ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 12:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into ios

Browse Source
This commit is contained in:
Vincent Andrae
2025-02-26 17:59:07 +01:00
committed by GitHub
parent c22b06a27d a635aa8cba
commit 0e3c82e2ea
10 changed files with 56 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/ci.yml vendored
View File

@ -14,7 +14,7 @@ jobs:
runs-on: "${{ matrix.os }}" runs-on: "${{ matrix.os }}"
strategy: strategy:
matrix: matrix:
os: [ubuntu-24.04, ubuntu-22.04] os: [ubuntu-24.04, ubuntu-22.04, ubuntu-24.04-arm]
env: env:
AFL_SKIP_CPUFREQ: 1 AFL_SKIP_CPUFREQ: 1
AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1

29
.github/workflows/container.yml vendored
View File

@ -35,20 +35,41 @@ jobs:
apt-get install -y libcmocka-dev && apt-get install -y libcmocka-dev &&
make -i tests make -i tests
" "
build-and-test-arm64:
name: Test arm64 image
runs-on: ubuntu-24.04-arm
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build arm64
uses: docker/build-push-action@v6
with:
context: .
tags: aflplusplus:test-arm64
load: true
cache-to: type=gha,mode=max
build-args: |
TEST_BUILD=1
- name: Test arm64
run: >
docker run --rm aflplusplus:test-arm64 bash -c "
apt-get update &&
apt-get install -y libcmocka-dev &&
make -i tests
"
push: push:
name: Push amd64 and arm64 images name: Push amd64 and arm64 images
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: needs:
- build-and-test-amd64 - build-and-test-amd64
- build-and-test-arm64
if: ${{ github.event_name == 'push' && github.repository == 'AFLplusplus/AFLplusplus' }} if: ${{ github.event_name == 'push' && github.repository == 'AFLplusplus/AFLplusplus' }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: arm64
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: Login to docker.io - name: Login to docker.io

1
Dockerfile
View File

@ -61,6 +61,7 @@ RUN apt-get update && \
RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_VERSION} 0 && \ RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_VERSION} 0 && \
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${GCC_VERSION} 0 && \ update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${GCC_VERSION} 0 && \
update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-${GCC_VERSION} 0 && \
update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${LLVM_VERSION} 0 && \ update-alternatives --install /usr/bin/clang clang /usr/bin/clang-${LLVM_VERSION} 0 && \
update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-${LLVM_VERSION} 0 update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-${LLVM_VERSION} 0

13
GNUmakefile.llvm
View File

@ -237,7 +237,8 @@ ifeq "$(LLVM_LTO)" "1"
ifeq "$(AFL_REAL_LD)" "" ifeq "$(AFL_REAL_LD)" ""
ifneq "$(shell readlink $(LLVM_BINDIR)/ld.lld 2>&1)" "" ifneq "$(shell readlink $(LLVM_BINDIR)/ld.lld 2>&1)" ""
AFL_REAL_LD = $(LLVM_BINDIR)/ld.lld AFL_REAL_LD = $(LLVM_BINDIR)/ld.lld
else ifneq "$(shell command -v ld.lld 2>/dev/null)" "" else
ifneq "$(shell command -v ld.lld 2>/dev/null)" ""
AFL_REAL_LD = $(shell command -v ld.lld) AFL_REAL_LD = $(shell command -v ld.lld)
TMP_LDLDD_VERSION = $(shell $(AFL_REAL_LD) --version | awk '{ print $$2 }') TMP_LDLDD_VERSION = $(shell $(AFL_REAL_LD) --version | awk '{ print $$2 }')
ifeq "$(LLVMVER)" "$(TMP_LDLDD_VERSION)" ifeq "$(LLVMVER)" "$(TMP_LDLDD_VERSION)"
@ -247,12 +248,12 @@ ifeq "$(LLVM_LTO)" "1"
AFL_REAL_LD= AFL_REAL_LD=
LLVM_LTO = 0 LLVM_LTO = 0
endif endif
undefine TMP_LDLDD_VERSION
else else
$(warning ld.lld not found, cannot enable LTO mode) $(warning ld.lld not found, cannot enable LTO mode)
LLVM_LTO = 0 LLVM_LTO = 0
endif endif
endif endif
endif
else else
$(warning clang option -flto is not working - maybe LLVMgold.so not found - cannot enable LTO mode) $(warning clang option -flto is not working - maybe LLVMgold.so not found - cannot enable LTO mode)
LLVM_LTO = 0 LLVM_LTO = 0
@ -272,12 +273,6 @@ ifeq "$(LLVM_LTO)" "1"
endif endif
endif endif
ifeq "$(shell echo 'int main() {return 0; }' | $(CLANG_BIN) -x c - -fdebug-prefix-map=$(CURDIR)=llvm_mode -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
AFL_CLANG_DEBUG_PREFIX = -fdebug-prefix-map="$(CURDIR)=llvm_mode"
else
AFL_CLANG_DEBUG_PREFIX =
endif
IS_IOS := $(findstring ios, $(shell $(CC) --version 2>/dev/null)) IS_IOS := $(findstring ios, $(shell $(CC) --version 2>/dev/null))
CFLAGS ?= -O3 -funroll-loops -fPIC CFLAGS ?= -O3 -funroll-loops -fPIC
@ -290,7 +285,7 @@ CFLAGS_SAFE := -Wall -g -Wno-cast-qual -Wno-variadic-macros -Wno-pointer-sig
-DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" -DAFL_REAL_LD=\"$(AFL_REAL_LD)\" \ -DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" -DAFL_REAL_LD=\"$(AFL_REAL_LD)\" \
-DAFL_CLANG_LDPATH=\"$(AFL_CLANG_LDPATH)\" -DAFL_CLANG_FUSELD=\"$(AFL_CLANG_FUSELD)\" \ -DAFL_CLANG_LDPATH=\"$(AFL_CLANG_LDPATH)\" -DAFL_CLANG_FUSELD=\"$(AFL_CLANG_FUSELD)\" \
-DCLANG_BIN=\"$(CLANG_BIN)\" -DCLANGPP_BIN=\"$(CLANGPP_BIN)\" -DUSE_BINDIR=$(USE_BINDIR) \ -DCLANG_BIN=\"$(CLANG_BIN)\" -DCLANGPP_BIN=\"$(CLANGPP_BIN)\" -DUSE_BINDIR=$(USE_BINDIR) \
-Wno-unused-function $(AFL_CLANG_DEBUG_PREFIX) -Wno-unused-function
ifndef LLVM_DEBUG ifndef LLVM_DEBUG
CFLAGS_SAFE += -Wno-deprecated CFLAGS_SAFE += -Wno-deprecated
endif endif

