blacklist function support for llvm_mode

This commit is contained in:
van Hauser 2020-01-15 10:10:25 +01:00
parent d0ea8f8433
commit d1d5e7c02a
6 changed files with 62 additions and 12 deletions

3
TODO
View File

@ -2,6 +2,9 @@
Roadmap 2.61+: Roadmap 2.61+:
============== ==============
Makefile:
- -march=native -Ofast -flto=full
afl-fuzz: afl-fuzz:
- sync_fuzzers(): only masters sync from all, slaves only sync from master - sync_fuzzers(): only masters sync from all, slaves only sync from master

View File

@ -20,7 +20,8 @@ Version ++2.60d (develop):
- afl-fuzz: - afl-fuzz:
- now prints the real python version support compiled in - now prints the real python version support compiled in
- afl-clang-fast now shows in the help output for which llvm version it - afl-clang-fast now shows in the help output for which llvm version it
was compiled for. was compiled for
- added blacklisted function check in llvm_mode
- added fix from Debian project to compile libdislocator and libtokencap - added fix from Debian project to compile libdislocator and libtokencap

View File

@ -94,6 +94,28 @@ struct InsTrim : public ModulePass {
} }
// ripped from aflgo
static bool isBlacklisted(const Function *F) {
static const SmallVector<std::string, 4> Blacklist = {
"asan.",
"llvm.",
"sancov.",
"__ubsan_handle_",
};
for (auto const &BlacklistFunc : Blacklist) {
if (F->getName().startswith(BlacklistFunc)) { return true; }
}
return false;
}
bool runOnModule(Module &M) override { bool runOnModule(Module &M) override {
char be_quiet = 0; char be_quiet = 0;
@ -240,6 +262,8 @@ struct InsTrim : public ModulePass {
} }
if (isBlacklisted(&F)) continue;
std::unordered_set<BasicBlock *> MS; std::unordered_set<BasicBlock *> MS;
if (!MarkSetOpt) { if (!MarkSetOpt) {

View File

@ -444,7 +444,8 @@ int main(int argc, char** argv) {
"You can specify custom next-stage toolchain via AFL_CC and AFL_CXX. " "You can specify custom next-stage toolchain via AFL_CC and AFL_CXX. "
"Setting\n" "Setting\n"
"AFL_HARDEN enables hardening optimizations in the compiled code.\n\n" "AFL_HARDEN enables hardening optimizations in the compiled code.\n\n"
"afl-clang-fast was built for llvm %s with the llvm binary path of \"%s\".\n\n", "afl-clang-fast was built for llvm %s with the llvm binary path of "
"\"%s\".\n\n",
BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR); BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR);
exit(1); exit(1);

View File

@ -75,6 +75,28 @@ class AFLCoverage : public ModulePass {
} }
// ripped from aflgo
static bool isBlacklisted(const Function *F) {
static const SmallVector<std::string, 4> Blacklist = {
"asan.",
"llvm.",
"sancov.",
"__ubsan_handle_",
};
for (auto const &BlacklistFunc : Blacklist) {
if (F->getName().startswith(BlacklistFunc)) { return true; }
}
return false;
}
bool runOnModule(Module &M) override; bool runOnModule(Module &M) override;
// StringRef getPassName() const override { // StringRef getPassName() const override {
@ -156,13 +178,11 @@ bool AFLCoverage::runOnModule(Module &M) {
/* Instrument all the things! */ /* Instrument all the things! */
const char *IntrinsicPrefix = "llvm.";
int inst_blocks = 0; int inst_blocks = 0;
for (auto &F : M) { for (auto &F : M) {
auto Fname = F.getName(); if (isBlacklisted(&F)) continue;
if (Fname.startswith(IntrinsicPrefix)) continue;
for (auto &BB : F) { for (auto &BB : F) {
@ -377,6 +397,7 @@ bool AFLCoverage::runOnModule(Module &M) {
inst_blocks++; inst_blocks++;
} }
} }
/* Say something nice. */ /* Say something nice. */

View File

@ -334,9 +334,9 @@ void show_stats(void) {
/* Lord, forgive me this. */ /* Lord, forgive me this. */
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
" overall results " bSTG bH2 bH2 bRT "\n"); " overall results " bSTG bH2 bH2 bRT "\n");
if (dumb_mode) { if (dumb_mode) {
@ -413,9 +413,9 @@ void show_stats(void) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
DTD(cur_ms, last_hang_time), tmp); DTD(cur_ms, last_hang_time), tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables /* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
@ -443,9 +443,9 @@ void show_stats(void) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored), sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored),
((double)queued_favored) * 100 / queued_paths); ((double)queued_favored) * 100 / queued_paths);
@ -514,7 +514,7 @@ void show_stats(void) {
/* Aaaalmost there... hold on! */ /* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n"); " path geometry " bSTG bH5 bH2 bVL "\n");