| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 american fuzzy lop - LLVM-mode wrapper for clang | 2 american fuzzy lop - LLVM-mode wrapper for clang |
| 3 ------------------------------------------------ | 3 ------------------------------------------------ |
| 4 | 4 |
| 5 Written by Laszlo Szekeres <lszekeres@google.com> and | 5 Written by Laszlo Szekeres <lszekeres@google.com> and |
| 6 Michal Zalewski <lcamtuf@google.com> | 6 Michal Zalewski <lcamtuf@google.com> |
| 7 | 7 |
| 8 LLVM integration design comes from Laszlo Szekeres. | 8 LLVM integration design comes from Laszlo Szekeres. |
| 9 | 9 |
| 10 Copyright 2015, 2016 Google Inc. All rights reserved. | 10 Copyright 2015, 2016 Google Inc. All rights reserved. |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 107 if (!strcmp(name, "afl-clang-fast++")) { | 107 if (!strcmp(name, "afl-clang-fast++")) { |
| 108 u8* alt_cxx = getenv("AFL_CXX"); | 108 u8* alt_cxx = getenv("AFL_CXX"); |
| 109 cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++"; | 109 cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++"; |
| 110 } else { | 110 } else { |
| 111 u8* alt_cc = getenv("AFL_CC"); | 111 u8* alt_cc = getenv("AFL_CC"); |
| 112 cc_params[0] = alt_cc ? alt_cc : (u8*)"clang"; | 112 cc_params[0] = alt_cc ? alt_cc : (u8*)"clang"; |
| 113 } | 113 } |
| 114 | 114 |
| 115 /* There are two ways to compile afl-clang-fast. In the traditional mode, we | 115 /* There are two ways to compile afl-clang-fast. In the traditional mode, we |
| 116 use afl-llvm-pass.so to inject instrumentation. In the experimental | 116 use afl-llvm-pass.so to inject instrumentation. In the experimental |
| 117 'trace-pc' mode, we use native LLVM instrumentation callbacks instead. | 117 'trace-pc-guard' mode, we use native LLVM instrumentation callbacks |
| 118 The latter is a very recent addition - see: | 118 instead. The latter is a very recent addition - see: |
| 119 | 119 |
| 120 http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs */ | 120 http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards *
/ |
| 121 | 121 |
| 122 #ifdef USE_TRACE_PC | 122 #ifdef USE_TRACE_PC |
| 123 cc_params[cc_par_cnt++] = "-fsanitize-coverage=bb,trace-pc"; | 123 cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; |
| 124 cc_params[cc_par_cnt++] = "-mllvm"; |
| 125 cc_params[cc_par_cnt++] = "-sanitizer-coverage-block-threshold=0"; |
| 124 #else | 126 #else |
| 125 cc_params[cc_par_cnt++] = "-Xclang"; | 127 cc_params[cc_par_cnt++] = "-Xclang"; |
| 126 cc_params[cc_par_cnt++] = "-load"; | 128 cc_params[cc_par_cnt++] = "-load"; |
| 127 cc_params[cc_par_cnt++] = "-Xclang"; | 129 cc_params[cc_par_cnt++] = "-Xclang"; |
| 128 cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path); | 130 cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path); |
| 129 #endif /* ^USE_TRACE_PC */ | 131 #endif /* ^USE_TRACE_PC */ |
| 130 | 132 |
| 131 cc_params[cc_par_cnt++] = "-Qunused-arguments"; | 133 cc_params[cc_par_cnt++] = "-Qunused-arguments"; |
| 132 | 134 |
| 133 /* Detect stray -v calls from ./configure scripts. */ | 135 /* Detect stray -v calls from ./configure scripts. */ |
| (...skipping 11 matching lines...) Expand all Loading... |
| 145 if (!strcmp(cur, "-c") || !strcmp(cur, "-S") || !strcmp(cur, "-E")) | 147 if (!strcmp(cur, "-c") || !strcmp(cur, "-S") || !strcmp(cur, "-E")) |
| 146 maybe_linking = 0; | 148 maybe_linking = 0; |
| 147 | 149 |
