From 898353c87ae2b7e212e1012e847f02f8e18f9428 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 14:17:51 +0200 Subject: enforce no built-ins for lto --- llvm_mode/afl-clang-fast.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'llvm_mode') diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 738433ac..484943d2 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -255,12 +255,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("LAF_TRANSFORM_COMPARES") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { - if (!be_quiet && getenv("AFL_LLVM_LTO_AUTODICTIONARY") && lto_mode) - WARNF( - "using AFL_LLVM_LAF_TRANSFORM_COMPARES together with " - "AFL_LLVM_LTO_AUTODICTIONARY makes no sense. Use only " - "AFL_LLVM_LTO_AUTODICTIONARY."); - cc_params[cc_par_cnt++] = "-Xclang"; cc_params[cc_par_cnt++] = "-load"; cc_params[cc_par_cnt++] = "-Xclang"; @@ -472,9 +466,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { } if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || - getenv("LAF_TRANSFORM_COMPARES") || - (lto_mode && (getenv("AFL_LLVM_LTO_AUTODICTIONARY") || - getenv("AFL_LLVM_AUTODICTIONARY")))) { + getenv("LAF_TRANSFORM_COMPARES") || lto_mode) { cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; -- cgit 1.4.1 From e6e38d1703c5765a1d62cba211e881b0f34b959c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 21:25:32 +0200 Subject: give document edge id a unique id per module --- examples/afl_untracer/afl-untracer.c | 2 +- llvm_mode/afl-llvm-lto-instrumentation.so.cc | 30 +++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 4 deletions(-) (limited to 'llvm_mode') diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index f6dbbcd6..cb6f948c 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -437,7 +437,7 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) { if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1; // fprintf(stderr, "write1 %d\n", do_exit); - __afl_area_ptr[0] = 1; // put something in the map + __afl_area_ptr[0] = 1; // put something in the map return status; diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 5686eb56..4023c1d6 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -105,6 +105,11 @@ bool AFLLTOPass::runOnModule(Module &M) { char * ptr; FILE * documentFile = NULL; + srand((unsigned int)time(NULL)); + + unsigned long long int moduleID = + (((unsigned long long int)(rand() & 0xffffffff)) << 32) | getpid(); + IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType *Int64Ty = IntegerType::getInt64Ty(C); @@ -189,13 +194,32 @@ bool AFLLTOPass::runOnModule(Module &M) { ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); ConstantInt *One = ConstantInt::get(Int8Ty, 1); + /* This dumps all inialized global strings - might be useful in the future + for (auto G=M.getGlobalList().begin(); G!=M.getGlobalList().end(); G++) { + + GlobalVariable &GV=*G; + if (!GV.getName().str().empty()) { + + fprintf(stderr, "Global Variable: %s", GV.getName().str().c_str()); + if (GV.hasInitializer()) + if (auto *Val = dyn_cast(GV.getInitializer())) + fprintf(stderr, " Value: \"%s\"", Val->getAsString().str().c_str()); + fprintf(stderr, "\n"); + + } + + } + + */ + /* Instrument all the things! */ int inst_blocks = 0; for (auto &F : M) { - // fprintf(stderr, "DEBUG: Function %s\n", F.getName().str().c_str()); + // fprintf(stderr, "DEBUG: Module %s Function %s\n", + // M.getName().str().c_str(), F.getName().str().c_str()); if (F.size() < function_minimum_size) continue; if (isIgnoreFunction(&F)) continue; @@ -603,8 +627,8 @@ bool AFLLTOPass::runOnModule(Module &M) { if (documentFile) { - fprintf(documentFile, "%s %u\n", F.getName().str().c_str(), - afl_global_id); + fprintf(documentFile, "ModuleID=%llu Function=%s edgeID=%u\n", + moduleID, F.getName().str().c_str(), afl_global_id); } -- cgit 1.4.1 From e1d20706ca97faf871abc03a9db3b551277d6b3f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 4 Aug 2020 13:17:53 +0200 Subject: fix cmplog with lto --- llvm_mode/afl-clang-fast.c | 6 ++++++ llvm_mode/afl-llvm-lto-instrumentation.so.cc | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'llvm_mode') diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 484943d2..ef99e3f3 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -305,6 +305,11 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (lto_mode) { + if (cmplog_mode) + unsetenv("AFL_LLVM_LTO_AUTODICTIONARY"); + else + setenv("AFL_LLVM_LTO_AUTODICTIONARY", "1", 1); + cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD); cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; /* @@ -392,6 +397,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { continue; if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue; + if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue; cc_params[cc_par_cnt++] = cur; diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 4023c1d6..38c3f202 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -86,7 +86,7 @@ class AFLLTOPass : public ModulePass { bool runOnModule(Module &M) override; protected: - int afl_global_id = 1, autodictionary = 1; + int afl_global_id = 1, autodictionary = 0; uint32_t function_minimum_size = 1; uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; uint64_t map_addr = 0x10000; @@ -133,6 +133,8 @@ bool AFLLTOPass::runOnModule(Module &M) { } + if (getenv("AFL_LLVM_LTO_AUTODICTIONARY")) autodictionary = 1; + if (getenv("AFL_LLVM_MAP_DYNAMIC")) map_addr = 0; if (getenv("AFL_LLVM_SKIPSINGLEBLOCK")) function_minimum_size = 2; -- cgit 1.4.1