From 80ddb484deb82aefc9ba35c766ffca313d74e377 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 6 May 2020 11:51:28 +0200 Subject: added InsTrimLTO :-) --- llvm_mode/afl-clang-fast.c | 93 ++++++++++++++++++++++++++++------------------ 1 file changed, 57 insertions(+), 36 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 2d1b427c..6a6414ad 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -43,7 +43,7 @@ static u8 * obj_path; /* Path to runtime libraries */ static u8 **cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u8 llvm_fullpath[PATH_MAX]; -static u8 instrument_mode, instrument_opt_mode, ngram_size; +static u8 instrument_mode, instrument_opt_mode, ngram_size, lto_mode; static u8 * lto_flag = AFL_CLANG_FLTO; static u8 * march_opt = CFLAGS_OPT; static u8 debug; @@ -170,7 +170,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { else ++name; - if (instrument_mode == INSTRUMENT_LTO) + if (lto_mode) if (lto_flag[0] != '-') FATAL( "Using afl-clang-lto is not possible because Makefile magic did not " @@ -227,8 +227,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("LAF_TRANSFORM_COMPARES") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { - if (!be_quiet && getenv("AFL_LLVM_LTO_AUTODICTIONARY") && - instrument_mode != INSTRUMENT_LTO) + if (!be_quiet && getenv("AFL_LLVM_LTO_AUTODICTIONARY") && lto_mode) WARNF( "using AFL_LLVM_LAF_TRANSFORM_COMPARES together with " "AFL_LLVM_LTO_AUTODICTIONARY makes no sense. Use only " @@ -281,7 +280,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { } - if (instrument_mode == INSTRUMENT_LTO) { + if (lto_mode) { if (getenv("AFL_LLVM_WHITELIST") != NULL) { @@ -295,8 +294,12 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD); cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; - cc_params[cc_par_cnt++] = alloc_printf( - "-Wl,-mllvm=-load=%s/afl-llvm-lto-instrumentation.so", obj_path); + if (instrument_mode == INSTRUMENT_CFG) + cc_params[cc_par_cnt++] = + alloc_printf("-Wl,-mllvm=-load=%s/afl-llvm-lto-instrim.so", obj_path); + else + cc_params[cc_par_cnt++] = alloc_printf( + "-Wl,-mllvm=-load=%s/afl-llvm-lto-instrumentation.so", obj_path); cc_params[cc_par_cnt++] = lto_flag; } else { @@ -391,7 +394,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("AFL_USE_CFISAN")) { - if (instrument_mode != INSTRUMENT_LTO) { + if (!lto_mode) { uint32_t i = 0, found = 0; while (envp[i] != NULL && !found) @@ -417,9 +420,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || getenv("LAF_TRANSFORM_COMPARES") || - (instrument_mode == INSTRUMENT_LTO && - (getenv("AFL_LLVM_LTO_AUTODICTIONARY") || - getenv("AFL_LLVM_AUTODICTIONARY")))) { + (lto_mode && (getenv("AFL_LLVM_LTO_AUTODICTIONARY") || + getenv("AFL_LLVM_AUTODICTIONARY")))) { cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; @@ -500,7 +502,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { case 0: cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt.o", obj_path); - if (instrument_mode == INSTRUMENT_LTO) + if (lto_mode) cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt-lto.o", obj_path); break; @@ -509,7 +511,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt-32.o", obj_path); if (access(cc_params[cc_par_cnt - 1], R_OK)) FATAL("-m32 is not supported by your compiler"); - if (instrument_mode == INSTRUMENT_LTO) { + if (lto_mode) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt-lto-32.o", obj_path); @@ -524,7 +526,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt-64.o", obj_path); if (access(cc_params[cc_par_cnt - 1], R_OK)) FATAL("-m64 is not supported by your compiler"); - if (instrument_mode == INSTRUMENT_LTO) { + if (lto_mode) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt-lto-64.o", obj_path); @@ -548,7 +550,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { int main(int argc, char **argv, char **envp) { int i; - char *callname = "afl-clang-fast", *ptr; + char *callname = "afl-clang-fast", *ptr = NULL; if (getenv("AFL_DEBUG")) { @@ -630,7 +632,13 @@ int main(int argc, char **argv, char **envp) { if (strncasecmp(ptr, "cfg", strlen("cfg")) == 0 || strncasecmp(ptr, "instrim", strlen("instrim")) == 0) { - if (!instrument_mode || instrument_mode == INSTRUMENT_CFG) + if (instrument_mode == INSTRUMENT_LTO) { + + instrument_mode = INSTRUMENT_CFG; + lto_mode = 1; + + } else if (!instrument_mode || instrument_mode == INSTRUMENT_CFG) + instrument_mode = INSTRUMENT_CFG; else FATAL("main instrumentation mode already set with %s", @@ -640,9 +648,10 @@ int main(int argc, char **argv, char **envp) { if (strncasecmp(ptr, "lto", strlen("lto")) == 0) { + lto_mode = 1; if (!instrument_mode || instrument_mode == INSTRUMENT_LTO) instrument_mode = INSTRUMENT_LTO; - else + else if (instrument_mode != INSTRUMENT_CFG) FATAL("main instrumentation mode already set with %s", instrument_mode_string[instrument_mode]); @@ -684,37 +693,49 @@ int main(int argc, char **argv, char **envp) { } - if (!instrument_opt_mode) - ptr = instrument_mode_string[instrument_mode]; - else if (instrument_opt_mode == INSTRUMENT_OPT_CTX) - ptr = alloc_printf("%s + CTX", instrument_mode_string[instrument_mode]); - else if (instrument_opt_mode == INSTRUMENT_OPT_NGRAM) - ptr = alloc_printf("%s + NGRAM-%u", instrument_mode_string[instrument_mode], - ngram_size); - else - ptr = alloc_printf("%s + CTX + NGRAM-%u", - instrument_mode_string[instrument_mode], ngram_size); - if (strstr(argv[0], "afl-clang-lto") != NULL) { - if (instrument_mode == 0 || instrument_mode == INSTRUMENT_LTO) { + if (instrument_mode == 0 || instrument_mode == INSTRUMENT_LTO || + instrument_mode == INSTRUMENT_CFG) { + lto_mode = 1; callname = "afl-clang-lto"; - instrument_mode = INSTRUMENT_LTO; - ptr = instrument_mode_string[instrument_mode]; + if (!instrument_mode) { + + instrument_mode = INSTRUMENT_LTO; + ptr = instrument_mode_string[instrument_mode]; + + } } else { if (!be_quiet) WARNF("afl-clang-lto called with mode %s, using that mode instead", - ptr); + instrument_mode_string[instrument_mode]); } } + if (!instrument_opt_mode) { + + if (lto_mode && instrument_mode == INSTRUMENT_CFG) + ptr = alloc_printf("InsTrimLTO"); + else + ptr = instrument_mode_string[instrument_mode]; + + } else if (instrument_opt_mode == INSTRUMENT_OPT_CTX) + + ptr = alloc_printf("%s + CTX", instrument_mode_string[instrument_mode]); + else if (instrument_opt_mode == INSTRUMENT_OPT_NGRAM) + ptr = alloc_printf("%s + NGRAM-%u", instrument_mode_string[instrument_mode], + ngram_size); + else + ptr = alloc_printf("%s + CTX + NGRAM-%u", + instrument_mode_string[instrument_mode], ngram_size); + #ifndef AFL_CLANG_FLTO - if (instrument_mode == INSTRUMENT_LTO) + if (lto_mode) FATAL( "instrumentation mode LTO specified but LLVM support not available " "(requires LLVM 11 or higher)"); @@ -733,7 +754,7 @@ int main(int argc, char **argv, char **envp) { if (argc < 2 || strcmp(argv[1], "-h") == 0) { - if (instrument_mode != INSTRUMENT_LTO) + if (!lto_mode) printf("afl-clang-fast" VERSION " by in %s mode\n", ptr); else @@ -831,7 +852,7 @@ int main(int argc, char **argv, char **envp) { getenv("AFL_DEBUG") != NULL) { - if (instrument_mode != INSTRUMENT_LTO) + if (!lto_mode) SAYF(cCYA "afl-clang-fast" VERSION cRST " by in %s mode\n", @@ -846,7 +867,7 @@ int main(int argc, char **argv, char **envp) { } u8 *ptr2; - if (!be_quiet && instrument_mode != INSTRUMENT_LTO && + if (!be_quiet && !lto_mode && ((ptr2 = getenv("AFL_MAP_SIZE")) || (ptr2 = getenv("AFL_MAPSIZE")))) { u32 map_size = atoi(ptr2); -- cgit 1.4.1 From ec5b1924c4f004e67d50769cb1a33f77855be77a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 6 May 2020 11:55:50 +0200 Subject: CTX+NGRAM != LTO --- llvm_mode/afl-clang-fast.