diff --git a/libafl_targets/src/cmplog.c b/libafl_targets/src/cmplog.c index efa7acbbcb..c03bfcd14e 100644 --- a/libafl_targets/src/cmplog.c +++ b/libafl_targets/src/cmplog.c @@ -6,6 +6,12 @@ #define CMPLOG_KIND_INS 0 #define CMPLOG_KIND_RTN 1 +#ifdef _WIN32 +#define RETADDR (uintptr_t)_ReturnAddress() +#else +#define RETADDR (uintptr_t)__builtin_return_address(0) +#endif + typedef struct CmpLogHeader { uint16_t hits; uint8_t shape; @@ -31,6 +37,11 @@ extern uint8_t libafl_cmplog_enabled; #pragma weak __sanitizer_cov_trace_const_cmp2 = __sanitizer_cov_trace_cmp2 #pragma weak __sanitizer_cov_trace_const_cmp4 = __sanitizer_cov_trace_cmp4 #pragma weak __sanitizer_cov_trace_const_cmp8 = __sanitizer_cov_trace_cmp8 +#elif defined(_MSC_VER) + #pragma comment(linker, "/alternatename:__sanitizer_cov_trace_const_cmp1=__sanitizer_cov_trace_cmp1") + #pragma comment(linker, "/alternatename:__sanitizer_cov_trace_const_cmp2=__sanitizer_cov_trace_cmp2") + #pragma comment(linker, "/alternatename:__sanitizer_cov_trace_const_cmp4=__sanitizer_cov_trace_cmp4") + #pragma comment(linker, "/alternatename:__sanitizer_cov_trace_const_cmp8=__sanitizer_cov_trace_cmp8") #else void __sanitizer_cov_trace_const_cmp1(uint8_t arg1, uint8_t arg2) __attribute__((alias("__sanitizer_cov_trace_cmp1"))); void __sanitizer_cov_trace_const_cmp2(uint16_t arg1, uint16_t arg2) @@ -41,11 +52,12 @@ void __sanitizer_cov_trace_const_cmp8(uint64_t arg1, uint64_t arg2) __attribute__((alias("__sanitizer_cov_trace_cmp8"))); #endif + void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) { if (!libafl_cmplog_enabled) return; - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= CMPLOG_MAP_W - 1; @@ -72,7 +84,7 @@ void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2) { if (!libafl_cmplog_enabled) return; - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= CMPLOG_MAP_W - 1; @@ -99,7 +111,7 @@ void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) { if (!libafl_cmplog_enabled) return; - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= CMPLOG_MAP_W - 1; @@ -125,7 +137,7 @@ void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) { if (!libafl_cmplog_enabled) return; - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= CMPLOG_MAP_W - 1; @@ -159,7 +171,7 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { for (uint64_t i = 0; i < cases[0]; i++) { - uintptr_t k = (uintptr_t)__builtin_return_address(0) + i; + uintptr_t k = RETADDR + i; k = (k >> 4) ^ (k << 8); k &= CMPLOG_MAP_W - 1; diff --git a/libafl_targets/src/lib.rs b/libafl_targets/src/lib.rs index 03a0a0e1e0..f2ad1f9095 100644 --- a/libafl_targets/src/lib.rs +++ b/libafl_targets/src/lib.rs @@ -5,16 +5,21 @@ pub mod pcguard; #[cfg(any(feature = "pcguard_edges", feature = "pcguard_hitcounts"))] pub use pcguard::*; -#[cfg(feature = "value_profile")] -pub mod value_profile; -#[cfg(feature = "value_profile")] -pub use value_profile::*; - #[cfg(feature = "libfuzzer")] pub mod libfuzzer; #[cfg(feature = "libfuzzer")] pub use libfuzzer::*; +#[cfg(all(feature = "value_profile", feature = "cmplog"))] +compile_error!( + "the libafl_targets `value_profile` and `cmplog` features are mutually exclusive." +); + +#[cfg(feature = "value_profile")] +pub mod value_profile; +#[cfg(feature = "value_profile")] +pub use value_profile::*; + #[cfg(feature = "cmplog")] pub mod cmplog; #[cfg(feature = "cmplog")] diff --git a/libafl_targets/src/value_profile.c b/libafl_targets/src/value_profile.c index f8fa021a38..fb0b45d793 100644 --- a/libafl_targets/src/value_profile.c +++ b/libafl_targets/src/value_profile.c @@ -7,6 +7,12 @@ extern uint8_t libafl_cmp_map[MAP_SIZE]; +#ifdef _WIN32 +#define RETADDR (uintptr_t)_ReturnAddress() +#else +#define RETADDR (uintptr_t)__builtin_return_address(0) +#endif + #ifdef __GNUC__ #define MAX(a, b) \ ({ \ @@ -20,6 +26,12 @@ extern uint8_t libafl_cmp_map[MAP_SIZE]; #define MAX(a, b) (((a) > (b)) ? (a) : (b)) #endif +#ifdef _MSC_VER +#include +#define __builtin_popcount __popcnt +#define __builtin_popcountll __popcnt64 +#endif + #if defined(__APPLE__) #pragma weak __sanitizer_cov_trace_const_cmp1 = __sanitizer_cov_trace_cmp1 #pragma weak __sanitizer_cov_trace_const_cmp2 = __sanitizer_cov_trace_cmp2 @@ -42,7 +54,7 @@ void __sanitizer_cov_trace_const_cmp8(uint64_t arg1, uint64_t arg2) void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) { - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= MAP_SIZE - 1; libafl_cmp_map[k] = MAX(libafl_cmp_map[k], (__builtin_popcount(~(arg1 ^ arg2)))); @@ -51,7 +63,7 @@ void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) { void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2) { - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= MAP_SIZE - 1; libafl_cmp_map[k] = MAX(libafl_cmp_map[k], (__builtin_popcount(~(arg1 ^ arg2)))); @@ -60,7 +72,7 @@ void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2) { void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) { - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= MAP_SIZE - 1; libafl_cmp_map[k] = MAX(libafl_cmp_map[k], (__builtin_popcount(~(arg1 ^ arg2)))); @@ -69,7 +81,7 @@ void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) { void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) { - uintptr_t k = (uintptr_t)__builtin_return_address(0); + uintptr_t k = RETADDR; k = (k >> 4) ^ (k << 8); k &= MAP_SIZE - 1; libafl_cmp_map[k] = MAX(libafl_cmp_map[k], (__builtin_popcountll(~(arg1 ^ arg2)))); @@ -78,7 +90,7 @@ void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) { void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { - uintptr_t rt = (uintptr_t)__builtin_return_address(0); + uintptr_t rt = RETADDR; if (cases[1] == 64) { for (uint64_t i = 0; i < cases[0]; i++) {