ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 12:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

new gcc_plugin integration

Browse Source
This commit is contained in:
van Hauser
2020-09-08 16:15:31 +02:00
parent 3890225c35
commit c091340a85
5 changed files with 44 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
GNUmakefile.llvm
View File

@ -229,7 +229,7 @@ CFLAGS_SAFE := -Wall -g -Wno-pointer-sign -I ./include/ -I ./instrumentation
-DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \ -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \
-DLLVM_BINDIR=\"$(LLVM_BINDIR)\" -DVERSION=\"$(VERSION)\" \ -DLLVM_BINDIR=\"$(LLVM_BINDIR)\" -DVERSION=\"$(VERSION)\" \
-DLLVM_LIBDIR=\"$(LLVM_LIBDIR)\" -DLLVM_VERSION=\"$(LLVMVER)\" \ -DLLVM_LIBDIR=\"$(LLVM_LIBDIR)\" -DLLVM_VERSION=\"$(LLVMVER)\" \
-DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" \ -Wno-deprecated -DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" \
-DAFL_REAL_LD=\"$(AFL_REAL_LD)\" \ -DAFL_REAL_LD=\"$(AFL_REAL_LD)\" \
-DAFL_CLANG_LDPATH=\"$(AFL_CLANG_LDPATH)\" \ -DAFL_CLANG_LDPATH=\"$(AFL_CLANG_LDPATH)\" \
-DAFL_CLANG_FUSELD=\"$(AFL_CLANG_FUSELD)\" \ -DAFL_CLANG_FUSELD=\"$(AFL_CLANG_FUSELD)\" \

2
README.md
View File

@ -31,6 +31,8 @@ behaviours:
only one compiler: afl-cc. All previous compilers now symlink to this one only one compiler: afl-cc. All previous compilers now symlink to this one
compiler. All instrumentation source code is now in the `instrumentation/` compiler. All instrumentation source code is now in the `instrumentation/`
folder. folder.
* The gcc_plugin was replaced with a new version submitted by AdaCore, that
supports more features, thank you!
* qemu_mode got upgraded to QEMU 5.1, but to be able to build this a current * qemu_mode got upgraded to QEMU 5.1, but to be able to build this a current
ninja build tool version and python3 setuptools are required. ninja build tool version and python3 setuptools are required.
qemu_mode also got new options like snapshotting, instrumenting specific qemu_mode also got new options like snapshotting, instrumenting specific

2
docs/Changelog.md
View File

@ -25,6 +25,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
skipped. They are used for splicing though. skipped. They are used for splicing though.
- set the default power schedule to the superiour "seek" schedule - set the default power schedule to the superiour "seek" schedule
- instrumentation - instrumentation
- We received an enhanced gcc_plugin module from AdaCore, thank you
very much!!
- not overriding -Ox or -fno-unroll-loops anymore - not overriding -Ox or -fno-unroll-loops anymore
- new llvm pass: dict2file via AFL_LLVM_DICT2FILE, create afl-fuzz - new llvm pass: dict2file via AFL_LLVM_DICT2FILE, create afl-fuzz
-x dictionary of string comparisons found during compilation -x dictionary of string comparisons found during compilation

2
docs/INSTALL.md
View File

@ -28,7 +28,7 @@ If you are using clang, please review README.llvm.md; the LLVM
integration mode can offer substantial performance gains compared to the integration mode can offer substantial performance gains compared to the
traditional approach. traditional approach.
Likewise, if you are using GCC, please review gcc_plugin/README.md. Likewise, if you are using GCC, please review instrumentation/README.gcc_plugin.md.
You may have to change several settings to get optimal results (most notably, You may have to change several settings to get optimal results (most notably,
disable crash reporting utilities and switch to a different CPU governor), but disable crash reporting utilities and switch to a different CPU governor), but

