ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 17:51:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

USE_TRACE_PC unnecessary, set env AFL_LLVM_USE_TRACE_PC instead

Browse Source
This commit is contained in:
van Hauser
2020-01-21 12:53:36 +01:00
parent 0d5a8f69e9
commit 00d086f816
3 changed files with 38 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/ChangeLog
View File

@ -21,9 +21,11 @@ Version ++2.60d (develop):
- afl-fuzz:
- now prints the real python version support compiled in
- set stronger performance compile options and little tweaks
- afl-clang-fast now shows in the help output for which llvm version it
was compiled for
- added blacklisted function check in llvm_mode
- afl-clang-fast:
- show in the help output for which llvm version it was compiled for
- now does not need to be recompiled between trace-pc and pass
instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :)
- added blacklisted function check in all modules of llvm_mode
- added fix from Debian project to compile libdislocator and libtokencap

19
llvm_mode/README.md
View File

@ -198,24 +198,23 @@ PS. Because there are task switches still involved, the mode isn't as fast as
faster than the normal fork() model, and compared to in-process fuzzing,
should be a lot more robust.
## 8) Bonus feature #3: new 'trace-pc-guard' mode
## 8) Bonus feature #3: 'trace-pc-guard' mode
Recent versions of LLVM are shipping with a built-in execution tracing feature
LLVM is shipping with a built-in execution tracing feature
that provides AFL with the necessary tracing data without the need to
post-process the assembly or install any compiler plugins. See:
http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards
If you have a sufficiently recent compiler and want to give it a try, build
afl-clang-fast this way:
If you have not an outdated compiler and want to give it a try, build
targets this way:
```
AFL_TRACE_PC=1 make clean all
libtarget-1.0 $ AFL_LLVM_USE_TRACE_PC=1 make
```
Note that this mode is currently about 20% slower than "vanilla" afl-clang-fast,
Note that this mode is about 20% slower than "vanilla" afl-clang-fast,
and about 5-10% slower than afl-clang. This is likely because the
instrumentation is not inlined, and instead involves a function call. On systems
that support it, compiling your target with -flto should help.
instrumentation is not inlined, and instead involves a function call.
On systems that support it, compiling your target with -flto can help
a bit.

33
llvm_mode/afl-clang-fast.c
View File

@ -204,13 +204,24 @@ static void edit_params(u32 argc, char** argv) {
// "-fsanitize-coverage=trace-cmp,trace-div,trace-gep";
// cc_params[cc_par_cnt++] = "-sanitizer-coverage-block-threshold=0";
#else
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] = "-load";
cc_params[cc_par_cnt++] = "-Xclang";
if (getenv("AFL_LLVM_INSTRIM") != NULL || getenv("INSTRIM_LIB") != NULL)
cc_params[cc_par_cnt++] = alloc_printf("%s/libLLVMInsTrim.so", obj_path);
else
cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path);
if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") ||
getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC")) {
cc_params[cc_par_cnt++] =
"-fsanitize-coverage=trace-pc-guard"; // edge coverage by default
} else {
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] = "-load";
cc_params[cc_par_cnt++] = "-Xclang";
if (getenv("AFL_LLVM_INSTRIM") != NULL || getenv("INSTRIM_LIB") != NULL)
cc_params[cc_par_cnt++] = alloc_printf("%s/libLLVMInsTrim.so", obj_path);
else
cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path);
}
#endif /* ^USE_TRACE_PC */
cc_params[cc_par_cnt++] = "-Qunused-arguments";
@ -282,8 +293,10 @@ static void edit_params(u32 argc, char** argv) {
#ifdef USE_TRACE_PC
if (getenv("AFL_INST_RATIO"))
FATAL("AFL_INST_RATIO not available at compile time with 'trace-pc'.");
if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") ||
getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC"))
if (getenv("AFL_INST_RATIO"))
FATAL("AFL_INST_RATIO not available at compile time with 'trace-pc'.");
#endif /* USE_TRACE_PC */
@ -455,6 +468,8 @@ int main(int argc, char** argv) {
#ifdef USE_TRACE_PC
SAYF(cCYA "afl-clang-fast" VERSION cRST
" [tpcg] by <lszekeres@google.com>\n");
#warning \
"You do not need to specifically compile with USE_TRACE_PC anymore, setting the environment variable AFL_LLVM_USE_TRACE_PC is enough."
#else
SAYF(cCYA "afl-clang-fast" VERSION cRST " by <lszekeres@google.com>\n");
#endif /* ^USE_TRACE_PC */