AFL_LLVM_LAF_ALL

docs/Changelog.md

@@ -24,6 +24,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - lowered minimum required llvm version to 3.4 (except LLVMInsTrim,
       which needs 3.8.0)
     - small change to cmplog to make it work with current llvm 11-dev
+    - added AFL_LLVM_LAF_ALL, sets all laf-intel settings
   - fixed afl-gcc/afl-as that could break on fast systems reusing pids in
     the same second
   - added lots of dictionaries from oss-fuzz, go-fuzz and Jakub Wilk

docs/env_variables.md

@@ -190,13 +190,18 @@ Then there are a few specific features that are only available in llvm_mode:
     to allow afl-fuzz to find otherwise rather impossible paths. It is not
     restricted to Intel CPUs ;-)
 
-    - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es
-
     - Setting AFL_LLVM_LAF_TRANSFORM_COMPARES will split string compare functions
 
+    - Setting AFL_LLVM_LAF_SPLIT_SWITCHES will split switch()es
+
     - Setting AFL_LLVM_LAF_SPLIT_COMPARES will split all floating point and
       64, 32 and 16 bit integer CMP instructions
 
+    - Setting AFL_LLVM_LAF_SPLIT_FLOATS will split floating points, needs
+      AFL_LLVM_LAF_SPLIT_COMPARES to be set
+
+    - Setting AFL_LLVM_LAF_ALL sets all of the above
+
     See llvm_mode/README.laf-intel.md for more information.
 
 ### WHITELIST

llvm_mode/README.laf-intel.md

@@ -37,3 +37,6 @@ series of sign, exponent and mantissa comparisons followed by splitting each
 of them into 8 bit comparisons when necessary.
 It is activated with the `AFL_LLVM_LAF_SPLIT_FLOATS` setting, available only
 when `AFL_LLVM_LAF_SPLIT_COMPARES` is set.
+
+You can also set `AFL_LLVM_LAF_ALL` and have all of the above enabled :-)
+

llvm_mode/afl-clang-fast.c

@@ -829,14 +829,14 @@ int main(int argc, char **argv, char **envp) {
         "AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n"
         "AFL_LLVM_SKIP_NEVERZERO: do not skip zero on trace counters\n"
         "AFL_LLVM_LAF_SPLIT_COMPARES: enable cascaded comparisons\n"
-        "AFL_LLVM_LAF_SPLIT_FLOATS: transform floating point comp. to "
+        "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n"
-        "cascaded "
-        "comp.\n"
         "AFL_LLVM_LAF_SPLIT_SWITCHES: casc. comp. in 'switch'\n"
         " to cascaded comparisons\n"
+        "AFL_LLVM_LAF_SPLIT_FLOATS: transform floating point comp. to "
+        "cascaded comp.\n"
         "AFL_LLVM_LAF_TRANSFORM_COMPARES: transform library comparison "
         "function calls\n"
-        "AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n"
+        "AFL_LLVM_LAF_ALL: enables all LAF splits/transforms\n"
         "AFL_LLVM_WHITELIST: enable whitelisting (selective "
         "instrumentation)\n"
         "AFL_NO_BUILTIN: compile for use with libtokencap.so\n"
@@ -925,6 +925,15 @@ int main(int argc, char **argv, char **envp) {
 
   check_environment_vars(envp);
 
+  if (getenv("AFL_LLVM_LAF_ALL")) {
+
+    setenv("AFL_LLVM_LAF_SPLIT_SWITCHES", "1", 1);
+    setenv("AFL_LLVM_LAF_SPLIT_COMPARES", "1", 1);
+    setenv("AFL_LLVM_LAF_SPLIT_FLOATS", "1", 1);
+    setenv("AFL_LLVM_LAF_TRANSFORM_COMPARES", "1", 1);
+
+  }
+
   cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG");
   if (!be_quiet && cmplog_mode)
     printf("CmpLog mode by <andreafioraldi@gmail.com>\n");

src/afl-common.c

@@ -67,7 +67,7 @@ char *afl_environment_variables[] = {
     "AFL_LLVM_SKIPSINGLEBLOCK", "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK",
     "AFL_LLVM_LAF_SPLIT_COMPARES", "AFL_LLVM_LAF_SPLIT_COMPARES_BITW",
     "AFL_LLVM_LAF_SPLIT_FLOATS", "AFL_LLVM_LAF_SPLIT_SWITCHES",
-    "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR",
+    "AFL_LLVM_LAF_ALL", "AFL_LLVM_LAF_TRANSFORM_COMPARES", "AFL_LLVM_MAP_ADDR",
     "AFL_LLVM_MAP_DYNAMIC", "AFL_LLVM_NGRAM_SIZE", "AFL_NGRAM_SIZE",
     "AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", "AFL_LLVM_SKIP_NEVERZERO",
     "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID",