ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-08 00:01:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

implement AFL_GCC_ONLY_FSRV

Browse Source
This commit is contained in:
mio 2025-05-13 16:15:11 +08:00
parent 9476204da0
commit fca39a6ec3
No known key found for this signature in database
GPG Key ID: DFF27E34A47CB873
6 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/env_variables.md
View File

@ -111,7 +111,7 @@ fairly broad use of environment variables instead:
- Note: both `AFL_CFISAN_VERBOSE=1` and `AFL_UBSAN_VERBOSE=1` are disabled by default as verbose output can significantly slow down fuzzing performance. Use these options only during debugging or when additional crash diagnostics are required - Note: both `AFL_CFISAN_VERBOSE=1` and `AFL_UBSAN_VERBOSE=1` are disabled by default as verbose output can significantly slow down fuzzing performance. Use these options only during debugging or when additional crash diagnostics are required
- `AFL_LLVM_ONLY_FSRV` will inject forkserver but not pc instrumentation. Please note this is different compared to `AFL_LLVM_DISABLE_INSTRUMENTATION`, which will totally disable forkserver implementation. This env is pretty useful in two cases: - `AFL_LLVM_ONLY_FSRV`/`AFL_GCC_ONLY_FSRV` will inject forkserver but not pc instrumentation. Please note this is different compared to `AFL_LLVM_DISABLE_INSTRUMENTATION`, which will totally disable forkserver implementation. This env is pretty useful in two cases:
- [SAND](./SAND.md). In this case, the binaries built in this way will serve as extra oracles. Check the corresponding documents for details. - [SAND](./SAND.md). In this case, the binaries built in this way will serve as extra oracles. Check the corresponding documents for details.
- Compatible with LibAFL ForkserverExecutor implementation and thus faster to repeatedly run, compared to simple CommandExecutor. - Compatible with LibAFL ForkserverExecutor implementation and thus faster to repeatedly run, compared to simple CommandExecutor.

2
include/envs.h
View File

@ -119,7 +119,7 @@ static char *afl_environment_variables[] = {
"AFL_CFISAN_VERBOSE", "AFL_USE_LSAN", "AFL_WINE_PATH", "AFL_NO_SNAPSHOT", "AFL_CFISAN_VERBOSE", "AFL_USE_LSAN", "AFL_WINE_PATH", "AFL_NO_SNAPSHOT",
"AFL_EXPAND_HAVOC_NOW", "AFL_USE_FASAN", "AFL_USE_QASAN", "AFL_EXPAND_HAVOC_NOW", "AFL_USE_FASAN", "AFL_USE_QASAN",
"AFL_PRINT_FILENAMES", "AFL_PIZZA_MODE", "AFL_NO_FASTRESUME", "AFL_PRINT_FILENAMES", "AFL_PIZZA_MODE", "AFL_NO_FASTRESUME",
"AFL_SAN_ABSTRACTION", "AFL_LLVM_ONLY_FSRV", "AFL_SAN_RECOVER", "AFL_SAN_ABSTRACTION", "AFL_LLVM_ONLY_FSRV", "AFL_GCC_ONLY_FRSV", "AFL_SAN_RECOVER",
"AFL_PRELOAD_DISCRIMINATE_FORKSERVER_PARENT", NULL}; "AFL_PRELOAD_DISCRIMINATE_FORKSERVER_PARENT", NULL};
extern char *afl_environment_variables[]; extern char *afl_environment_variables[];

4
instrumentation/afl-compiler-rt.o.c
View File

@ -1241,8 +1241,8 @@ void __afl_manual_init(void) {
} }
if (getenv("AFL_LLVM_ONLY_FSRV")) { if (getenv("AFL_LLVM_ONLY_FSRV") || getenv("AFL_GCC_ONLY_FRSV")) {
fprintf(stderr, "DEBUG: Overwrite area_ptr to dummy due to AFL_LLVM_ONLY_FSRV\n"); fprintf(stderr, "DEBUG: Overwrite area_ptr to dummy due to AFL_LLVM_ONLY_FSRV/AFL_GCC_ONLY_FRSV\n");
__afl_area_ptr = __afl_area_ptr_dummy; __afl_area_ptr = __afl_area_ptr_dummy;
} }

