ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

update instrumenation/README.instrument_file.md for gcc_plugin

Browse Source
This commit is contained in:
van Hauser
2020-09-08 17:15:32 +02:00
parent c091340a85
commit 2802245da7
4 changed files with 64 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
instrumentation/README.instrument_list.md
View File

@ -1,8 +1,8 @@
# Using afl++ with partial instrumentation # Using afl++ with partial instrumentation
This file describes how to selectively instrument only source files This file describes how to selectively instrument only source files
or functions that are of interest to you using the LLVM instrumentation or functions that are of interest to you using the LLVM and GCC_PLUGIN
provided by afl++. instrumentation provided by afl++.
## 1) Description and purpose ## 1) Description and purpose
@ -22,11 +22,17 @@ https://clang.llvm.org/docs/SanitizerCoverage.html#partially-disabling-instrumen
The llvm sancov list format is fully supported by afl++, however afl++ has The llvm sancov list format is fully supported by afl++, however afl++ has
more flexibility. more flexibility.
## 2) Building the LLVM module ## 2a) Building the LLVM module
The new code is part of the existing afl++ LLVM module in the instrumentation/ The new code is part of the existing afl++ LLVM module in the instrumentation/
subdirectory. There is nothing specifically to do for the build :) subdirectory. There is nothing specifically to do for the build :)
## 2b) Building the GCC module
The new code is part of the existing afl++ GCC_PLUGIN module in the
instrumentation/ subdirectory. There is nothing specifically to do for
the build :)
## 3) How to use the partial instrumentation mode ## 3) How to use the partial instrumentation mode
In order to build with partial instrumentation, you need to build with In order to build with partial instrumentation, you need to build with
@ -37,6 +43,9 @@ AFL_LLVM_ALLOWLIST or AFL_LLVM_DENYLIST set with a filename.
That file should contain the file names or functions that are to be instrumented That file should contain the file names or functions that are to be instrumented
(AFL_LLVM_ALLOWLIST) or are specifically NOT to be instrumented (AFL_LLVM_DENYLIST). (AFL_LLVM_ALLOWLIST) or are specifically NOT to be instrumented (AFL_LLVM_DENYLIST).
GCC_PLUGIN: you can use either AFL_LLVM_ALLOWLIST or AFL_GCC_ALLOWLIST (or the
same for _DENYLIST), both work.
For matching to succeed, the function/file name that is being compiled must end in the For matching to succeed, the function/file name that is being compiled must end in the
function/file name entry contained in this instrument file list. That is to avoid function/file name entry contained in this instrument file list. That is to avoid
breaking the match when absolute paths are used during compilation. breaking the match when absolute paths are used during compilation.

3
src/afl-fuzz-init.c
View File

@ -1775,7 +1775,6 @@ int check_main_node_exists(afl_state_t *afl) {
void setup_dirs_fds(afl_state_t *afl) { void setup_dirs_fds(afl_state_t *afl) {
u8 *tmp; u8 *tmp;
s32 fd;
ACTF("Setting up output directories..."); ACTF("Setting up output directories...");
@ -1901,7 +1900,7 @@ void setup_dirs_fds(afl_state_t *afl) {
/* Gnuplot output file. */ /* Gnuplot output file. */
tmp = alloc_printf("%s/plot_data", afl->out_dir); tmp = alloc_printf("%s/plot_data", afl->out_dir);
fd = open(tmp, O_WRONLY | O_CREAT | O_EXCL, 0600); int fd = open(tmp, O_WRONLY | O_CREAT | O_EXCL, 0600);
if (fd < 0) { PFATAL("Unable to create '%s'", tmp); } if (fd < 0) { PFATAL("Unable to create '%s'", tmp); }
ck_free(tmp); ck_free(tmp);

