From 5a74cffa0f22b4e3b3dbc829dfb1c8f7c7a6fb76 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 20 Mar 2020 17:10:44 +0100 Subject: added llvm_mode ngram coverage --- llvm_mode/afl-clang-fast.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 313a2533..77cb1c0f 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -158,14 +158,20 @@ static void edit_params(u32 argc, char **argv) { #endif if (lto_flag[0] != '-') FATAL( - "afl-clang-lto not possible because Makefile magic did not identify " - "the correct -flto flag"); + "Using afl-clang-lto is not possible because Makefile magic did not " + "identify the correct -flto flag"); if (getenv("AFL_LLVM_INSTRIM") != NULL) FATAL("afl-clang-lto does not work with InsTrim mode"); + if (getenv("AFL_LLVM_NGRAM_SIZE") != NULL) + FATAL("afl-clang-lto does not work with ngram coverage mode"); lto_mode = 1; } + if (getenv("AFL_LLVM_NGRAM_SIZE") != NULL && + getenv("AFL_LLVM_INSTRIM") != NULL) + FATAL("AFL_LLVM_NGRAM_SIZE and AFL_LLVM_INSTRIM can not be used together"); + if (!strcmp(name, "afl-clang-fast++") || !strcmp(name, "afl-clang-lto++")) { u8 *alt_cxx = getenv("AFL_CXX"); @@ -605,6 +611,7 @@ int main(int argc, char **argv, char **envp) { "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n" "AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n" "AFL_LLVM_INSTRIM_LOOPHEAD: optimize loop tracing for speed\n" + "AFL_LLVM_NGRAM_SIZE: use ngram prev_loc coverage\n" "AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n" "\nafl-clang-fast was built for llvm %s with the llvm binary path " "of " -- cgit 1.4.1 From 426351947956b0f13ab909050e8db049e71324d6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 23 Mar 2020 08:48:57 +0100 Subject: more fixes --- docs/notes_for_asan.md | 3 ++- llvm_mode/Makefile | 2 +- llvm_mode/afl-clang-fast.c | 6 +++--- 3 files changed, 6 insertions(+), 5 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md index fa7c0f27..a52d3de4 100644 --- a/docs/notes_for_asan.md +++ b/docs/notes_for_asan.md @@ -29,7 +29,8 @@ Note that ASAN is incompatible with -static, so be mindful of that. (You can also use AFL_USE_MSAN=1 to enable MSAN instead.) NOTE: if you run several slaves only one should run the target compiled with -ASAN (and UBSAN), the others run the target with no sanitiziers compiled. +ASAN (and UBSAN), the others should run the target with no sanitiziers +compiled in. There is also the option of generating a corpus using a non-ASAN binary, and then feeding it to an ASAN-instrumented one to check for bugs. This is faster, diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index 9c333836..5f808729 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -335,7 +335,7 @@ endif if [ -f ../split-switches-pass.so ]; then set -e; install -m 755 ../split-switches-pass.so $${DESTDIR}$(HELPER_PATH); fi if [ -f ../cmplog-instructions-pass.so ]; then set -e; install -m 755 ../cmplog-*-pass.so $${DESTDIR}$(HELPER_PATH); fi set -e; if [ -f ../afl-clang-fast ] ; then ln -sf ../afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf ../afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang++ ; else ln -sf ../afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf ../afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang++; fi - install -m 644 -T README.*.md $${DESTDIR}$(DOC_PATH)/README.llvm_mode.laf-intel.md + install -m 644 -T README.