From 002656b076d70da9855111df5fc0feb1c44ba099 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 11 Dec 2023 15:26:53 +0100 Subject: [PATCH] Fix #1721 (#1722) --- libafl_cc/src/afl-coverage-pass.cc | 2 +- libafl_cc/src/autotokens-pass.cc | 70 +-------------------- libafl_cc/src/cmplog-instructions-pass.cc | 74 +---------------------- libafl_cc/src/cmplog-routines-pass.cc | 69 +-------------------- libafl_cc/src/cmplog-switches-pass.cc | 73 +--------------------- libafl_cc/src/common-llvm.h | 60 ++++++++++++++++++ 6 files changed, 69 insertions(+), 279 deletions(-) diff --git a/libafl_cc/src/afl-coverage-pass.cc b/libafl_cc/src/afl-coverage-pass.cc index b7375fd994..921013bb52 100644 --- a/libafl_cc/src/afl-coverage-pass.cc +++ b/libafl_cc/src/afl-coverage-pass.cc @@ -440,7 +440,7 @@ bool AFLCoverage::runOnModule(Module &M) { fprintf(stderr, "FUNCTION: %s (%zu)\n", F.getName().str().c_str(), F.size()); - // if (!isInInstrumentList(&F)) { continue; } + if (isIgnoreFunction(&F)) { continue; } if (F.size() < function_minimum_size) { continue; } if (DumpCFG) { entry_bb[F.getName()] = &F.getEntryBlock(); } diff --git a/libafl_cc/src/autotokens-pass.cc b/libafl_cc/src/autotokens-pass.cc index ba0f33f6f0..b6dba1c004 100644 --- a/libafl_cc/src/autotokens-pass.cc +++ b/libafl_cc/src/autotokens-pass.cc @@ -33,18 +33,11 @@ #include #include -#include "llvm/Config/llvm-config.h" +#include "common-llvm.h" + #include "llvm/ADT/Statistic.h" #include "llvm/IR/IRBuilder.h" -#if USE_NEW_PM - #include "llvm/Passes/PassPlugin.h" - #include "llvm/Passes/PassBuilder.h" - #include "llvm/IR/PassManager.h" -#else - #include "llvm/IR/LegacyPassManager.h" - #include "llvm/Transforms/IPO/PassManagerBuilder.h" -#endif #include "llvm/IR/BasicBlock.h" #include "llvm/IR/Module.h" #include "llvm/IR/DebugInfo.h" @@ -81,65 +74,6 @@ using namespace llvm; namespace { -/* Function that we never instrument or analyze */ -/* Note: this ignore check is also called in isInInstrumentList() */ -bool isIgnoreFunction(const llvm::Function *F) { - // Starting from "LLVMFuzzer" these are functions used in libfuzzer based - // fuzzing campaign installations, e.g. oss-fuzz - - static constexpr const char *ignoreList[] = { - - "asan.", - "llvm.", - "sancov.", - "__ubsan", - "ign.", - "__afl", - "_fini", - "__libc_", - "__asan", - "__msan", - "__cmplog", - "__sancov", - "__san", - "__cxx_", - "__decide_deferred", - "_GLOBAL", - "_ZZN6__asan", - "_ZZN6__lsan", - "msan.", - "LLVMFuzzerM", - "LLVMFuzzerC", - "LLVMFuzzerI", - "maybe_duplicate_stderr", - "discard_output", - "close_stdout", - "dup_and_close_stderr", - "maybe_close_fd_mask", - "ExecuteFilesOnyByOne" - - }; - - for (auto const &ignoreListFunc : ignoreList) { - if (F->getName().startswith(ignoreListFunc)) { return true; } - } - - static constexpr const char *ignoreSubstringList[] = { - - "__asan", "__msan", "__ubsan", "__lsan", - "__san", "__sanitize", "__cxx", "_GLOBAL__", - "DebugCounter", "DwarfDebug", "DebugLoc" - - }; - - for (auto const &ignoreListFunc : ignoreSubstringList) { - // hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0 - if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; } - } - - return false; -} - #if USE_NEW_PM class AutoTokensPass : public PassInfoMixin { public: diff --git a/libafl_cc/src/cmplog-instructions-pass.cc b/libafl_cc/src/cmplog-instructions-pass.cc index 0a47c3309d..fb44c57a8e 100644 --- a/libafl_cc/src/cmplog-instructions-pass.cc +++ b/libafl_cc/src/cmplog-instructions-pass.cc @@ -25,16 +25,8 @@ #include #include #include -#include "llvm/Config/llvm-config.h" -#if USE_NEW_PM - #include "llvm/Passes/PassPlugin.h" - #include "llvm/Passes/PassBuilder.h" - #include "llvm/IR/PassManager.h" -#else - #include "llvm/IR/LegacyPassManager.h" - #include "llvm/Transforms/IPO/PassManagerBuilder.h" -#endif +#include "common-llvm.h" #include "llvm/ADT/Statistic.h" #include "llvm/IR/IRBuilder.h" @@ -63,68 +55,6 @@ static cl::opt CmplogExtended("cmplog_instructions_extended", cl::init(false), cl::NotHidden); namespace { -/* Function that we never instrument or analyze */ -/* Note: this ignore check is also called in isInInstrumentList() */ - -/* Function that we never instrument or analyze */ -/* Note: this ignore check is also called in isInInstrumentList() */ -bool isIgnoreFunction(const llvm::Function *F) { - // Starting from "LLVMFuzzer" these are functions used in libfuzzer based - // fuzzing campaign installations, e.g. oss-fuzz - - static constexpr const char *ignoreList[] = { - - "asan.", - "llvm.", - "sancov.", - "__ubsan", - "ign.", - "__afl", - "_fini", - "__libc_", - "__asan", - "__msan", - "__cmplog", - "__sancov", - "__san", - "__cxx_", - "__decide_deferred", - "_GLOBAL", - "_ZZN6__asan", - "_ZZN6__lsan", - "msan.", - "LLVMFuzzerM", - "LLVMFuzzerC", - "LLVMFuzzerI", - "maybe_duplicate_stderr", - "discard_output", - "close_stdout", - "dup_and_close_stderr", - "maybe_close_fd_mask", - "ExecuteFilesOnyByOne" - - }; - - for (auto const &ignoreListFunc : ignoreList) { - if (F->getName().startswith(ignoreListFunc)) { return true; } - } - - static constexpr const char *ignoreSubstringList[] = { - - "__asan", "__msan", "__ubsan", "__lsan", - "__san", "__sanitize", "__cxx", "_GLOBAL__", - "DebugCounter", "DwarfDebug", "DebugLoc" - - }; - - for (auto const &ignoreListFunc : ignoreSubstringList) { - // hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0 - if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; } - } - - return false; -} - #if USE_NEW_PM class CmpLogInstructions : public PassInfoMixin { public: @@ -262,7 +192,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { - if (!isIgnoreFunction(&F)) continue; + if (isIgnoreFunction(&F)) { continue; } for (auto &BB : F) { for (auto &IN : BB) { diff --git a/libafl_cc/src/cmplog-routines-pass.cc b/libafl_cc/src/cmplog-routines-pass.cc index 37cbd6026b..730e146085 100644 --- a/libafl_cc/src/cmplog-routines-pass.cc +++ b/libafl_cc/src/cmplog-routines-pass.cc @@ -25,16 +25,8 @@ #include #include #include -#include "llvm/Config/llvm-config.h" -#if USE_NEW_PM - #include "llvm/Passes/PassPlugin.h" - #include "llvm/Passes/PassBuilder.h" - #include "llvm/IR/PassManager.h" -#else - #include "llvm/IR/LegacyPassManager.h" - #include "llvm/Transforms/IPO/PassManagerBuilder.h" -#endif +#include "common-llvm.h" #include "llvm/ADT/Statistic.h" #include "llvm/IR/IRBuilder.h" @@ -61,65 +53,6 @@ using namespace llvm; namespace { -/* Function that we never instrument or analyze */ -/* Note: this ignore check is also called in isInInstrumentList() */ -bool isIgnoreFunction(const llvm::Function *F) { - // Starting from "LLVMFuzzer" these are functions used in libfuzzer based - // fuzzing campaign installations, e.g. oss-fuzz - - static constexpr const char *ignoreList[] = { - - "asan.", - "llvm.", - "sancov.", - "__ubsan", - "ign.", - "__afl", - "_fini", - "__libc_", - "__asan", - "__msan", - "__cmplog", - "__sancov", - "__san", - "__cxx_", - "__decide_deferred", - "_GLOBAL", - "_ZZN6__asan", - "_ZZN6__lsan", - "msan.", - "LLVMFuzzerM", - "LLVMFuzzerC", - "LLVMFuzzerI", - "maybe_duplicate_stderr", - "discard_output", - "close_stdout", - "dup_and_close_stderr", - "maybe_close_fd_mask", - "ExecuteFilesOnyByOne" - - }; - - for (auto const &ignoreListFunc : ignoreList) { - if (F->getName().startswith(ignoreListFunc)) { return true; } - } - - static constexpr const char *ignoreSubstringList[] = { - - "__asan", "__msan", "__ubsan", "__lsan", - "__san", "__sanitize", "__cxx", "_GLOBAL__", - "DebugCounter", "DwarfDebug", "DebugLoc" - - }; - - for (auto const &ignoreListFunc : ignoreSubstringList) { - // hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0 - if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; } - } - - return false; -} - #if USE_NEW_PM class CmpLogRoutines : public PassInfoMixin { public: diff --git a/libafl_cc/src/cmplog-switches-pass.cc b/libafl_cc/src/cmplog-switches-pass.cc index 2d6c64b580..24a72909d2 100644 --- a/libafl_cc/src/cmplog-switches-pass.cc +++ b/libafl_cc/src/cmplog-switches-pass.cc @@ -25,16 +25,8 @@ #include #include #include -#include "llvm/Config/llvm-config.h" -#if USE_NEW_PM - #include "llvm/Passes/PassPlugin.h" - #include "llvm/Passes/PassBuilder.h" - #include "llvm/IR/PassManager.h" -#else - #include "llvm/IR/LegacyPassManager.h" - #include "llvm/Transforms/IPO/PassManagerBuilder.h" -#endif +#include "common-llvm.h" #include "llvm/ADT/Statistic.h" #include "llvm/IR/IRBuilder.h" @@ -64,65 +56,6 @@ static cl::opt CmplogExtended("cmplog_switches_extended", cl::init(false), cl::NotHidden); namespace { -/* Function that we never instrument or analyze */ -/* Note: this ignore check is also called in isInInstrumentList() */ -bool isIgnoreFunction(const llvm::Function *F) { - // Starting from "LLVMFuzzer" these are functions used in libfuzzer based - // fuzzing campaign installations, e.g. oss-fuzz - - static constexpr const char *ignoreList[] = { - - "asan.", - "llvm.", - "sancov.", - "__ubsan", - "ign.", - "__afl", - "_fini", - "__libc_", - "__asan", - "__msan", - "__cmplog", - "__sancov", - "__san", - "__cxx_", - "__decide_deferred", - "_GLOBAL", - "_ZZN6__asan", - "_ZZN6__lsan", - "msan.", - "LLVMFuzzerM", - "LLVMFuzzerC", - "LLVMFuzzerI", - "maybe_duplicate_stderr", - "discard_output", - "close_stdout", - "dup_and_close_stderr", - "maybe_close_fd_mask", - "ExecuteFilesOnyByOne" - - }; - - for (auto const &ignoreListFunc : ignoreList) { - if (F->getName().startswith(ignoreListFunc)) { return true; } - } - - static constexpr const char *ignoreSubstringList[] = { - - "__asan", "__msan", "__ubsan", "__lsan", - "__san", "__sanitize", "__cxx", "_GLOBAL__", - "DebugCounter", "DwarfDebug", "DebugLoc" - - }; - - for (auto const &ignoreListFunc : ignoreSubstringList) { - // hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0 - if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; } - } - - return false; -} - #if USE_NEW_PM class CmpLogSwitches : public PassInfoMixin { public: @@ -233,7 +166,7 @@ bool CmpLogSwitches::hookInstrs(Module &M) { } for (auto &F : M) { - if (!isIgnoreFunction(&F)) { continue; } + if (isIgnoreFunction(&F)) { continue; } for (auto &BB : F) { SwitchInst *switchInst = nullptr; @@ -391,4 +324,4 @@ static RegisterStandardPasses RegisterCmpLogSwitchesPassLTO( PassManagerBuilder::EP_FullLinkTimeOptimizationLast, registerCmpLogSwitchesPass); -#endif \ No newline at end of file +#endif diff --git a/libafl_cc/src/common-llvm.h b/libafl_cc/src/common-llvm.h index b18f178ae5..0d1b0f3e0e 100644 --- a/libafl_cc/src/common-llvm.h +++ b/libafl_cc/src/common-llvm.h @@ -59,4 +59,64 @@ static uint64_t PowerOf2Ceil(unsigned in) { } #endif +/* Function that we never instrument or analyze */ +/* Note: this ignore check is also called in isInInstrumentList() */ +static inline bool isIgnoreFunction(const llvm::Function *F) { + // Starting from "LLVMFuzzer" these are functions used in libfuzzer based + // fuzzing campaign installations, e.g. oss-fuzz + + static constexpr const char *ignoreList[] = { + + "asan.", + "llvm.", + "sancov.", + "__ubsan", + "ign.", + "__afl", + "_fini", + "__libc_", + "__asan", + "__msan", + "__cmplog", + "__sancov", + "__san", + "__cxx_", + "__decide_deferred", + "_GLOBAL", + "_ZZN6__asan", + "_ZZN6__lsan", + "msan.", + "LLVMFuzzerM", + "LLVMFuzzerC", + "LLVMFuzzerI", + "maybe_duplicate_stderr", + "discard_output", + "close_stdout", + "dup_and_close_stderr", + "maybe_close_fd_mask", + "ExecuteFilesOnyByOne" + + }; + + for (auto const &ignoreListFunc : ignoreList) { + if (F->getName().startswith(ignoreListFunc)) { return true; } + } + static constexpr const char *ignoreSubstringList[] = { + + "__asan", "__msan", "__ubsan", "__lsan", + "__san", "__sanitize", "_GLOBAL__", "DebugCounter", + "DwarfDebug", "DebugLoc" + + }; + + for (auto const &ignoreListFunc : ignoreSubstringList) { + // hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0 + if (llvm::StringRef::npos != F->getName().find(ignoreListFunc)) { + return true; + } + } + + return false; +} + #endif // LIBAFL_COMMON_LLVM_H