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 6a6414ad..1f3463eb 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -716,6 +716,9 @@ int main(int argc, char **argv, char **envp) { } } + + if (instrument_opt_mode && lto_mode) + FATAL("CTX and NGRAM can not be used in LTO mode (and would make LTO useless)"); if (!instrument_opt_mode) { -- cgit 1.4.1 From 140053502bd5ce162ab7e6bfbb151494381d704c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 7 May 2020 08:08:20 +0200 Subject: import transform fix into autodict, code-format --- examples/afl_untracer/afl-untracer.c | 40 +++++++++++++++------------- llvm_mode/afl-clang-fast.c | 6 +++-- llvm_mode/afl-llvm-lto-instrim.so.cc | 24 +++++++++++------ llvm_mode/afl-llvm-lto-instrumentation.so.cc | 24 +++++++++++------ 4 files changed, 58 insertions(+), 36 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index 99f06f36..5dbc71bf 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -279,12 +279,13 @@ library_list_t *find_library(char *name) { /* for having an easy breakpoint after load the shared library */ // this seems to work for clang too. nice :) requires gcc 4.4+ #pragma GCC push_options -#pragma GCC optimize ("O0") -void breakpoint() { +#pragma GCC optimize("O0") +void breakpoint() { if (debug) fprintf(stderr, "Breakpoint function \"breakpoint\" reached.\n"); } + #pragma GCC pop_options /* Error reporting to forkserver controller */ @@ -470,7 +471,7 @@ void setup_trap_instrumentation() { FILE *patches = fopen(filename, "r"); if (!patches) FATAL("Couldn't open AFL_UNTRACER_FILE file %s", filename); - // Index into the coverage bitmap for the current trap instruction. + // Index into the coverage bitmap for the current trap instruction. #ifdef __aarch64__ uint64_t bitmap_index = 0; #else @@ -507,11 +508,13 @@ void setup_trap_instrumentation() { PROT_READ | PROT_WRITE | PROT_EXEC) != 0) FATAL("Failed to mprotect library %s writable", line); - // Create shadow memory. + // Create shadow memory. #ifdef __aarch64__ for (int i = 0; i < 8; i++) { + #else for (int i = 0; i < 4; i++) { + #endif void *shadow_addr = SHADOW(lib_addr + i); @@ -540,16 +543,17 @@ void setup_trap_instrumentation() { FATAL("Too many basic blocks to instrument"); #ifdef __arch64__ - uint64_t + uint64_t #else - uint32_t + uint32_t #endif - *shadow = SHADOW(lib_addr + offset); + *shadow = SHADOW(lib_addr + offset); if (*shadow != 0) continue; // skip duplicates // Make lookup entry in shadow memory. -#if ((defined(__APPLE__) && defined(__LP64__)) || defined(__x86_64__) || defined(__i386__)) +#if ((defined(__APPLE__) && defined(__LP64__)) || defined(__x86_64__) || \ + defined(__i386__)) // this is for Intel x64 @@ -566,10 +570,10 @@ void setup_trap_instrumentation() { // this is for aarch64 - uint32_t *patch_bytes = (uint32_t*)(lib_addr + offset); - uint32_t orig_bytes = *patch_bytes; + uint32_t *patch_bytes = (uint32_t *)(lib_addr + offset); + uint32_t orig_bytes = *patch_bytes; *shadow = (bitmap_index << 32) | orig_bytes; - *patch_bytes = 0xd4200000; // replace instruction with debug trap + *patch_bytes = 0xd4200000; // replace instruction with debug trap if (debug) fprintf(stderr, "Patch entry: %p[%x] = %p = %02x -> SHADOW(%p) #%d -> %016x\n", @@ -577,14 +581,14 @@ void setup_trap_instrumentation() { bitmap_index, *shadow); #else - // this will be ARM and AARCH64 - // for ARM we will need to identify if the code is in thumb or ARM + // this will be ARM and AARCH64 + // for ARM we will need to identify if the code is in thumb or ARM #error "non x86_64/aarch64 not supported yet" - //__arm__: - // linux thumb: 0xde01 - // linux arm: 0xe7f001f0 - //__aarch64__: - // linux aarch64: 0xd4200000 + //__arm__: + // linux thumb: 0xde01 + // linux arm: 0xe7f001f0 + //__aarch64__: + // linux aarch64: 0xd4200000 #endif bitmap_index++; diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 1f3463eb..42b02bdd 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -716,9 +716,11 @@ int main(int argc, char **argv, char **envp) { } } - + if (instrument_opt_mode && lto_mode) - FATAL("CTX and NGRAM can not be used in LTO mode (and would make LTO useless)"); + FATAL( + "CTX and NGRAM can not be used in LTO mode (and would make LTO " + "useless)"); if (!instrument_opt_mode) { diff --git a/llvm_mode/afl-llvm-lto-instrim.so.cc b/llvm_mode/afl-llvm-lto-instrim.so.cc index 9fd3e3ec..f862e091 100644 --- a/llvm_mode/afl-llvm-lto-instrim.so.cc +++ b/llvm_mode/afl-llvm-lto-instrim.so.cc @@ -346,11 +346,15 @@ struct InsTrimLTO : public ModulePass { if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - if (auto *Array = dyn_cast( - Var->getInitializer())) { + if (Var->hasInitializer()) { - HasStr2 = true; - Str2 = Array->getAsString().str(); + if (auto *Array = dyn_cast( + Var->getInitializer())) { + + HasStr2 = true; + Str2 = Array->getAsString().str(); + + } } @@ -419,11 +423,15 @@ struct InsTrimLTO : public ModulePass { if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - if (auto *Array = dyn_cast( - Var->getInitializer())) { + if (Var->hasInitializer()) { + + if (auto *Array = dyn_cast( + Var->getInitializer())) { + + HasStr1 = true; + Str1 = Array->getAsString().str(); - HasStr1 = true; - Str1 = Array->getAsString().str(); + } } diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 79081d37..0e353fdf 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -326,11 +326,15 @@ bool AFLLTOPass::runOnModule(Module &M) { if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - if (auto *Array = - dyn_cast(Var->getInitializer())) { + if (Var->hasInitializer()) { - HasStr2 = true; - Str2 = Array->getAsString().str(); + if (auto *Array = dyn_cast( + Var->getInitializer())) { + + HasStr2 = true; + Str2 = Array->getAsString().str(); + + } } @@ -398,11 +402,15 @@ bool AFLLTOPass::runOnModule(Module &M) { if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - if (auto *Array = - dyn_cast(Var->getInitializer())) { + if (Var->hasInitializer()) { + + if (auto *Array = dyn_cast( + Var->getInitializer())) { + + HasStr1 = true; + Str1 = Array->getAsString().str(); - HasStr1 = true; - Str1 = Array->getAsString().str(); + } } -- cgit 1.4.1 From d02cfc54b63578f1887d9042466f59ac0cff91ad Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 10 May 2020 08:51:40 +0200 Subject: LTO fixes for fuzzbench --- llvm_mode/GNUmakefile | 6 ++++-- llvm_mode/afl-clang-fast.c | 43 ++++++++++++++++++++++++++++++++----------- 2 files changed, 36 insertions(+), 13 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/llvm_mode/GNUmakefile b/llvm_mode/GNUmakefile index 6a58f6a5..beebf696 100644 --- a/llvm_mode/GNUmakefile +++ b/llvm_mode/GNUmakefile @@ -43,6 +43,7 @@ LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^3\. LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//') LLVM_BINDIR = $(shell $(LLVM_CONFIG) --bindir 2>/dev/null) +LLVM_LIBDIR = $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) LLVM_STDCXX = gnu++11 LLVM_APPLE = $(shell clang -v 2>&1 | grep -iq apple && echo 1 || echo 0) LLVM_LTO = 0 @@ -200,7 +201,8 @@ override CFLAGS += -Wall \ -g -Wno-pointer-sign -I ../include/ \ -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \ -DLLVM_BINDIR=\"$(LLVM_BINDIR)\" -DVERSION=\"$(VERSION)\" \ - -DLLVM_VERSION=\"$(LLVMVER)\" -DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" \ + -DLLVM_LIBDIR=\"$(LLVM_LIBDIR)\" -DLLVM_VERSION=\"$(LLVMVER)\" \ + -DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" \ -DAFL_REAL_LD=\"$(AFL_REAL_LD)\" -DAFL_CLANG_FUSELD=\"$(AFL_CLANG_FUSELD)\" \ -DCLANG_BIN=\"$(CLANG_BIN)\" -DCLANGPP_BIN=\"$(CLANGPP_BIN)\" -DUSE_BINDIR=$(USE_BINDIR) -Wno-unused-function ifdef AFL_TRACE_PC @@ -296,7 +298,7 @@ afl-common.o: ../src/afl-common.c $(CC) $(CFLAGS) -c $< -o $@ $(LDFLAGS) ../afl-clang-fast: afl-clang-fast.c afl-common.o | test_deps - $(CC) $(CFLAGS) $< afl-common.o -o $@ $(LDFLAGS) -DCFLAGS_OPT=\"$(CFLAGS_OPT)\" + $(CC) $(CFLAGS) $< afl-common.o -o $@ $(LDFLAGS) -DCFLAGS_OPT=\"$(CFLAGS_OPT)\" -Dxxx ln -sf afl-clang-fast ../afl-clang-fast++ ifneq "$(AFL_CLANG_FLTO)" "" ifeq "$(LLVM_LTO)" "1" diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 42b02bdd..027f4035 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -43,13 +43,13 @@ static u8 * obj_path; /* Path to runtime libraries */ static u8 **cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u8 llvm_fullpath[PATH_MAX]; -static u8 instrument_mode, instrument_opt_mode, ngram_size, lto_mode; -static u8 * lto_flag = AFL_CLANG_FLTO; -static u8 * march_opt = CFLAGS_OPT; -static u8 debug; -static u8 cwd[4096]; -static u8 cmplog_mode; -u8 use_stdin = 0; /* dummy */ +static u8 instrument_mode, instrument_opt_mode, ngram_size, lto_mode, cpp_mode; +static u8 *lto_flag = AFL_CLANG_FLTO; +static u8 *march_opt = CFLAGS_OPT; +static u8 debug; +static u8 cwd[4096]; +static u8 cmplog_mode; +u8 use_stdin = 0; /* dummy */ enum { @@ -184,6 +184,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { else sprintf(llvm_fullpath, CLANGPP_BIN); cc_params[0] = alt_cxx && *alt_cxx ? alt_cxx : (u8 *)llvm_fullpath; + cpp_mode = 1; } else if (!strcmp(name, "afl-clang-fast") || @@ -205,12 +206,18 @@ static void edit_params(u32 argc, char **argv, char **envp) { } - /* There are three ways to compile with afl-clang-fast. In the traditional + if (lto_mode && cpp_mode) + cc_params[cc_par_cnt++] = "-lc++"; // needed by fuzzbench, early + + /* There are several ways to compile with afl-clang-fast. In the traditional mode, we use afl-llvm-pass.so, then there is libLLVMInsTrim.so which is - much faster but has less coverage. Finally there is the experimental - 'trace-pc-guard' mode, we use native LLVM instrumentation callbacks - instead. For trace-pc-guard see: + faster and creates less map pollution. + Then there is the 'trace-pc-guard' mode, we use native LLVM + instrumentation callbacks instead. For trace-pc-guard see: http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards + The best instrumentatation is with the LTO modes, the classic and + InsTrimLTO, the latter is faster. The LTO modes are activated by using + afl-clang-lto(++) */ // laf @@ -326,6 +333,20 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-Qunused-arguments"; + // in case LLVM is installed not via a package manager or "make install" + // e.g. compiled download or compiled from github then it's ./lib directory + // might not be in the search path. Add it if so. + u8 *libdir = strdup(LLVM_LIBDIR); + if (strlen(libdir) && strncmp(libdir, "/usr", 