Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1382)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/afl/src/llvm_mode/afl-clang-fast.c

Issue 2662883002: Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard. (Closed)
Patch Set: Remove unneeded vuln_samples binaries. Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/afl/src/llvm_mode/README.llvm ('k') | third_party/afl/src/llvm_mode/afl-llvm-rt.o.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/afl/src/llvm_mode/afl-clang-fast.c
diff --git a/third_party/afl/src/llvm_mode/afl-clang-fast.c b/third_party/afl/src/llvm_mode/afl-clang-fast.c
index 725a16fa5149400306893514471724b3ba0326c4..4f7fe475a3d5bf213a29213bebbd96ad1f524895 100644
--- a/third_party/afl/src/llvm_mode/afl-clang-fast.c
+++ b/third_party/afl/src/llvm_mode/afl-clang-fast.c
@@ -114,13 +114,15 @@ static void edit_params(u32 argc, char** argv) {
/* There are two ways to compile afl-clang-fast. In the traditional mode, we
use afl-llvm-pass.so to inject instrumentation. In the experimental
- 'trace-pc' mode, we use native LLVM instrumentation callbacks instead.
- The latter is a very recent addition - see:
+ 'trace-pc-guard' mode, we use native LLVM instrumentation callbacks
+ instead. The latter is a very recent addition - see:
- http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs */
+ http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards */
#ifdef USE_TRACE_PC
- cc_params[cc_par_cnt++] = "-fsanitize-coverage=bb,trace-pc";
+ cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard";
+ cc_params[cc_par_cnt++] = "-mllvm";
+ cc_params[cc_par_cnt++] = "-sanitizer-coverage-block-threshold=0";
#else
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] = "-load";
@@ -152,6 +154,9 @@ static void edit_params(u32 argc, char** argv) {
if (!strcmp(cur, "-shared")) maybe_linking = 0;
+ if (!strcmp(cur, "-Wl,-z,defs") ||
+ !strcmp(cur, "-Wl,--no-undefined")) continue;
+
cc_params[cc_par_cnt++] = cur;
}
@@ -169,18 +174,26 @@ static void edit_params(u32 argc, char** argv) {
if (getenv("AFL_USE_ASAN")) {
- cc_params[cc_par_cnt++] = "-fsanitize=address";
-
if (getenv("AFL_USE_MSAN"))
FATAL("ASAN and MSAN are mutually exclusive");
- } else if (getenv("AFL_USE_MSAN")) {
+ if (getenv("AFL_HARDEN"))
+ FATAL("ASAN and AFL_HARDEN are mutually exclusive");
- cc_params[cc_par_cnt++] = "-fsanitize=memory";
+ cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
+ cc_params[cc_par_cnt++] = "-fsanitize=address";
+
+ } else if (getenv("AFL_USE_MSAN")) {
if (getenv("AFL_USE_ASAN"))
FATAL("ASAN and MSAN are mutually exclusive");
+ if (getenv("AFL_HARDEN"))
+ FATAL("MSAN and AFL_HARDEN are mutually exclusive");
+
+ cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
+ cc_params[cc_par_cnt++] = "-fsanitize=memory";
+
}
}
« no previous file with comments | « third_party/afl/src/llvm_mode/README.llvm ('k') | third_party/afl/src/llvm_mode/afl-llvm-rt.o.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698