1
docs/env_variables.md
View File

@ -107,6 +107,7 @@ fairly broad use of environment variables instead:
conditions conditions
- `AFL_USE_UBSAN=1` - activates the undefined behavior sanitizer - `AFL_USE_UBSAN=1` - activates the undefined behavior sanitizer
- `AFL_UBSAN_VERBOSE=1` - outputs detailed diagnostic information when undefined behavior is detected, instead of simply terminating with "Illegal Instruction" - `AFL_UBSAN_VERBOSE=1` - outputs detailed diagnostic information when undefined behavior is detected, instead of simply terminating with "Illegal Instruction"
. `AFL_USE_RTSAN` . activates the realtime sanitizer (realtime violations in deterministic run time constraints). (clang 20 minimum)
- Note: both `AFL_CFISAN_VERBOSE=1` and `AFL_UBSAN_VERBOSE=1` are disabled by default as verbose output can significantly slow down fuzzing performance. Use these options only during debugging or when additional crash diagnostics are required - Note: both `AFL_CFISAN_VERBOSE=1` and `AFL_UBSAN_VERBOSE=1` are disabled by default as verbose output can significantly slow down fuzzing performance. Use these options only during debugging or when additional crash diagnostics are required

1
docs/features.md
View File

@ -106,6 +106,7 @@ Among others, the following features and patches have been integrated:
* Win32 PE binary-only fuzzing with QEMU and Wine * Win32 PE binary-only fuzzing with QEMU and Wine
* AFLfast's power schedules by Marcel Böhme: * AFLfast's power schedules by Marcel Böhme:
[https://github.com/mboehme/aflfast](https://github.com/mboehme/aflfast) [https://github.com/mboehme/aflfast](https://github.com/mboehme/aflfast)
* The fast deterministic stage by Han Zheng: [https://github.com/hexhive/mendelFuzz-Artifact/](https://github.com/hexhive/mendelFuzz-Artifact/)
* The MOpt mutator: * The MOpt mutator:
[https://github.com/puppet-meteor/MOpt-AFL](https://github.com/puppet-meteor/MOpt-AFL) [https://github.com/puppet-meteor/MOpt-AFL](https://github.com/puppet-meteor/MOpt-AFL)
* LLVM mode Ngram coverage by Adrian Herrera * LLVM mode Ngram coverage by Adrian Herrera

6
instrumentation/README.lto.md
View File

@ -79,11 +79,11 @@ LLVM 13 to 19 should be available in all current Linux repositories.
That part is easy. That part is easy.
Just set `LLVM_CONFIG` to the llvm-config-VERSION and build AFL++, e.g. for Just set `LLVM_CONFIG` to the llvm-config-VERSION and build AFL++, e.g. for
LLVM 15: LLVM 19:
``` ```
cd ~/AFLplusplus cd ~/AFLplusplus
export LLVM_CONFIG=llvm-config-15 export LLVM_CONFIG=llvm-config-19
make make
sudo make install sudo make install
``` ```
@ -96,7 +96,7 @@ Also, the instrument file listing (AFL_LLVM_ALLOWLIST/AFL_LLVM_DENYLIST ->
[README.instrument_list.md](README.instrument_list.md)) and laf-intel/compcov [README.instrument_list.md](README.instrument_list.md)) and laf-intel/compcov
(AFL_LLVM_LAF_* -> [README.laf-intel.md](README.laf-intel.md)) work. (AFL_LLVM_LAF_* -> [README.laf-intel.md](README.laf-intel.md)) work.
Example (note that you might need to add the version, e.g. `llvm-ar-15`: Example (note that you might need to add the version, e.g. `llvm-ar-19`:
``` ```
CC=afl-clang-lto CXX=afl-clang-lto++ RANLIB=llvm-ranlib AR=llvm-ar AS=llvm-as ./configure CC=afl-clang-lto CXX=afl-clang-lto++ RANLIB=llvm-ranlib AR=llvm-ar AS=llvm-as ./configure

13
src/afl-cc.c
View File

@ -181,7 +181,7 @@ typedef struct aflcc_state {
have_pic, have_c, shared_linking, partial_linking, non_dash, have_fp, have_pic, have_c, shared_linking, partial_linking, non_dash, have_fp,
have_flto, have_hidden, have_fortify, have_fcf, have_staticasan, have_flto, have_hidden, have_fortify, have_fcf, have_staticasan,
have_rust_asanrt, have_asan, have_msan, have_ubsan, have_lsan, have_tsan, have_rust_asanrt, have_asan, have_msan, have_ubsan, have_lsan, have_tsan,
have_cfisan; have_cfisan, have_rtsan;
// u8 *march_opt; // u8 *march_opt;
u8 need_aflpplib; u8 need_aflpplib;
@ -1152,7 +1152,8 @@ void instrument_mode_by_environ(aflcc_state_t *aflcc) {
static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) { static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) {
if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) &&
(aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER)) { (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) &&
aflcc->compiler_mode != LTO) {
FATAL("you cannot set CTX and CALLER together"); FATAL("you cannot set CTX and CALLER together");
@ -2031,6 +2032,11 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) {
} }
if (getenv("AFL_USE_RTSAN") && !aflcc->have_rtsan) {
insert_param(aflcc, "-fsanitize=realtime");
aflcc->have_rtsan = 1;
}
if (getenv("AFL_USE_CFISAN") || aflcc->have_cfisan) { if (getenv("AFL_USE_CFISAN") || aflcc->have_cfisan) {
if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) { if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) {
@ -2971,7 +2977,8 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) {
" AFL_USE_MSAN: activate memory sanitizer\n" " AFL_USE_MSAN: activate memory sanitizer\n"
" AFL_USE_UBSAN: activate undefined behaviour sanitizer\n" " AFL_USE_UBSAN: activate undefined behaviour sanitizer\n"
" AFL_USE_TSAN: activate thread sanitizer\n" " AFL_USE_TSAN: activate thread sanitizer\n"
" AFL_USE_LSAN: activate leak-checker sanitizer\n"); " AFL_USE_LSAN: activate leak-checker sanitizer\n"
" AFL_USE_RTSAN: activate realtime sanitizer\n");
if (aflcc->have_gcc_plugin) if (aflcc->have_gcc_plugin)
SAYF( SAYF(

2
src/afl-fuzz-bitmap.c
View File

@ -29,7 +29,7 @@
#include <stdlib.h> #include <stdlib.h>
#include "asanfuzz.h" #include "asanfuzz.h"
static u16 count_class_lookup16[65536]; u16 count_class_lookup16[65536];
/* Destructively simplify trace by eliminating hit count information /* Destructively simplify trace by eliminating hit count information
and replacing it with 0x80 or 0x01 depending on whether the tuple and replacing it with 0x80 or 0x01 depending on whether the tuple

4
utils/aflpp_driver/aflpp_driver.c
View File

@ -392,10 +392,6 @@ __attribute__((weak)) int LLVMFuzzerRunDriver(
__afl_manual_init(); __afl_manual_init();
// Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
// on the first execution of LLVMFuzzerTestOneInput is ignored.
callback(dummy_input, 4);
__asan_poison_memory_region(__afl_fuzz_ptr, MAX_FILE); __asan_poison_memory_region(__afl_fuzz_ptr, MAX_FILE);
size_t prev_length = 0; size_t prev_length = 0;