fix lto single block and no zero

docs/Changelog.md

@@ -28,6 +28,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
             as it is always better
      - LTO: env var AFL_LLVM_DOCUMENT_IDS=file will document which edge ID
             was given to which function during compilation
+     - LTO: single block functions were not implemented by default, fixed
+     - LTO: AFL_LLVM_SKIP_NEVERZERO behaviour was inversed, fixed
      - setting AFL_LLVM_LAF_SPLIT_FLOATS now activates
        AFL_LLVM_LAF_SPLIT_COMPARES
   - added honggfuzz mangle as a custom mutator in custom_mutators/honggfuzz

examples/persistent_demo/persistent_demo_new.c

@@ -30,13 +30,16 @@
 
 /* this lets the source compile without afl-clang-fast/lto */
 #ifndef __AFL_FUZZ_TESTCASE_LEN
-  ssize_t fuzz_len;
-  #define __AFL_FUZZ_TESTCASE_LEN fuzz_len
+
+  ssize_t       fuzz_len;
   unsigned char fuzz_buf[1024000];
+
+  #define __AFL_FUZZ_TESTCASE_LEN fuzz_len
   #define __AFL_FUZZ_TESTCASE_BUF fuzz_buf
   #define __AFL_FUZZ_INIT() void sync(void);
   #define __AFL_LOOP(x) ((fuzz_len = read(0, fuzz_buf, sizeof(fuzz_buf))) > 0 ?
-  #define __AFL_INIT() sync() 
+  #define __AFL_INIT() sync()
+
 #endif
 
 __AFL_FUZZ_INIT();

llvm_mode/afl-clang-fast.c

@@ -162,7 +162,7 @@ static void find_obj(u8 *argv0) {
 static void edit_params(u32 argc, char **argv, char **envp) {
 
   u8  fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0;
-  u8  have_pic = 0, have_s = 0, have_c = 0, have_shared = 0;
+  u8  have_pic = 0;
   u8 *name;
 
   cc_params = ck_alloc((argc + 128) * sizeof(u8 *));
@@ -369,15 +369,11 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
     for (idx = 1; idx < argc; idx++) {
 
-      if (!strncmp(argv[idx], "-shared", 7)) have_shared = 1;
-      if (!strcmp(argv[idx], "-S")) have_s = 1;
-      if (!strcmp(argv[idx], "-c")) have_c = 1;
       if (!strncasecmp(argv[idx], "-fpic", 5)) have_pic = 1;
 
     }
 
     if (!have_pic) cc_params[cc_par_cnt++] = "-fPIC";
-    // if (!have_shared && (have_s || have_c)) cc_params[cc_par_cnt++] = "-shared";
 
   }
 
@@ -527,9 +523,12 @@ static void edit_params(u32 argc, char **argv, char **envp) {
       "unsigned char __afl_fuzz_alt[1024000];"
       "unsigned char *__afl_fuzz_alt_ptr = __afl_fuzz_alt;";
   cc_params[cc_par_cnt++] =
-      "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : __afl_fuzz_alt_ptr)";
+      "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : "
+      "__afl_fuzz_alt_ptr)";
   cc_params[cc_par_cnt++] =
-      "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : (*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1024000)) == 0xffffffff ? 0 : *__afl_fuzz_len)";
+      "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : "
+      "(*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1024000)) == 0xffffffff "
+      "? 0 : *__afl_fuzz_len)";
 
   cc_params[cc_par_cnt++] =
       "-D__AFL_LOOP(_A)="

llvm_mode/afl-llvm-lto-instrim.so.cc

@@ -701,7 +701,7 @@ struct InsTrimLTO : public ModulePass {
 
         Value *Incr = IRB.CreateAdd(Counter, One);
 
-        if (skip_nozero) {
+        if (skip_nozero == NULL) {
 
           auto cf = IRB.CreateICmpEQ(Incr, Zero);
           auto carry = IRB.CreateZExt(cf, Int8Ty);

llvm_mode/afl-llvm-lto-instrumentation.so.cc

@@ -130,9 +130,7 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
   if (getenv("AFL_LLVM_MAP_DYNAMIC")) map_addr = 0;
 
-  if (getenv("AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK") ||
-      getenv("AFL_LLVM_SKIPSINGLEBLOCK"))
-    function_minimum_size = 2;
+  if (getenv("AFL_LLVM_SKIPSINGLEBLOCK")) function_minimum_size = 2;
 
   if ((ptr = getenv("AFL_LLVM_MAP_ADDR"))) {
 
@@ -540,6 +538,8 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
       uint32_t succ = 0;
 
+      if (F.size() == 1) InsBlocks.push_back(&BB);
+
       for (succ_iterator SI = succ_begin(&BB), SE = succ_end(&BB); SI != SE;
            ++SI)
         if ((*SI)->size() > 0) succ++;
@@ -558,9 +558,12 @@ bool AFLLTOPass::runOnModule(Module &M) {
       do {
 
         --i;
+        BasicBlock *              newBB;
         BasicBlock *              origBB = &(*InsBlocks[i]);
         std::vector<BasicBlock *> Successors;
         Instruction *             TI = origBB->getTerminator();
+        uint32_t                  fs = origBB->getParent()->size();
+        uint32_t                  countto;
 
         for (succ_iterator SI = succ_begin(origBB), SE = succ_end(origBB);
              SI != SE; ++SI) {
@@ -570,15 +573,25 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
         }
 
-        if (TI == NULL || TI->getNumSuccessors() < 2) continue;
+        if (fs == 1) {
+
+          newBB = origBB;
+          countto = 1;
+
+        } else {
+
+          if (TI == NULL || TI->getNumSuccessors() < 2) continue;
+          countto = Successors.size();
+
+        }
 
         // if (Successors.size() != TI->getNumSuccessors())
         //  FATAL("Different successor numbers %lu <-> %u\n", Successors.size(),
         //        TI->getNumSuccessors());
 
-        for (uint32_t j = 0; j < Successors.size(); j++) {
+        for (uint32_t j = 0; j < countto; j++) {
 
-          BasicBlock *newBB = llvm::SplitEdge(origBB, Successors[j]);
+          if (fs != 1) newBB = llvm::SplitEdge(origBB, Successors[j]);
 
           if (!newBB) {
 
@@ -589,8 +602,7 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
           if (documentFile) {
 
-            fprintf(documentFile, "%s %u\n",
-                    origBB->getParent()->getName().str().c_str(),
+            fprintf(documentFile, "%s %u\n", F.getName().str().c_str(),
                     afl_global_id);
 
           }
@@ -627,7 +639,7 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
           Value *Incr = IRB.CreateAdd(Counter, One);
 
-          if (skip_nozero) {
+          if (skip_nozero == NULL) {
 
             auto cf = IRB.CreateICmpEQ(Incr, Zero);
             auto carry = IRB.CreateZExt(cf, Int8Ty);