SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #1721 (#1722)

Browse Source
This commit is contained in:
Andrea Fioraldi 2023-12-11 15:26:53 +01:00 committed by GitHub
parent c2db7ad162
commit 002656b076
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 69 additions and 279 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libafl_cc/src/afl-coverage-pass.cc
View File

@ -440,7 +440,7 @@ bool AFLCoverage::runOnModule(Module &M) {
fprintf(stderr, "FUNCTION: %s (%zu)\n", F.getName().str().c_str(), fprintf(stderr, "FUNCTION: %s (%zu)\n", F.getName().str().c_str(),
F.size()); F.size());
// if (!isInInstrumentList(&F)) { continue; } if (isIgnoreFunction(&F)) { continue; }
if (F.size() < function_minimum_size) { continue; } if (F.size() < function_minimum_size) { continue; }
if (DumpCFG) { entry_bb[F.getName()] = &F.getEntryBlock(); } if (DumpCFG) { entry_bb[F.getName()] = &F.getEntryBlock(); }

70
libafl_cc/src/autotokens-pass.cc
View File

@ -33,18 +33,11 @@
#include <fstream> #include <fstream>
#include <set> #include <set>
#include "llvm/Config/llvm-config.h" #include "common-llvm.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
#if USE_NEW_PM
#include "llvm/Passes/PassPlugin.h"
#include "llvm/Passes/PassBuilder.h"
#include "llvm/IR/PassManager.h"
#else
#include "llvm/IR/LegacyPassManager.h"
#include "llvm/Transforms/IPO/PassManagerBuilder.h"
#endif
#include "llvm/IR/BasicBlock.h" #include "llvm/IR/BasicBlock.h"
#include "llvm/IR/Module.h" #include "llvm/IR/Module.h"
#include "llvm/IR/DebugInfo.h" #include "llvm/IR/DebugInfo.h"
@ -81,65 +74,6 @@ using namespace llvm;
namespace { namespace {
/* Function that we never instrument or analyze */
/* Note: this ignore check is also called in isInInstrumentList() */
bool isIgnoreFunction(const llvm::Function *F) {
// Starting from "LLVMFuzzer" these are functions used in libfuzzer based
// fuzzing campaign installations, e.g. oss-fuzz
static constexpr const char *ignoreList[] = {
"asan.",
"llvm.",
"sancov.",
"__ubsan",
"ign.",
"__afl",
"_fini",
"__libc_",
"__asan",
"__msan",
"__cmplog",
"__sancov",
"__san",
"__cxx_",
"__decide_deferred",
"_GLOBAL",
"_ZZN6__asan",
"_ZZN6__lsan",
"msan.",
"LLVMFuzzerM",
"LLVMFuzzerC",
"LLVMFuzzerI",
"maybe_duplicate_stderr",
"discard_output",
"close_stdout",
"dup_and_close_stderr",
"maybe_close_fd_mask",
"ExecuteFilesOnyByOne"
};
for (auto const &ignoreListFunc : ignoreList) {
if (F->getName().startswith(ignoreListFunc)) { return true; }
}
static constexpr const char *ignoreSubstringList[] = {
"__asan", "__msan", "__ubsan", "__lsan",
"__san", "__sanitize", "__cxx", "_GLOBAL__",
"DebugCounter", "DwarfDebug", "DebugLoc"
};
for (auto const &ignoreListFunc : ignoreSubstringList) {
// hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0
if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; }
}
return false;
}
#if USE_NEW_PM #if USE_NEW_PM
class AutoTokensPass : public PassInfoMixin<AutoTokensPass> { class AutoTokensPass : public PassInfoMixin<AutoTokensPass> {
public: public:

