ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 12:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

new gcc_plugin integration

Browse Source
This commit is contained in:
van Hauser
2020-09-08 16:15:31 +02:00
parent 3890225c35
commit c091340a85
5 changed files with 44 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
GNUmakefile.llvm
View File

@ -229,7 +229,7 @@ CFLAGS_SAFE := -Wall -g -Wno-pointer-sign -I ./include/ -I ./instrumentation
-DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \
-DLLVM_BINDIR=\"$(LLVM_BINDIR)\" -DVERSION=\"$(VERSION)\" \
-DLLVM_LIBDIR=\"$(LLVM_LIBDIR)\" -DLLVM_VERSION=\"$(LLVMVER)\" \
-DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" \
-Wno-deprecated -DAFL_CLANG_FLTO=\"$(AFL_CLANG_FLTO)\" \
-DAFL_REAL_LD=\"$(AFL_REAL_LD)\" \
-DAFL_CLANG_LDPATH=\"$(AFL_CLANG_LDPATH)\" \
-DAFL_CLANG_FUSELD=\"$(AFL_CLANG_FUSELD)\" \

2
README.md
View File

@ -31,6 +31,8 @@ behaviours:
only one compiler: afl-cc. All previous compilers now symlink to this one
compiler. All instrumentation source code is now in the `instrumentation/`
folder.
* The gcc_plugin was replaced with a new version submitted by AdaCore, that
supports more features, thank you!
* qemu_mode got upgraded to QEMU 5.1, but to be able to build this a current
ninja build tool version and python3 setuptools are required.
qemu_mode also got new options like snapshotting, instrumenting specific

2
docs/Changelog.md
View File

@ -25,6 +25,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
skipped. They are used for splicing though.
- set the default power schedule to the superiour "seek" schedule
- instrumentation
- We received an enhanced gcc_plugin module from AdaCore, thank you
very much!!
- not overriding -Ox or -fno-unroll-loops anymore
- new llvm pass: dict2file via AFL_LLVM_DICT2FILE, create afl-fuzz
-x dictionary of string comparisons found during compilation

2
docs/INSTALL.md
View File

@ -28,7 +28,7 @@ If you are using clang, please review README.llvm.md; the LLVM
integration mode can offer substantial performance gains compared to the
traditional approach.
Likewise, if you are using GCC, please review gcc_plugin/README.md.
Likewise, if you are using GCC, please review instrumentation/README.gcc_plugin.md.
You may have to change several settings to get optimal results (most notably,
disable crash reporting utilities and switch to a different CPU governor), but