16
instrumentation/afl-gcc-pass.so.cc
View File

@ -462,6 +462,7 @@ static struct plugin_info afl_plugin = {
.help = G_("AFL gcc plugin\n\ .help = G_("AFL gcc plugin\n\
\n\ \n\
Set AFL_QUIET in the environment to silence it.\n\ Set AFL_QUIET in the environment to silence it.\n\
Set AFL_GCC_ONLY_FRSV in the environment to disable instrumentation.\n\
\n\ \n\
Set AFL_INST_RATIO in the environment to a number from 0 to 100\n\ Set AFL_INST_RATIO in the environment to a number from 0 to 100\n\
to control how likely a block will be chosen for instrumentation.\n\ to control how likely a block will be chosen for instrumentation.\n\
@ -502,9 +503,12 @@ int plugin_init(struct plugin_name_args *info,
case it was specified in the command line's -frandom-seed for case it was specified in the command line's -frandom-seed for
reproducible instrumentation. */ reproducible instrumentation. */
srandom(get_random_seed(false)); srandom(get_random_seed(false));
bool fsrv_only = !!getenv("AFL_GCC_ONLY_FRSV");
const char *name = info->base_name; const char *name = info->base_name;
register_callback(name, PLUGIN_INFO, NULL, &afl_plugin); if (!fsrv_only) {
register_callback(name, PLUGIN_INFO, NULL, &afl_plugin);
}
afl_pass *aflp = new afl_pass(quiet, inst_ratio); afl_pass *aflp = new afl_pass(quiet, inst_ratio);
struct register_pass_info pass_info = { struct register_pass_info pass_info = {
@ -516,14 +520,18 @@ int plugin_init(struct plugin_name_args *info,
}; };
register_callback(name, PLUGIN_PASS_MANAGER_SETUP, NULL, &pass_info); if (!fsrv_only) {
register_callback(name, PLUGIN_FINISH, afl_pass::plugin_finalize, register_callback(name, PLUGIN_PASS_MANAGER_SETUP, NULL, &pass_info);
pass_info.pass); register_callback(name, PLUGIN_FINISH, afl_pass::plugin_finalize,
pass_info.pass);
}
if (!quiet) if (!quiet)
ACTF(G_("%s instrumentation at ratio of %u%% in %s mode."), ACTF(G_("%s instrumentation at ratio of %u%% in %s mode."),
aflp->out_of_line ? G_("Call-based") : G_("Inline"), inst_ratio, aflp->out_of_line ? G_("Call-based") : G_("Inline"), inst_ratio,
getenv("AFL_HARDEN") ? G_("hardened") : G_("non-hardened")); getenv("AFL_HARDEN") ? G_("hardened") : G_("non-hardened"));
else if (fsrv_only)
ACTF("Instrumentation disabled due to AFL_GCC_ONLY_FRSV");
return 0; return 0;

2
src/afl-cc.c
View File

@ -2600,7 +2600,7 @@ void add_assembler(aflcc_state_t *aflcc) {
/* Add params to launch the gcc plugins for instrumentation. */ /* Add params to launch the gcc plugins for instrumentation. */
void add_gcc_plugin(aflcc_state_t *aflcc) { void add_gcc_plugin(aflcc_state_t *aflcc) {
if (getenv("AFL_LLVM_ONLY_FSRV")) { if (getenv("AFL_GCC_ONLY_FSRV")) {
if (!be_quiet) { DEBUGF("SAND: Coverage instrumentation disabled\n"); } if (!be_quiet) { DEBUGF("SAND: Coverage instrumentation disabled\n"); }
return; return;

5
src/afl-common.c
View File

@ -821,8 +821,9 @@ void check_environment_vars(char **envp) {
afl_environment_deprecated[i]); afl_environment_deprecated[i]);
if (strncmp(afl_environment_deprecated[i], if (strncmp(afl_environment_deprecated[i],
"AFL_SAN_NO_INST", strlen(afl_environment_deprecated[i])) == 0 && !getenv("AFL_LLVM_ONLY_FSRV")) { "AFL_SAN_NO_INST", strlen(afl_environment_deprecated[i])) == 0) {
WARNF("AFL_LLVM_ONLY_FSRV is induced and set instead."); WARNF("AFL_LLVM_ONLY_FSRV/AFL_GCC_ONLY_FSRV is induced and set instead.");
setenv("AFL_GCC_ONLY_FSRV", "1", 0);
setenv("AFL_LLVM_ONLY_FSRV", "1", 0); setenv("AFL_LLVM_ONLY_FSRV", "1", 0);
} else { } else {
issue_detected = 1; issue_detected = 1;