libaf_targets: new structure to isolate sancov

2021-05-14 15:57:12 +02:00 · 2021-05-14 15:57:12 +02:00 · f25554805d
commit f25554805d
parent a976c3b6f5
6 changed files with 28 additions and 7 deletions
--- a/fuzzers/libfuzzer_stb_image/Cargo.toml
+++ b/fuzzers/libfuzzer_stb_image/Cargo.toml
@ -17,7 +17,8 @@ debug = true
 [dependencies]
 libafl = { path = "../../libafl/" }
-libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_edges", "sancov_cmplog", "libfuzzer"] }
+
 libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_edges", "libfuzzer"] }
 [build-dependencies]
 cc = { version = "1.0", features = ["parallel"] }
--- a/libafl_targets/Cargo.toml
+++ b/libafl_targets/Cargo.toml
@ -13,9 +13,11 @@ edition = "2018"
 [features]
 default = []
 libfuzzer = []
 sancov_pcguard_edges = []
 sancov_pcguard_hitcounts = []
 sancov_value_profile = []
 sancov_cmplog = []
-pcguard = ["pcguard_hitcounts"]
+sancov_pcguard = ["sancov_pcguard_hitcounts"]
 clippy = [] # Ignore compiler warnings during clippy
 [build-dependencies]
--- a/libafl_targets/src/cmplog.h
+++ b/libafl_targets/src/cmplog.h
@ -30,7 +30,7 @@ extern CmpLogMap libafl_cmplog_map;
 extern uint8_t libafl_cmplog_enabled;
-void __libafl_targets_cmplog(uintptr_t k, uint8_t shape, uint64_t arg1, uint64_t arg2) {
+static void __libafl_targets_cmplog(uintptr_t k, uint8_t shape, uint64_t arg1, uint64_t arg2) {
  if (!libafl_cmplog_enabled) return;
--- a/libafl_targets/src/lib.rs
+++ b/libafl_targets/src/lib.rs
@ -1,8 +1,5 @@
 //! `libafl_targets` contains runtime code, injected in the target itself during compilation.
 #[macro_use]
 extern crate serde_big_array;
 #[cfg(any(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
 pub mod sancov_pcguard;
 #[cfg(any(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
@ -13,6 +10,9 @@ pub mod libfuzzer;
 #[cfg(feature = "libfuzzer")]
 pub use libfuzzer::*;
 pub mod coverage;
 pub use coverage::*;
 pub mod value_profile;
 pub use value_profile::*;
--- a/libafl_targets/src/sancov_cmp.c
+++ b/libafl_targets/src/sancov_cmp.c
@ -33,6 +33,9 @@ void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
  __libafl_targets_value_profile1(k, arg1, arg2);
 #endif
 #ifdef SANCOV_CMPLOG
  __libafl_targets_cmplog(k, 1, (uint64_t)arg1, (uint64_t)arg2);
 #endif
 }
@ -47,6 +50,9 @@ void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
  __libafl_targets_value_profile2(k, arg1, arg2);
 #endif
 #ifdef SANCOV_CMPLOG
  __libafl_targets_cmplog(k, 2, (uint64_t)arg1, (uint64_t)arg2);
 #endif
 }
@ -61,6 +67,9 @@ void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
  __libafl_targets_value_profile4(k, arg1, arg2);
 #endif
 #ifdef SANCOV_CMPLOG
  __libafl_targets_cmplog(k, 4, (uint64_t)arg1, (uint64_t)arg2);
 #endif
 }
@ -81,6 +90,9 @@ void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) {
 #ifdef SANCOV_VALUE_PROFILE
  __libafl_targets_value_profile8(k, arg1, arg2);
 #endif
 #ifdef SANCOV_CMPLOG
  __libafl_targets_cmplog(k, 8, (uint64_t)arg1, (uint64_t)arg2);
 #endif
 }
@ -88,6 +100,8 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
  uintptr_t rt = RETADDR;
  // if (!cases[1]) return;
  for (uint64_t i = 0; i < cases[0]; i++) {
    uintptr_t k = rt + i;
@ -110,6 +124,10 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
        break;
    }
 #endif
 #ifdef SANCOV_CMPLOG
    __libafl_targets_cmplog(k, cases[1] / 8, val, cases[i + 2]);
 #endif
  }
--- a/libafl_targets/src/sancov_pcguard.rs
+++ b/libafl_targets/src/sancov_pcguard.rs
@ -1,6 +1,6 @@
 //! [`LLVM` `PcGuard`](https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards) runtime for `LibAFL`.
-use crate::coverage::{EDGES_MAP, EDGES_MAP_SIZE, MAX_EDGES_NUM};
+use crate::coverage::*;
 #[cfg(all(feature = "sancov_pcguard_edges", feature = "sancov_pcguard_hitcounts"))]
 #[cfg(not(any(doc, feature = "clippy")))]