mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-11 09:41:35 +00:00
blacklist function support for llvm_mode
This commit is contained in:
parent
d0ea8f8433
commit
d1d5e7c02a
3
TODO
3
TODO
@ -2,6 +2,9 @@
|
|||||||
Roadmap 2.61+:
|
Roadmap 2.61+:
|
||||||
==============
|
==============
|
||||||
|
|
||||||
|
Makefile:
|
||||||
|
- -march=native -Ofast -flto=full
|
||||||
|
|
||||||
afl-fuzz:
|
afl-fuzz:
|
||||||
- sync_fuzzers(): only masters sync from all, slaves only sync from master
|
- sync_fuzzers(): only masters sync from all, slaves only sync from master
|
||||||
|
|
||||||
|
@ -20,7 +20,8 @@ Version ++2.60d (develop):
|
|||||||
- afl-fuzz:
|
- afl-fuzz:
|
||||||
- now prints the real python version support compiled in
|
- now prints the real python version support compiled in
|
||||||
- afl-clang-fast now shows in the help output for which llvm version it
|
- afl-clang-fast now shows in the help output for which llvm version it
|
||||||
was compiled for.
|
was compiled for
|
||||||
|
- added blacklisted function check in llvm_mode
|
||||||
- added fix from Debian project to compile libdislocator and libtokencap
|
- added fix from Debian project to compile libdislocator and libtokencap
|
||||||
|
|
||||||
|
|
||||||
|
@ -94,6 +94,28 @@ struct InsTrim : public ModulePass {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ripped from aflgo
|
||||||
|
static bool isBlacklisted(const Function *F) {
|
||||||
|
|
||||||
|
static const SmallVector<std::string, 4> Blacklist = {
|
||||||
|
|
||||||
|
"asan.",
|
||||||
|
"llvm.",
|
||||||
|
"sancov.",
|
||||||
|
"__ubsan_handle_",
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
for (auto const &BlacklistFunc : Blacklist) {
|
||||||
|
|
||||||
|
if (F->getName().startswith(BlacklistFunc)) { return true; }
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
bool runOnModule(Module &M) override {
|
bool runOnModule(Module &M) override {
|
||||||
|
|
||||||
char be_quiet = 0;
|
char be_quiet = 0;
|
||||||
@ -240,6 +262,8 @@ struct InsTrim : public ModulePass {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isBlacklisted(&F)) continue;
|
||||||
|
|
||||||
std::unordered_set<BasicBlock *> MS;
|
std::unordered_set<BasicBlock *> MS;
|
||||||
if (!MarkSetOpt) {
|
if (!MarkSetOpt) {
|
||||||
|
|
||||||
|
@ -444,7 +444,8 @@ int main(int argc, char** argv) {
|
|||||||
"You can specify custom next-stage toolchain via AFL_CC and AFL_CXX. "
|
"You can specify custom next-stage toolchain via AFL_CC and AFL_CXX. "
|
||||||
"Setting\n"
|
"Setting\n"
|
||||||
"AFL_HARDEN enables hardening optimizations in the compiled code.\n\n"
|
"AFL_HARDEN enables hardening optimizations in the compiled code.\n\n"
|
||||||
"afl-clang-fast was built for llvm %s with the llvm binary path of \"%s\".\n\n",
|
"afl-clang-fast was built for llvm %s with the llvm binary path of "
|
||||||
|
"\"%s\".\n\n",
|
||||||
BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR);
|
BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR);
|
||||||
|
|
||||||
exit(1);
|
exit(1);
|
||||||
|
@ -75,6 +75,28 @@ class AFLCoverage : public ModulePass {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ripped from aflgo
|
||||||
|
static bool isBlacklisted(const Function *F) {
|
||||||
|
|
||||||
|
static const SmallVector<std::string, 4> Blacklist = {
|
||||||
|
|
||||||
|
"asan.",
|
||||||
|
"llvm.",
|
||||||
|
"sancov.",
|
||||||
|
"__ubsan_handle_",
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
for (auto const &BlacklistFunc : Blacklist) {
|
||||||
|
|
||||||
|
if (F->getName().startswith(BlacklistFunc)) { return true; }