74
src/afl-cc.c
View File

@ -1196,7 +1196,7 @@ int main(int argc, char **argv, char **envp) {
" - NGRAM-{2-16}\n"
" [GCC_PLUGIN] gcc plugin: %s%s\n"
" CLASSIC DEFAULT no yes yes no no no "
" simple\n"
" yes\n"
" [GCC] simple gcc: %s%s\n"
" CLASSIC DEFAULT no no no no no no "
" no\n\n",
@ -1270,8 +1270,29 @@ int main(int argc, char **argv, char **envp) {
" AFL_CXX: path to the C++ compiler to use\n"
" AFL_DEBUG: enable developer debugging output\n"
" AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n"
" AFL_HARDEN: adds code hardening to catch memory bugs\n"
" AFL_NO_BUILTIN: no builtins for string compare functions (for "
"libtokencap.so)\n"
" AFL_PATH: path to instrumenting pass and runtime "
"(afl-compiler-rt.*o)\n"
" AFL_INST_RATIO: percentage of branches to instrument\n"
" AFL_QUIET: suppress verbose output\n"
" AFL_HARDEN: adds code hardening to catch memory bugs\n"
" AFL_USE_ASAN: activate address sanitizer\n"
" AFL_USE_CFISAN: activate control flow sanitizer\n"
" AFL_USE_MSAN: activate memory sanitizer\n"
" AFL_USE_UBSAN: activate undefined behaviour sanitizer\n");
if (have_gcc_plugin)
SAYF(
"\nGCC Plugin-specific environment variables:\n"
" AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n"
" AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n"
" AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by filename\n");
if (have_llvm)
SAYF(
"\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment "
"variables:\n"
#if LLVM_MAJOR < 9
" AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n"
#else
@ -1288,25 +1309,13 @@ int main(int argc, char **argv, char **envp) {
"functions\n"
" AFL_LLVM_INSTRUMENT_ALLOW/AFL_LLVM_INSTRUMENT_DENY: enable "
"instrument allow/\n"
" deny listing (selective instrumentation)\n"
" AFL_NO_BUILTIN: no builtins for string compare functions (for "
"libtokencap.so)\n"
" AFL_PATH: path to instrumenting pass and runtime "
"(afl-compiler-rt.*o)\n"
" AFL_LLVM_DOCUMENT_IDS: document edge IDs given to which function "
"(LTO only)\n"
" AFL_QUIET: suppress verbose output\n"
" AFL_USE_ASAN: activate address sanitizer\n"
" AFL_USE_CFISAN: activate control flow sanitizer\n"
" AFL_USE_MSAN: activate memory sanitizer\n"
" AFL_USE_UBSAN: activate undefined behaviour sanitizer\n");
" deny listing (selective instrumentation)\n");
if (have_llvm)
SAYF(
"\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment "
"variables:\n"
" AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n"
" AFL_LLVM_INSTRUMENT: set instrumentation mode: CLASSIC, INSTRIM, "
"PCGUARD, LTO, CTX, NGRAM-2 ... NGRAM-16\n"
" AFL_LLVM_INSTRUMENT: set instrumentation mode:\n"
" CLASSIC, INSTRIM, PCGUARD, LTO, CTX, NGRAM-2 ... NGRAM-16\n"
" You can also use the old environment variables instead:\n"
" AFL_LLVM_USE_TRACE_PC: use LLVM trace-pc-guard instrumentation\n"
" AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n"
@ -1315,36 +1324,27 @@ int main(int argc, char **argv, char **envp) {
" AFL_LLVM_CTX: use context sensitive coverage (for CLASSIC and "
"INSTRIM)\n"
" AFL_LLVM_NGRAM_SIZE: use ngram prev_loc count coverage (for "
"CLASSIC and INSTRIM)\n");
"CLASSIC & INSTRIM)\n");
#ifdef AFL_CLANG_FLTO
if (have_lto)
SAYF(
"\nLTO/afl-clang-lto specific environment variables:\n"
"AFL_LLVM_MAP_ADDR: use a fixed coverage map address (speed), e.g. "
" AFL_LLVM_MAP_ADDR: use a fixed coverage map address (speed), e.g. "
"0x10000\n"
"AFL_LLVM_DOCUMENT_IDS: write all edge IDs and the corresponding "
"functions they are in into this file\n"
"AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a "
" AFL_LLVM_DOCUMENT_IDS: write all edge IDs and the corresponding functions\n"
" into this file\n"
" AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a "
"global var\n"
"AFL_LLVM_LTO_STARTID: from which ID to start counting from for a "
" AFL_LLVM_LTO_STARTID: from which ID to start counting from for a "
"bb\n"
"AFL_REAL_LD: use this lld linker instead of the compiled in path\n"
"\nafl-clang-lto was built with linker target \"%s\" and LTO flags "
"\"%s\"\n"
"If anything fails - be sure to read README.lto.md!\n",
AFL_REAL_LD, AFL_CLANG_FLTO);
" AFL_REAL_LD: use this lld linker instead of the compiled in path\n"
"If anything fails - be sure to read README.lto.md!\n");
#endif
SAYF(
"\nGCC Plugin-specific environment variables:\n"
"AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n"
"AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n"
"AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by "
"filename\n");
}
SAYF(
"For any information on the available instrumentations and options "
"\nFor any information on the available instrumentations and options "
"please \n"
"consult the README.md, especially section 3.1 about instrumenting "
"targets.\n\n");