4
src/afl-fuzz-mutators.c
View File

@ -93,9 +93,9 @@ void setup_custom_mutators(afl_state_t *afl) {
} }
struct custom_mutator *mutator = load_custom_mutator_py(afl, module_name); struct custom_mutator *m = load_custom_mutator_py(afl, module_name);
afl->custom_mutators_count++; afl->custom_mutators_count++;
list_append(&afl->custom_mutator_list, mutator); list_append(&afl->custom_mutator_list, m);
} }

98
src/afl-fuzz.c
View File

@ -698,7 +698,7 @@ int main(int argc, char **argv_orig, char **envp) {
afl->swarm_now = 0; afl->swarm_now = 0;
if (afl->limit_time_puppet == 0) { afl->key_puppet = 1; } if (afl->limit_time_puppet == 0) { afl->key_puppet = 1; }
int i; int j;
int tmp_swarm = 0; int tmp_swarm = 0;
if (afl->g_now > afl->g_max) { afl->g_now = 0; } if (afl->g_now > afl->g_max) { afl->g_now = 0; }
@ -711,70 +711,70 @@ int main(int argc, char **argv_orig, char **envp) {
double total_puppet_temp = 0.0; double total_puppet_temp = 0.0;
afl->swarm_fitness[tmp_swarm] = 0.0; afl->swarm_fitness[tmp_swarm] = 0.0;
for (i = 0; i < operator_num; ++i) { for (j = 0; j < operator_num; ++j) {
afl->stage_finds_puppet[tmp_swarm][i] = 0; afl->stage_finds_puppet[tmp_swarm][j] = 0;
afl->probability_now[tmp_swarm][i] = 0.0; afl->probability_now[tmp_swarm][j] = 0.0;
afl->x_now[tmp_swarm][i] = afl->x_now[tmp_swarm][j] =
((double)(random() % 7000) * 0.0001 + 0.1); ((double)(random() % 7000) * 0.0001 + 0.1);
total_puppet_temp += afl->x_now[tmp_swarm][i]; total_puppet_temp += afl->x_now[tmp_swarm][j];
afl->v_now[tmp_swarm][i] = 0.1; afl->v_now[tmp_swarm][j] = 0.1;
afl->L_best[tmp_swarm][i] = 0.5; afl->L_best[tmp_swarm][j] = 0.5;
afl->G_best[i] = 0.5; afl->G_best[j] = 0.5;
afl->eff_best[tmp_swarm][i] = 0.0; afl->eff_best[tmp_swarm][j] = 0.0;
} }
for (i = 0; i < operator_num; ++i) { for (j = 0; j < operator_num; ++j) {
afl->stage_cycles_puppet_v2[tmp_swarm][i] = afl->stage_cycles_puppet_v2[tmp_swarm][j] =
afl->stage_cycles_puppet[tmp_swarm][i]; afl->stage_cycles_puppet[tmp_swarm][j];
afl->stage_finds_puppet_v2[tmp_swarm][i] = afl->stage_finds_puppet_v2[tmp_swarm][j] =
afl->stage_finds_puppet[tmp_swarm][i]; afl->stage_finds_puppet[tmp_swarm][j];
afl->x_now[tmp_swarm][i] = afl->x_now[tmp_swarm][j] =
afl->x_now[tmp_swarm][i] / total_puppet_temp; afl->x_now[tmp_swarm][j] / total_puppet_temp;
} }
double x_temp = 0.0; double x_temp = 0.0;
for (i = 0; i < operator_num; ++i) { for (j = 0; j < operator_num; ++j) {
afl->probability_now[tmp_swarm][i] = 0.0; afl->probability_now[tmp_swarm][j] = 0.0;
afl->v_now[tmp_swarm][i] = afl->v_now[tmp_swarm][j] =
afl->w_now * afl->v_now[tmp_swarm][i] + afl->w_now * afl->v_now[tmp_swarm][j] +
RAND_C * RAND_C *
(afl->L_best[tmp_swarm][i] - afl->x_now[tmp_swarm][i]) + (afl->L_best[tmp_swarm][j] - afl->x_now[tmp_swarm][j]) +
