Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitfa2b040

Browse files
committed
fix LTO with cmplog and laf
1 parent69c9a17 commitfa2b040

File tree

5 files changed

+121
-220
lines changed

5 files changed

+121
-220
lines changed

‎GNUmakefile.llvm‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -394,7 +394,7 @@ endif
394394

395395
./SanitizerCoveragePCGUARD.so: instrumentation/SanitizerCoveragePCGUARD.so.cc instrumentation/afl-llvm-common.o | test_deps
396396
ifeq "$(LLVM_10_OK)" "1"
397-
-$(CXX) $(CLANG_CPPFL) -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) -Wno-deprecated-copy-with-dtor -Wdeprecated instrumentation/afl-llvm-common.o
397+
-$(CXX) $(CLANG_CPPFL) -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) -Wno-deprecated-copy-dtor -Wdeprecated instrumentation/afl-llvm-common.o
398398
endif
399399

400400
./afl-llvm-lto-instrumentlist.so: instrumentation/afl-llvm-lto-instrumentlist.so.cc instrumentation/afl-llvm-common.o

‎docs/Changelog.md‎

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,8 +24,6 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
2424
possible in the target (for afl-gcc-fast/afl-clang-fast/
2525
afl-clang-lto)
2626
- afl-cc:
27-
! llvm15-dev with LTO and extra features (LAF/CMPLOG etc.) might have
28-
issues at the moment
2927
- converted all passed to use the new llvm pass manager for llvm 11+
3028
- AFL++ PCGUARD mode is not available for 10.0.1 anymore (11+ only)
3129
- frida_mode:

‎instrumentation/SanitizerCoverageLTO.so.cc‎

Lines changed: 57 additions & 106 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,6 @@
3434
#include"llvm/IR/Instructions.h"
3535
#include"llvm/IR/IntrinsicInst.h"
3636
#include"llvm/IR/Intrinsics.h"
37-
#include"llvm/IR/LegacyPassManager.h"
3837
#include"llvm/IR/LLVMContext.h"
3938
#include"llvm/IR/MDBuilder.h"
4039
#include"llvm/IR/Mangler.h"
@@ -52,6 +51,9 @@
5251
#include"llvm/Transforms/Utils/BasicBlockUtils.h"
5352
#include"llvm/Transforms/Utils/BasicBlockUtils.h"
5453
#include"llvm/Transforms/Utils/ModuleUtils.h"
54+
#include"llvm/Passes/PassPlugin.h"
55+
#include"llvm/Passes/PassBuilder.h"
56+
#include"llvm/IR/PassManager.h"
5557

5658
#include"config.h"
5759
#include"debug.h"
@@ -162,27 +164,21 @@ using DomTreeCallback = function_ref<const DominatorTree *(Function &F)>;
162164
using PostDomTreeCallback =
163165
function_ref<const PostDominatorTree *(Function &F)>;
164166

165-
classModuleSanitizerCoverage {
167+
classModuleSanitizerCoverageLTO
168+
: public PassInfoMixin<ModuleSanitizerCoverageLTO> {
166169

167170
public:
168-
ModuleSanitizerCoverage(
171+
ModuleSanitizerCoverageLTO(
169172
const SanitizerCoverageOptions &Options = SanitizerCoverageOptions())
170173
: Options(OverrideFromCL(Options)) {
171174

172-
/* ,
173-
const SpecialCaseList * Allowlist = nullptr,
174-
const SpecialCaseList * Blocklist = nullptr)
175-
,
176-
Allowlist(Allowlist),
177-
Blocklist(Blocklist) {
178-
179-
*/
180-
181175
}
182176

183177
boolinstrumentModule(Module &M, DomTreeCallback DTCallback,
184178
PostDomTreeCallback PDTCallback);
185179

180+
PreservedAnalysesrun(Module &M, ModuleAnalysisManager &MAM);
181+
186182
private:
187183
voidinstrumentFunction(Function &F, DomTreeCallback DTCallback,
188184
PostDomTreeCallback PDTCallback);
@@ -280,27 +276,14 @@ class ModuleSanitizerCoverageLegacyPass : public ModulePass {
280276
const SanitizerCoverageOptions &Options = SanitizerCoverageOptions())
281277
: ModulePass(ID), Options(Options) {
282278

283-
/* ,
284-
const std::vector<std::string> &AllowlistFiles =
285-
std::vector<std::string>(),
286-
const std::vector<std::string> &BlocklistFiles =
287-
std::vector<std::string>())
288-
if (AllowlistFiles.size() > 0)
289-
Allowlist = SpecialCaseList::createOrDie(AllowlistFiles,
290-
*vfs::getRealFileSystem());
291-
if (BlocklistFiles.size() > 0)
292-
Blocklist = SpecialCaseList::createOrDie(BlocklistFiles,
293-
*vfs::getRealFileSystem());
294-
*/
295279
initializeModuleSanitizerCoverageLegacyPassPass(
296280
*PassRegistry::getPassRegistry());
297281