74
libafl_cc/src/cmplog-instructions-pass.cc
View File

@ -25,16 +25,8 @@
#include <list> #include <list>
#include <string> #include <string>
#include <fstream> #include <fstream>
#include "llvm/Config/llvm-config.h"
#if USE_NEW_PM #include "common-llvm.h"
#include "llvm/Passes/PassPlugin.h"
#include "llvm/Passes/PassBuilder.h"
#include "llvm/IR/PassManager.h"
#else
#include "llvm/IR/LegacyPassManager.h"
#include "llvm/Transforms/IPO/PassManagerBuilder.h"
#endif
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
@ -63,68 +55,6 @@ static cl::opt<bool> CmplogExtended("cmplog_instructions_extended",
cl::init(false), cl::NotHidden); cl::init(false), cl::NotHidden);
namespace { namespace {
/* Function that we never instrument or analyze */
/* Note: this ignore check is also called in isInInstrumentList() */
/* Function that we never instrument or analyze */
/* Note: this ignore check is also called in isInInstrumentList() */
bool isIgnoreFunction(const llvm::Function *F) {
// Starting from "LLVMFuzzer" these are functions used in libfuzzer based
// fuzzing campaign installations, e.g. oss-fuzz
static constexpr const char *ignoreList[] = {
"asan.",
"llvm.",
"sancov.",
"__ubsan",
"ign.",
"__afl",
"_fini",
"__libc_",
"__asan",
"__msan",
"__cmplog",
"__sancov",
"__san",
"__cxx_",
"__decide_deferred",
"_GLOBAL",
"_ZZN6__asan",
"_ZZN6__lsan",
"msan.",
"LLVMFuzzerM",
"LLVMFuzzerC",
"LLVMFuzzerI",
"maybe_duplicate_stderr",
"discard_output",
"close_stdout",
"dup_and_close_stderr",
"maybe_close_fd_mask",
"ExecuteFilesOnyByOne"
};
for (auto const &ignoreListFunc : ignoreList) {
if (F->getName().startswith(ignoreListFunc)) { return true; }
}
static constexpr const char *ignoreSubstringList[] = {
"__asan", "__msan", "__ubsan", "__lsan",
"__san", "__sanitize", "__cxx", "_GLOBAL__",
"DebugCounter", "DwarfDebug", "DebugLoc"
};
for (auto const &ignoreListFunc : ignoreSubstringList) {
// hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0
if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; }
}
return false;
}
#if USE_NEW_PM #if USE_NEW_PM
class CmpLogInstructions : public PassInfoMixin<CmpLogInstructions> { class CmpLogInstructions : public PassInfoMixin<CmpLogInstructions> {
public: public:
@ -262,7 +192,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
/* iterate over all functions, bbs and instruction and add suitable calls */ /* iterate over all functions, bbs and instruction and add suitable calls */
for (auto &F : M) { for (auto &F : M) {
if (!isIgnoreFunction(&F)) continue; if (isIgnoreFunction(&F)) { continue; }
for (auto &BB : F) { for (auto &BB : F) {
for (auto &IN : BB) { for (auto &IN : BB) {

69
libafl_cc/src/cmplog-routines-pass.cc
View File

@ -25,16 +25,8 @@
#include <list> #include <list>
#include <string> #include <string>
#include <fstream> #include <fstream>
#include "llvm/Config/llvm-config.h"
#if USE_NEW_PM #include "common-llvm.h"
#include "llvm/Passes/PassPlugin.h"
#include "llvm/Passes/PassBuilder.h"
#include "llvm/IR/PassManager.h"
#else
#include "llvm/IR/LegacyPassManager.h"
#include "llvm/Transforms/IPO/PassManagerBuilder.h"
#endif
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
@ -61,65 +53,6 @@ using namespace llvm;
namespace { namespace {
/* Function that we never instrument or analyze */
/* Note: this ignore check is also called in isInInstrumentList() */
bool isIgnoreFunction(const llvm::Function *F) {
// Starting from "LLVMFuzzer" these are functions used in libfuzzer based
// fuzzing campaign installations, e.g. oss-fuzz
static constexpr const char *ignoreList[] = {
"asan.",
"llvm.",
"sancov.",
"__ubsan",
"ign.",
"__afl",
"_fini",
"__libc_",
"__asan",
"__msan",
"__cmplog",
"__sancov",
"__san",
"__cxx_",
"__decide_deferred",
"_GLOBAL",
"_ZZN6__asan",
"_ZZN6__lsan",
"msan.",
"LLVMFuzzerM",
"LLVMFuzzerC",
"LLVMFuzzerI",
"maybe_duplicate_stderr",
"discard_output",
"close_stdout",
"dup_and_close_stderr",
"maybe_close_fd_mask",
"ExecuteFilesOnyByOne"
};
for (auto const &ignoreListFunc : ignoreList) {
if (F->getName().startswith(ignoreListFunc)) { return true; }
}
static constexpr const char *ignoreSubstringList[] = {
"__asan", "__msan", "__ubsan", "__lsan",
"__san", "__sanitize", "__cxx", "_GLOBAL__",
"DebugCounter", "DwarfDebug", "DebugLoc"
};
for (auto const &ignoreListFunc : ignoreSubstringList) {
// hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0
if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; }
}
return false;
}
#if USE_NEW_PM #if USE_NEW_PM
class CmpLogRoutines : public PassInfoMixin<CmpLogRoutines> { class CmpLogRoutines : public PassInfoMixin<CmpLogRoutines> {
public: public:

71
libafl_cc/src/cmplog-switches-pass.cc
View File

@ -25,16 +25,8 @@
#include <list> #include <list>
#include <string> #include <string>
#include <fstream> #include <fstream>
#include "llvm/Config/llvm-config.h"
#if USE_NEW_PM #include "common-llvm.h"
#include "llvm/Passes/PassPlugin.h"
#include "llvm/Passes/PassBuilder.h"
#include "llvm/IR/PassManager.h"
#else
#include "llvm/IR/LegacyPassManager.h"
#include "llvm/Transforms/IPO/PassManagerBuilder.h"
#endif
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
@ -64,65 +56,6 @@ static cl::opt<bool> CmplogExtended("cmplog_switches_extended",
cl::init(false), cl::NotHidden); cl::init(false), cl::NotHidden);
namespace { namespace {
/* Function that we never instrument or analyze */
/* Note: this ignore check is also called in isInInstrumentList() */
bool isIgnoreFunction(const llvm::Function *F) {
// Starting from "LLVMFuzzer" these are functions used in libfuzzer based
// fuzzing campaign installations, e.g. oss-fuzz
static constexpr const char *ignoreList[] = {
"asan.",
"llvm.",
"sancov.",
"__ubsan",
"ign.",
"__afl",
"_fini",
"__libc_",
"__asan",
"__msan",
"__cmplog",
"__sancov",
"__san",
"__cxx_",
"__decide_deferred",
"_GLOBAL",
"_ZZN6__asan",
"_ZZN6__lsan",
"msan.",
"LLVMFuzzerM",
"LLVMFuzzerC",
"LLVMFuzzerI",
"maybe_duplicate_stderr",
"discard_output",
"close_stdout",
"dup_and_close_stderr",
"maybe_close_fd_mask",
"ExecuteFilesOnyByOne"
};
for (auto const &ignoreListFunc : ignoreList) {
if (F->getName().startswith(ignoreListFunc)) { return true; }
}
static constexpr const char *ignoreSubstringList[] = {
"__asan", "__msan", "__ubsan", "__lsan",
"__san", "__sanitize", "__cxx", "_GLOBAL__",
"DebugCounter", "DwarfDebug", "DebugLoc"
};
for (auto const &ignoreListFunc : ignoreSubstringList) {
// hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0
if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; }
}
return false;
}
#if USE_NEW_PM #if USE_NEW_PM
class CmpLogSwitches : public PassInfoMixin<CmpLogSwitches> { class CmpLogSwitches : public PassInfoMixin<CmpLogSwitches> {
public: public:
@ -233,7 +166,7 @@ bool CmpLogSwitches::hookInstrs(Module &M) {
} }
for (auto &F : M) { for (auto &F : M) {
if (!isIgnoreFunction(&F)) { continue; } if (isIgnoreFunction(&F)) { continue; }
for (auto &BB : F) { for (auto &BB : F) {
SwitchInst *switchInst = nullptr; SwitchInst *switchInst = nullptr;

60
libafl_cc/src/common-llvm.h
View File

@ -59,4 +59,64 @@ static uint64_t PowerOf2Ceil(unsigned in) {
} }
#endif #endif
/* Function that we never instrument or analyze */
/* Note: this ignore check is also called in isInInstrumentList() */
static inline bool isIgnoreFunction(const llvm::Function *F) {
// Starting from "LLVMFuzzer" these are functions used in libfuzzer based
// fuzzing campaign installations, e.g. oss-fuzz
static constexpr const char *ignoreList[] = {
"asan.",
"llvm.",
"sancov.",
"__ubsan",
"ign.",
"__afl",
"_fini",
"__libc_",
"__asan",
"__msan",
"__cmplog",
"__sancov",
"__san",
"__cxx_",
"__decide_deferred",
"_GLOBAL",
"_ZZN6__asan",
"_ZZN6__lsan",
"msan.",
"LLVMFuzzerM",
"LLVMFuzzerC",
"LLVMFuzzerI",
"maybe_duplicate_stderr",
"discard_output",
"close_stdout",
"dup_and_close_stderr",
"maybe_close_fd_mask",
"ExecuteFilesOnyByOne"
};
for (auto const &ignoreListFunc : ignoreList) {
if (F->getName().startswith(ignoreListFunc)) { return true; }
}
static constexpr const char *ignoreSubstringList[] = {
"__asan", "__msan", "__ubsan", "__lsan",
"__san", "__sanitize", "_GLOBAL__", "DebugCounter",
"DwarfDebug", "DebugLoc"
};
for (auto const &ignoreListFunc : ignoreSubstringList) {
// hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0
if (llvm::StringRef::npos != F->getName().find(ignoreListFunc)) {
return true;
}
}
return false;
}
#endif // LIBAFL_COMMON_LLVM_H #endif // LIBAFL_COMMON_LLVM_H