4) && + strncmp(libdir, "/lib", 4)) { + + cc_params[cc_par_cnt++] = "-rpath"; + cc_params[cc_par_cnt++] = libdir; + + } else + + free(libdir); + /* Detect stray -v calls from ./configure scripts. */ while (--argc) { -- cgit 1.4.1 From 2e553bcd69a6852e7feb7e87ce757babfcb26df0 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 10 May 2020 10:24:24 +0200 Subject: code-format --- include/types.h | 24 ++++++++++++------------ llvm_mode/LLVMInsTrim.so.cc | 3 ++- llvm_mode/afl-clang-fast.c | 6 ++++-- qemu_mode/patches/afl-qemu-cpu-inl.h | 2 +- src/afl-showmap.c | 3 ++- 5 files changed, 21 insertions(+), 17 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/include/types.h b/include/types.h index 647044c4..f89221cd 100644 --- a/include/types.h +++ b/include/types.h @@ -154,19 +154,19 @@ typedef int64_t s64; #define MEM_BARRIER() __asm__ volatile("" ::: "memory") #if __GNUC__ < 6 -# ifndef likely -# define likely(_x) (_x) -# endif -# ifndef unlikely -# define unlikely(_x) (_x) -# endif +#ifndef likely +#define likely(_x) (_x) +#endif +#ifndef unlikely +#define unlikely(_x) (_x) +#endif #else -# ifndef likely -# define likely(_x) __builtin_expect(!!(_x), 1) -# endif -# ifndef unlikely -# define unlikely(_x) __builtin_expect(!!(_x), 0) -# endif +#ifndef likely +#define likely(_x) __builtin_expect(!!(_x), 1) +#endif +#ifndef unlikely +#define unlikely(_x) __builtin_expect(!!(_x), 0) +#endif #endif #endif /* ! _HAVE_TYPES_H */ diff --git a/llvm_mode/LLVMInsTrim.so.cc b/llvm_mode/LLVMInsTrim.so.cc index 41d4397b..69fc079b 100644 --- a/llvm_mode/LLVMInsTrim.so.cc +++ b/llvm_mode/LLVMInsTrim.so.cc @@ -143,7 +143,7 @@ struct InsTrim : public ModulePass { char *ctx_str = getenv("AFL_LLVM_CTX"); #ifdef AFL_HAVE_VECTOR_INTRINSICS - int ngram_size = 0; + int ngram_size = 0; /* Decide previous location vector size (must be a power of two) */ VectorType *PrevLocTy; @@ -359,6 +359,7 @@ struct InsTrim : public ModulePass { MDNode::get(C, None)); } else + #endif { diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 027f4035..07754d1d 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -337,16 +337,18 @@ static void edit_params(u32 argc, char **argv, char **envp) { // e.g. compiled download or compiled from github then it's ./lib directory // might not be in the search path. Add it if so. u8 *libdir = strdup(LLVM_LIBDIR); - if (strlen(libdir) && strncmp(libdir, "/usr", 4) && + if (cpp_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && strncmp(libdir, "/lib", 4)) { cc_params[cc_par_cnt++] = "-rpath"; cc_params[cc_par_cnt++] = libdir; - } else + } else { free(libdir); + } + /* Detect stray -v calls from ./configure scripts. */ while (--argc) { diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index a6136722..78a8f800 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -127,7 +127,7 @@ static inline TranslationBlock *tb_find(CPUState *, TranslationBlock *, int, uint32_t); static inline void tb_add_jump(TranslationBlock *tb, int n, TranslationBlock *tb_next); -int open_self_maps(void *cpu_env, int fd); +int open_self_maps(void *cpu_env, int fd); /************************* * ACTUAL IMPLEMENTATION * diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 784d323d..ed59f2f5 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -865,7 +865,8 @@ int main(int argc, char **argv_orig, char **envp) { } - stdin_file = alloc_printf("%s/.afl-showmap-temp-%u", use_dir, (u32)getpid()); + stdin_file = + alloc_printf("%s/.afl-showmap-temp-%u", use_dir, (u32)getpid()); unlink(stdin_file); atexit(at_exit_handler); fsrv->out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); -- cgit 1.4.1