ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-10 17:21:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #746 from f0rki/cmplog-intcast-fix

Browse Source 
CMPLOG llvm pass: use CreateIntCast to cast to the right integer type
This commit is contained in:
van Hauser 2021-02-16 09:51:31 +01:00 committed by GitHub
commit 686719cdca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 29 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/Changelog.md
View File

@ -49,7 +49,6 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
CLANG for old afl-clang
- fixed a potential crash in the LAF feature
- workaround for llvm 13
- workaround for llvm internal lto bug that lets not bitcast from _ExtInt()
- qemuafl
- QASan (address sanitizer for Qemu) ported to qemuafl!
See qemu_mode/libqasan/README.md

1
include/envs.h
View File

@ -16,7 +16,6 @@ static char *afl_environment_deprecated[] = {
static char *afl_environment_variables[] = {
"_AFL_LTO_COMPILE",
"AFL_ALIGNED_ALLOC",
"AFL_ALLOW_TMP",
"AFL_ANALYZE_HEX",

200
instrumentation/cmplog-instructions-pass.cc
View File

@ -19,12 +19,13 @@
#include <stdlib.h>
#include <unistd.h>
#include <iostream>
#include <list>
#include <string>
#include <fstream>
#include <sys/time.h>
#include "llvm/Config/llvm-config.h"
#include "llvm/Config/llvm-config.h"
#include "llvm/ADT/Statistic.h"
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/LegacyPassManager.h"
@ -113,8 +114,6 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
IntegerType *Int64Ty = IntegerType::getInt64Ty(C);
IntegerType *Int128Ty = IntegerType::getInt128Ty(C);
char *is_lto = getenv("_AFL_LTO_COMPILE");
#if LLVM_VERSION_MAJOR < 9
Constant *
#else
@ -267,20 +266,10 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
unsigned int max_size = Val->getType()->getIntegerBitWidth(), cast_size;
unsigned char do_cast = 0;
if (!SI->getNumCases() || max_size < 16) { continue; }
if (!SI->getNumCases() || max_size < 16 || max_size % 8) {
if (max_size % 8) {
if (is_lto) {
continue; // LTO cannot bitcast from _ExtInt() :(
} else {
max_size = (((max_size / 8) + 1) * 8);
do_cast = 1;
}
// if (!be_quiet) errs() << "skip trivial switch..\n";
continue;
}
@ -297,7 +286,6 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
}
if (is_lto) { continue; } // LTO cannot bitcast _ExtInt() :(
max_size = 128;
do_cast = 1;
@ -314,7 +302,6 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
cast_size = max_size;
break;
default:
if (is_lto) { continue; } // LTO cannot bitcast _ExtInt() :(
cast_size = 128;
do_cast = 1;
@ -323,38 +310,8 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
Value *CompareTo = Val;
if (do_cast) {
ConstantInt *cint = dyn_cast<ConstantInt>(Val);
if (cint) {
uint64_t val = cint->getZExtValue();
// fprintf(stderr, "ConstantInt: %lu\n", val);
switch (cast_size) {
case 8:
CompareTo = ConstantInt::get(Int8Ty, val);
break;
case 16:
CompareTo = ConstantInt::get(Int16Ty, val);
break;
case 32:
CompareTo = ConstantInt::get(Int32Ty, val);
break;
case 64:
CompareTo = ConstantInt::get(Int64Ty, val);
break;
case 128:
CompareTo = ConstantInt::get(Int128Ty, val);
break;
}
} else {
CompareTo = IRB.CreateBitCast(Val, IntegerType::get(C, cast_size));
}
CompareTo =
IRB.CreateIntCast(CompareTo, IntegerType::get(C, cast_size), false);
}
for (SwitchInst::CaseIt i = SI->case_begin(), e = SI->case_end(); i != e;
@ -374,29 +331,8 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
Value *new_param = cint;
if (do_cast) {
uint64_t val = cint->getZExtValue();
// fprintf(stderr, "ConstantInt: %lu\n", val);
switch (cast_size) {
case 8:
new_param = ConstantInt::get(Int8Ty, val);
break;
case 16:
new_param = ConstantInt::get(Int16Ty, val);
break;
case 32:
new_param = ConstantInt::get(Int32Ty, val);
break;
case 64:
new_param = ConstantInt::get(Int64Ty, val);
break;
case 128:
new_param = ConstantInt::get(Int128Ty, val);
break;
}
new_param =
IRB.CreateIntCast(cint, IntegerType::get(C, cast_size), false);
}
if (new_param) {
@ -554,22 +490,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
}
if (!max_size || max_size < 16) { continue; }
if (max_size % 8) {
if (is_lto) {
continue; // LTO cannot bitcast from _ExtInt() :(
} else {
max_size = (((max_size / 8) + 1) * 8);
do_cast = 1;
}
}
if (!max_size || max_size % 8 || max_size < 16) { continue; }
if (max_size > 128) {
@ -581,7 +502,6 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
}
if (is_lto) { continue; } // LTO cannot bitcast from _ExtInt() :(
max_size = 128;
do_cast = 1;
@ -598,94 +518,32 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
cast_size = max_size;
break;
default:
if (is_lto) { continue; } // LTO cannot bitcast from _ExtInt() :(
cast_size = 128;
do_cast = 1;
}
if (do_cast) {
// errs() << "[CMPLOG] cmp " << *cmpInst << "(in function " <<
// cmpInst->getFunction()->getName() << ")\n";
// F*cking LLVM optimized out any kind of bitcasts of ConstantInt values
// creating illegal calls. WTF. So we have to work around this.
// first bitcast to integer type of the same bitsize as the original
// type (this is a nop, if already integer)
Value *op0_i = IRB.CreateBitCast(
op0, IntegerType::get(C, op0->getType()->getPrimitiveSizeInBits()));
// then create a int cast, which does zext, trunc or bitcast. In our case
// usually zext to the next larger supported type (this is a nop if
// already the right type)
Value *V0 =
IRB.CreateIntCast(op0_i, IntegerType::get(C, cast_size), false);
args.push_back(V0);
Value *op1_i = IRB.CreateBitCast(
op1, IntegerType::get(C, op1->getType()->getPrimitiveSizeInBits()));
Value *V1 =
IRB.CreateIntCast(op1_i, IntegerType::get(C, cast_size), false);
args.push_back(V1);
ConstantInt *cint = dyn_cast<ConstantInt>(op0);
if (cint) {
uint64_t val = cint->getZExtValue();
// fprintf(stderr, "ConstantInt: %lu\n", val);
ConstantInt *new_param = NULL;
switch (cast_size) {
case 8:
new_param = ConstantInt::get(Int8Ty, val);
break;
case 16:
new_param = ConstantInt::get(Int16Ty, val);
break;
case 32:
new_param = ConstantInt::get(Int32Ty, val);
break;
case 64:
new_param = ConstantInt::get(Int64Ty, val);
break;
case 128:
new_param = ConstantInt::get(Int128Ty, val);
break;
}
if (!new_param) { continue; }
args.push_back(new_param);
} else {
Value *V0 = IRB.CreateBitCast(op0, IntegerType::get(C, cast_size));
args.push_back(V0);
}
cint = dyn_cast<ConstantInt>(op1);
if (cint) {
uint64_t val = cint->getZExtValue();
ConstantInt *new_param = NULL;
switch (cast_size) {
case 8:
new_param = ConstantInt::get(Int8Ty, val);
break;
case 16:
new_param = ConstantInt::get(Int16Ty, val);
break;
case 32:
new_param = ConstantInt::get(Int32Ty, val);
break;
case 64:
new_param = ConstantInt::get(Int64Ty, val);
break;
case 128:
new_param = ConstantInt::get(Int128Ty, val);
break;
}
if (!new_param) { continue; }
args.push_back(new_param);
} else {
Value *V1 = IRB.CreateBitCast(op1, IntegerType::get(C, cast_size));
args.push_back(V1);
}
} else {
args.push_back(op0);
args.push_back(op1);
}
// errs() << "[CMPLOG] casted parameters:\n0: " << *V0 << "\n1: " << *V1
// << "\n";
ConstantInt *attribute = ConstantInt::get(Int8Ty, attr);
args.push_back(attribute);