*.md $${DESTDIR}$(DOC_PATH)/ install -m 644 -T README.md $${DESTDIR}$(DOC_PATH)/README.llvm_mode.md vpath % .. diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 77cb1c0f..55f1f8ca 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -170,7 +170,7 @@ static void edit_params(u32 argc, char **argv) { if (getenv("AFL_LLVM_NGRAM_SIZE") != NULL && getenv("AFL_LLVM_INSTRIM") != NULL) - FATAL("AFL_LLVM_NGRAM_SIZE and AFL_LLVM_INSTRIM can not be used together"); + FATAL("AFL_LLVM_NGRAM_SIZE and AFL_LLVM_INSTRIM cannot be used together"); if (!strcmp(name, "afl-clang-fast++") || !strcmp(name, "afl-clang-lto++")) { @@ -551,11 +551,11 @@ int main(int argc, char **argv, char **envp) { #else if (strstr(argv[0], "afl-clang-lto") == NULL) - printf(cCYA "afl-clang-fast" VERSION cRST " by \n"); + printf("afl-clang-fast" VERSION " by \n"); else { - printf(cCYA "afl-clang-lto" VERSION cRST + printf("afl-clang-lto" VERSION " by Marc \"vanHauser\" Heuse \n"); } -- cgit 1.4.1 From 37603272bec7abb5f6898f1737f588484ec93fd7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 23 Mar 2020 08:58:17 +0100 Subject: more fixes and code-format --- llvm_mode/Makefile | 2 +- llvm_mode/afl-clang-fast.c | 34 ++++++++++++++++++++++------------ src/afl-fuzz-stats.c | 14 +++++++------- 3 files changed, 30 insertions(+), 20 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index 5f808729..49e0076a 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -335,7 +335,7 @@ endif if [ -f ../split-switches-pass.so ]; then set -e; install -m 755 ../split-switches-pass.so $${DESTDIR}$(HELPER_PATH); fi if [ -f ../cmplog-instructions-pass.so ]; then set -e; install -m 755 ../cmplog-*-pass.so $${DESTDIR}$(HELPER_PATH); fi set -e; if [ -f ../afl-clang-fast ] ; then ln -sf ../afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf ../afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang++ ; else ln -sf ../afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf ../afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang++; fi - install -m 644 -T README.*.md $${DESTDIR}$(DOC_PATH)/ + install -m 644 README.*.md $${DESTDIR}$(DOC_PATH)/ install -m 644 -T README.md $${DESTDIR}$(DOC_PATH)/README.llvm_mode.md vpath % .. diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 55f1f8ca..edd4d95c 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -556,7 +556,7 @@ int main(int argc, char **argv, char **envp) { else { printf("afl-clang-lto" VERSION - " by Marc \"vanHauser\" Heuse \n"); + " by Marc \"vanHauser\" Heuse \n"); } @@ -608,21 +608,31 @@ int main(int argc, char **argv, char **envp) { "AFL_LLVM_LAF_SPLIT_FLOATS: transform floating point comp. to " "cascaded " "comp.\n" - "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n" - "AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n" - "AFL_LLVM_INSTRIM_LOOPHEAD: optimize loop tracing for speed\n" - "AFL_LLVM_NGRAM_SIZE: use ngram prev_loc coverage\n" - "AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n" - "\nafl-clang-fast was built for llvm %s with the llvm binary path " - "of " - "\"%s\".\n", - callname, BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR); + "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n", + callname, BIN_PATH, BIN_PATH); if (strcmp(callname, "afl-clang-lto") == 0) SAYF( - "Compiled with linker target \"%s\" and LTO flags \"%s\"\n\n" + "AFL_LLVM_LTO_STARTID: from which ID to start counting from for a " + "bb\n" + "AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a " + "global var\n" + "AFL_REAL_LD: use this linker instead of the compiled in path\n" + "AFL_LD_PASSTHROUGH: do not perform instrumentation (for configure " + "scripts)\n" + "\nafl-clang-lto was built for llvm %s with the llvm binary path " + "of \"%s\"; linker target \"%s\" and LTO flags \"%s\"\n" "If anything fails - be sure to read README.lto.md!\n\n", - AFL_REAL_LD, AFL_CLANG_FLTO); + LLVM_VERSION, LLVM_BINDIR, AFL_REAL_LD, AFL_CLANG_FLTO); + else + SAYF( + "AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n" + "AFL_LLVM_INSTRIM_LOOPHEAD: optimize loop tracing for speed\n" + "AFL_LLVM_NGRAM_SIZE: use ngram prev_loc coverage\n" + "AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n" + "\nafl-clang-fast was built for llvm %s with the llvm binary path " + "of \"%s\".