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
bool runOnModule(Module &M) override;
|
bool runOnModule(Module &M) override;
|
||||||
|
|
||||||
// StringRef getPassName() const override {
|
// StringRef getPassName() const override {
|
||||||
@ -156,13 +178,11 @@ bool AFLCoverage::runOnModule(Module &M) {
|
|||||||
|
|
||||||
/* Instrument all the things! */
|
/* Instrument all the things! */
|
||||||
|
|
||||||
const char *IntrinsicPrefix = "llvm.";
|
|
||||||
int inst_blocks = 0;
|
int inst_blocks = 0;
|
||||||
|
|
||||||
for (auto &F : M) {
|
for (auto &F : M) {
|
||||||
|
|
||||||
auto Fname = F.getName();
|
if (isBlacklisted(&F)) continue;
|
||||||
if (Fname.startswith(IntrinsicPrefix)) continue;
|
|
||||||
|
|
||||||
for (auto &BB : F) {
|
for (auto &BB : F) {
|
||||||
|
|
||||||
@ -377,6 +397,7 @@ bool AFLCoverage::runOnModule(Module &M) {
|
|||||||
inst_blocks++;
|
inst_blocks++;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Say something nice. */
|
/* Say something nice. */
|
||||||
|
@ -334,9 +334,9 @@ void show_stats(void) {
|
|||||||
|
|
||||||
/* Lord, forgive me this. */
|
/* Lord, forgive me this. */
|
||||||
|
|
||||||
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
|
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
|
||||||
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
|
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
|
||||||
" overall results " bSTG bH2 bH2 bRT "\n");
|
" overall results " bSTG bH2 bH2 bRT "\n");
|
||||||
|
|
||||||
if (dumb_mode) {
|
if (dumb_mode) {
|
||||||
|
|
||||||
@ -413,9 +413,9 @@ void show_stats(void) {
|
|||||||
" uniq hangs : " cRST "%-6s" bSTG bV "\n",
|
" uniq hangs : " cRST "%-6s" bSTG bV "\n",
|
||||||
DTD(cur_ms, last_hang_time), tmp);
|
DTD(cur_ms, last_hang_time), tmp);
|
||||||
|
|
||||||
SAYF(bVR bH bSTOP cCYA
|
SAYF(bVR bH bSTOP cCYA
|
||||||
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
|
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
|
||||||
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
|
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
|
||||||
|
|
||||||
/* This gets funny because we want to print several variable-length variables
|
/* This gets funny because we want to print several variable-length variables
|
||||||
together, but then cram them into a fixed-width field - so we need to
|
together, but then cram them into a fixed-width field - so we need to
|
||||||
@ -443,9 +443,9 @@ void show_stats(void) {
|
|||||||
|
|
||||||
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
|
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
|
||||||
|
|
||||||
SAYF(bVR bH bSTOP cCYA
|
SAYF(bVR bH bSTOP cCYA
|
||||||
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
|
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
|
||||||
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
|
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
|
||||||
|
|
||||||
sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored),
|
sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored),
|
||||||
((double)queued_favored) * 100 / queued_paths);
|
((double)queued_favored) * 100 / queued_paths);
|
||||||
@ -514,7 +514,7 @@ void show_stats(void) {
|
|||||||
|
|
||||||
/* Aaaalmost there... hold on! */
|
/* Aaaalmost there... hold on! */
|
||||||
|
|
||||||
SAYF(bVR bH cCYA bSTOP
|
SAYF(bVR bH cCYA bSTOP
|
||||||
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
|
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
|
||||||
" path geometry " bSTG bH5 bH2 bVL "\n");
|
" path geometry " bSTG bH5 bH2 bVL "\n");
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user