298282
}
299283

300284
boolrunOnModule(Module &M)override {
301285

302-
ModuleSanitizerCoverageModuleSancov(Options);
303-
// , Allowlist.get(), Blocklist.get());
286+
ModuleSanitizerCoverageLTOModuleSancov(Options);
304287
auto DTCallback = [this](Function &F) ->const DominatorTree * {
305288

306289
return &this->getAnalysis<DominatorTreeWrapperPass>(F).getDomTree();
@@ -321,18 +304,36 @@ class ModuleSanitizerCoverageLegacyPass : public ModulePass {
321304
private:
322305
SanitizerCoverageOptions Options;
323306

324-
// std::unique_ptr<SpecialCaseList> Allowlist;
325-
// std::unique_ptr<SpecialCaseList> Blocklist;
326-
327307
};
328308

329309
}// namespace
330310

331-
PreservedAnalysesModuleSanitizerCoveragePass::run(Module & M,
332-
ModuleAnalysisManager &MAM) {
311+
extern"C" ::llvm::PassPluginLibraryInfo LLVM_ATTRIBUTE_WEAK
312+
llvmGetPassPluginInfo() {
313+
314+
return {LLVM_PLUGIN_API_VERSION,"SanitizerCoverageLTO","v0.1",
315+
/* lambda to insert our pass into the pass pipeline.*/
316+
[](PassBuilder &PB) {
317+
318+
#if LLVM_VERSION_MAJOR <= 13
319+
using OptimizationLevel =typename PassBuilder::OptimizationLevel;
320+
#endif
321+
// PB.registerFullLinkTimeOptimizationLastEPCallback(
322+
PB.registerOptimizerLastEPCallback(
323+
[](ModulePassManager &MPM, OptimizationLevel OL) {
324+
325+
MPM.addPass(ModuleSanitizerCoverageLTO());
326+
327+
});
328+
329+
}};
330+
331+
}
332+
333+
PreservedAnalysesModuleSanitizerCoverageLTO::run(Module & M,
334+
ModuleAnalysisManager &MAM) {
333335

334-
ModuleSanitizerCoverageModuleSancov(Options);
335-
// Allowlist.get(), Blocklist.get());
336+
ModuleSanitizerCoverageLTOModuleSancov(Options);
336337
auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
337338
auto DTCallback = [&FAM](Function &F) ->const DominatorTree * {
338339

@@ -353,35 +354,7 @@ PreservedAnalyses ModuleSanitizerCoveragePass::run(Module & M,
353354

354355
}
355356

356-
/*
357-
std::pair<Value *, Value *> ModuleSanitizerCoverage::CreateSecStartEnd(
358-
Module &M, const char *Section, Type *Ty) {
359-
360-
GlobalVariable *SecStart =
361-
new GlobalVariable(M, Ty, false, GlobalVariable::ExternalLinkage, nullptr,
362-
getSectionStart(Section));
363-
SecStart->setVisibility(GlobalValue::HiddenVisibility);
364-
GlobalVariable *SecEnd =
365-
new GlobalVariable(M, Ty, false, GlobalVariable::ExternalLinkage, nullptr,
366-
getSectionEnd(Section));
367-
SecEnd->setVisibility(GlobalValue::HiddenVisibility);
368-
IRBuilder<> IRB(M.getContext());
369-
Value * SecEndPtr = IRB.CreatePointerCast(SecEnd, Ty);
370-
if (!TargetTriple.isOSBinFormatCOFF())
371-
return std::make_pair(IRB.CreatePointerCast(SecStart, Ty), SecEndPtr);
372-
373-
// Account for the fact that on windows-msvc __start_* symbols actually
374-
// point to a uint64_t before the start of the array.
375-
auto SecStartI8Ptr = IRB.CreatePointerCast(SecStart, Int8PtrTy);
376-
auto GEP = IRB.CreateGEP(Int8Ty, SecStartI8Ptr,
377-
ConstantInt::get(IntptrTy, sizeof(uint64_t)));
378-
return std::make_pair(IRB.CreatePointerCast(GEP, Ty), SecEndPtr);
379-
380-
}
381-
382-
*/
383-
384-
boolModuleSanitizerCoverage::instrumentModule(
357+
boolModuleSanitizerCoverageLTO::instrumentModule(
385358
Module &M, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
386359

