mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-17 12:18:08 +00:00
602eceed8b
* Output afl-clang-fast stuffs only if necessary (#1912)
* afl-cc header
* afl-cc common declarations
- Add afl-cc-state.c
- Strip includes, find_object, debug/be_quiet/have_*/callname setting from afl-cc.c
- Use debugf_args in main
- Modify execvp stuffs to fit new aflcc struct
* afl-cc show usage
* afl-cc mode selecting
1. compiler_mode by callname in argv[0]
2. compiler_mode by env "AFL_CC_COMPILER"
3. compiler_mode/instrument_mode by command line options "--afl-..."
4. instrument_mode/compiler_mode by various env vars including "AFL_LLVM_INSTRUMENT"
5. final checking steps
6. print "... - mode: %s-%s\n"
7. determine real argv[0] according to compiler_mode
* afl-cc macro defs
* afl-cc linking behaviors
* afl-cc fsanitize behaviors
* afl-cc misc
* afl-cc body update
* afl-cc all-in-one
formated with custom-format.py
* nits
---------
Co-authored-by: vanhauser-thc <vh@thc.org>
* changelog
* update grammar mutator
* lto llvm 12+
* docs(custom_mutators): fix missing ':' (#1953)
* Fix broken LTO mode and response file support (#1948)
* Strip `-Wl,-no-undefined` during compilation (#1952)
Make the compiler wrapper stripping `-Wl,-no-undefined` in addition to `-Wl,--no-undefined`.
Both versions of the flag are accepted by clang and, therefore, used by building systems in the wild (e.g., samba will not build without this fix).
* Remove dead code in write_to_testcase (#1955)
The custom_mutators_count check in if case is duplicate with if condition.
The else case is custom_mutators_count == 0, neither custom_mutator_list iteration nor sent check needed.
Signed-off-by: Xeonacid <h.dwwwwww@gmail.com>
* update qemuafl
* WIP: Add ability to generate drcov trace using QEMU backend (#1956)
* Document new drcov QEMU plugin
* Add link to lightkeeper for QEMU drcov file loading
---------
Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com>
* code format
* changelog
* sleep on uid != 0 afl-system-config
* fix segv about skip_next, warn on unsupported cases of linking options (#1958)
* todos
* ensure afl-cc only allows available compiler modes
* update grammar mutator
* disable aslr on apple
* fix for arm64
* help selective instrumentation
* typos
* macos
* add compiler test script
* apple fixes
* bump nyx submodules (#1963)
* fix docs
* update changelog
* update grammar mutator
* improve compiler test script
* gcc asan workaround (#1966)
* fix github merge fuckup
* fix
* Fix afl-cc (#1968)
- Check if too many cmdline params here, each time before insert a new param.
- Check if it is "-fsanitize=..." before we do sth.
- Remove improper param_st transfer.
* Avoid adding llvmnative instrumentation when linking rust sanitizer runtime (#1969)
* Dynamic instrumentation filtering for LLVM native (#1971)
* Add two dynamic instrumentation filter methods to runtime
* Always use pc-table with native pcguard
* Add make_symbol_list.py and README
* changelog
* todos
* new forkserver check
* fix
* nyx test for CI
* improve nyx docs
* Fixes to afl-cc and documentation (#1974)
* Always compile with -ldl when building for CODE_COVERAGE
When building with CODE_COVERAGE, the afl runtime contains code that
calls `dladdr` which requires -ldl. Under most circumstances, clang
already adds this (e.g. when building with pc-table), but there are some
circumstances where it isn't added automatically.
* Add visibility declaration to __afl_connected
When building with hidden visibility, the use of __AFL_LOOP inside such
code can cause linker errors due to __afl_connected being declared
"hidden".