\n", + LLVM_VERSION, LLVM_BINDIR); SAYF("\n"); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 5b5c93bf..ab2b83c6 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -361,9 +361,9 @@ void show_stats(afl_state_t *afl) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (afl->dumb_mode) { @@ -446,9 +446,9 @@ void show_stats(afl_state_t *afl) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -477,9 +477,9 @@ void show_stats(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", stringify_int(IB(0), afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_paths); @@ -556,7 +556,7 @@ void show_stats(afl_state_t *afl) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); -- cgit 1.4.1 From 94e30002e7bc41f46208c61aa477f3d07133fd01 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 23 Mar 2020 09:25:05 +0100 Subject: better man page for afl-clang-* --- llvm_mode/Makefile | 2 +- llvm_mode/afl-clang-fast.c | 49 +++++++++++++++++++++++++--------------------- 2 files changed, 28 insertions(+), 23 deletions(-) (limited to 'llvm_mode/afl-clang-fast.c') diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index 49e0076a..9626665c 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -359,7 +359,7 @@ vpath % .. @echo Apache License Version 2.0, January 2004 >> ../$@ ln -sf afl-clang-fast.8 ../afl-clang-fast++.8 ifneq "$(AFL_CLANG_FLTO)" "" -ifeq "$(LLVM_LTO)" "0" +ifeq "$(LLVM_LTO)" "1" ln -sf afl-clang-fast.8 ../afl-clang-lto.8 ln -sf afl-clang-fast.8 ../afl-clang-lto++.8 endif diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index edd4d95c..aec3bfd5 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -611,28 +611,33 @@ int main(int argc, char **argv, char **envp) { "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n", callname, BIN_PATH, BIN_PATH); - if (strcmp(callname, "afl-clang-lto") == 0) - SAYF( - "AFL_LLVM_LTO_STARTID: from which ID to start counting from for a " - "bb\n" - "AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a " - "global var\n" - "AFL_REAL_LD: use this linker instead of the compiled in path\n" - "AFL_LD_PASSTHROUGH: do not perform instrumentation (for configure " - "scripts)\n" - "\nafl-clang-lto was built for llvm %s with the llvm binary path " - "of \"%s\"; linker target \"%s\" and LTO flags \"%s\"\n" - "If anything fails - be sure to read README.lto.md!\n\n", - LLVM_VERSION, LLVM_BINDIR, AFL_REAL_LD, AFL_CLANG_FLTO); - else - SAYF( - "AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n" - "AFL_LLVM_INSTRIM_LOOPHEAD: optimize loop tracing for speed\n" - "AFL_LLVM_NGRAM_SIZE: use ngram prev_loc coverage\n" - "AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n" - "\nafl-clang-fast was built for llvm %s with the llvm binary path " - "of \"%s\".\n", - LLVM_VERSION, LLVM_BINDIR); + SAYF( + "\nafl-clang-fast specific environment variables:\n" + "AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n" + "AFL_LLVM_INSTRIM_LOOPHEAD: optimize loop tracing for speed\n" + "AFL_LLVM_NGRAM_SIZE: use ngram prev_loc coverage\n" + "AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n"); + +#ifdef AFL_CLANG_FLTO + SAYF( + "\nafl-clang-lto specific environment variables:\n" + "AFL_LLVM_LTO_STARTID: from which ID to start counting from for a " + "bb\n" + "AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a " + "global var\n" + "AFL_REAL_LD: use this linker instead of the compiled in path\n" + "AFL_LD_PASSTHROUGH: do not perform instrumentation (for configure " + "scripts)\n" + "\nafl-clang-lto was built with linker target \"%s\" and LTO flags " + "\"%s\"\n" + "If anything fails - be sure to read README.lto.md!\n", + AFL_REAL_LD, AFL_CLANG_FLTO); +#endif + + SAYF( + "\nafl-clang-fast was built for llvm %s with the llvm binary path " + "of \"%s\".\n", + LLVM_VERSION, LLVM_BINDIR); SAYF("\n"); -- cgit 1.4.1