ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 04:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc updates

Browse Source
This commit is contained in:
van Hauser
2020-07-16 20:24:01 +02:00
parent 6513bca07e
commit 67d58e2437
4 changed files with 58 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
llvm_mode/README.lto.md
View File

@ -125,10 +125,9 @@ NOTE: some targets also need to set the linker, try both `afl-clang-lto` and
## AUTODICTIONARY feature
Setting `AFL_LLVM_LTO_AUTODICTIONARY` will generate a dictionary in the
target binary based on string compare and memory compare functions.
afl-fuzz will automatically get these transmitted when starting to fuzz.
This improves coverage on a lot of targets.
While compiling, automatically a dictionary based on string comparisons is
generated put into the target binary. This dictionary is transfered to afl-fuzz
on start. This improves coverage statistically by 5-10% :)
## Fixed memory map
@ -147,6 +146,8 @@ Some targets are difficult because the configure script does unusual stuff that
is unexpected for afl. See the next chapter `Potential issues` how to solve
these.
### Example: ffmpeg
An example of a hard to solve target is ffmpeg. Here is how to successfully
instrument it:
@ -186,6 +187,31 @@ instrument it:
4. Then type make, wait for a long time and you are done :)
### Example: WebKit jsc
Building jsc is difficult as the build script has bugs.
1. checkout Webkit:
```
svn checkout https://svn.webkit.org/repository/webkit/trunk WebKit
cd WebKit
```
2. Fix the build environment:
```
mkdir -p WebKitBuild/Release
cd WebKitBuild/Release
ln -s ../../../../../usr/bin/llvm-ar-11 llvm-ar-11
ln -s ../../../../../usr/bin/llvm-ranlib-11 llvm-ranlib-11
cd ../..
```
3. Build :)
```
Tools/Scripts/build-jsc --jsc-only --cli --cmakeargs="-DCMAKE_AR='llvm-ar-11' -DCMAKE_RANLIB='llvm-ranlib-11' -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DCMAKE_CC_FLAGS='-O3 -lrt' -DCMAKE_CXX_FLAGS='-O3 -lrt' -DIMPORTED_LOCATION='/lib/x86_64-linux-gnu/' -DCMAKE_CC=afl-clang-lto -DCMAKE_CXX=afl-clang-lto++ -DENABLE_STATIC_JSC=ON"
```
## Potential issues
### compiling libraries fails

21
llvm_mode/afl-clang-fast.c
View File

@ -768,9 +768,19 @@ int main(int argc, char **argv, char **envp) {
#if LLVM_VERSION_MAJOR <= 6
instrument_mode = INSTRUMENT_AFL;
#else
if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST"))
if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST")) {
instrument_mode = INSTRUMENT_AFL;
else
WARNF(
"switching to classic instrumentation because "
"AFL_LLVM_INSTRUMENT_FILE does not work with PCGUARD. Use "
"-fsanitize-coverage-allowlist=allowlist.txt if you want to use "
"PCGUARD. See "
"https://clang.llvm.org/docs/"
"SanitizerCoverage.html#partially-disabling-instrumentation");
} else
instrument_mode = INSTRUMENT_PCGUARD;
#endif
@ -818,9 +828,12 @@ int main(int argc, char **argv, char **envp) {
if (instrument_mode == INSTRUMENT_PCGUARD &&
(getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST")))
WARNF(
FATAL(
"Instrumentation type PCGUARD does not support "
"AFL_LLVM_INSTRUMENT_FILE!");
"AFL_LLVM_INSTRUMENT_FILE! Use "
"-fsanitize-coverage-allowlist=allowlist.txt instead, see "
"https://clang.llvm.org/docs/"
"SanitizerCoverage.html#partially-disabling-instrumentation");
if (argc < 2 || strcmp(argv[1], "-h") == 0) {