mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 02:58:08 +00:00
adding ctor function skipping in LTO fixed map mode
This commit is contained in:
van Hauser
@ -30,6 +30,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
|
||||
reporting)
|
||||
- LTO: switch default to the dynamic memory map, set AFL_LLVM_MAP_ADDR
|
||||
for a fixed map address (eg. 0x10000)
|
||||
- LTO: skipping ctors and ifuncs in fix map address instrumentation
|
||||
- LTO: autodictionary mode is a default
|
||||
- LTO: instrim instrumentation disabled, only classic support used
|
||||
as it is always better
|
||||
|
||||
@ -218,43 +218,43 @@
|
||||
|
||||
/* Die with a verbose non-OS fatal error message. */
|
||||
|
||||
#define FATAL(x...) \
|
||||
do { \
|
||||
\
|
||||
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
|
||||
"\n[-] PROGRAM ABORT : " cRST x); \
|
||||
#define FATAL(x...) \
|
||||
do { \
|
||||
\
|
||||
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
|
||||
"\n[-] PROGRAM ABORT : " cRST x); \
|
||||
SAYF(cLRD "\n Location : " cRST "%s(), %s:%u\n\n", __func__, \
|
||||
__FILE__, __LINE__); \
|
||||
exit(1); \
|
||||
\
|
||||
__FILE__, __LINE__); \
|
||||
exit(1); \
|
||||
\
|
||||
} while (0)
|
||||
|
||||
/* Die by calling abort() to provide a core dump. */
|
||||
|
||||
#define ABORT(x...) \
|
||||
do { \
|
||||
\
|
||||
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
|
||||
"\n[-] PROGRAM ABORT : " cRST x); \
|
||||
#define ABORT(x...) \
|
||||
do { \
|
||||
\
|
||||
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
|
||||
"\n[-] PROGRAM ABORT : " cRST x); \
|
||||
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n\n", __func__, \
|
||||
__FILE__, __LINE__); \
|
||||
abort(); \
|
||||
\
|
||||
__FILE__, __LINE__); \
|
||||
abort(); \
|
||||
\
|
||||
} while (0)
|
||||
|
||||
/* Die while also including the output of perror(). */
|
||||
|
||||
#define PFATAL(x...) \
|
||||
do { \
|
||||
\
|
||||
fflush(stdout); \
|
||||
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
|
||||
"\n[-] SYSTEM ERROR : " cRST x); \
|
||||
#define PFATAL(x...) \
|
||||
do { \
|
||||
\
|
||||
fflush(stdout); \
|
||||
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
|
||||
"\n[-] SYSTEM ERROR : " cRST x); \
|
||||
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n", __func__, \
|
||||
__FILE__, __LINE__); \
|
||||
SAYF(cLRD " OS message : " cRST "%s\n", strerror(errno)); \
|
||||
exit(1); \
|
||||
\
|
||||
__FILE__, __LINE__); \
|
||||
SAYF(cLRD " OS message : " cRST "%s\n", strerror(errno)); \
|
||||
exit(1); \
|
||||
\
|
||||
} while (0)
|
||||
|
||||
/* Die with FATAL() or PFATAL() depending on the value of res (used to
|
||||
|
||||
@ -224,22 +224,70 @@ bool AFLLTOPass::runOnModule(Module &M) {
|
||||
if (map_addr) {
|
||||
|
||||
for (GlobalIFunc &IF : M.ifuncs()) {
|
||||
|
||||
|
||||
StringRef ifunc_name = IF.getName();
|
||||
Constant *r = IF.getResolver();
|
||||
StringRef r_name = cast<Function>(r->getOperand(0))->getName();
|
||||
if (!be_quiet)
|
||||
fprintf(stderr, "Found an ifunc with name %s that points to resolver function %s, we cannot instrument this, putting it into a block list.\n",
|
||||
fprintf(stderr,
|
||||
"Warning: Found an ifunc with name %s that points to resolver "
|
||||
"function %s, we cannot instrument this, putting it into a "
|
||||
"block list.\n",
|
||||
ifunc_name.str().c_str(), r_name.str().c_str());
|
||||
|
||||
module_block_list.push_back(r_name.str());
|
||||
|
||||
}
|
||||
|
||||
// next up: ctors run before __afl_init()
|
||||
|
||||
// TODO
|
||||
GlobalVariable *GV = M.getNamedGlobal("llvm.global_ctors");
|
||||
if (GV && !GV->isDeclaration() && !GV->hasLocalLinkage()) {
|
||||
|
||||
ConstantArray *InitList = dyn_cast<ConstantArray>(GV->getInitializer());
|
||||
|
||||
if (InitList) {
|
||||
|
||||
for (unsigned i = 0, e = InitList->getNumOperands(); i != e; ++i) {
|
||||
|
||||
if (ConstantStruct *CS =
|
||||
dyn_cast<ConstantStruct>(InitList->getOperand(i))) {
|
||||
|
||||
if (CS->getNumOperands() >= 2) {
|
||||
|
||||
if (CS->getOperand(1)->isNullValue())
|
||||
break; // Found a null terminator, stop here.
|
||||
|
||||
ConstantInt *CI = dyn_cast<ConstantInt>(CS->getOperand(0));
|
||||
int Priority = CI ? CI->getSExtValue() : 0;
|
||||
|
||||
Constant *FP = CS->getOperand(1);
|
||||
if (ConstantExpr *CE = dyn_cast<ConstantExpr>(FP))
|
||||
if (CE->isCast()) FP = CE->getOperand(0);
|
||||
if (Function *F = dyn_cast<Function>(FP)) {
|
||||
|
||||
if (!F->isDeclaration() &&
|
||||
strncmp(F->getName().str().c_str(), "__afl", 5) != 0 &&
|
||||
Priority <= 5) {
|
||||
|
||||
if (!be_quiet)
|
||||
fprintf(stderr,
|
||||
"Warning: Found constructor function %s with prio "
|
||||
"%u, we cannot instrument this, putting it into a "
|
||||
"block list.\n",
|
||||
F->getName().str().c_str(), Priority);
|
||||
module_block_list.push_back(F->getName().str());
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -260,21 +308,23 @@ bool AFLLTOPass::runOnModule(Module &M) {
|
||||
if (isIgnoreFunction(&F)) continue;
|
||||
|
||||
if (module_block_list.size()) {
|
||||
|
||||
|
||||
for (auto bname : module_block_list) {
|
||||
|
||||
std::string fname = F.getName().str();
|
||||
|
||||
if (fname.compare(bname) == 0) {
|
||||
|
||||
|
||||
if (!be_quiet)
|
||||
WARNF("Skipping instrumentation of ifunc resolver function %s",
|
||||
fname.c_str());
|
||||
|
||||
WARNF(
|
||||
"Skipping instrumentation of dangerous early running function "
|
||||
"%s",
|
||||
fname.c_str());
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
// the instrument file list check
|
||||
|
||||
Reference in New Issue
Block a user