* Update docs to clarify that CODE_COVERAGE=1 is required for dynamic_covfilter
* nits
* nyx build script updates
* test error output
* debug ci
* debug ci
* Improve afl-cc (#1975)
* update response file support
- full support of rsp file
- fix some segv issues
* Improve afl-cc
- remove dead code about allow/denylist options of sancov
- missing `if (!aflcc->have_msan)`
- add docs for each function
- typo
* enable nyx
* debug ci
* debug ci
* debug ci
* debug ci
* debug ci
* debug ci
* debug ci
* debug ci
* fix ci
* clean test script
* NO_NYX
* NO_NYX
* fix ci
* debug ci
* fix ci
* finalize ci fix
* Enhancement on Deterministic stage (#1972)
* fuzzer: init commit based on aflpp 60dc37a8cf
* fuzzers: adding the skip variables and initialize
* log: profile the det/havoc finding
* log: add profile log output
* fuzzers: sperate log/skipdet module
* fuzzers: add quick eff_map calc
* fuzzers: add skip_eff_map in fuzz_one
* fuzzers: mark whole input space in eff_map
* fuzzers: add undet bit threshold to skip some seeds
* fuzzers: fix one byte overflow
* fuzzers: fix overflow
* fix code format
* add havoc only again
* code format
* remove log to INTROSPECTION, rename skipdet module
* rename skipdet module
* remove log to stats
* clean redundant code
* code format
* remove redundant code format check
* remove redundant doc
* remove redundant objects
* clean files
* change -d to default skipdet
* disable deterministic when using CUSTOM_MUTATOR
* revert fix
* final touches for skipdet
* remove unused var
* remove redundant eff struct (#1977)
* update QEMU-Nyx submodule (#1978)
* update QEMU-Nyx submodule (#1980)
* Fix type in AFL_NOOPT env variable in afl-cc help message (#1982)
* nits
* 2024 v4.10c release
* fixes
---------
Signed-off-by: Xeonacid <h.dwwwwww@gmail.com>
Co-authored-by: Sonic <50692172+SonicStark@users.noreply.github.com>
Co-authored-by: Xeonacid <h.dwwwwww@gmail.com>
Co-authored-by: Nils Bars <nils.bars@rub.de>
Co-authored-by: Jean-Romain Garnier <7504819+JRomainG@users.noreply.github.com>
Co-authored-by: Jean-Romain Garnier <jean-romain.garnier@airbus.com>
Co-authored-by: Sergej Schumilo <sergej@schumilo.de>
Co-authored-by: Christian Holler (:decoder) <choller@mozilla.com>
Co-authored-by: Han Zheng <35988108+kdsjZh@users.noreply.github.com>
Co-authored-by: Khaled Yakdan <yakdan@code-intelligence.com>
213 lines
7.8 KiB
Plaintext
213 lines
7.8 KiB
Plaintext
#
|
|
# american fuzzy lop++ - GCC plugin instrumentation
|
|
# -----------------------------------------------
|
|
#
|
|
# Written by Austin Seipp <aseipp@pobox.com> and
|
|
# Laszlo Szekeres <lszekeres@google.com> and
|
|
# Michal Zalewski and
|
|
# Heiko Eißfeldt <heiko@hexco.de>
|
|
#
|
|
# GCC integration design is based on the LLVM design, which comes
|
|
# from Laszlo Szekeres.
|
|
#
|
|
# Copyright 2015 Google Inc. All rights reserved.
|
|
# Copyright 2019-2024 AFLplusplus Project. All rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at:
|
|
#
|
|
# https://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
#TEST_MMAP=1
|
|
PREFIX ?= /usr/local
|
|
HELPER_PATH ?= $(PREFIX)/lib/afl
|
|
BIN_PATH ?= $(PREFIX)/bin
|
|
DOC_PATH ?= $(PREFIX)/share/doc/afl
|
|
MAN_PATH ?= $(PREFIX)/share/man/man8
|
|
|
|
VERSION = $(shell grep '^$(HASH)define VERSION ' ./config.h | cut -d '"' -f2)
|
|
|
|
CFLAGS ?= -O3 -g -funroll-loops
|
|
# -D_FORTIFY_SOURCE=1
|
|
CFLAGS_SAFE := -Wall -Iinclude -Wno-pointer-sign \
|
|
-DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \
|
|
-DGCC_VERSION=\"$(GCCVER)\" -DGCC_BINDIR=\"$(GCCBINDIR)\" \
|
|
-Wno-unused-function
|
|
override CFLAGS += $(CFLAGS_SAFE)
|
|
|
|
CXXFLAGS ?= -O3 -g -funroll-loops
|
|
# -D_FORTIFY_SOURCE=1
|
|
CXXEFLAGS := $(CXXFLAGS) $(CPPFLAGS) -Wall -std=c++11
|
|
|
|
CC ?= gcc
|
|
CXX ?= g++
|
|
|
|
SYS = $(shell uname -s)
|
|
|
|
ifeq "clang" "$(CC)"
|
|
CC = gcc
|
|
CXX = g++
|
|
endif
|
|
|
|
ifeq "clang++" "$(CXX)"
|
|
CC = gcc
|
|
CXX = g++
|
|
endif
|
|
|
|