RAND_C * (afl->G_best[i] - afl->x_now[tmp_swarm][i]); RAND_C * (afl->G_best[j] - afl->x_now[tmp_swarm][j]);
afl->x_now[tmp_swarm][i] += afl->v_now[tmp_swarm][i]; afl->x_now[tmp_swarm][j] += afl->v_now[tmp_swarm][j];
if (afl->x_now[tmp_swarm][i] > v_max) { if (afl->x_now[tmp_swarm][j] > v_max) {
afl->x_now[tmp_swarm][i] = v_max; afl->x_now[tmp_swarm][j] = v_max;
} else if (afl->x_now[tmp_swarm][i] < v_min) { } else if (afl->x_now[tmp_swarm][j] < v_min) {
afl->x_now[tmp_swarm][i] = v_min; afl->x_now[tmp_swarm][j] = v_min;
} }
x_temp += afl->x_now[tmp_swarm][i]; x_temp += afl->x_now[tmp_swarm][j];
} }
for (i = 0; i < operator_num; ++i) { for (j = 0; j < operator_num; ++j) {
afl->x_now[tmp_swarm][i] = afl->x_now[tmp_swarm][i] / x_temp; afl->x_now[tmp_swarm][j] = afl->x_now[tmp_swarm][j] / x_temp;
if (likely(i != 0)) { if (likely(j != 0)) {
afl->probability_now[tmp_swarm][i] = afl->probability_now[tmp_swarm][j] =
afl->probability_now[tmp_swarm][i - 1] + afl->probability_now[tmp_swarm][j - 1] +
afl->x_now[tmp_swarm][i]; afl->x_now[tmp_swarm][j];
} else { } else {
afl->probability_now[tmp_swarm][i] = afl->x_now[tmp_swarm][i]; afl->probability_now[tmp_swarm][j] = afl->x_now[tmp_swarm][j];
} }
@ -789,13 +789,13 @@ int main(int argc, char **argv_orig, char **envp) {
} }
for (i = 0; i < operator_num; ++i) { for (j = 0; j < operator_num; ++j) {
afl->core_operator_finds_puppet[i] = 0; afl->core_operator_finds_puppet[j] = 0;
afl->core_operator_finds_puppet_v2[i] = 0; afl->core_operator_finds_puppet_v2[j] = 0;
afl->core_operator_cycles_puppet[i] = 0; afl->core_operator_cycles_puppet[j] = 0;
afl->core_operator_cycles_puppet_v2[i] = 0; afl->core_operator_cycles_puppet_v2[j] = 0;
afl->core_operator_cycles_puppet_v3[i] = 0; afl->core_operator_cycles_puppet_v3[j] = 0;
} }
@ -1010,10 +1010,10 @@ int main(int argc, char **argv_orig, char **envp) {
u8 *afl_preload = getenv("AFL_PRELOAD"); u8 *afl_preload = getenv("AFL_PRELOAD");
u8 *buf; u8 *buf;
s32 i, afl_preload_size = strlen(afl_preload); s32 j, afl_preload_size = strlen(afl_preload);
for (i = 0; i < afl_preload_size; ++i) { for (j = 0; j < afl_preload_size; ++j) {
if (afl_preload[i] == ',') { if (afl_preload[j] == ',') {
PFATAL( PFATAL(
"Comma (',') is not allowed in AFL_PRELOAD when -Q is " "Comma (',') is not allowed in AFL_PRELOAD when -Q is "
@ -1188,10 +1188,10 @@ int main(int argc, char **argv_orig, char **envp) {
if (!afl->fsrv.out_file) { if (!afl->fsrv.out_file) {
u32 i = optind + 1; u32 j = optind + 1;
while (argv[i]) { while (argv[j]) {
u8 *aa_loc = strstr(argv[i], "@@"); u8 *aa_loc = strstr(argv[j], "@@");
if (aa_loc && !afl->fsrv.out_file) { if (aa_loc && !afl->fsrv.out_file) {
@ -1214,7 +1214,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
++i; ++j;
} }