387360
if (Options.CoverageType == SanitizerCoverageOptions::SCK_None)returnfalse;
@@ -1045,7 +1018,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
10451018
M, Int64Tyi,true, GlobalValue::ExternalLinkage,0,"__afl_map_addr");
10461019
ConstantInt *MapAddr =ConstantInt::get(Int64Tyi, map_addr);
10471020
StoreInst * StoreMapAddr = IRB.CreateStore(MapAddr, AFLMapAddrFixed);
1048-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(StoreMapAddr);
1021+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreMapAddr);
10491022

10501023
}
10511024

@@ -1060,7 +1033,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
10601033
"__afl_final_loc");
10611034
ConstantInt *const_loc =ConstantInt::get(Int32Tyi, write_loc);
10621035
StoreInst * StoreFinalLoc = IRB.CreateStore(const_loc, AFLFinalLoc);
1063-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(StoreFinalLoc);
1036+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreFinalLoc);
10641037

10651038
}
10661039

@@ -1108,7 +1081,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
11081081
0,"__afl_dictionary_len");
11091082
ConstantInt *const_len =ConstantInt::get(Int32Tyi, offset);
11101083
StoreInst *StoreDictLen = IRB.CreateStore(const_len, AFLDictionaryLen);
1111-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(StoreDictLen);
1084+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreDictLen);
11121085

11131086
ArrayType *ArrayTy =ArrayType::get(IntegerType::get(Ctx,8), offset);
11141087
GlobalVariable *AFLInternalDictionary =newGlobalVariable(
@@ -1128,7 +1101,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
11281101
Value *AFLDictPtr =
11291102
IRB.CreatePointerCast(AFLDictOff,PointerType::get(Int8Tyi,0));
11301103
StoreInst *StoreDict = IRB.CreateStore(AFLDictPtr, AFLDictionary);
1131-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(StoreDict);
1104+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreDict);
11321105

11331106
}
11341107

@@ -1235,7 +1208,7 @@ static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,
12351208

12361209
}
12371210

1238-
voidModuleSanitizerCoverage::instrumentFunction(
1211+
voidModuleSanitizerCoverageLTO::instrumentFunction(
12391212
Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback) {
12401213

12411214
if (F.empty())return;
@@ -1390,7 +1363,7 @@ void ModuleSanitizerCoverage::instrumentFunction(
13901363
/* Load SHM pointer*/
13911364
LoadInst *MapPtr =
13921365
IRB.CreateLoad(PointerType::get(Int8Ty,0), AFLMapPtr);
1393-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(MapPtr);
1366+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(MapPtr);
13941367

13951368
while (1) {
13961369

@@ -1420,7 +1393,7 @@ void ModuleSanitizerCoverage::instrumentFunction(
14201393
}else {
14211394

14221395
LoadInst *Counter = IRB.CreateLoad(IRB.getInt8Ty(), MapPtrIdx);
1423-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(Counter);
1396+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(Counter);
14241397

14251398
/* Update bitmap*/
14261399

@@ -1435,7 +1408,7 @@ void ModuleSanitizerCoverage::instrumentFunction(
14351408
}
14361409

14371410
auto nosan = IRB.CreateStore(Incr, MapPtrIdx);
1438-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(nosan);
1411+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(nosan);
14391412

14401413
}
14411414

@@ -1473,7 +1446,7 @@ void ModuleSanitizerCoverage::instrumentFunction(
14731446

14741447
}
14751448

1476-
GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection(
1449+
GlobalVariable *ModuleSanitizerCoverageLTO::CreateFunctionLocalArrayInSection(
14771450
size_t NumElements, Function &F, Type *Ty,constchar *Section) {
14781451

14791452
ArrayType *ArrayTy =ArrayType::get(Ty, NumElements);
@@ -1503,7 +1476,7 @@ GlobalVariable *ModuleSanitizerCoverage::CreateFunctionLocalArrayInSection(
15031476

15041477
}
15051478

1506-
GlobalVariable *ModuleSanitizerCoverage::CreatePCArray(
1479+
GlobalVariable *ModuleSanitizerCoverageLTO::CreatePCArray(
15071480
Function &F, ArrayRef<BasicBlock *> AllBlocks) {
15081481

15091482
size_t N = AllBlocks.size();
@@ -1539,7 +1512,7 @@ GlobalVariable *ModuleSanitizerCoverage::CreatePCArray(
15391512

15401513
}
15411514

1542-
voidModuleSanitizerCoverage::CreateFunctionLocalArrays(
1515+
voidModuleSanitizerCoverageLTO::CreateFunctionLocalArrays(
15431516
Function &F, ArrayRef<BasicBlock *> AllBlocks) {
15441517