ifeq "$(findstring Foundation,$(shell $(CC) --version))" ""
|
|
CC = gcc
|
|
CXX = g++
|
|
endif
|
|
|
|
PLUGIN_BASE = "$(shell $(CC) -print-file-name=plugin)"
|
|
PLUGIN_FLAGS = -fPIC -fno-rtti -fno-exceptions -I$(PLUGIN_BASE)/include -I$(PLUGIN_BASE)
|
|
HASH=\#
|
|
|
|
GCCVER = $(shell $(CC) --version 2>/dev/null | awk 'NR == 1 {print $$NF}')
|
|
GCCBINDIR = $(shell dirname `command -v $(CC)` 2>/dev/null )
|
|
|
|
ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1"
|
|
SHMAT_OK=1
|
|
else
|
|
SHMAT_OK=0
|
|
override CFLAGS_SAFE += -DUSEMMAP=1
|
|
endif
|
|
|
|
ifeq "$(TEST_MMAP)" "1"
|
|
SHMAT_OK=0
|
|
override CFLAGS_SAFE += -DUSEMMAP=1
|
|
endif
|
|
|
|
ifneq "$(SYS)" "Haiku"
|
|
ifneq "$(SYS)" "OpenBSD"
|
|
LDFLAGS += -lrt
|
|
endif
|
|
else
|
|
CFLAGS_SAFE += -DUSEMMAP=1
|
|
endif
|
|
|
|
ifeq "$(SYS)" "OpenBSD"
|
|
CC = egcc
|
|
CXX = eg++
|
|
PLUGIN_FLAGS += -I/usr/local/include
|
|
endif
|
|
|
|
ifeq "$(SYS)" "DragonFly"
|
|
PLUGIN_FLAGS += -I/usr/local/include
|
|
endif
|
|
|
|
ifeq "$(SYS)" "SunOS"
|
|
PLUGIN_FLAGS += -I/usr/include/gmp
|
|
endif
|
|
|
|
|
|
PASSES = ./afl-gcc-pass.so ./afl-gcc-cmplog-pass.so ./afl-gcc-cmptrs-pass.so
|
|
|
|
PROGS = $(PASSES) ./afl-compiler-rt.o ./afl-compiler-rt-32.o ./afl-compiler-rt-64.o
|
|
|
|
.PHONY: all
|
|
all: test_shm test_deps $(PROGS) test_build all_done
|
|
|
|
.PHONY: test_shm
|
|
ifeq "$(SHMAT_OK)" "1"
|
|
test_shm:
|
|
@echo "[+] shmat seems to be working."
|
|
@rm -f .test2
|
|
else
|
|
test_shm:
|
|
@echo "[-] shmat seems not to be working, switching to mmap implementation"
|
|
endif
|
|
|
|
.PHONY: test_deps
|
|
test_deps:
|
|
@echo "[*] Checking for working '$(CC)'..."
|
|
@command -v $(CC) >/dev/null 2>&1 || ( echo "[-] Oops, can't find '$(CC)'. Make sure that it's in your \$$PATH (or set \$$CC and \$$CXX)."; exit 1 )
|
|
# @echo "[*] Checking for gcc for plugin support..."
|
|
# @$(CC) -v 2>&1 | grep -q -- --enable-plugin || ( echo "[-] Oops, this gcc has not been configured with plugin support."; exit 1 )
|
|
@echo "[*] Checking for gcc plugin development header files..."
|
|
@test -d `$(CC) -print-file-name=plugin`/include || ( echo "[-] Oops, can't find gcc header files. Be sure to install 'gcc-X-plugin-dev'."; exit 1 )
|
|
@echo "[*] Checking for './afl-showmap'..."
|
|
@test -f ./afl-showmap || ( echo "[-] Oops, can't find './afl-showmap'. Be sure to compile AFL first."; exit 1 )
|
|
@echo "[+] All set and ready to build."
|
|
|
|
afl-common.o: ./src/afl-common.c
|
|
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ $(LDFLAGS)
|
|
|
|
./afl-compiler-rt.o: instrumentation/afl-compiler-rt.o.c
|
|
$(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -fPIC -c $< -o $@
|
|
|
|
./afl-compiler-rt-32.o: instrumentation/afl-compiler-rt.o.c
|
|
@printf "[*] Building 32-bit variant of the runtime (-m32)... "
|
|
@$(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -m32 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; else echo "failed (that's fine)"; fi
|
|
|
|
./afl-compiler-rt-64.o: instrumentation/afl-compiler-rt.o.c
|
|
@printf "[*] Building 64-bit variant of the runtime (-m64)... "
|
|
@$(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -m64 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; else echo "failed (that's fine)"; fi
|
|
|
|
$(PASSES): instrumentation/afl-gcc-common.h
|
|
|
|
./afl-gcc-pass.so: instrumentation/afl-gcc-pass.so.cc | test_deps
|
|
$(CXX) $(CXXEFLAGS) $(PLUGIN_FLAGS) -shared $< -o $@
|
|
ln -sf afl-cc afl-gcc-fast
|
|
ln -sf afl-cc afl-g++-fast
|
|
ln -sf afl-cc.8 afl-gcc-fast.8
|
|
ln -sf afl-cc.8 afl-g++-fast.8
|
|
|
|
./afl-gcc-cmplog-pass.so: instrumentation/afl-gcc-cmplog-pass.so.cc | test_deps
|
|
$(CXX) $(CXXEFLAGS) $(PLUGIN_FLAGS) -shared $< -o $@
|
|
|
|
./afl-gcc-cmptrs-pass.so: instrumentation/afl-gcc-cmptrs-pass.so.cc | test_deps
|
|
$(CXX) $(CXXEFLAGS) $(PLUGIN_FLAGS) -shared $< -o $@
|
|
|
|
.PHONY: test_build
|
|
test_build: $(PROGS)
|
|
@echo "[*] Testing the CC wrapper and instrumentation output..."
