAP_INITIAL_SIZE 2097152 -#else - #define MAP_INITIAL_SIZE MAP_SIZE -#endif - #if defined(__HAIKU__) extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); -- cgit 1.4.1