5
qemu_mode/libqasan/dlmalloc.c
View File

@ -3917,7 +3917,6 @@ static void internal_malloc_stats(mstate m) {
\
} else if (RTCHECK(B == smallbin_at(M, I) || \
\
\
(ok_address(M, B) && B->fd == P))) { \
\
F->bk = B; \
@ -4129,7 +4128,6 @@ static void internal_malloc_stats(mstate m) {
\
} else \
\
\
CORRUPTION_ERROR_ACTION(M); \
if (R != 0) { \
\
@ -4146,7 +4144,6 @@ static void internal_malloc_stats(mstate m) {
\
} else \
\
\
CORRUPTION_ERROR_ACTION(M); \
\
} \
@ -4159,14 +4156,12 @@ static void internal_malloc_stats(mstate m) {
\
} else \
\
\
CORRUPTION_ERROR_ACTION(M); \
\
} \
\
} else \
\
\
CORRUPTION_ERROR_ACTION(M); \
\
} \

2
src/afl-cc.c
View File

@ -1875,8 +1875,6 @@ int main(int argc, char **argv, char **envp) {
edit_params(argc, argv, envp);
if (lto_mode) { setenv("_AFL_LTO_COMPILE", "1", 1); }
if (debug) {
DEBUGF("cd '%s';", getthecwd());

1
src/afl-fuzz-redqueen.c
View File

@ -1547,7 +1547,6 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
is_n = 1;
}
#endif
for (i = 0; i < loggeds; ++i) {