|
|
unset AFL_USE_ASAN AFL_USE_MSAN; ASAN_OPTIONS=detect_leaks=0 AFL_QUIET=1 AFL_INST_RATIO=100 AFL_PATH=. AFL_CC=$(CC) ./afl-gcc-fast $(CFLAGS) $(CPPFLAGS) ./test-instr.c -o test-instr $(LDFLAGS)
|
|
ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr0 ./test-instr </dev/null
|
|
echo 1 | ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr1 ./test-instr
|
|
@rm -f test-instr
|
|
@cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation does not seem to be behaving correctly!"; echo; echo "Please post to https://github.com/AFLplusplus/AFLplusplus/issues to troubleshoot the issue."; echo; exit 1; fi
|
|
@echo "[+] All right, the instrumentation seems to be working!"
|
|
|
|
.PHONY: all_done
|
|
all_done: test_build
|
|
@echo "[+] All done! You can now use './afl-gcc-fast' to compile programs."
|
|
|
|
.NOTPARALLEL: clean
|
|
|
|
%.8: %
|
|
@echo .TH $* 8 `date "+%Y-%m-%d"` "AFL++" > ./$@
|
|
@echo .SH NAME >> ./$@
|
|
@echo .B $* >> ./$@
|
|
@echo >> ./$@
|
|
@echo .SH SYNOPSIS >> ./$@
|
|
@./$* -h 2>&1 | head -n 3 | tail -n 1 | sed 's/^\.\///' >> ./$@
|
|
@echo >> ./$@
|
|
@echo .SH OPTIONS >> ./$@
|
|
@echo .nf >> ./$@
|
|
@./$* -h 2>&1 | tail -n +4 >> ./$@
|
|
@echo >> ./$@
|
|
@echo .SH AUTHOR >> ./$@
|
|
@echo "AFL++ was written by Michal \"lcamtuf\" Zalewski and is maintained by Marc \"van Hauser\" Heuse <mh@mh-sec.de>, Dominik Maier <domenukk@gmail.com>, Andrea Fioraldi <andreafioraldi@gmail.com> and Heiko \"hexcoder-\" Eissfeldt <heiko.eissfeldt@hexco.de>" >> ./$@
|
|
@echo The homepage of AFL++ is: https://github.com/AFLplusplus/AFLplusplus >> ./$@
|
|
@echo >> ./$@
|
|
@echo .SH LICENSE >> ./$@
|
|
@echo Apache License Version 2.0, January 2004 >> ./$@
|
|
ln -sf afl-cc.8 ./afl-g++-fast.8
|
|
|
|
.PHONY: install
|
|
install: all
|
|
ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-gcc-fast
|
|
ln -sf afl-c++ $${DESTDIR}$(BIN_PATH)/afl-g++-fast
|
|
ln -sf afl-compiler-rt.o $${DESTDIR}$(HELPER_PATH)/afl-gcc-rt.o
|
|
install -m 755 ./afl-gcc-pass.so $${DESTDIR}$(HELPER_PATH)
|
|
install -m 755 ./afl-gcc-cmplog-pass.so $${DESTDIR}$(HELPER_PATH)
|
|
install -m 755 ./afl-gcc-cmptrs-pass.so $${DESTDIR}$(HELPER_PATH)
|
|
install -m 644 -T instrumentation/README.gcc_plugin.md $${DESTDIR}$(DOC_PATH)/README.gcc_plugin.md
|
|
|
|
.PHONY: clean
|
|
clean:
|
|
rm -f *.o *.so *~ a.out core core.[1-9][0-9]* test-instr .test-instr0 .test-instr1 .test2
|
|
rm -f $(PROGS) afl-common.o ./afl-g++-fast ./afl-g*-fast.8 instrumentation/*.o
|