66
src/afl-cc.c
View File

@ -1196,7 +1196,7 @@ int main(int argc, char **argv, char **envp) {
" - NGRAM-{2-16}\n" " - NGRAM-{2-16}\n"
" [GCC_PLUGIN] gcc plugin: %s%s\n" " [GCC_PLUGIN] gcc plugin: %s%s\n"
" CLASSIC DEFAULT no yes yes no no no " " CLASSIC DEFAULT no yes yes no no no "
" simple\n" " yes\n"
" [GCC] simple gcc: %s%s\n" " [GCC] simple gcc: %s%s\n"
" CLASSIC DEFAULT no no no no no no " " CLASSIC DEFAULT no no no no no no "
" no\n\n", " no\n\n",
@ -1270,8 +1270,29 @@ int main(int argc, char **argv, char **envp) {
" AFL_CXX: path to the C++ compiler to use\n" " AFL_CXX: path to the C++ compiler to use\n"
" AFL_DEBUG: enable developer debugging output\n" " AFL_DEBUG: enable developer debugging output\n"
" AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" " AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n"
" AFL_HARDEN: adds code hardening to catch memory bugs\n" " AFL_NO_BUILTIN: no builtins for string compare functions (for "
"libtokencap.so)\n"
" AFL_PATH: path to instrumenting pass and runtime "
"(afl-compiler-rt.*o)\n"
" AFL_INST_RATIO: percentage of branches to instrument\n" " AFL_INST_RATIO: percentage of branches to instrument\n"
" AFL_QUIET: suppress verbose output\n"
" AFL_HARDEN: adds code hardening to catch memory bugs\n"
" AFL_USE_ASAN: activate address sanitizer\n"
" AFL_USE_CFISAN: activate control flow sanitizer\n"
" AFL_USE_MSAN: activate memory sanitizer\n"
" AFL_USE_UBSAN: activate undefined behaviour sanitizer\n");
if (have_gcc_plugin)
SAYF(
"\nGCC Plugin-specific environment variables:\n"
" AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n"
" AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n"
" AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by filename\n");
if (have_llvm)
SAYF(
"\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment "
"variables:\n"
#if LLVM_MAJOR < 9 #if LLVM_MAJOR < 9
" AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n" " AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n"
#else #else
@ -1288,25 +1309,13 @@ int main(int argc, char **argv, char **envp) {
"functions\n" "functions\n"
" AFL_LLVM_INSTRUMENT_ALLOW/AFL_LLVM_INSTRUMENT_DENY: enable " " AFL_LLVM_INSTRUMENT_ALLOW/AFL_LLVM_INSTRUMENT_DENY: enable "
"instrument allow/\n" "instrument allow/\n"
" deny listing (selective instrumentation)\n" " deny listing (selective instrumentation)\n");
" AFL_NO_BUILTIN: no builtins for string compare functions (for "
"libtokencap.so)\n"
" AFL_PATH: path to instrumenting pass and runtime "
"(afl-compiler-rt.*o)\n"
" AFL_LLVM_DOCUMENT_IDS: document edge IDs given to which function "
"(LTO only)\n"
" AFL_QUIET: suppress verbose output\n"
" AFL_USE_ASAN: activate address sanitizer\n"
" AFL_USE_CFISAN: activate control flow sanitizer\n"
" AFL_USE_MSAN: activate memory sanitizer\n"
" AFL_USE_UBSAN: activate undefined behaviour sanitizer\n");
if (have_llvm)
SAYF( SAYF(
"\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment "
"variables:\n"
" AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n" " AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n"
" AFL_LLVM_INSTRUMENT: set instrumentation mode: CLASSIC, INSTRIM, " " AFL_LLVM_INSTRUMENT: set instrumentation mode:\n"
"PCGUARD, LTO, CTX, NGRAM-2 ... NGRAM-16\n" " CLASSIC, INSTRIM, PCGUARD, LTO, CTX, NGRAM-2 ... NGRAM-16\n"
" You can also use the old environment variables instead:\n" " You can also use the old environment variables instead:\n"
" AFL_LLVM_USE_TRACE_PC: use LLVM trace-pc-guard instrumentation\n" " AFL_LLVM_USE_TRACE_PC: use LLVM trace-pc-guard instrumentation\n"
" AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n" " AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n"
@ -1315,36 +1324,27 @@ int main(int argc, char **argv, char **envp) {
" AFL_LLVM_CTX: use context sensitive coverage (for CLASSIC and " " AFL_LLVM_CTX: use context sensitive coverage (for CLASSIC and "
"INSTRIM)\n" "INSTRIM)\n"
" AFL_LLVM_NGRAM_SIZE: use ngram prev_loc count coverage (for " " AFL_LLVM_NGRAM_SIZE: use ngram prev_loc count coverage (for "
"CLASSIC and INSTRIM)\n"); "CLASSIC & INSTRIM)\n");
#ifdef AFL_CLANG_FLTO #ifdef AFL_CLANG_FLTO
if (have_lto)
SAYF( SAYF(
"\nLTO/afl-clang-lto specific environment variables:\n" "\nLTO/afl-clang-lto specific environment variables:\n"
" AFL_LLVM_MAP_ADDR: use a fixed coverage map address (speed), e.g. " " AFL_LLVM_MAP_ADDR: use a fixed coverage map address (speed), e.g. "
"0x10000\n" "0x10000\n"
"AFL_LLVM_DOCUMENT_IDS: write all edge IDs and the corresponding " " AFL_LLVM_DOCUMENT_IDS: write all edge IDs and the corresponding functions\n"
"functions they are in into this file\n" " into this file\n"
" AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a " " AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a "
"global var\n" "global var\n"
" AFL_LLVM_LTO_STARTID: from which ID to start counting from for a " " AFL_LLVM_LTO_STARTID: from which ID to start counting from for a "
"bb\n" "bb\n"
" AFL_REAL_LD: use this lld linker instead of the compiled in path\n" " AFL_REAL_LD: use this lld linker instead of the compiled in path\n"
"\nafl-clang-lto was built with linker target \"%s\" and LTO flags " "If anything fails - be sure to read README.lto.md!\n");
"\"%s\"\n"
"If anything fails - be sure to read README.lto.md!\n",
AFL_REAL_LD, AFL_CLANG_FLTO);
#endif #endif
SAYF(
"\nGCC Plugin-specific environment variables:\n"
"AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n"
"AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n"
"AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by "
"filename\n");
} }
SAYF( SAYF(
"For any information on the available instrumentations and options " "\nFor any information on the available instrumentations and options "
"please \n" "please \n"
"consult the README.md, especially section 3.1 about instrumenting " "consult the README.md, especially section 3.1 about instrumenting "
"targets.\n\n"); "targets.\n\n");