ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-07 07:41:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix fcmp + icmp for vectors

Browse Source
This commit is contained in:
vanhauser-thc 2025-05-09 17:07:54 +02:00
parent 406e4880c7
commit 977e08cda1
1 changed files with 66 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
instrumentation/SanitizerCoveragePCGUARD.so.cc
View File

@ -13,6 +13,7 @@
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h" #include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
// #include "llvm/IR/Verifier.h"
#if LLVM_VERSION_MAJOR >= 15 #if LLVM_VERSION_MAJOR >= 15
#if LLVM_VERSION_MAJOR < 17 #if LLVM_VERSION_MAJOR < 17
#include "llvm/ADT/Triple.h" #include "llvm/ADT/Triple.h"
@ -506,8 +507,8 @@ bool ModuleSanitizerCoverageAFL::instrumentModule(
getenv("AFL_USE_CFISAN") ? ", CFISAN" : "", getenv("AFL_USE_CFISAN") ? ", CFISAN" : "",
getenv("AFL_USE_UBSAN") ? ", UBSAN" : ""); getenv("AFL_USE_UBSAN") ? ", UBSAN" : "");
OKF("Instrumented %u locations with no collisions (%s mode) of which are " OKF("Instrumented %u locations with no collisions (%s mode) of which are "
"%u handled, %u hidden and %u unhandled selects.", "%u handled and %u unhandled special instructions.",
instr, modeline, selects, hidden, unhandled); instr, modeline, selects + hidden, unhandled);
} }
@ -852,6 +853,8 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
block_is_instrumented = true; block_is_instrumented = true;
SelectInst *selectInst; SelectInst *selectInst;
ICmpInst *icmp;
FCmpInst *fcmp;
// PHINode *phiInst; // PHINode *phiInst;
// errs() << "IN: " << *(&IN) << "\n"; // errs() << "IN: " << *(&IN) << "\n";
@ -862,7 +865,33 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
} else*/ } else*/
if ((selectInst = dyn_cast<SelectInst>(&IN))) { if ((icmp = dyn_cast<ICmpInst>(&IN))) {
if (icmp->getType()->isIntegerTy(1)) {
cnt_sel++;
cnt_sel_inc += 2;
} else {
unhandled++;
}
} else if ((fcmp = dyn_cast<FCmpInst>(&IN))) {
if (fcmp->getType()->isIntegerTy(1)) {
cnt_sel++;
cnt_sel_inc += 2;
} else {
unhandled++;
}
} else if ((selectInst = dyn_cast<SelectInst>(&IN))) {
Value *c = selectInst->getCondition(); Value *c = selectInst->getCondition();
auto t = c->getType(); auto t = c->getType();
@ -891,12 +920,12 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
} }
} else { } /*else {
cnt_hidden_sel++; cnt_hidden_sel++;
cnt_hidden_sel_inc += 2; cnt_hidden_sel_inc += 2;
} }*/
} }
@ -1015,6 +1044,8 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
if ((icmp = dyn_cast<ICmpInst>(&IN))) { if ((icmp = dyn_cast<ICmpInst>(&IN))) {
if (!icmp->getType()->isIntegerTy(1)) { continue; }
if (skip_icmp) { if (skip_icmp) {
skip_icmp--; skip_icmp--;
@ -1023,21 +1054,15 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
} }
auto res = icmp; auto res = icmp;
auto GuardPtr1 = IRB.CreateIntToPtr( auto GuardPtr1 = IRB.CreateInBoundsGEP(
IRB.CreateAdd( FunctionGuardArray->getValueType(), FunctionGuardArray,
IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), {IRB.getInt64(0),
ConstantInt::get( IRB.getInt32((cnt_cov + local_selects++ + AllBlocks.size()))});
IntptrTy,
(cnt_cov + local_selects++ + AllBlocks.size()) * 4)),
Int32PtrTy);
auto GuardPtr2 = IRB.CreateIntToPtr( auto GuardPtr2 = IRB.CreateInBoundsGEP(
IRB.CreateAdd( FunctionGuardArray->getValueType(), FunctionGuardArray,
IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), {IRB.getInt64(0),
ConstantInt::get( IRB.getInt32((cnt_cov + local_selects++ + AllBlocks.size()))});
IntptrTy,
(cnt_cov + local_selects++ + AllBlocks.size()) * 4)),
Int32PtrTy);
result = IRB.CreateSelect(res, GuardPtr1, GuardPtr2); result = IRB.CreateSelect(res, GuardPtr1, GuardPtr2);
skip_select = 1; skip_select = 1;
@ -1045,22 +1070,18 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
} else if ((fcmp = dyn_cast<FCmpInst>(&IN))) { } else if ((fcmp = dyn_cast<FCmpInst>(&IN))) {
auto res = fcmp; if (!icmp->getType()->isIntegerTy(1)) { continue; }
auto GuardPtr1 = IRB.CreateIntToPtr(
IRB.CreateAdd(
IRB.CreatePointerCast(FunctionGuardArray, IntptrTy),
ConstantInt::get(
IntptrTy,
(cnt_cov + local_selects++ + AllBlocks.size()) * 4)),
Int32PtrTy);
auto GuardPtr2 = IRB.CreateIntToPtr( auto res = fcmp;
IRB.CreateAdd( auto GuardPtr1 = IRB.CreateInBoundsGEP(
IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), FunctionGuardArray->getValueType(), FunctionGuardArray,
ConstantInt::get( {IRB.getInt64(0),
IntptrTy, IRB.getInt32((cnt_cov + local_selects++ + AllBlocks.size()))});
(cnt_cov + local_selects++ + AllBlocks.size()) * 4)),
Int32PtrTy); auto GuardPtr2 = IRB.CreateInBoundsGEP(
FunctionGuardArray->getValueType(), FunctionGuardArray,
{IRB.getInt64(0),
IRB.getInt32((cnt_cov + local_selects++ + AllBlocks.size()))});
result = IRB.CreateSelect(res, GuardPtr1, GuardPtr2); result = IRB.CreateSelect(res, GuardPtr1, GuardPtr2);
skip_select = 1; skip_select = 1;
@ -1348,6 +1369,17 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
} }
/*
if (verifyFunction(F, &errs())) {
errs() << "Broken function after instrumentation\n";
F.print(errs(), nullptr);
report_fatal_error("Invalid IR");
}
*/
return true; return true;
} }