| 148 if (!strcmp(cur, "-fsanitize=address") || | 150 if (!strcmp(cur, "-fsanitize=address") || |
| 149 !strcmp(cur, "-fsanitize=memory")) asan_set = 1; | 151 !strcmp(cur, "-fsanitize=memory")) asan_set = 1; |
| 150 | 152 |
| 151 if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; | 153 if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; |
| 152 | 154 |
| 153 if (!strcmp(cur, "-shared")) maybe_linking = 0; | 155 if (!strcmp(cur, "-shared")) maybe_linking = 0; |
| 154 | 156 |
| 157 if (!strcmp(cur, "-Wl,-z,defs") || |
| 158 !strcmp(cur, "-Wl,--no-undefined")) continue; |
| 159 |
| 155 cc_params[cc_par_cnt++] = cur; | 160 cc_params[cc_par_cnt++] = cur; |
| 156 | 161 |
| 157 } | 162 } |
| 158 | 163 |
| 159 if (getenv("AFL_HARDEN")) { | 164 if (getenv("AFL_HARDEN")) { |
| 160 | 165 |
| 161 cc_params[cc_par_cnt++] = "-fstack-protector-all"; | 166 cc_params[cc_par_cnt++] = "-fstack-protector-all"; |
| 162 | 167 |
| 163 if (!fortify_set) | 168 if (!fortify_set) |
| 164 cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2"; | 169 cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2"; |
| 165 | 170 |
| 166 } | 171 } |
| 167 | 172 |
| 168 if (!asan_set) { | 173 if (!asan_set) { |
| 169 | 174 |
| 170 if (getenv("AFL_USE_ASAN")) { | 175 if (getenv("AFL_USE_ASAN")) { |
| 171 | 176 |
| 172 cc_params[cc_par_cnt++] = "-fsanitize=address"; | |
| 173 | |
| 174 if (getenv("AFL_USE_MSAN")) | 177 if (getenv("AFL_USE_MSAN")) |
| 175 FATAL("ASAN and MSAN are mutually exclusive"); | 178 FATAL("ASAN and MSAN are mutually exclusive"); |
| 176 | 179 |
| 180 if (getenv("AFL_HARDEN")) |
| 181 FATAL("ASAN and AFL_HARDEN are mutually exclusive"); |
| 182 |
| 183 cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; |
| 184 cc_params[cc_par_cnt++] = "-fsanitize=address"; |
| 185 |
| 177 } else if (getenv("AFL_USE_MSAN")) { | 186 } else if (getenv("AFL_USE_MSAN")) { |
| 178 | 187 |
| 179 cc_params[cc_par_cnt++] = "-fsanitize=memory"; | |
| 180 | |
| 181 if (getenv("AFL_USE_ASAN")) | 188 if (getenv("AFL_USE_ASAN")) |
| 182 FATAL("ASAN and MSAN are mutually exclusive"); | 189 FATAL("ASAN and MSAN are mutually exclusive"); |
| 183 | 190 |
| 191 if (getenv("AFL_HARDEN")) |
| 192 FATAL("MSAN and AFL_HARDEN are mutually exclusive"); |
| 193 |
| 194 cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; |
| 195 cc_params[cc_par_cnt++] = "-fsanitize=memory"; |
| 196 |
| 184 } | 197 } |
| 185 | 198 |
| 186 } | 199 } |
| 187 | 200 |
| 188 #ifdef USE_TRACE_PC | 201 #ifdef USE_TRACE_PC |
| 189 | 202 |
| 190 if (getenv("AFL_INST_RATIO")) | 203 if (getenv("AFL_INST_RATIO")) |
| 191 FATAL("AFL_INST_RATIO not available at compile time with 'trace-pc'."); | 204 FATAL("AFL_INST_RATIO not available at compile time with 'trace-pc'."); |
| 192 | 205 |
| 193 #endif /* USE_TRACE_PC */ | 206 #endif /* USE_TRACE_PC */ |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 | 345 |
| 333 edit_params(argc, argv); | 346 edit_params(argc, argv); |
| 334 | 347 |
| 335 execvp(cc_params[0], (char**)cc_params); | 348 execvp(cc_params[0], (char**)cc_params); |
| 336 | 349 |
| 337 FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); | 350 FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); |
| 338 | 351 |
| 339 return 0; | 352 return 0; |
| 340 | 353 |
| 341 } | 354 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2662883002:
Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard. (Closed)