15451518
if (Options.TracePCGuard)
@@ -1555,9 +1528,8 @@ void ModuleSanitizerCoverage::CreateFunctionLocalArrays(
15551528

15561529
}
15571530

1558-
boolModuleSanitizerCoverage::InjectCoverage(Function & F,
1559-
ArrayRef<BasicBlock *> AllBlocks,
1560-
bool IsLeafFunc) {
1531+
boolModuleSanitizerCoverageLTO::InjectCoverage(
1532+
Function &F, ArrayRef<BasicBlock *> AllBlocks,bool IsLeafFunc) {
15611533

15621534
if (AllBlocks.empty())returnfalse;
15631535
CreateFunctionLocalArrays(F, AllBlocks);
@@ -1603,7 +1575,7 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function & F,
16031575
// The cache is used to speed up recording the caller-callee pairs.
16041576
// The address of the caller is passed implicitly via caller PC.
16051577
// CacheSize is encoded in the name of the run-time function.
1606-
voidModuleSanitizerCoverage::InjectCoverageForIndirectCalls(
1578+
voidModuleSanitizerCoverageLTO::InjectCoverageForIndirectCalls(
16071579
Function &F, ArrayRef<Instruction *> IndirCalls) {
16081580

16091581
if (IndirCalls.empty())return;
@@ -1621,9 +1593,10 @@ void ModuleSanitizerCoverage::InjectCoverageForIndirectCalls(
16211593

16221594
}
16231595

1624-
voidModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
1625-
size_t Idx,
1626-
bool IsLeafFunc) {
1596+
voidModuleSanitizerCoverageLTO::InjectCoverageAtBlock(Function & F,
1597+
BasicBlock &BB,
1598+
size_t Idx,
1599+
bool IsLeafFunc) {
16271600

16281601
BasicBlock::iterator IP = BB.getFirstInsertionPt();
16291602
bool IsEntryBB = &BB == &F.getEntryBlock();
@@ -1678,7 +1651,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
16781651
}else {
16791652

16801653
LoadInst *MapPtr = IRB.CreateLoad(PointerType::get(Int8Ty,0), AFLMapPtr);
1681-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(MapPtr);
1654+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(MapPtr);
16821655
MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtr, CurLoc);
16831656

16841657
}
@@ -1695,7 +1668,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
16951668
}else {
16961669

16971670
LoadInst *Counter = IRB.CreateLoad(IRB.getInt8Ty(), MapPtrIdx);
1698-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(Counter);
1671+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(Counter);
16991672

17001673
Value *Incr = IRB.CreateAdd(Counter, One);
17011674

@@ -1708,7 +1681,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
17081681
}
17091682

17101683
auto nosan = IRB.CreateStore(Incr, MapPtrIdx);
1711-
ModuleSanitizerCoverage::SetNoSanitizeMetadata(nosan);
1684+
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(nosan);
17121685

17131686
}
17141687

@@ -1760,7 +1733,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB,
17601733

17611734
}
17621735

1763-
std::stringModuleSanitizerCoverage::getSectionName(
1736+
std::stringModuleSanitizerCoverageLTO::getSectionName(
17641737
const std::string &Section)const {
17651738

17661739
if (TargetTriple.isOSBinFormatCOFF()) {
@@ -1777,27 +1750,6 @@ std::string ModuleSanitizerCoverage::getSectionName(
17771750

17781751
}
17791752

1780-
/*
1781-
std::string ModuleSanitizerCoverage::getSectionStart(
1782-
const std::string &Section) const {
1783-
1784-
if (TargetTriple.isOSBinFormatMachO())
1785-
return "\1section$start$__DATA$__" + Section;
1786-
return "__start___" + Section;
1787-
1788-
}
1789-
1790-
std::string ModuleSanitizerCoverage::getSectionEnd(
1791-
const std::string &Section) const {
1792-
1793-
if (TargetTriple.isOSBinFormatMachO())
1794-
return "\1section$end$__DATA$__" + Section;
1795-
return "__stop___" + Section;
1796-
1797-
}
1798-
1799-
*/
1800-
18011753
char ModuleSanitizerCoverageLegacyPass::ID =0;
18021754

18031755
INITIALIZE_PASS_BEGIN(ModuleSanitizerCoverageLegacyPass,"sancov",
@@ -1815,7 +1767,6 @@ ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass(
18151767
const std::vector<std::string> &BlocklistFiles) {
18161768

18171769
returnnewModuleSanitizerCoverageLegacyPass(Options);
1818-
//, AllowlistFiles, BlocklistFiles);
18191770

18201771
}
18211772

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp