1*08b48e0bSAndroid Build Coastguard Worker /*
2*08b48e0bSAndroid Build Coastguard Worker american fuzzy lop++ - compiler instrumentation wrapper
3*08b48e0bSAndroid Build Coastguard Worker -------------------------------------------------------
4*08b48e0bSAndroid Build Coastguard Worker
5*08b48e0bSAndroid Build Coastguard Worker Written by Michal Zalewski, Laszlo Szekeres and Marc Heuse
6*08b48e0bSAndroid Build Coastguard Worker
7*08b48e0bSAndroid Build Coastguard Worker Copyright 2015, 2016 Google Inc. All rights reserved.
8*08b48e0bSAndroid Build Coastguard Worker Copyright 2019-2024 AFLplusplus Project. All rights reserved.
9*08b48e0bSAndroid Build Coastguard Worker
10*08b48e0bSAndroid Build Coastguard Worker Licensed under the Apache License, Version 2.0 (the "License");
11*08b48e0bSAndroid Build Coastguard Worker you may not use this file except in compliance with the License.
12*08b48e0bSAndroid Build Coastguard Worker You may obtain a copy of the License at:
13*08b48e0bSAndroid Build Coastguard Worker
14*08b48e0bSAndroid Build Coastguard Worker https://www.apache.org/licenses/LICENSE-2.0
15*08b48e0bSAndroid Build Coastguard Worker
16*08b48e0bSAndroid Build Coastguard Worker */
17*08b48e0bSAndroid Build Coastguard Worker
18*08b48e0bSAndroid Build Coastguard Worker #define AFL_MAIN
19*08b48e0bSAndroid Build Coastguard Worker
20*08b48e0bSAndroid Build Coastguard Worker #include "common.h"
21*08b48e0bSAndroid Build Coastguard Worker #include "config.h"
22*08b48e0bSAndroid Build Coastguard Worker #include "types.h"
23*08b48e0bSAndroid Build Coastguard Worker #include "debug.h"
24*08b48e0bSAndroid Build Coastguard Worker #include "alloc-inl.h"
25*08b48e0bSAndroid Build Coastguard Worker #include "llvm-alternative-coverage.h"
26*08b48e0bSAndroid Build Coastguard Worker
27*08b48e0bSAndroid Build Coastguard Worker #include <stdio.h>
28*08b48e0bSAndroid Build Coastguard Worker #include <unistd.h>
29*08b48e0bSAndroid Build Coastguard Worker #include <stdlib.h>
30*08b48e0bSAndroid Build Coastguard Worker #include <string.h>
31*08b48e0bSAndroid Build Coastguard Worker #include <strings.h>
32*08b48e0bSAndroid Build Coastguard Worker #include <limits.h>
33*08b48e0bSAndroid Build Coastguard Worker #include <assert.h>
34*08b48e0bSAndroid Build Coastguard Worker #include <ctype.h>
35*08b48e0bSAndroid Build Coastguard Worker #include <sys/stat.h>
36*08b48e0bSAndroid Build Coastguard Worker
37*08b48e0bSAndroid Build Coastguard Worker #if (LLVM_MAJOR - 0 == 0)
38*08b48e0bSAndroid Build Coastguard Worker #undef LLVM_MAJOR
39*08b48e0bSAndroid Build Coastguard Worker #endif
40*08b48e0bSAndroid Build Coastguard Worker #if !defined(LLVM_MAJOR)
41*08b48e0bSAndroid Build Coastguard Worker #define LLVM_MAJOR 0
42*08b48e0bSAndroid Build Coastguard Worker #endif
43*08b48e0bSAndroid Build Coastguard Worker #if (LLVM_MINOR - 0 == 0)
44*08b48e0bSAndroid Build Coastguard Worker #undef LLVM_MINOR
45*08b48e0bSAndroid Build Coastguard Worker #endif
46*08b48e0bSAndroid Build Coastguard Worker #if !defined(LLVM_MINOR)
47*08b48e0bSAndroid Build Coastguard Worker #define LLVM_MINOR 0
48*08b48e0bSAndroid Build Coastguard Worker #endif
49*08b48e0bSAndroid Build Coastguard Worker
50*08b48e0bSAndroid Build Coastguard Worker #ifndef MAX_PARAMS_NUM
51*08b48e0bSAndroid Build Coastguard Worker #define MAX_PARAMS_NUM 2048
52*08b48e0bSAndroid Build Coastguard Worker #endif
53*08b48e0bSAndroid Build Coastguard Worker
54*08b48e0bSAndroid Build Coastguard Worker /** Global declarations -----BEGIN----- **/
55*08b48e0bSAndroid Build Coastguard Worker
56*08b48e0bSAndroid Build Coastguard Worker typedef enum {
57*08b48e0bSAndroid Build Coastguard Worker
58*08b48e0bSAndroid Build Coastguard Worker PARAM_MISS, // not matched
59*08b48e0bSAndroid Build Coastguard Worker PARAM_SCAN, // scan only
60*08b48e0bSAndroid Build Coastguard Worker PARAM_KEEP, // kept as-is
61*08b48e0bSAndroid Build Coastguard Worker PARAM_DROP, // ignored
62*08b48e0bSAndroid Build Coastguard Worker
63*08b48e0bSAndroid Build Coastguard Worker } param_st;
64*08b48e0bSAndroid Build Coastguard Worker
65*08b48e0bSAndroid Build Coastguard Worker typedef enum {
66*08b48e0bSAndroid Build Coastguard Worker
67*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_DEFAULT = 0,
68*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_CLASSIC = 1,
69*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_AFL = 1,
70*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_PCGUARD = 2,
71*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_CFG = 3,
72*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_LTO = 4,
73*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_LLVMNATIVE = 5,
74*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_GCC = 6,
75*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_CLANG = 7,
76*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_OPT_CTX = 8,
77*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_OPT_NGRAM = 16,
78*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_OPT_CALLER = 32,
79*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_OPT_CTX_K = 64,
80*08b48e0bSAndroid Build Coastguard Worker INSTRUMENT_OPT_CODECOV = 128,
81*08b48e0bSAndroid Build Coastguard Worker
82*08b48e0bSAndroid Build Coastguard Worker } instrument_mode_id;
83*08b48e0bSAndroid Build Coastguard Worker
84*08b48e0bSAndroid Build Coastguard Worker typedef enum {
85*08b48e0bSAndroid Build Coastguard Worker
86*08b48e0bSAndroid Build Coastguard Worker UNSET = 0,
87*08b48e0bSAndroid Build Coastguard Worker LTO = 1,
88*08b48e0bSAndroid Build Coastguard Worker LLVM = 2,
89*08b48e0bSAndroid Build Coastguard Worker GCC_PLUGIN = 3,
90*08b48e0bSAndroid Build Coastguard Worker GCC = 4,
91*08b48e0bSAndroid Build Coastguard Worker CLANG = 5
92*08b48e0bSAndroid Build Coastguard Worker
93*08b48e0bSAndroid Build Coastguard Worker } compiler_mode_id;
94*08b48e0bSAndroid Build Coastguard Worker
95*08b48e0bSAndroid Build Coastguard Worker static u8 cwd[4096];
96*08b48e0bSAndroid Build Coastguard Worker
97*08b48e0bSAndroid Build Coastguard Worker char instrument_mode_string[18][18] = {
98*08b48e0bSAndroid Build Coastguard Worker
99*08b48e0bSAndroid Build Coastguard Worker "DEFAULT",
100*08b48e0bSAndroid Build Coastguard Worker "CLASSIC",
101*08b48e0bSAndroid Build Coastguard Worker "PCGUARD",
102*08b48e0bSAndroid Build Coastguard Worker "CFG",
103*08b48e0bSAndroid Build Coastguard Worker "LTO",
104*08b48e0bSAndroid Build Coastguard Worker "PCGUARD-NATIVE",
105*08b48e0bSAndroid Build Coastguard Worker "GCC",
106*08b48e0bSAndroid Build Coastguard Worker "CLANG",
107*08b48e0bSAndroid Build Coastguard Worker "CTX",
108*08b48e0bSAndroid Build Coastguard Worker "CALLER",
109*08b48e0bSAndroid Build Coastguard Worker "",
110*08b48e0bSAndroid Build Coastguard Worker "",
111*08b48e0bSAndroid Build Coastguard Worker "",
112*08b48e0bSAndroid Build Coastguard Worker "",
113*08b48e0bSAndroid Build Coastguard Worker "",
114*08b48e0bSAndroid Build Coastguard Worker "",
115*08b48e0bSAndroid Build Coastguard Worker "NGRAM",
116*08b48e0bSAndroid Build Coastguard Worker ""
117*08b48e0bSAndroid Build Coastguard Worker
118*08b48e0bSAndroid Build Coastguard Worker };
119*08b48e0bSAndroid Build Coastguard Worker
120*08b48e0bSAndroid Build Coastguard Worker char compiler_mode_string[7][12] = {
121*08b48e0bSAndroid Build Coastguard Worker
122*08b48e0bSAndroid Build Coastguard Worker "AUTOSELECT", "LLVM-LTO", "LLVM", "GCC_PLUGIN",
123*08b48e0bSAndroid Build Coastguard Worker "GCC", "CLANG", ""
124*08b48e0bSAndroid Build Coastguard Worker
125*08b48e0bSAndroid Build Coastguard Worker };
126*08b48e0bSAndroid Build Coastguard Worker
instrument_mode_2str(instrument_mode_id i)127*08b48e0bSAndroid Build Coastguard Worker u8 *instrument_mode_2str(instrument_mode_id i) {
128*08b48e0bSAndroid Build Coastguard Worker
129*08b48e0bSAndroid Build Coastguard Worker return instrument_mode_string[i];
130*08b48e0bSAndroid Build Coastguard Worker
131*08b48e0bSAndroid Build Coastguard Worker }
132*08b48e0bSAndroid Build Coastguard Worker
compiler_mode_2str(compiler_mode_id i)133*08b48e0bSAndroid Build Coastguard Worker u8 *compiler_mode_2str(compiler_mode_id i) {
134*08b48e0bSAndroid Build Coastguard Worker
135*08b48e0bSAndroid Build Coastguard Worker return compiler_mode_string[i];
136*08b48e0bSAndroid Build Coastguard Worker
137*08b48e0bSAndroid Build Coastguard Worker }
138*08b48e0bSAndroid Build Coastguard Worker
getthecwd()139*08b48e0bSAndroid Build Coastguard Worker u8 *getthecwd() {
140*08b48e0bSAndroid Build Coastguard Worker
141*08b48e0bSAndroid Build Coastguard Worker if (getcwd(cwd, sizeof(cwd)) == NULL) {
142*08b48e0bSAndroid Build Coastguard Worker
143*08b48e0bSAndroid Build Coastguard Worker static u8 fail[] = "";
144*08b48e0bSAndroid Build Coastguard Worker return fail;
145*08b48e0bSAndroid Build Coastguard Worker
146*08b48e0bSAndroid Build Coastguard Worker }
147*08b48e0bSAndroid Build Coastguard Worker
148*08b48e0bSAndroid Build Coastguard Worker return cwd;
149*08b48e0bSAndroid Build Coastguard Worker
150*08b48e0bSAndroid Build Coastguard Worker }
151*08b48e0bSAndroid Build Coastguard Worker
152*08b48e0bSAndroid Build Coastguard Worker typedef struct aflcc_state {
153*08b48e0bSAndroid Build Coastguard Worker
154*08b48e0bSAndroid Build Coastguard Worker u8 **cc_params; /* Parameters passed to the real CC */
155*08b48e0bSAndroid Build Coastguard Worker u32 cc_par_cnt; /* Param count, including argv0 */
156*08b48e0bSAndroid Build Coastguard Worker
157*08b48e0bSAndroid Build Coastguard Worker u8 *argv0; /* Original argv0 (by strdup) */
158*08b48e0bSAndroid Build Coastguard Worker u8 *callname; /* Executable file argv0 indicated */
159*08b48e0bSAndroid Build Coastguard Worker
160*08b48e0bSAndroid Build Coastguard Worker u8 debug;
161*08b48e0bSAndroid Build Coastguard Worker
162*08b48e0bSAndroid Build Coastguard Worker u8 compiler_mode, plusplus_mode, lto_mode;
163*08b48e0bSAndroid Build Coastguard Worker
164*08b48e0bSAndroid Build Coastguard Worker u8 *lto_flag;
165*08b48e0bSAndroid Build Coastguard Worker
166*08b48e0bSAndroid Build Coastguard Worker u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k;
167*08b48e0bSAndroid Build Coastguard Worker
168*08b48e0bSAndroid Build Coastguard Worker u8 cmplog_mode;
169*08b48e0bSAndroid Build Coastguard Worker
170*08b48e0bSAndroid Build Coastguard Worker u8 have_instr_env, have_gcc, have_clang, have_llvm, have_gcc_plugin, have_lto,
171*08b48e0bSAndroid Build Coastguard Worker have_optimized_pcguard, have_instr_list;
172*08b48e0bSAndroid Build Coastguard Worker
173*08b48e0bSAndroid Build Coastguard Worker u8 fortify_set, x_set, bit_mode, preprocessor_only, have_unroll, have_o,
174*08b48e0bSAndroid Build Coastguard Worker have_pic, have_c, shared_linking, partial_linking, non_dash, have_fp,
175*08b48e0bSAndroid Build Coastguard Worker have_flto, have_hidden, have_fortify, have_fcf, have_staticasan,
176*08b48e0bSAndroid Build Coastguard Worker have_rust_asanrt, have_asan, have_msan, have_ubsan, have_lsan, have_tsan,
177*08b48e0bSAndroid Build Coastguard Worker have_cfisan;
178*08b48e0bSAndroid Build Coastguard Worker
179*08b48e0bSAndroid Build Coastguard Worker // u8 *march_opt;
180*08b48e0bSAndroid Build Coastguard Worker u8 need_aflpplib;
181*08b48e0bSAndroid Build Coastguard Worker int passthrough;
182*08b48e0bSAndroid Build Coastguard Worker
183*08b48e0bSAndroid Build Coastguard Worker u8 use_stdin; /* dummy */
184*08b48e0bSAndroid Build Coastguard Worker u8 *argvnull; /* dummy */
185*08b48e0bSAndroid Build Coastguard Worker
186*08b48e0bSAndroid Build Coastguard Worker } aflcc_state_t;
187*08b48e0bSAndroid Build Coastguard Worker
188*08b48e0bSAndroid Build Coastguard Worker void aflcc_state_init(aflcc_state_t *, u8 *argv0);
189*08b48e0bSAndroid Build Coastguard Worker
190*08b48e0bSAndroid Build Coastguard Worker u8 *find_object(aflcc_state_t *, u8 *obj);
191*08b48e0bSAndroid Build Coastguard Worker
192*08b48e0bSAndroid Build Coastguard Worker void find_built_deps(aflcc_state_t *);
193*08b48e0bSAndroid Build Coastguard Worker
194*08b48e0bSAndroid Build Coastguard Worker /* Insert param into the new argv, raise error if MAX_PARAMS_NUM exceeded. */
insert_param(aflcc_state_t * aflcc,u8 * param)195*08b48e0bSAndroid Build Coastguard Worker static inline void insert_param(aflcc_state_t *aflcc, u8 *param) {
196*08b48e0bSAndroid Build Coastguard Worker
197*08b48e0bSAndroid Build Coastguard Worker if (unlikely(aflcc->cc_par_cnt + 1 >= MAX_PARAMS_NUM))
198*08b48e0bSAndroid Build Coastguard Worker FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM.");
199*08b48e0bSAndroid Build Coastguard Worker
200*08b48e0bSAndroid Build Coastguard Worker aflcc->cc_params[aflcc->cc_par_cnt++] = param;
201*08b48e0bSAndroid Build Coastguard Worker
202*08b48e0bSAndroid Build Coastguard Worker }
203*08b48e0bSAndroid Build Coastguard Worker
204*08b48e0bSAndroid Build Coastguard Worker /*
205*08b48e0bSAndroid Build Coastguard Worker Insert a param which contains path to the object file. It uses find_object to
206*08b48e0bSAndroid Build Coastguard Worker get the path based on the name `obj`, and then uses a sprintf like method to
207*08b48e0bSAndroid Build Coastguard Worker format it with `fmt`. If `fmt` is NULL, the inserted arg is same as the path.
208*08b48e0bSAndroid Build Coastguard Worker If `msg` provided, it should be an error msg raised if the path can't be
209*08b48e0bSAndroid Build Coastguard Worker found. `obj` must not be NULL.
210*08b48e0bSAndroid Build Coastguard Worker */
insert_object(aflcc_state_t * aflcc,u8 * obj,u8 * fmt,u8 * msg)211*08b48e0bSAndroid Build Coastguard Worker static inline void insert_object(aflcc_state_t *aflcc, u8 *obj, u8 *fmt,
212*08b48e0bSAndroid Build Coastguard Worker u8 *msg) {
213*08b48e0bSAndroid Build Coastguard Worker
214*08b48e0bSAndroid Build Coastguard Worker u8 *_obj_path = find_object(aflcc, obj);
215*08b48e0bSAndroid Build Coastguard Worker if (!_obj_path) {
216*08b48e0bSAndroid Build Coastguard Worker
217*08b48e0bSAndroid Build Coastguard Worker if (msg)
218*08b48e0bSAndroid Build Coastguard Worker FATAL("%s", msg);
219*08b48e0bSAndroid Build Coastguard Worker else
220*08b48e0bSAndroid Build Coastguard Worker FATAL("Unable to find '%s'", obj);
221*08b48e0bSAndroid Build Coastguard Worker
222*08b48e0bSAndroid Build Coastguard Worker } else {
223*08b48e0bSAndroid Build Coastguard Worker
224*08b48e0bSAndroid Build Coastguard Worker if (fmt) {
225*08b48e0bSAndroid Build Coastguard Worker
226*08b48e0bSAndroid Build Coastguard Worker u8 *_obj_path_fmt = alloc_printf(fmt, _obj_path);
227*08b48e0bSAndroid Build Coastguard Worker ck_free(_obj_path);
228*08b48e0bSAndroid Build Coastguard Worker aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path_fmt;
229*08b48e0bSAndroid Build Coastguard Worker
230*08b48e0bSAndroid Build Coastguard Worker } else {
231*08b48e0bSAndroid Build Coastguard Worker
232*08b48e0bSAndroid Build Coastguard Worker aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path;
233*08b48e0bSAndroid Build Coastguard Worker
234*08b48e0bSAndroid Build Coastguard Worker }
235*08b48e0bSAndroid Build Coastguard Worker
236*08b48e0bSAndroid Build Coastguard Worker }
237*08b48e0bSAndroid Build Coastguard Worker
238*08b48e0bSAndroid Build Coastguard Worker }
239*08b48e0bSAndroid Build Coastguard Worker
240*08b48e0bSAndroid Build Coastguard Worker /* Insert params into the new argv, make clang load the pass. */
load_llvm_pass(aflcc_state_t * aflcc,u8 * pass)241*08b48e0bSAndroid Build Coastguard Worker static inline void load_llvm_pass(aflcc_state_t *aflcc, u8 *pass) {
242*08b48e0bSAndroid Build Coastguard Worker
243*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR >= 11 /* use new pass manager */
244*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR < 16
245*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fexperimental-new-pass-manager");
246*08b48e0bSAndroid Build Coastguard Worker #endif
247*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, pass, "-fpass-plugin=%s", 0);
248*08b48e0bSAndroid Build Coastguard Worker #else
249*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Xclang");
250*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-load");
251*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Xclang");
252*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, pass, 0, 0);
253*08b48e0bSAndroid Build Coastguard Worker #endif
254*08b48e0bSAndroid Build Coastguard Worker
255*08b48e0bSAndroid Build Coastguard Worker }
256*08b48e0bSAndroid Build Coastguard Worker
debugf_args(int argc,char ** argv)257*08b48e0bSAndroid Build Coastguard Worker static inline void debugf_args(int argc, char **argv) {
258*08b48e0bSAndroid Build Coastguard Worker
259*08b48e0bSAndroid Build Coastguard Worker DEBUGF("cd '%s';", getthecwd());
260*08b48e0bSAndroid Build Coastguard Worker for (int i = 0; i < argc; i++)
261*08b48e0bSAndroid Build Coastguard Worker SAYF(" '%s'", argv[i]);
262*08b48e0bSAndroid Build Coastguard Worker SAYF("\n");
263*08b48e0bSAndroid Build Coastguard Worker fflush(stdout);
264*08b48e0bSAndroid Build Coastguard Worker fflush(stderr);
265*08b48e0bSAndroid Build Coastguard Worker
266*08b48e0bSAndroid Build Coastguard Worker }
267*08b48e0bSAndroid Build Coastguard Worker
268*08b48e0bSAndroid Build Coastguard Worker void compiler_mode_by_callname(aflcc_state_t *);
269*08b48e0bSAndroid Build Coastguard Worker void compiler_mode_by_environ(aflcc_state_t *);
270*08b48e0bSAndroid Build Coastguard Worker void compiler_mode_by_cmdline(aflcc_state_t *, int argc, char **argv);
271*08b48e0bSAndroid Build Coastguard Worker void instrument_mode_by_environ(aflcc_state_t *);
272*08b48e0bSAndroid Build Coastguard Worker void mode_final_checkout(aflcc_state_t *, int argc, char **argv);
273*08b48e0bSAndroid Build Coastguard Worker void mode_notification(aflcc_state_t *);
274*08b48e0bSAndroid Build Coastguard Worker
275*08b48e0bSAndroid Build Coastguard Worker void add_real_argv0(aflcc_state_t *);
276*08b48e0bSAndroid Build Coastguard Worker
277*08b48e0bSAndroid Build Coastguard Worker void add_defs_common(aflcc_state_t *);
278*08b48e0bSAndroid Build Coastguard Worker void add_defs_selective_instr(aflcc_state_t *);
279*08b48e0bSAndroid Build Coastguard Worker void add_defs_persistent_mode(aflcc_state_t *);
280*08b48e0bSAndroid Build Coastguard Worker void add_defs_fortify(aflcc_state_t *, u8);
281*08b48e0bSAndroid Build Coastguard Worker void add_defs_lsan_ctrl(aflcc_state_t *);
282*08b48e0bSAndroid Build Coastguard Worker
283*08b48e0bSAndroid Build Coastguard Worker param_st parse_fsanitize(aflcc_state_t *, u8 *, u8);
284*08b48e0bSAndroid Build Coastguard Worker void add_sanitizers(aflcc_state_t *, char **envp);
285*08b48e0bSAndroid Build Coastguard Worker void add_optimized_pcguard(aflcc_state_t *);
286*08b48e0bSAndroid Build Coastguard Worker void add_native_pcguard(aflcc_state_t *);
287*08b48e0bSAndroid Build Coastguard Worker
288*08b48e0bSAndroid Build Coastguard Worker void add_assembler(aflcc_state_t *);
289*08b48e0bSAndroid Build Coastguard Worker void add_gcc_plugin(aflcc_state_t *);
290*08b48e0bSAndroid Build Coastguard Worker
291*08b48e0bSAndroid Build Coastguard Worker param_st parse_misc_params(aflcc_state_t *, u8 *, u8);
292*08b48e0bSAndroid Build Coastguard Worker void add_misc_params(aflcc_state_t *);
293*08b48e0bSAndroid Build Coastguard Worker
294*08b48e0bSAndroid Build Coastguard Worker param_st parse_linking_params(aflcc_state_t *, u8 *, u8, u8 *skip_next,
295*08b48e0bSAndroid Build Coastguard Worker char **argv);
296*08b48e0bSAndroid Build Coastguard Worker
297*08b48e0bSAndroid Build Coastguard Worker void add_lto_linker(aflcc_state_t *);
298*08b48e0bSAndroid Build Coastguard Worker void add_lto_passes(aflcc_state_t *);
299*08b48e0bSAndroid Build Coastguard Worker void add_runtime(aflcc_state_t *);
300*08b48e0bSAndroid Build Coastguard Worker
301*08b48e0bSAndroid Build Coastguard Worker /** Global declarations -----END----- **/
302*08b48e0bSAndroid Build Coastguard Worker
303*08b48e0bSAndroid Build Coastguard Worker /*
304*08b48e0bSAndroid Build Coastguard Worker Init global state struct. We also extract the callname,
305*08b48e0bSAndroid Build Coastguard Worker check debug options and if in C++ mode here.
306*08b48e0bSAndroid Build Coastguard Worker */
aflcc_state_init(aflcc_state_t * aflcc,u8 * argv0)307*08b48e0bSAndroid Build Coastguard Worker void aflcc_state_init(aflcc_state_t *aflcc, u8 *argv0) {
308*08b48e0bSAndroid Build Coastguard Worker
309*08b48e0bSAndroid Build Coastguard Worker // Default NULL/0 is a good start
310*08b48e0bSAndroid Build Coastguard Worker memset(aflcc, 0, sizeof(aflcc_state_t));
311*08b48e0bSAndroid Build Coastguard Worker
312*08b48e0bSAndroid Build Coastguard Worker aflcc->cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *));
313*08b48e0bSAndroid Build Coastguard Worker aflcc->cc_par_cnt = 1;
314*08b48e0bSAndroid Build Coastguard Worker
315*08b48e0bSAndroid Build Coastguard Worker aflcc->lto_flag = AFL_CLANG_FLTO;
316*08b48e0bSAndroid Build Coastguard Worker
317*08b48e0bSAndroid Build Coastguard Worker // aflcc->march_opt = CFLAGS_OPT;
318*08b48e0bSAndroid Build Coastguard Worker
319*08b48e0bSAndroid Build Coastguard Worker /* callname & if C++ mode */
320*08b48e0bSAndroid Build Coastguard Worker
321*08b48e0bSAndroid Build Coastguard Worker aflcc->argv0 = ck_strdup(argv0);
322*08b48e0bSAndroid Build Coastguard Worker
323*08b48e0bSAndroid Build Coastguard Worker char *cname = NULL;
324*08b48e0bSAndroid Build Coastguard Worker
325*08b48e0bSAndroid Build Coastguard Worker if ((cname = strrchr(aflcc->argv0, '/')) != NULL) {
326*08b48e0bSAndroid Build Coastguard Worker
327*08b48e0bSAndroid Build Coastguard Worker cname++;
328*08b48e0bSAndroid Build Coastguard Worker
329*08b48e0bSAndroid Build Coastguard Worker } else {
330*08b48e0bSAndroid Build Coastguard Worker
331*08b48e0bSAndroid Build Coastguard Worker cname = aflcc->argv0;
332*08b48e0bSAndroid Build Coastguard Worker
333*08b48e0bSAndroid Build Coastguard Worker }
334*08b48e0bSAndroid Build Coastguard Worker
335*08b48e0bSAndroid Build Coastguard Worker aflcc->callname = cname;
336*08b48e0bSAndroid Build Coastguard Worker
337*08b48e0bSAndroid Build Coastguard Worker if (strlen(cname) > 2 && (strncmp(cname + strlen(cname) - 2, "++", 2) == 0 ||
338*08b48e0bSAndroid Build Coastguard Worker strstr(cname, "-g++") != NULL)) {
339*08b48e0bSAndroid Build Coastguard Worker
340*08b48e0bSAndroid Build Coastguard Worker aflcc->plusplus_mode = 1;
341*08b48e0bSAndroid Build Coastguard Worker
342*08b48e0bSAndroid Build Coastguard Worker }
343*08b48e0bSAndroid Build Coastguard Worker
344*08b48e0bSAndroid Build Coastguard Worker /* debug */
345*08b48e0bSAndroid Build Coastguard Worker
346*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_DEBUG")) {
347*08b48e0bSAndroid Build Coastguard Worker
348*08b48e0bSAndroid Build Coastguard Worker aflcc->debug = 1;
349*08b48e0bSAndroid Build Coastguard Worker if (strcmp(getenv("AFL_DEBUG"), "0") == 0) unsetenv("AFL_DEBUG");
350*08b48e0bSAndroid Build Coastguard Worker
351*08b48e0bSAndroid Build Coastguard Worker } else if (getenv("AFL_QUIET")) {
352*08b48e0bSAndroid Build Coastguard Worker
353*08b48e0bSAndroid Build Coastguard Worker be_quiet = 1;
354*08b48e0bSAndroid Build Coastguard Worker
355*08b48e0bSAndroid Build Coastguard Worker }
356*08b48e0bSAndroid Build Coastguard Worker
357*08b48e0bSAndroid Build Coastguard Worker if ((getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) && (!aflcc->debug)) {
358*08b48e0bSAndroid Build Coastguard Worker
359*08b48e0bSAndroid Build Coastguard Worker be_quiet = 1;
360*08b48e0bSAndroid Build Coastguard Worker
361*08b48e0bSAndroid Build Coastguard Worker }
362*08b48e0bSAndroid Build Coastguard Worker
363*08b48e0bSAndroid Build Coastguard Worker }
364*08b48e0bSAndroid Build Coastguard Worker
365*08b48e0bSAndroid Build Coastguard Worker /*
366*08b48e0bSAndroid Build Coastguard Worker Try to find a specific runtime we need, in here:
367*08b48e0bSAndroid Build Coastguard Worker
368*08b48e0bSAndroid Build Coastguard Worker 1. firstly we check the $AFL_PATH environment variable location if set
369*08b48e0bSAndroid Build Coastguard Worker 2. next we check argv[0] if it has path information and use it
370*08b48e0bSAndroid Build Coastguard Worker a) we also check ../lib/afl
371*08b48e0bSAndroid Build Coastguard Worker 3. if 2. failed we check /proc (only Linux, Android, NetBSD, DragonFly, and
372*08b48e0bSAndroid Build Coastguard Worker FreeBSD with procfs)
373*08b48e0bSAndroid Build Coastguard Worker a) and check here in ../lib/afl too
374*08b48e0bSAndroid Build Coastguard Worker 4. we look into the AFL_PATH define (usually /usr/local/lib/afl)
375*08b48e0bSAndroid Build Coastguard Worker 5. we finally try the current directory
376*08b48e0bSAndroid Build Coastguard Worker
377*08b48e0bSAndroid Build Coastguard Worker if all these attempts fail - we return NULL and the caller has to decide
378*08b48e0bSAndroid Build Coastguard Worker what to do. Otherwise the path to obj would be allocated and returned.
379*08b48e0bSAndroid Build Coastguard Worker */
find_object(aflcc_state_t * aflcc,u8 * obj)380*08b48e0bSAndroid Build Coastguard Worker u8 *find_object(aflcc_state_t *aflcc, u8 *obj) {
381*08b48e0bSAndroid Build Coastguard Worker
382*08b48e0bSAndroid Build Coastguard Worker u8 *argv0 = aflcc->argv0;
383*08b48e0bSAndroid Build Coastguard Worker
384*08b48e0bSAndroid Build Coastguard Worker u8 *afl_path = getenv("AFL_PATH");
385*08b48e0bSAndroid Build Coastguard Worker u8 *slash = NULL, *tmp;
386*08b48e0bSAndroid Build Coastguard Worker
387*08b48e0bSAndroid Build Coastguard Worker if (afl_path) {
388*08b48e0bSAndroid Build Coastguard Worker
389*08b48e0bSAndroid Build Coastguard Worker tmp = alloc_printf("%s/%s", afl_path, obj);
390*08b48e0bSAndroid Build Coastguard Worker
391*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) DEBUGF("Trying %s\n", tmp);
392*08b48e0bSAndroid Build Coastguard Worker
393*08b48e0bSAndroid Build Coastguard Worker if (!access(tmp, R_OK)) { return tmp; }
394*08b48e0bSAndroid Build Coastguard Worker
395*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
396*08b48e0bSAndroid Build Coastguard Worker
397*08b48e0bSAndroid Build Coastguard Worker }
398*08b48e0bSAndroid Build Coastguard Worker
399*08b48e0bSAndroid Build Coastguard Worker if (argv0) {
400*08b48e0bSAndroid Build Coastguard Worker
401*08b48e0bSAndroid Build Coastguard Worker slash = strrchr(argv0, '/');
402*08b48e0bSAndroid Build Coastguard Worker
403*08b48e0bSAndroid Build Coastguard Worker if (slash) {
404*08b48e0bSAndroid Build Coastguard Worker
405*08b48e0bSAndroid Build Coastguard Worker u8 *dir = ck_strdup(argv0);
406*08b48e0bSAndroid Build Coastguard Worker
407*08b48e0bSAndroid Build Coastguard Worker slash = strrchr(dir, '/');
408*08b48e0bSAndroid Build Coastguard Worker *slash = 0;
409*08b48e0bSAndroid Build Coastguard Worker
410*08b48e0bSAndroid Build Coastguard Worker tmp = alloc_printf("%s/%s", dir, obj);
411*08b48e0bSAndroid Build Coastguard Worker
412*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) DEBUGF("Trying %s\n", tmp);
413*08b48e0bSAndroid Build Coastguard Worker
414*08b48e0bSAndroid Build Coastguard Worker if (!access(tmp, R_OK)) {
415*08b48e0bSAndroid Build Coastguard Worker
416*08b48e0bSAndroid Build Coastguard Worker ck_free(dir);
417*08b48e0bSAndroid Build Coastguard Worker return tmp;
418*08b48e0bSAndroid Build Coastguard Worker
419*08b48e0bSAndroid Build Coastguard Worker }
420*08b48e0bSAndroid Build Coastguard Worker
421*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
422*08b48e0bSAndroid Build Coastguard Worker tmp = alloc_printf("%s/../lib/afl/%s", dir, obj);
423*08b48e0bSAndroid Build Coastguard Worker
424*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) DEBUGF("Trying %s\n", tmp);
425*08b48e0bSAndroid Build Coastguard Worker
426*08b48e0bSAndroid Build Coastguard Worker if (!access(tmp, R_OK)) {
427*08b48e0bSAndroid Build Coastguard Worker
428*08b48e0bSAndroid Build Coastguard Worker ck_free(dir);
429*08b48e0bSAndroid Build Coastguard Worker return tmp;
430*08b48e0bSAndroid Build Coastguard Worker
431*08b48e0bSAndroid Build Coastguard Worker }
432*08b48e0bSAndroid Build Coastguard Worker
433*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
434*08b48e0bSAndroid Build Coastguard Worker ck_free(dir);
435*08b48e0bSAndroid Build Coastguard Worker
436*08b48e0bSAndroid Build Coastguard Worker }
437*08b48e0bSAndroid Build Coastguard Worker
438*08b48e0bSAndroid Build Coastguard Worker #if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__linux__) || \
439*08b48e0bSAndroid Build Coastguard Worker defined(__ANDROID__) || defined(__NetBSD__)
440*08b48e0bSAndroid Build Coastguard Worker #define HAS_PROC_FS 1
441*08b48e0bSAndroid Build Coastguard Worker #endif
442*08b48e0bSAndroid Build Coastguard Worker #ifdef HAS_PROC_FS
443*08b48e0bSAndroid Build Coastguard Worker else {
444*08b48e0bSAndroid Build Coastguard Worker
445*08b48e0bSAndroid Build Coastguard Worker char *procname = NULL;
446*08b48e0bSAndroid Build Coastguard Worker #if defined(__FreeBSD__) || defined(__DragonFly__)
447*08b48e0bSAndroid Build Coastguard Worker procname = "/proc/curproc/file";
448*08b48e0bSAndroid Build Coastguard Worker #elif defined(__linux__) || defined(__ANDROID__)
449*08b48e0bSAndroid Build Coastguard Worker procname = "/proc/self/exe";
450*08b48e0bSAndroid Build Coastguard Worker #elif defined(__NetBSD__)
451*08b48e0bSAndroid Build Coastguard Worker procname = "/proc/curproc/exe";
452*08b48e0bSAndroid Build Coastguard Worker #endif
453*08b48e0bSAndroid Build Coastguard Worker if (procname) {
454*08b48e0bSAndroid Build Coastguard Worker
455*08b48e0bSAndroid Build Coastguard Worker char exepath[PATH_MAX];
456*08b48e0bSAndroid Build Coastguard Worker ssize_t exepath_len = readlink(procname, exepath, sizeof(exepath));
457*08b48e0bSAndroid Build Coastguard Worker if (exepath_len > 0 && exepath_len < PATH_MAX) {
458*08b48e0bSAndroid Build Coastguard Worker
459*08b48e0bSAndroid Build Coastguard Worker exepath[exepath_len] = 0;
460*08b48e0bSAndroid Build Coastguard Worker slash = strrchr(exepath, '/');
461*08b48e0bSAndroid Build Coastguard Worker
462*08b48e0bSAndroid Build Coastguard Worker if (slash) {
463*08b48e0bSAndroid Build Coastguard Worker
464*08b48e0bSAndroid Build Coastguard Worker *slash = 0;
465*08b48e0bSAndroid Build Coastguard Worker tmp = alloc_printf("%s/%s", exepath, obj);
466*08b48e0bSAndroid Build Coastguard Worker
467*08b48e0bSAndroid Build Coastguard Worker if (!access(tmp, R_OK)) { return tmp; }
468*08b48e0bSAndroid Build Coastguard Worker
469*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
470*08b48e0bSAndroid Build Coastguard Worker tmp = alloc_printf("%s/../lib/afl/%s", exepath, obj);
471*08b48e0bSAndroid Build Coastguard Worker
472*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) DEBUGF("Trying %s\n", tmp);
473*08b48e0bSAndroid Build Coastguard Worker
474*08b48e0bSAndroid Build Coastguard Worker if (!access(tmp, R_OK)) { return tmp; }
475*08b48e0bSAndroid Build Coastguard Worker
476*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
477*08b48e0bSAndroid Build Coastguard Worker
478*08b48e0bSAndroid Build Coastguard Worker }
479*08b48e0bSAndroid Build Coastguard Worker
480*08b48e0bSAndroid Build Coastguard Worker }
481*08b48e0bSAndroid Build Coastguard Worker
482*08b48e0bSAndroid Build Coastguard Worker }
483*08b48e0bSAndroid Build Coastguard Worker
484*08b48e0bSAndroid Build Coastguard Worker }
485*08b48e0bSAndroid Build Coastguard Worker
486*08b48e0bSAndroid Build Coastguard Worker #endif
487*08b48e0bSAndroid Build Coastguard Worker #undef HAS_PROC_FS
488*08b48e0bSAndroid Build Coastguard Worker
489*08b48e0bSAndroid Build Coastguard Worker }
490*08b48e0bSAndroid Build Coastguard Worker
491*08b48e0bSAndroid Build Coastguard Worker tmp = alloc_printf("%s/%s", AFL_PATH, obj);
492*08b48e0bSAndroid Build Coastguard Worker
493*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) DEBUGF("Trying %s\n", tmp);
494*08b48e0bSAndroid Build Coastguard Worker
495*08b48e0bSAndroid Build Coastguard Worker if (!access(tmp, R_OK)) { return tmp; }
496*08b48e0bSAndroid Build Coastguard Worker
497*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
498*08b48e0bSAndroid Build Coastguard Worker tmp = alloc_printf("./%s", obj);
499*08b48e0bSAndroid Build Coastguard Worker
500*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) DEBUGF("Trying %s\n", tmp);
501*08b48e0bSAndroid Build Coastguard Worker
502*08b48e0bSAndroid Build Coastguard Worker if (!access(tmp, R_OK)) { return tmp; }
503*08b48e0bSAndroid Build Coastguard Worker
504*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
505*08b48e0bSAndroid Build Coastguard Worker
506*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) DEBUGF("Trying ... giving up\n");
507*08b48e0bSAndroid Build Coastguard Worker
508*08b48e0bSAndroid Build Coastguard Worker return NULL;
509*08b48e0bSAndroid Build Coastguard Worker
510*08b48e0bSAndroid Build Coastguard Worker }
511*08b48e0bSAndroid Build Coastguard Worker
512*08b48e0bSAndroid Build Coastguard Worker /*
513*08b48e0bSAndroid Build Coastguard Worker Deduce some info about compiler toolchains in current system,
514*08b48e0bSAndroid Build Coastguard Worker from the building results of AFL++
515*08b48e0bSAndroid Build Coastguard Worker */
find_built_deps(aflcc_state_t * aflcc)516*08b48e0bSAndroid Build Coastguard Worker void find_built_deps(aflcc_state_t *aflcc) {
517*08b48e0bSAndroid Build Coastguard Worker
518*08b48e0bSAndroid Build Coastguard Worker char *ptr = NULL;
519*08b48e0bSAndroid Build Coastguard Worker
520*08b48e0bSAndroid Build Coastguard Worker #if defined(__x86_64__)
521*08b48e0bSAndroid Build Coastguard Worker if ((ptr = find_object(aflcc, "as")) != NULL) {
522*08b48e0bSAndroid Build Coastguard Worker
523*08b48e0bSAndroid Build Coastguard Worker #ifndef __APPLE__
524*08b48e0bSAndroid Build Coastguard Worker // on OSX clang masquerades as GCC
525*08b48e0bSAndroid Build Coastguard Worker aflcc->have_gcc = 1;
526*08b48e0bSAndroid Build Coastguard Worker #endif
527*08b48e0bSAndroid Build Coastguard Worker aflcc->have_clang = 1;
528*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr);
529*08b48e0bSAndroid Build Coastguard Worker
530*08b48e0bSAndroid Build Coastguard Worker }
531*08b48e0bSAndroid Build Coastguard Worker
532*08b48e0bSAndroid Build Coastguard Worker #endif
533*08b48e0bSAndroid Build Coastguard Worker
534*08b48e0bSAndroid Build Coastguard Worker if ((ptr = find_object(aflcc, "SanitizerCoveragePCGUARD.so")) != NULL) {
535*08b48e0bSAndroid Build Coastguard Worker
536*08b48e0bSAndroid Build Coastguard Worker aflcc->have_optimized_pcguard = 1;
537*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr);
538*08b48e0bSAndroid Build Coastguard Worker
539*08b48e0bSAndroid Build Coastguard Worker }
540*08b48e0bSAndroid Build Coastguard Worker
541*08b48e0bSAndroid Build Coastguard Worker #if (LLVM_MAJOR >= 3)
542*08b48e0bSAndroid Build Coastguard Worker
543*08b48e0bSAndroid Build Coastguard Worker if ((ptr = find_object(aflcc, "SanitizerCoverageLTO.so")) != NULL) {
544*08b48e0bSAndroid Build Coastguard Worker
545*08b48e0bSAndroid Build Coastguard Worker aflcc->have_lto = 1;
546*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr);
547*08b48e0bSAndroid Build Coastguard Worker
548*08b48e0bSAndroid Build Coastguard Worker }
549*08b48e0bSAndroid Build Coastguard Worker
550*08b48e0bSAndroid Build Coastguard Worker if ((ptr = find_object(aflcc, "cmplog-routines-pass.so")) != NULL) {
551*08b48e0bSAndroid Build Coastguard Worker
552*08b48e0bSAndroid Build Coastguard Worker aflcc->have_llvm = 1;
553*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr);
554*08b48e0bSAndroid Build Coastguard Worker
555*08b48e0bSAndroid Build Coastguard Worker }
556*08b48e0bSAndroid Build Coastguard Worker
557*08b48e0bSAndroid Build Coastguard Worker #endif
558*08b48e0bSAndroid Build Coastguard Worker
559*08b48e0bSAndroid Build Coastguard Worker #ifdef __ANDROID__
560*08b48e0bSAndroid Build Coastguard Worker aflcc->have_llvm = 1;
561*08b48e0bSAndroid Build Coastguard Worker #endif
562*08b48e0bSAndroid Build Coastguard Worker
563*08b48e0bSAndroid Build Coastguard Worker if ((ptr = find_object(aflcc, "afl-gcc-pass.so")) != NULL) {
564*08b48e0bSAndroid Build Coastguard Worker
565*08b48e0bSAndroid Build Coastguard Worker aflcc->have_gcc_plugin = 1;
566*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr);
567*08b48e0bSAndroid Build Coastguard Worker
568*08b48e0bSAndroid Build Coastguard Worker }
569*08b48e0bSAndroid Build Coastguard Worker
570*08b48e0bSAndroid Build Coastguard Worker #if !defined(__ANDROID__) && !defined(ANDROID)
571*08b48e0bSAndroid Build Coastguard Worker ptr = find_object(aflcc, "afl-compiler-rt.o");
572*08b48e0bSAndroid Build Coastguard Worker
573*08b48e0bSAndroid Build Coastguard Worker if (!ptr) {
574*08b48e0bSAndroid Build Coastguard Worker
575*08b48e0bSAndroid Build Coastguard Worker FATAL(
576*08b48e0bSAndroid Build Coastguard Worker "Unable to find 'afl-compiler-rt.o'. Please set the AFL_PATH "
577*08b48e0bSAndroid Build Coastguard Worker "environment variable.");
578*08b48e0bSAndroid Build Coastguard Worker
579*08b48e0bSAndroid Build Coastguard Worker }
580*08b48e0bSAndroid Build Coastguard Worker
581*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) { DEBUGF("rt=%s\n", ptr); }
582*08b48e0bSAndroid Build Coastguard Worker
583*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr);
584*08b48e0bSAndroid Build Coastguard Worker #endif
585*08b48e0bSAndroid Build Coastguard Worker
586*08b48e0bSAndroid Build Coastguard Worker }
587*08b48e0bSAndroid Build Coastguard Worker
588*08b48e0bSAndroid Build Coastguard Worker /** compiler_mode & instrument_mode selecting -----BEGIN----- **/
589*08b48e0bSAndroid Build Coastguard Worker
590*08b48e0bSAndroid Build Coastguard Worker /* Select compiler_mode by callname, such as "afl-clang-fast", etc. */
compiler_mode_by_callname(aflcc_state_t * aflcc)591*08b48e0bSAndroid Build Coastguard Worker void compiler_mode_by_callname(aflcc_state_t *aflcc) {
592*08b48e0bSAndroid Build Coastguard Worker
593*08b48e0bSAndroid Build Coastguard Worker if (strncmp(aflcc->callname, "afl-clang-fast", 14) == 0) {
594*08b48e0bSAndroid Build Coastguard Worker
595*08b48e0bSAndroid Build Coastguard Worker /* afl-clang-fast is always created there by makefile
596*08b48e0bSAndroid Build Coastguard Worker just like afl-clang, burdened with special purposes:
597*08b48e0bSAndroid Build Coastguard Worker - If llvm-config is not available (i.e. LLVM_MAJOR is 0),
598*08b48e0bSAndroid Build Coastguard Worker or too old, it falls back to LLVM-NATIVE mode and let
599*08b48e0bSAndroid Build Coastguard Worker the actual compiler complain if doesn't work.
600*08b48e0bSAndroid Build Coastguard Worker - Otherwise try default llvm instruments except LTO.
601*08b48e0bSAndroid Build Coastguard Worker */
602*08b48e0bSAndroid Build Coastguard Worker #if (LLVM_MAJOR >= 3)
603*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
604*08b48e0bSAndroid Build Coastguard Worker #else
605*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = CLANG;
606*08b48e0bSAndroid Build Coastguard Worker #endif
607*08b48e0bSAndroid Build Coastguard Worker
608*08b48e0bSAndroid Build Coastguard Worker } else
609*08b48e0bSAndroid Build Coastguard Worker
610*08b48e0bSAndroid Build Coastguard Worker #if (LLVM_MAJOR >= 3)
611*08b48e0bSAndroid Build Coastguard Worker
612*08b48e0bSAndroid Build Coastguard Worker if (strncmp(aflcc->callname, "afl-clang-lto", 13) == 0 ||
613*08b48e0bSAndroid Build Coastguard Worker
614*08b48e0bSAndroid Build Coastguard Worker strncmp(aflcc->callname, "afl-lto", 7) == 0) {
615*08b48e0bSAndroid Build Coastguard Worker
616*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LTO;
617*08b48e0bSAndroid Build Coastguard Worker
618*08b48e0bSAndroid Build Coastguard Worker } else
619*08b48e0bSAndroid Build Coastguard Worker
620*08b48e0bSAndroid Build Coastguard Worker #endif
621*08b48e0bSAndroid Build Coastguard Worker
622*08b48e0bSAndroid Build Coastguard Worker if (strncmp(aflcc->callname, "afl-gcc-fast", 12) == 0 ||
623*08b48e0bSAndroid Build Coastguard Worker
624*08b48e0bSAndroid Build Coastguard Worker strncmp(aflcc->callname, "afl-g++-fast", 12) == 0) {
625*08b48e0bSAndroid Build Coastguard Worker
626*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC_PLUGIN;
627*08b48e0bSAndroid Build Coastguard Worker
628*08b48e0bSAndroid Build Coastguard Worker } else if (strncmp(aflcc->callname, "afl-gcc", 7) == 0 ||
629*08b48e0bSAndroid Build Coastguard Worker
630*08b48e0bSAndroid Build Coastguard Worker strncmp(aflcc->callname, "afl-g++", 7) == 0) {
631*08b48e0bSAndroid Build Coastguard Worker
632*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC;
633*08b48e0bSAndroid Build Coastguard Worker
634*08b48e0bSAndroid Build Coastguard Worker } else if (strcmp(aflcc->callname, "afl-clang") == 0 ||
635*08b48e0bSAndroid Build Coastguard Worker
636*08b48e0bSAndroid Build Coastguard Worker strcmp(aflcc->callname, "afl-clang++") == 0) {
637*08b48e0bSAndroid Build Coastguard Worker
638*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = CLANG;
639*08b48e0bSAndroid Build Coastguard Worker
640*08b48e0bSAndroid Build Coastguard Worker }
641*08b48e0bSAndroid Build Coastguard Worker
642*08b48e0bSAndroid Build Coastguard Worker }
643*08b48e0bSAndroid Build Coastguard Worker
644*08b48e0bSAndroid Build Coastguard Worker /*
645*08b48e0bSAndroid Build Coastguard Worker Select compiler_mode by env AFL_CC_COMPILER. And passthrough mode can be
646*08b48e0bSAndroid Build Coastguard Worker regarded as a special compiler_mode, so we check for it here, too.
647*08b48e0bSAndroid Build Coastguard Worker */
compiler_mode_by_environ(aflcc_state_t * aflcc)648*08b48e0bSAndroid Build Coastguard Worker void compiler_mode_by_environ(aflcc_state_t *aflcc) {
649*08b48e0bSAndroid Build Coastguard Worker
650*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) {
651*08b48e0bSAndroid Build Coastguard Worker
652*08b48e0bSAndroid Build Coastguard Worker aflcc->passthrough = 1;
653*08b48e0bSAndroid Build Coastguard Worker
654*08b48e0bSAndroid Build Coastguard Worker }
655*08b48e0bSAndroid Build Coastguard Worker
656*08b48e0bSAndroid Build Coastguard Worker char *ptr = getenv("AFL_CC_COMPILER");
657*08b48e0bSAndroid Build Coastguard Worker
658*08b48e0bSAndroid Build Coastguard Worker if (!ptr) { return; }
659*08b48e0bSAndroid Build Coastguard Worker
660*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode) {
661*08b48e0bSAndroid Build Coastguard Worker
662*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet) {
663*08b48e0bSAndroid Build Coastguard Worker
664*08b48e0bSAndroid Build Coastguard Worker WARNF(
665*08b48e0bSAndroid Build Coastguard Worker "\"AFL_CC_COMPILER\" is set but a specific compiler was already "
666*08b48e0bSAndroid Build Coastguard Worker "selected by command line parameter or symlink, ignoring the "
667*08b48e0bSAndroid Build Coastguard Worker "environment variable!");
668*08b48e0bSAndroid Build Coastguard Worker
669*08b48e0bSAndroid Build Coastguard Worker }
670*08b48e0bSAndroid Build Coastguard Worker
671*08b48e0bSAndroid Build Coastguard Worker } else {
672*08b48e0bSAndroid Build Coastguard Worker
673*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr, "LTO", 3) == 0) {
674*08b48e0bSAndroid Build Coastguard Worker
675*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LTO;
676*08b48e0bSAndroid Build Coastguard Worker
677*08b48e0bSAndroid Build Coastguard Worker } else if (strncasecmp(ptr, "LLVM", 4) == 0) {
678*08b48e0bSAndroid Build Coastguard Worker
679*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
680*08b48e0bSAndroid Build Coastguard Worker
681*08b48e0bSAndroid Build Coastguard Worker } else if (strncasecmp(ptr, "GCC_P", 5) == 0 ||
682*08b48e0bSAndroid Build Coastguard Worker
683*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr, "GCC-P", 5) == 0 ||
684*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr, "GCCP", 4) == 0) {
685*08b48e0bSAndroid Build Coastguard Worker
686*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC_PLUGIN;
687*08b48e0bSAndroid Build Coastguard Worker
688*08b48e0bSAndroid Build Coastguard Worker } else if (strcasecmp(ptr, "GCC") == 0) {
689*08b48e0bSAndroid Build Coastguard Worker
690*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC;
691*08b48e0bSAndroid Build Coastguard Worker
692*08b48e0bSAndroid Build Coastguard Worker } else if (strcasecmp(ptr, "CLANG") == 0) {
693*08b48e0bSAndroid Build Coastguard Worker
694*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = CLANG;
695*08b48e0bSAndroid Build Coastguard Worker
696*08b48e0bSAndroid Build Coastguard Worker } else
697*08b48e0bSAndroid Build Coastguard Worker
698*08b48e0bSAndroid Build Coastguard Worker FATAL("Unknown AFL_CC_COMPILER mode: %s\n", ptr);
699*08b48e0bSAndroid Build Coastguard Worker
700*08b48e0bSAndroid Build Coastguard Worker }
701*08b48e0bSAndroid Build Coastguard Worker
702*08b48e0bSAndroid Build Coastguard Worker }
703*08b48e0bSAndroid Build Coastguard Worker
704*08b48e0bSAndroid Build Coastguard Worker /*
705*08b48e0bSAndroid Build Coastguard Worker Select compiler_mode by command line options --afl-...
706*08b48e0bSAndroid Build Coastguard Worker If it can be inferred, instrument_mode would also be set.
707*08b48e0bSAndroid Build Coastguard Worker This can supersedes previous result based on callname
708*08b48e0bSAndroid Build Coastguard Worker or AFL_CC_COMPILER. And "--afl_noopt"/"--afl-noopt" will
709*08b48e0bSAndroid Build Coastguard Worker be overwritten by "-g".
710*08b48e0bSAndroid Build Coastguard Worker */
compiler_mode_by_cmdline(aflcc_state_t * aflcc,int argc,char ** argv)711*08b48e0bSAndroid Build Coastguard Worker void compiler_mode_by_cmdline(aflcc_state_t *aflcc, int argc, char **argv) {
712*08b48e0bSAndroid Build Coastguard Worker
713*08b48e0bSAndroid Build Coastguard Worker char *ptr = NULL;
714*08b48e0bSAndroid Build Coastguard Worker
715*08b48e0bSAndroid Build Coastguard Worker for (int i = 1; i < argc; i++) {
716*08b48e0bSAndroid Build Coastguard Worker
717*08b48e0bSAndroid Build Coastguard Worker if (strncmp(argv[i], "--afl", 5) == 0) {
718*08b48e0bSAndroid Build Coastguard Worker
719*08b48e0bSAndroid Build Coastguard Worker if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) {
720*08b48e0bSAndroid Build Coastguard Worker
721*08b48e0bSAndroid Build Coastguard Worker aflcc->passthrough = 1;
722*08b48e0bSAndroid Build Coastguard Worker argv[i] = "-g"; // we have to overwrite it, -g is always good
723*08b48e0bSAndroid Build Coastguard Worker continue;
724*08b48e0bSAndroid Build Coastguard Worker
725*08b48e0bSAndroid Build Coastguard Worker }
726*08b48e0bSAndroid Build Coastguard Worker
727*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode && !be_quiet) {
728*08b48e0bSAndroid Build Coastguard Worker
729*08b48e0bSAndroid Build Coastguard Worker WARNF(
730*08b48e0bSAndroid Build Coastguard Worker "--afl-... compiler mode supersedes the AFL_CC_COMPILER and "
731*08b48e0bSAndroid Build Coastguard Worker "symlink compiler selection!");
732*08b48e0bSAndroid Build Coastguard Worker
733*08b48e0bSAndroid Build Coastguard Worker }
734*08b48e0bSAndroid Build Coastguard Worker
735*08b48e0bSAndroid Build Coastguard Worker ptr = argv[i];
736*08b48e0bSAndroid Build Coastguard Worker ptr += 5;
737*08b48e0bSAndroid Build Coastguard Worker while (*ptr == '-')
738*08b48e0bSAndroid Build Coastguard Worker ptr++;
739*08b48e0bSAndroid Build Coastguard Worker
740*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr, "LTO", 3) == 0) {
741*08b48e0bSAndroid Build Coastguard Worker
742*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LTO;
743*08b48e0bSAndroid Build Coastguard Worker
744*08b48e0bSAndroid Build Coastguard Worker } else if (strncasecmp(ptr, "LLVM", 4) == 0) {
745*08b48e0bSAndroid Build Coastguard Worker
746*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
747*08b48e0bSAndroid Build Coastguard Worker
748*08b48e0bSAndroid Build Coastguard Worker } else if (strncasecmp(ptr, "PCGUARD", 7) == 0 ||
749*08b48e0bSAndroid Build Coastguard Worker
750*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr, "PC-GUARD", 8) == 0) {
751*08b48e0bSAndroid Build Coastguard Worker
752*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
753*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_PCGUARD;
754*08b48e0bSAndroid Build Coastguard Worker
755*08b48e0bSAndroid Build Coastguard Worker } else if (strcasecmp(ptr, "INSTRIM") == 0 ||
756*08b48e0bSAndroid Build Coastguard Worker
757*08b48e0bSAndroid Build Coastguard Worker strcasecmp(ptr, "CFG") == 0) {
758*08b48e0bSAndroid Build Coastguard Worker
759*08b48e0bSAndroid Build Coastguard Worker FATAL(
760*08b48e0bSAndroid Build Coastguard Worker "InsTrim instrumentation was removed. Use a modern LLVM and "
761*08b48e0bSAndroid Build Coastguard Worker "PCGUARD (default in afl-cc).\n");
762*08b48e0bSAndroid Build Coastguard Worker
763*08b48e0bSAndroid Build Coastguard Worker } else if (strcasecmp(ptr, "AFL") == 0 ||
764*08b48e0bSAndroid Build Coastguard Worker
765*08b48e0bSAndroid Build Coastguard Worker strcasecmp(ptr, "CLASSIC") == 0) {
766*08b48e0bSAndroid Build Coastguard Worker
767*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
768*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_CLASSIC;
769*08b48e0bSAndroid Build Coastguard Worker
770*08b48e0bSAndroid Build Coastguard Worker } else if (strcasecmp(ptr, "LLVMNATIVE") == 0 ||
771*08b48e0bSAndroid Build Coastguard Worker
772*08b48e0bSAndroid Build Coastguard Worker strcasecmp(ptr, "NATIVE") == 0 ||
773*08b48e0bSAndroid Build Coastguard Worker strcasecmp(ptr, "LLVM-NATIVE") == 0) {
774*08b48e0bSAndroid Build Coastguard Worker
775*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
776*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE;
777*08b48e0bSAndroid Build Coastguard Worker
778*08b48e0bSAndroid Build Coastguard Worker } else if (strncasecmp(ptr, "GCC_P", 5) == 0 ||
779*08b48e0bSAndroid Build Coastguard Worker
780*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr, "GCC-P", 5) == 0 ||
781*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr, "GCCP", 4) == 0) {
782*08b48e0bSAndroid Build Coastguard Worker
783*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC_PLUGIN;
784*08b48e0bSAndroid Build Coastguard Worker
785*08b48e0bSAndroid Build Coastguard Worker } else if (strcasecmp(ptr, "GCC") == 0) {
786*08b48e0bSAndroid Build Coastguard Worker
787*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC;
788*08b48e0bSAndroid Build Coastguard Worker
789*08b48e0bSAndroid Build Coastguard Worker } else if (strncasecmp(ptr, "CLANG", 5) == 0) {
790*08b48e0bSAndroid Build Coastguard Worker
791*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = CLANG;
792*08b48e0bSAndroid Build Coastguard Worker
793*08b48e0bSAndroid Build Coastguard Worker } else
794*08b48e0bSAndroid Build Coastguard Worker
795*08b48e0bSAndroid Build Coastguard Worker FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]);
796*08b48e0bSAndroid Build Coastguard Worker
797*08b48e0bSAndroid Build Coastguard Worker }
798*08b48e0bSAndroid Build Coastguard Worker
799*08b48e0bSAndroid Build Coastguard Worker }
800*08b48e0bSAndroid Build Coastguard Worker
801*08b48e0bSAndroid Build Coastguard Worker }
802*08b48e0bSAndroid Build Coastguard Worker
803*08b48e0bSAndroid Build Coastguard Worker /*
804*08b48e0bSAndroid Build Coastguard Worker Select instrument_mode by those envs in old style:
805*08b48e0bSAndroid Build Coastguard Worker - USE_TRACE_PC, AFL_USE_TRACE_PC, AFL_LLVM_USE_TRACE_PC, AFL_TRACE_PC
806*08b48e0bSAndroid Build Coastguard Worker - AFL_LLVM_CALLER, AFL_LLVM_CTX, AFL_LLVM_CTX_K
807*08b48e0bSAndroid Build Coastguard Worker - AFL_LLVM_NGRAM_SIZE
808*08b48e0bSAndroid Build Coastguard Worker */
instrument_mode_old_environ(aflcc_state_t * aflcc)809*08b48e0bSAndroid Build Coastguard Worker static void instrument_mode_old_environ(aflcc_state_t *aflcc) {
810*08b48e0bSAndroid Build Coastguard Worker
811*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") ||
812*08b48e0bSAndroid Build Coastguard Worker getenv("INSTRIM_LIB")) {
813*08b48e0bSAndroid Build Coastguard Worker
814*08b48e0bSAndroid Build Coastguard Worker FATAL(
815*08b48e0bSAndroid Build Coastguard Worker "InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD "
816*08b48e0bSAndroid Build Coastguard Worker "(default in afl-cc).\n");
817*08b48e0bSAndroid Build Coastguard Worker
818*08b48e0bSAndroid Build Coastguard Worker }
819*08b48e0bSAndroid Build Coastguard Worker
820*08b48e0bSAndroid Build Coastguard Worker if (getenv("USE_TRACE_PC") || getenv("AFL_USE_TRACE_PC") ||
821*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_USE_TRACE_PC") || getenv("AFL_TRACE_PC")) {
822*08b48e0bSAndroid Build Coastguard Worker
823*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_mode == 0)
824*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_PCGUARD;
825*08b48e0bSAndroid Build Coastguard Worker else if (aflcc->instrument_mode != INSTRUMENT_PCGUARD)
826*08b48e0bSAndroid Build Coastguard Worker FATAL("you cannot set AFL_LLVM_INSTRUMENT and AFL_TRACE_PC together");
827*08b48e0bSAndroid Build Coastguard Worker
828*08b48e0bSAndroid Build Coastguard Worker }
829*08b48e0bSAndroid Build Coastguard Worker
830*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_CTX")) aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX;
831*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_CALLER"))
832*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER;
833*08b48e0bSAndroid Build Coastguard Worker
834*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_NGRAM_SIZE")) {
835*08b48e0bSAndroid Build Coastguard Worker
836*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_NGRAM;
837*08b48e0bSAndroid Build Coastguard Worker aflcc->ngram_size = atoi(getenv("AFL_LLVM_NGRAM_SIZE"));
838*08b48e0bSAndroid Build Coastguard Worker if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX)
839*08b48e0bSAndroid Build Coastguard Worker FATAL(
840*08b48e0bSAndroid Build Coastguard Worker "NGRAM instrumentation mode must be between 2 and NGRAM_SIZE_MAX "
841*08b48e0bSAndroid Build Coastguard Worker "(%u)",
842*08b48e0bSAndroid Build Coastguard Worker NGRAM_SIZE_MAX);
843*08b48e0bSAndroid Build Coastguard Worker
844*08b48e0bSAndroid Build Coastguard Worker }
845*08b48e0bSAndroid Build Coastguard Worker
846*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_CTX_K")) {
847*08b48e0bSAndroid Build Coastguard Worker
848*08b48e0bSAndroid Build Coastguard Worker aflcc->ctx_k = atoi(getenv("AFL_LLVM_CTX_K"));
849*08b48e0bSAndroid Build Coastguard Worker if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K)
850*08b48e0bSAndroid Build Coastguard Worker FATAL("K-CTX instrumentation mode must be between 1 and CTX_MAX_K (%u)",
851*08b48e0bSAndroid Build Coastguard Worker CTX_MAX_K);
852*08b48e0bSAndroid Build Coastguard Worker if (aflcc->ctx_k == 1) {
853*08b48e0bSAndroid Build Coastguard Worker
854*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_CALLER", "1", 1);
855*08b48e0bSAndroid Build Coastguard Worker unsetenv("AFL_LLVM_CTX_K");
856*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER;
857*08b48e0bSAndroid Build Coastguard Worker
858*08b48e0bSAndroid Build Coastguard Worker } else {
859*08b48e0bSAndroid Build Coastguard Worker
860*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX_K;
861*08b48e0bSAndroid Build Coastguard Worker
862*08b48e0bSAndroid Build Coastguard Worker }
863*08b48e0bSAndroid Build Coastguard Worker
864*08b48e0bSAndroid Build Coastguard Worker }
865*08b48e0bSAndroid Build Coastguard Worker
866*08b48e0bSAndroid Build Coastguard Worker }
867*08b48e0bSAndroid Build Coastguard Worker
868*08b48e0bSAndroid Build Coastguard Worker /*
869*08b48e0bSAndroid Build Coastguard Worker Select instrument_mode by env 'AFL_LLVM_INSTRUMENT'.
870*08b48e0bSAndroid Build Coastguard Worker Previous compiler_mode will be superseded, if required by some
871*08b48e0bSAndroid Build Coastguard Worker values of instrument_mode.
872*08b48e0bSAndroid Build Coastguard Worker */
instrument_mode_new_environ(aflcc_state_t * aflcc)873*08b48e0bSAndroid Build Coastguard Worker static void instrument_mode_new_environ(aflcc_state_t *aflcc) {
874*08b48e0bSAndroid Build Coastguard Worker
875*08b48e0bSAndroid Build Coastguard Worker if (!getenv("AFL_LLVM_INSTRUMENT")) { return; }
876*08b48e0bSAndroid Build Coastguard Worker
877*08b48e0bSAndroid Build Coastguard Worker u8 *ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;");
878*08b48e0bSAndroid Build Coastguard Worker
879*08b48e0bSAndroid Build Coastguard Worker while (ptr2) {
880*08b48e0bSAndroid Build Coastguard Worker
881*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "afl", strlen("afl")) == 0 ||
882*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "classic", strlen("classic")) == 0) {
883*08b48e0bSAndroid Build Coastguard Worker
884*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_mode == INSTRUMENT_LTO) {
885*08b48e0bSAndroid Build Coastguard Worker
886*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_CLASSIC;
887*08b48e0bSAndroid Build Coastguard Worker aflcc->lto_mode = 1;
888*08b48e0bSAndroid Build Coastguard Worker
889*08b48e0bSAndroid Build Coastguard Worker } else if (!aflcc->instrument_mode ||
890*08b48e0bSAndroid Build Coastguard Worker
891*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_AFL) {
892*08b48e0bSAndroid Build Coastguard Worker
893*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_AFL;
894*08b48e0bSAndroid Build Coastguard Worker
895*08b48e0bSAndroid Build Coastguard Worker } else {
896*08b48e0bSAndroid Build Coastguard Worker
897*08b48e0bSAndroid Build Coastguard Worker FATAL("main instrumentation mode already set with %s",
898*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
899*08b48e0bSAndroid Build Coastguard Worker
900*08b48e0bSAndroid Build Coastguard Worker }
901*08b48e0bSAndroid Build Coastguard Worker
902*08b48e0bSAndroid Build Coastguard Worker }
903*08b48e0bSAndroid Build Coastguard Worker
904*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "pc-guard", strlen("pc-guard")) == 0 ||
905*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "pcguard", strlen("pcguard")) == 0) {
906*08b48e0bSAndroid Build Coastguard Worker
907*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->instrument_mode ||
908*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_PCGUARD)
909*08b48e0bSAndroid Build Coastguard Worker
910*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_PCGUARD;
911*08b48e0bSAndroid Build Coastguard Worker
912*08b48e0bSAndroid Build Coastguard Worker else
913*08b48e0bSAndroid Build Coastguard Worker FATAL("main instrumentation mode already set with %s",
914*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
915*08b48e0bSAndroid Build Coastguard Worker
916*08b48e0bSAndroid Build Coastguard Worker }
917*08b48e0bSAndroid Build Coastguard Worker
918*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "llvmnative", strlen("llvmnative")) == 0 ||
919*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "llvm-native", strlen("llvm-native")) == 0 ||
920*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "native", strlen("native")) == 0) {
921*08b48e0bSAndroid Build Coastguard Worker
922*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->instrument_mode ||
923*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE)
924*08b48e0bSAndroid Build Coastguard Worker
925*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE;
926*08b48e0bSAndroid Build Coastguard Worker
927*08b48e0bSAndroid Build Coastguard Worker else
928*08b48e0bSAndroid Build Coastguard Worker FATAL("main instrumentation mode already set with %s",
929*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
930*08b48e0bSAndroid Build Coastguard Worker
931*08b48e0bSAndroid Build Coastguard Worker }
932*08b48e0bSAndroid Build Coastguard Worker
933*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "llvmcodecov", strlen("llvmcodecov")) == 0 ||
934*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "llvm-codecov", strlen("llvm-codecov")) == 0) {
935*08b48e0bSAndroid Build Coastguard Worker
936*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->instrument_mode ||
937*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) {
938*08b48e0bSAndroid Build Coastguard Worker
939*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE;
940*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CODECOV;
941*08b48e0bSAndroid Build Coastguard Worker
942*08b48e0bSAndroid Build Coastguard Worker } else {
943*08b48e0bSAndroid Build Coastguard Worker
944*08b48e0bSAndroid Build Coastguard Worker FATAL("main instrumentation mode already set with %s",
945*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
946*08b48e0bSAndroid Build Coastguard Worker
947*08b48e0bSAndroid Build Coastguard Worker }
948*08b48e0bSAndroid Build Coastguard Worker
949*08b48e0bSAndroid Build Coastguard Worker }
950*08b48e0bSAndroid Build Coastguard Worker
951*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 ||
952*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) {
953*08b48e0bSAndroid Build Coastguard Worker
954*08b48e0bSAndroid Build Coastguard Worker FATAL(
955*08b48e0bSAndroid Build Coastguard Worker "InsTrim instrumentation was removed. Use a modern LLVM and "
956*08b48e0bSAndroid Build Coastguard Worker "PCGUARD (default in afl-cc).\n");
957*08b48e0bSAndroid Build Coastguard Worker
958*08b48e0bSAndroid Build Coastguard Worker }
959*08b48e0bSAndroid Build Coastguard Worker
960*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "lto", strlen("lto")) == 0) {
961*08b48e0bSAndroid Build Coastguard Worker
962*08b48e0bSAndroid Build Coastguard Worker aflcc->lto_mode = 1;
963*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_LTO)
964*08b48e0bSAndroid Build Coastguard Worker
965*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LTO;
966*08b48e0bSAndroid Build Coastguard Worker
967*08b48e0bSAndroid Build Coastguard Worker else
968*08b48e0bSAndroid Build Coastguard Worker FATAL("main instrumentation mode already set with %s",
969*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
970*08b48e0bSAndroid Build Coastguard Worker
971*08b48e0bSAndroid Build Coastguard Worker }
972*08b48e0bSAndroid Build Coastguard Worker
973*08b48e0bSAndroid Build Coastguard Worker if (strcasecmp(ptr2, "gcc") == 0) {
974*08b48e0bSAndroid Build Coastguard Worker
975*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_GCC)
976*08b48e0bSAndroid Build Coastguard Worker
977*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_GCC;
978*08b48e0bSAndroid Build Coastguard Worker
979*08b48e0bSAndroid Build Coastguard Worker else if (aflcc->instrument_mode != INSTRUMENT_GCC)
980*08b48e0bSAndroid Build Coastguard Worker FATAL("main instrumentation mode already set with %s",
981*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
982*08b48e0bSAndroid Build Coastguard Worker
983*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC;
984*08b48e0bSAndroid Build Coastguard Worker
985*08b48e0bSAndroid Build Coastguard Worker }
986*08b48e0bSAndroid Build Coastguard Worker
987*08b48e0bSAndroid Build Coastguard Worker if (strcasecmp(ptr2, "clang") == 0) {
988*08b48e0bSAndroid Build Coastguard Worker
989*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_CLANG)
990*08b48e0bSAndroid Build Coastguard Worker
991*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_CLANG;
992*08b48e0bSAndroid Build Coastguard Worker
993*08b48e0bSAndroid Build Coastguard Worker else if (aflcc->instrument_mode != INSTRUMENT_CLANG)
994*08b48e0bSAndroid Build Coastguard Worker FATAL("main instrumentation mode already set with %s",
995*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
996*08b48e0bSAndroid Build Coastguard Worker
997*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = CLANG;
998*08b48e0bSAndroid Build Coastguard Worker
999*08b48e0bSAndroid Build Coastguard Worker }
1000*08b48e0bSAndroid Build Coastguard Worker
1001*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 ||
1002*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 ||
1003*08b48e0bSAndroid Build Coastguard Worker strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) {
1004*08b48e0bSAndroid Build Coastguard Worker
1005*08b48e0bSAndroid Build Coastguard Worker u8 *ptr3 = ptr2;
1006*08b48e0bSAndroid Build Coastguard Worker while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9'))
1007*08b48e0bSAndroid Build Coastguard Worker ptr3++;
1008*08b48e0bSAndroid Build Coastguard Worker
1009*08b48e0bSAndroid Build Coastguard Worker if (!*ptr3) {
1010*08b48e0bSAndroid Build Coastguard Worker
1011*08b48e0bSAndroid Build Coastguard Worker if ((ptr3 = getenv("AFL_LLVM_CTX_K")) == NULL)
1012*08b48e0bSAndroid Build Coastguard Worker FATAL(
1013*08b48e0bSAndroid Build Coastguard Worker "you must set the K-CTX K with (e.g. for value 2) "
1014*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_INSTRUMENT=ctx-2");
1015*08b48e0bSAndroid Build Coastguard Worker
1016*08b48e0bSAndroid Build Coastguard Worker }
1017*08b48e0bSAndroid Build Coastguard Worker
1018*08b48e0bSAndroid Build Coastguard Worker aflcc->ctx_k = atoi(ptr3);
1019*08b48e0bSAndroid Build Coastguard Worker if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K)
1020*08b48e0bSAndroid Build Coastguard Worker FATAL(
1021*08b48e0bSAndroid Build Coastguard Worker "K-CTX instrumentation option must be between 1 and CTX_MAX_K "
1022*08b48e0bSAndroid Build Coastguard Worker "(%u)",
1023*08b48e0bSAndroid Build Coastguard Worker CTX_MAX_K);
1024*08b48e0bSAndroid Build Coastguard Worker
1025*08b48e0bSAndroid Build Coastguard Worker if (aflcc->ctx_k == 1) {
1026*08b48e0bSAndroid Build Coastguard Worker
1027*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER;
1028*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_CALLER", "1", 1);
1029*08b48e0bSAndroid Build Coastguard Worker unsetenv("AFL_LLVM_CTX_K");
1030*08b48e0bSAndroid Build Coastguard Worker
1031*08b48e0bSAndroid Build Coastguard Worker } else {
1032*08b48e0bSAndroid Build Coastguard Worker
1033*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_CTX_K);
1034*08b48e0bSAndroid Build Coastguard Worker u8 *ptr4 = alloc_printf("%u", aflcc->ctx_k);
1035*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_CTX_K", ptr4, 1);
1036*08b48e0bSAndroid Build Coastguard Worker
1037*08b48e0bSAndroid Build Coastguard Worker }
1038*08b48e0bSAndroid Build Coastguard Worker
1039*08b48e0bSAndroid Build Coastguard Worker }
1040*08b48e0bSAndroid Build Coastguard Worker
1041*08b48e0bSAndroid Build Coastguard Worker if (strcasecmp(ptr2, "ctx") == 0) {
1042*08b48e0bSAndroid Build Coastguard Worker
1043*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX;
1044*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_CTX", "1", 1);
1045*08b48e0bSAndroid Build Coastguard Worker
1046*08b48e0bSAndroid Build Coastguard Worker }
1047*08b48e0bSAndroid Build Coastguard Worker
1048*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "caller", strlen("caller")) == 0) {
1049*08b48e0bSAndroid Build Coastguard Worker
1050*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER;
1051*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_CALLER", "1", 1);
1052*08b48e0bSAndroid Build Coastguard Worker
1053*08b48e0bSAndroid Build Coastguard Worker }
1054*08b48e0bSAndroid Build Coastguard Worker
1055*08b48e0bSAndroid Build Coastguard Worker if (strncasecmp(ptr2, "ngram", strlen("ngram")) == 0) {
1056*08b48e0bSAndroid Build Coastguard Worker
1057*08b48e0bSAndroid Build Coastguard Worker u8 *ptr3 = ptr2 + strlen("ngram");
1058*08b48e0bSAndroid Build Coastguard Worker while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) {
1059*08b48e0bSAndroid Build Coastguard Worker
1060*08b48e0bSAndroid Build Coastguard Worker ptr3++;
1061*08b48e0bSAndroid Build Coastguard Worker
1062*08b48e0bSAndroid Build Coastguard Worker }
1063*08b48e0bSAndroid Build Coastguard Worker
1064*08b48e0bSAndroid Build Coastguard Worker if (!*ptr3) {
1065*08b48e0bSAndroid Build Coastguard Worker
1066*08b48e0bSAndroid Build Coastguard Worker if ((ptr3 = getenv("AFL_LLVM_NGRAM_SIZE")) == NULL)
1067*08b48e0bSAndroid Build Coastguard Worker FATAL(
1068*08b48e0bSAndroid Build Coastguard Worker "you must set the NGRAM size with (e.g. for value 2) "
1069*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_INSTRUMENT=ngram-2");
1070*08b48e0bSAndroid Build Coastguard Worker
1071*08b48e0bSAndroid Build Coastguard Worker }
1072*08b48e0bSAndroid Build Coastguard Worker
1073*08b48e0bSAndroid Build Coastguard Worker aflcc->ngram_size = atoi(ptr3);
1074*08b48e0bSAndroid Build Coastguard Worker
1075*08b48e0bSAndroid Build Coastguard Worker if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX) {
1076*08b48e0bSAndroid Build Coastguard Worker
1077*08b48e0bSAndroid Build Coastguard Worker FATAL(
1078*08b48e0bSAndroid Build Coastguard Worker "NGRAM instrumentation option must be between 2 and "
1079*08b48e0bSAndroid Build Coastguard Worker "NGRAM_SIZE_MAX (%u)",
1080*08b48e0bSAndroid Build Coastguard Worker NGRAM_SIZE_MAX);
1081*08b48e0bSAndroid Build Coastguard Worker
1082*08b48e0bSAndroid Build Coastguard Worker }
1083*08b48e0bSAndroid Build Coastguard Worker
1084*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_NGRAM);
1085*08b48e0bSAndroid Build Coastguard Worker u8 *ptr4 = alloc_printf("%u", aflcc->ngram_size);
1086*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_NGRAM_SIZE", ptr4, 1);
1087*08b48e0bSAndroid Build Coastguard Worker
1088*08b48e0bSAndroid Build Coastguard Worker }
1089*08b48e0bSAndroid Build Coastguard Worker
1090*08b48e0bSAndroid Build Coastguard Worker ptr2 = strtok(NULL, ":,;");
1091*08b48e0bSAndroid Build Coastguard Worker
1092*08b48e0bSAndroid Build Coastguard Worker }
1093*08b48e0bSAndroid Build Coastguard Worker
1094*08b48e0bSAndroid Build Coastguard Worker }
1095*08b48e0bSAndroid Build Coastguard Worker
1096*08b48e0bSAndroid Build Coastguard Worker /*
1097*08b48e0bSAndroid Build Coastguard Worker Select instrument_mode by envs, the top wrapper. We check
1098*08b48e0bSAndroid Build Coastguard Worker have_instr_env firstly, then call instrument_mode_old_environ
1099*08b48e0bSAndroid Build Coastguard Worker and instrument_mode_new_environ sequentially.
1100*08b48e0bSAndroid Build Coastguard Worker */
instrument_mode_by_environ(aflcc_state_t * aflcc)1101*08b48e0bSAndroid Build Coastguard Worker void instrument_mode_by_environ(aflcc_state_t *aflcc) {
1102*08b48e0bSAndroid Build Coastguard Worker
1103*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_INSTRUMENT_FILE") || getenv("AFL_LLVM_WHITELIST") ||
1104*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_ALLOWLIST") || getenv("AFL_LLVM_DENYLIST") ||
1105*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_BLOCKLIST")) {
1106*08b48e0bSAndroid Build Coastguard Worker
1107*08b48e0bSAndroid Build Coastguard Worker aflcc->have_instr_env = 1;
1108*08b48e0bSAndroid Build Coastguard Worker
1109*08b48e0bSAndroid Build Coastguard Worker }
1110*08b48e0bSAndroid Build Coastguard Worker
1111*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_instr_env && getenv("AFL_DONT_OPTIMIZE") && !be_quiet) {
1112*08b48e0bSAndroid Build Coastguard Worker
1113*08b48e0bSAndroid Build Coastguard Worker WARNF(
1114*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_ALLOWLIST/DENYLIST and AFL_DONT_OPTIMIZE cannot be combined "
1115*08b48e0bSAndroid Build Coastguard Worker "for file matching, only function matching!");
1116*08b48e0bSAndroid Build Coastguard Worker
1117*08b48e0bSAndroid Build Coastguard Worker }
1118*08b48e0bSAndroid Build Coastguard Worker
1119*08b48e0bSAndroid Build Coastguard Worker instrument_mode_old_environ(aflcc);
1120*08b48e0bSAndroid Build Coastguard Worker instrument_mode_new_environ(aflcc);
1121*08b48e0bSAndroid Build Coastguard Worker
1122*08b48e0bSAndroid Build Coastguard Worker }
1123*08b48e0bSAndroid Build Coastguard Worker
1124*08b48e0bSAndroid Build Coastguard Worker /*
1125*08b48e0bSAndroid Build Coastguard Worker Workaround to ensure CALLER, CTX, K-CTX and NGRAM
1126*08b48e0bSAndroid Build Coastguard Worker instrumentation were used correctly.
1127*08b48e0bSAndroid Build Coastguard Worker */
instrument_opt_mode_exclude(aflcc_state_t * aflcc)1128*08b48e0bSAndroid Build Coastguard Worker static void instrument_opt_mode_exclude(aflcc_state_t *aflcc) {
1129*08b48e0bSAndroid Build Coastguard Worker
1130*08b48e0bSAndroid Build Coastguard Worker if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) &&
1131*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER)) {
1132*08b48e0bSAndroid Build Coastguard Worker
1133*08b48e0bSAndroid Build Coastguard Worker FATAL("you cannot set CTX and CALLER together");
1134*08b48e0bSAndroid Build Coastguard Worker
1135*08b48e0bSAndroid Build Coastguard Worker }
1136*08b48e0bSAndroid Build Coastguard Worker
1137*08b48e0bSAndroid Build Coastguard Worker if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) &&
1138*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) {
1139*08b48e0bSAndroid Build Coastguard Worker
1140*08b48e0bSAndroid Build Coastguard Worker FATAL("you cannot set CTX and K-CTX together");
1141*08b48e0bSAndroid Build Coastguard Worker
1142*08b48e0bSAndroid Build Coastguard Worker }
1143*08b48e0bSAndroid Build Coastguard Worker
1144*08b48e0bSAndroid Build Coastguard Worker if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) &&
1145*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) {
1146*08b48e0bSAndroid Build Coastguard Worker
1147*08b48e0bSAndroid Build Coastguard Worker FATAL("you cannot set CALLER and K-CTX together");
1148*08b48e0bSAndroid Build Coastguard Worker
1149*08b48e0bSAndroid Build Coastguard Worker }
1150*08b48e0bSAndroid Build Coastguard Worker
1151*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_opt_mode && aflcc->compiler_mode != LLVM)
1152*08b48e0bSAndroid Build Coastguard Worker FATAL("CTX, CALLER and NGRAM can only be used in LLVM mode");
1153*08b48e0bSAndroid Build Coastguard Worker
1154*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_opt_mode &&
1155*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_opt_mode != INSTRUMENT_OPT_CODECOV &&
1156*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode != INSTRUMENT_CLASSIC)
1157*08b48e0bSAndroid Build Coastguard Worker FATAL(
1158*08b48e0bSAndroid Build Coastguard Worker "CALLER, CTX and NGRAM instrumentation options can only be used with "
1159*08b48e0bSAndroid Build Coastguard Worker "the LLVM CLASSIC instrumentation mode.");
1160*08b48e0bSAndroid Build Coastguard Worker
1161*08b48e0bSAndroid Build Coastguard Worker }
1162*08b48e0bSAndroid Build Coastguard Worker
1163*08b48e0bSAndroid Build Coastguard Worker /*
1164*08b48e0bSAndroid Build Coastguard Worker Last step of compiler_mode & instrument_mode selecting.
1165*08b48e0bSAndroid Build Coastguard Worker We have a few of workarounds here, to check any corner cases,
1166*08b48e0bSAndroid Build Coastguard Worker prepare for a series of fallbacks, and raise warnings or errors.
1167*08b48e0bSAndroid Build Coastguard Worker */
mode_final_checkout(aflcc_state_t * aflcc,int argc,char ** argv)1168*08b48e0bSAndroid Build Coastguard Worker void mode_final_checkout(aflcc_state_t *aflcc, int argc, char **argv) {
1169*08b48e0bSAndroid Build Coastguard Worker
1170*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_opt_mode &&
1171*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_DEFAULT &&
1172*08b48e0bSAndroid Build Coastguard Worker (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == UNSET)) {
1173*08b48e0bSAndroid Build Coastguard Worker
1174*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_CLASSIC;
1175*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
1176*08b48e0bSAndroid Build Coastguard Worker
1177*08b48e0bSAndroid Build Coastguard Worker }
1178*08b48e0bSAndroid Build Coastguard Worker
1179*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->compiler_mode) {
1180*08b48e0bSAndroid Build Coastguard Worker
1181*08b48e0bSAndroid Build Coastguard Worker // lto is not a default because outside of afl-cc RANLIB and AR have to
1182*08b48e0bSAndroid Build Coastguard Worker // be set to LLVM versions so this would work
1183*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_llvm)
1184*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LLVM;
1185*08b48e0bSAndroid Build Coastguard Worker else if (aflcc->have_gcc_plugin)
1186*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC_PLUGIN;
1187*08b48e0bSAndroid Build Coastguard Worker else if (aflcc->have_gcc)
1188*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = GCC;
1189*08b48e0bSAndroid Build Coastguard Worker else if (aflcc->have_clang)
1190*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = CLANG;
1191*08b48e0bSAndroid Build Coastguard Worker else if (aflcc->have_lto)
1192*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LTO;
1193*08b48e0bSAndroid Build Coastguard Worker else
1194*08b48e0bSAndroid Build Coastguard Worker FATAL("no compiler mode available");
1195*08b48e0bSAndroid Build Coastguard Worker
1196*08b48e0bSAndroid Build Coastguard Worker }
1197*08b48e0bSAndroid Build Coastguard Worker
1198*08b48e0bSAndroid Build Coastguard Worker switch (aflcc->compiler_mode) {
1199*08b48e0bSAndroid Build Coastguard Worker
1200*08b48e0bSAndroid Build Coastguard Worker case GCC:
1201*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_gcc) FATAL("afl-gcc is not available on your platform!");
1202*08b48e0bSAndroid Build Coastguard Worker break;
1203*08b48e0bSAndroid Build Coastguard Worker case CLANG:
1204*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_clang)
1205*08b48e0bSAndroid Build Coastguard Worker FATAL("afl-clang is not available on your platform!");
1206*08b48e0bSAndroid Build Coastguard Worker break;
1207*08b48e0bSAndroid Build Coastguard Worker case LLVM:
1208*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_llvm)
1209*08b48e0bSAndroid Build Coastguard Worker FATAL(
1210*08b48e0bSAndroid Build Coastguard Worker "LLVM mode is not available, please install LLVM 13+ and recompile "
1211*08b48e0bSAndroid Build Coastguard Worker "AFL++");
1212*08b48e0bSAndroid Build Coastguard Worker break;
1213*08b48e0bSAndroid Build Coastguard Worker case GCC_PLUGIN:
1214*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_gcc_plugin)
1215*08b48e0bSAndroid Build Coastguard Worker FATAL(
1216*08b48e0bSAndroid Build Coastguard Worker "GCC_PLUGIN mode is not available, install gcc plugin support and "
1217*08b48e0bSAndroid Build Coastguard Worker "recompile AFL++");
1218*08b48e0bSAndroid Build Coastguard Worker break;
1219*08b48e0bSAndroid Build Coastguard Worker case LTO:
1220*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_lto)
1221*08b48e0bSAndroid Build Coastguard Worker FATAL(
1222*08b48e0bSAndroid Build Coastguard Worker "LTO mode is not available, please install LLVM 13+ and lld of the "
1223*08b48e0bSAndroid Build Coastguard Worker "same version and recompile AFL++");
1224*08b48e0bSAndroid Build Coastguard Worker break;
1225*08b48e0bSAndroid Build Coastguard Worker default:
1226*08b48e0bSAndroid Build Coastguard Worker FATAL("no compiler mode available");
1227*08b48e0bSAndroid Build Coastguard Worker
1228*08b48e0bSAndroid Build Coastguard Worker }
1229*08b48e0bSAndroid Build Coastguard Worker
1230*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC) { aflcc->instrument_mode = INSTRUMENT_GCC; }
1231*08b48e0bSAndroid Build Coastguard Worker
1232*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == CLANG) {
1233*08b48e0bSAndroid Build Coastguard Worker
1234*08b48e0bSAndroid Build Coastguard Worker /* if our PCGUARD implementation is not available then silently switch to
1235*08b48e0bSAndroid Build Coastguard Worker native LLVM PCGUARD. Or classic asm instrument is explicitly preferred. */
1236*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_optimized_pcguard &&
1237*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_mode == INSTRUMENT_DEFAULT ||
1238*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_PCGUARD)) {
1239*08b48e0bSAndroid Build Coastguard Worker
1240*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE;
1241*08b48e0bSAndroid Build Coastguard Worker
1242*08b48e0bSAndroid Build Coastguard Worker } else {
1243*08b48e0bSAndroid Build Coastguard Worker
1244*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_CLANG;
1245*08b48e0bSAndroid Build Coastguard Worker setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as
1246*08b48e0bSAndroid Build Coastguard Worker
1247*08b48e0bSAndroid Build Coastguard Worker }
1248*08b48e0bSAndroid Build Coastguard Worker
1249*08b48e0bSAndroid Build Coastguard Worker }
1250*08b48e0bSAndroid Build Coastguard Worker
1251*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == LTO) {
1252*08b48e0bSAndroid Build Coastguard Worker
1253*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_mode == 0 ||
1254*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_LTO ||
1255*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_CFG ||
1256*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_PCGUARD) {
1257*08b48e0bSAndroid Build Coastguard Worker
1258*08b48e0bSAndroid Build Coastguard Worker aflcc->lto_mode = 1;
1259*08b48e0bSAndroid Build Coastguard Worker // force CFG
1260*08b48e0bSAndroid Build Coastguard Worker // if (!aflcc->instrument_mode) {
1261*08b48e0bSAndroid Build Coastguard Worker
1262*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_PCGUARD;
1263*08b48e0bSAndroid Build Coastguard Worker
1264*08b48e0bSAndroid Build Coastguard Worker // }
1265*08b48e0bSAndroid Build Coastguard Worker
1266*08b48e0bSAndroid Build Coastguard Worker } else if (aflcc->instrument_mode == INSTRUMENT_CLASSIC) {
1267*08b48e0bSAndroid Build Coastguard Worker
1268*08b48e0bSAndroid Build Coastguard Worker aflcc->lto_mode = 1;
1269*08b48e0bSAndroid Build Coastguard Worker
1270*08b48e0bSAndroid Build Coastguard Worker } else {
1271*08b48e0bSAndroid Build Coastguard Worker
1272*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet) {
1273*08b48e0bSAndroid Build Coastguard Worker
1274*08b48e0bSAndroid Build Coastguard Worker WARNF("afl-clang-lto called with mode %s, using that mode instead",
1275*08b48e0bSAndroid Build Coastguard Worker instrument_mode_2str(aflcc->instrument_mode));
1276*08b48e0bSAndroid Build Coastguard Worker
1277*08b48e0bSAndroid Build Coastguard Worker }
1278*08b48e0bSAndroid Build Coastguard Worker
1279*08b48e0bSAndroid Build Coastguard Worker }
1280*08b48e0bSAndroid Build Coastguard Worker
1281*08b48e0bSAndroid Build Coastguard Worker }
1282*08b48e0bSAndroid Build Coastguard Worker
1283*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_mode == 0 && aflcc->compiler_mode < GCC_PLUGIN) {
1284*08b48e0bSAndroid Build Coastguard Worker
1285*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR >= 7
1286*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1)
1287*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_instr_env) {
1288*08b48e0bSAndroid Build Coastguard Worker
1289*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_AFL;
1290*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet) {
1291*08b48e0bSAndroid Build Coastguard Worker
1292*08b48e0bSAndroid Build Coastguard Worker WARNF(
1293*08b48e0bSAndroid Build Coastguard Worker "Switching to classic instrumentation because "
1294*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_ALLOWLIST/DENYLIST does not work with PCGUARD < 10.0.1.");
1295*08b48e0bSAndroid Build Coastguard Worker
1296*08b48e0bSAndroid Build Coastguard Worker }
1297*08b48e0bSAndroid Build Coastguard Worker
1298*08b48e0bSAndroid Build Coastguard Worker } else
1299*08b48e0bSAndroid Build Coastguard Worker
1300*08b48e0bSAndroid Build Coastguard Worker #endif
1301*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_PCGUARD;
1302*08b48e0bSAndroid Build Coastguard Worker
1303*08b48e0bSAndroid Build Coastguard Worker #else
1304*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_AFL;
1305*08b48e0bSAndroid Build Coastguard Worker #endif
1306*08b48e0bSAndroid Build Coastguard Worker
1307*08b48e0bSAndroid Build Coastguard Worker }
1308*08b48e0bSAndroid Build Coastguard Worker
1309*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->instrument_opt_mode && aflcc->lto_mode &&
1310*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode == INSTRUMENT_CFG) {
1311*08b48e0bSAndroid Build Coastguard Worker
1312*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_PCGUARD;
1313*08b48e0bSAndroid Build Coastguard Worker
1314*08b48e0bSAndroid Build Coastguard Worker }
1315*08b48e0bSAndroid Build Coastguard Worker
1316*08b48e0bSAndroid Build Coastguard Worker #ifndef AFL_CLANG_FLTO
1317*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode)
1318*08b48e0bSAndroid Build Coastguard Worker FATAL(
1319*08b48e0bSAndroid Build Coastguard Worker "instrumentation mode LTO specified but LLVM support not available "
1320*08b48e0bSAndroid Build Coastguard Worker "(requires LLVM 11 or higher)");
1321*08b48e0bSAndroid Build Coastguard Worker #endif
1322*08b48e0bSAndroid Build Coastguard Worker
1323*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode) {
1324*08b48e0bSAndroid Build Coastguard Worker
1325*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_flag[0] != '-')
1326*08b48e0bSAndroid Build Coastguard Worker FATAL(
1327*08b48e0bSAndroid Build Coastguard Worker "Using afl-clang-lto is not possible because Makefile magic did not "
1328*08b48e0bSAndroid Build Coastguard Worker "identify the correct -flto flag");
1329*08b48e0bSAndroid Build Coastguard Worker else
1330*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode = LTO;
1331*08b48e0bSAndroid Build Coastguard Worker
1332*08b48e0bSAndroid Build Coastguard Worker }
1333*08b48e0bSAndroid Build Coastguard Worker
1334*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_SKIP_NEVERZERO") && getenv("AFL_LLVM_NOT_ZERO"))
1335*08b48e0bSAndroid Build Coastguard Worker FATAL(
1336*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_NOT_ZERO and AFL_LLVM_SKIP_NEVERZERO can not be set "
1337*08b48e0bSAndroid Build Coastguard Worker "together");
1338*08b48e0bSAndroid Build Coastguard Worker
1339*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR < 11 && (LLVM_MAJOR < 10 || LLVM_MINOR < 1)
1340*08b48e0bSAndroid Build Coastguard Worker
1341*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_mode == INSTRUMENT_PCGUARD && aflcc->have_instr_env) {
1342*08b48e0bSAndroid Build Coastguard Worker
1343*08b48e0bSAndroid Build Coastguard Worker FATAL(
1344*08b48e0bSAndroid Build Coastguard Worker "Instrumentation type PCGUARD does not support "
1345*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_ALLOWLIST/DENYLIST! Use LLVM 10.0.1+ instead.");
1346*08b48e0bSAndroid Build Coastguard Worker
1347*08b48e0bSAndroid Build Coastguard Worker }
1348*08b48e0bSAndroid Build Coastguard Worker
1349*08b48e0bSAndroid Build Coastguard Worker #endif
1350*08b48e0bSAndroid Build Coastguard Worker
1351*08b48e0bSAndroid Build Coastguard Worker instrument_opt_mode_exclude(aflcc);
1352*08b48e0bSAndroid Build Coastguard Worker
1353*08b48e0bSAndroid Build Coastguard Worker u8 *ptr2;
1354*08b48e0bSAndroid Build Coastguard Worker
1355*08b48e0bSAndroid Build Coastguard Worker if ((ptr2 = getenv("AFL_LLVM_DICT2FILE")) != NULL && *ptr2 != '/')
1356*08b48e0bSAndroid Build Coastguard Worker FATAL("AFL_LLVM_DICT2FILE must be set to an absolute file path");
1357*08b48e0bSAndroid Build Coastguard Worker
1358*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_LAF_ALL")) {
1359*08b48e0bSAndroid Build Coastguard Worker
1360*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_LAF_SPLIT_SWITCHES", "1", 1);
1361*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_LAF_SPLIT_COMPARES", "1", 1);
1362*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_LAF_SPLIT_FLOATS", "1", 1);
1363*08b48e0bSAndroid Build Coastguard Worker setenv("AFL_LLVM_LAF_TRANSFORM_COMPARES", "1", 1);
1364*08b48e0bSAndroid Build Coastguard Worker
1365*08b48e0bSAndroid Build Coastguard Worker }
1366*08b48e0bSAndroid Build Coastguard Worker
1367*08b48e0bSAndroid Build Coastguard Worker aflcc->cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") ||
1368*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_GCC_CMPLOG");
1369*08b48e0bSAndroid Build Coastguard Worker
1370*08b48e0bSAndroid Build Coastguard Worker }
1371*08b48e0bSAndroid Build Coastguard Worker
1372*08b48e0bSAndroid Build Coastguard Worker /*
1373*08b48e0bSAndroid Build Coastguard Worker Print welcome message on screen, giving brief notes about
1374*08b48e0bSAndroid Build Coastguard Worker compiler_mode and instrument_mode.
1375*08b48e0bSAndroid Build Coastguard Worker */
mode_notification(aflcc_state_t * aflcc)1376*08b48e0bSAndroid Build Coastguard Worker void mode_notification(aflcc_state_t *aflcc) {
1377*08b48e0bSAndroid Build Coastguard Worker
1378*08b48e0bSAndroid Build Coastguard Worker char *ptr2 = alloc_printf(" + NGRAM-%u", aflcc->ngram_size);
1379*08b48e0bSAndroid Build Coastguard Worker char *ptr3 = alloc_printf(" + K-CTX-%u", aflcc->ctx_k);
1380*08b48e0bSAndroid Build Coastguard Worker
1381*08b48e0bSAndroid Build Coastguard Worker char *ptr1 = alloc_printf(
1382*08b48e0bSAndroid Build Coastguard Worker "%s%s%s%s%s", instrument_mode_2str(aflcc->instrument_mode),
1383*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) ? " + CTX" : "",
1384*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) ? " + CALLER" : "",
1385*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_opt_mode & INSTRUMENT_OPT_NGRAM) ? ptr2 : "",
1386*08b48e0bSAndroid Build Coastguard Worker (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K) ? ptr3 : "");
1387*08b48e0bSAndroid Build Coastguard Worker
1388*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr2);
1389*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr3);
1390*08b48e0bSAndroid Build Coastguard Worker
1391*08b48e0bSAndroid Build Coastguard Worker if ((isatty(2) && !be_quiet) || aflcc->debug) {
1392*08b48e0bSAndroid Build Coastguard Worker
1393*08b48e0bSAndroid Build Coastguard Worker SAYF(cCYA
1394*08b48e0bSAndroid Build Coastguard Worker "afl-cc" VERSION cRST
1395*08b48e0bSAndroid Build Coastguard Worker " by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: %s-%s\n",
1396*08b48e0bSAndroid Build Coastguard Worker compiler_mode_2str(aflcc->compiler_mode), ptr1);
1397*08b48e0bSAndroid Build Coastguard Worker
1398*08b48e0bSAndroid Build Coastguard Worker }
1399*08b48e0bSAndroid Build Coastguard Worker
1400*08b48e0bSAndroid Build Coastguard Worker ck_free(ptr1);
1401*08b48e0bSAndroid Build Coastguard Worker
1402*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet &&
1403*08b48e0bSAndroid Build Coastguard Worker (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG)) {
1404*08b48e0bSAndroid Build Coastguard Worker
1405*08b48e0bSAndroid Build Coastguard Worker WARNF(
1406*08b48e0bSAndroid Build Coastguard Worker "You are using outdated instrumentation, install LLVM and/or "
1407*08b48e0bSAndroid Build Coastguard Worker "gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast "
1408*08b48e0bSAndroid Build Coastguard Worker "instead!");
1409*08b48e0bSAndroid Build Coastguard Worker
1410*08b48e0bSAndroid Build Coastguard Worker }
1411*08b48e0bSAndroid Build Coastguard Worker
1412*08b48e0bSAndroid Build Coastguard Worker }
1413*08b48e0bSAndroid Build Coastguard Worker
1414*08b48e0bSAndroid Build Coastguard Worker /*
1415*08b48e0bSAndroid Build Coastguard Worker Set argv[0] required by execvp. It can be
1416*08b48e0bSAndroid Build Coastguard Worker - specified by env AFL_CXX
1417*08b48e0bSAndroid Build Coastguard Worker - g++ or clang++
1418*08b48e0bSAndroid Build Coastguard Worker - CLANGPP_BIN or LLVM_BINDIR/clang++
1419*08b48e0bSAndroid Build Coastguard Worker when in C++ mode, or
1420*08b48e0bSAndroid Build Coastguard Worker - specified by env AFL_CC
1421*08b48e0bSAndroid Build Coastguard Worker - gcc or clang
1422*08b48e0bSAndroid Build Coastguard Worker - CLANG_BIN or LLVM_BINDIR/clang
1423*08b48e0bSAndroid Build Coastguard Worker otherwise.
1424*08b48e0bSAndroid Build Coastguard Worker */
add_real_argv0(aflcc_state_t * aflcc)1425*08b48e0bSAndroid Build Coastguard Worker void add_real_argv0(aflcc_state_t *aflcc) {
1426*08b48e0bSAndroid Build Coastguard Worker
1427*08b48e0bSAndroid Build Coastguard Worker static u8 llvm_fullpath[PATH_MAX];
1428*08b48e0bSAndroid Build Coastguard Worker
1429*08b48e0bSAndroid Build Coastguard Worker if (aflcc->plusplus_mode) {
1430*08b48e0bSAndroid Build Coastguard Worker
1431*08b48e0bSAndroid Build Coastguard Worker u8 *alt_cxx = getenv("AFL_CXX");
1432*08b48e0bSAndroid Build Coastguard Worker
1433*08b48e0bSAndroid Build Coastguard Worker if (!alt_cxx) {
1434*08b48e0bSAndroid Build Coastguard Worker
1435*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) {
1436*08b48e0bSAndroid Build Coastguard Worker
1437*08b48e0bSAndroid Build Coastguard Worker alt_cxx = "g++";
1438*08b48e0bSAndroid Build Coastguard Worker
1439*08b48e0bSAndroid Build Coastguard Worker } else if (aflcc->compiler_mode == CLANG) {
1440*08b48e0bSAndroid Build Coastguard Worker
1441*08b48e0bSAndroid Build Coastguard Worker alt_cxx = "clang++";
1442*08b48e0bSAndroid Build Coastguard Worker
1443*08b48e0bSAndroid Build Coastguard Worker } else {
1444*08b48e0bSAndroid Build Coastguard Worker
1445*08b48e0bSAndroid Build Coastguard Worker if (USE_BINDIR)
1446*08b48e0bSAndroid Build Coastguard Worker snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++",
1447*08b48e0bSAndroid Build Coastguard Worker LLVM_BINDIR);
1448*08b48e0bSAndroid Build Coastguard Worker else
1449*08b48e0bSAndroid Build Coastguard Worker snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANGPP_BIN);
1450*08b48e0bSAndroid Build Coastguard Worker alt_cxx = llvm_fullpath;
1451*08b48e0bSAndroid Build Coastguard Worker
1452*08b48e0bSAndroid Build Coastguard Worker }
1453*08b48e0bSAndroid Build Coastguard Worker
1454*08b48e0bSAndroid Build Coastguard Worker }
1455*08b48e0bSAndroid Build Coastguard Worker
1456*08b48e0bSAndroid Build Coastguard Worker aflcc->cc_params[0] = alt_cxx;
1457*08b48e0bSAndroid Build Coastguard Worker
1458*08b48e0bSAndroid Build Coastguard Worker } else {
1459*08b48e0bSAndroid Build Coastguard Worker
1460*08b48e0bSAndroid Build Coastguard Worker u8 *alt_cc = getenv("AFL_CC");
1461*08b48e0bSAndroid Build Coastguard Worker
1462*08b48e0bSAndroid Build Coastguard Worker if (!alt_cc) {
1463*08b48e0bSAndroid Build Coastguard Worker
1464*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) {
1465*08b48e0bSAndroid Build Coastguard Worker
1466*08b48e0bSAndroid Build Coastguard Worker alt_cc = "gcc";
1467*08b48e0bSAndroid Build Coastguard Worker
1468*08b48e0bSAndroid Build Coastguard Worker } else if (aflcc->compiler_mode == CLANG) {
1469*08b48e0bSAndroid Build Coastguard Worker
1470*08b48e0bSAndroid Build Coastguard Worker alt_cc = "clang";
1471*08b48e0bSAndroid Build Coastguard Worker
1472*08b48e0bSAndroid Build Coastguard Worker } else {
1473*08b48e0bSAndroid Build Coastguard Worker
1474*08b48e0bSAndroid Build Coastguard Worker if (USE_BINDIR)
1475*08b48e0bSAndroid Build Coastguard Worker snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang",
1476*08b48e0bSAndroid Build Coastguard Worker LLVM_BINDIR);
1477*08b48e0bSAndroid Build Coastguard Worker else
1478*08b48e0bSAndroid Build Coastguard Worker snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN);
1479*08b48e0bSAndroid Build Coastguard Worker alt_cc = llvm_fullpath;
1480*08b48e0bSAndroid Build Coastguard Worker
1481*08b48e0bSAndroid Build Coastguard Worker }
1482*08b48e0bSAndroid Build Coastguard Worker
1483*08b48e0bSAndroid Build Coastguard Worker }
1484*08b48e0bSAndroid Build Coastguard Worker
1485*08b48e0bSAndroid Build Coastguard Worker aflcc->cc_params[0] = alt_cc;
1486*08b48e0bSAndroid Build Coastguard Worker
1487*08b48e0bSAndroid Build Coastguard Worker }
1488*08b48e0bSAndroid Build Coastguard Worker
1489*08b48e0bSAndroid Build Coastguard Worker }
1490*08b48e0bSAndroid Build Coastguard Worker
1491*08b48e0bSAndroid Build Coastguard Worker /** compiler_mode & instrument_mode selecting -----END----- **/
1492*08b48e0bSAndroid Build Coastguard Worker
1493*08b48e0bSAndroid Build Coastguard Worker /** Macro defs for the preprocessor -----BEGIN----- **/
1494*08b48e0bSAndroid Build Coastguard Worker
add_defs_common(aflcc_state_t * aflcc)1495*08b48e0bSAndroid Build Coastguard Worker void add_defs_common(aflcc_state_t *aflcc) {
1496*08b48e0bSAndroid Build Coastguard Worker
1497*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_COMPILER=1");
1498*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1");
1499*08b48e0bSAndroid Build Coastguard Worker
1500*08b48e0bSAndroid Build Coastguard Worker }
1501*08b48e0bSAndroid Build Coastguard Worker
1502*08b48e0bSAndroid Build Coastguard Worker /*
1503*08b48e0bSAndroid Build Coastguard Worker __afl_coverage macro defs. See
1504*08b48e0bSAndroid Build Coastguard Worker instrumentation/README.instrument_list.md#
1505*08b48e0bSAndroid Build Coastguard Worker 2-selective-instrumentation-with-_afl_coverage-directives
1506*08b48e0bSAndroid Build Coastguard Worker */
add_defs_selective_instr(aflcc_state_t * aflcc)1507*08b48e0bSAndroid Build Coastguard Worker void add_defs_selective_instr(aflcc_state_t *aflcc) {
1508*08b48e0bSAndroid Build Coastguard Worker
1509*08b48e0bSAndroid Build Coastguard Worker if (aflcc->plusplus_mode) {
1510*08b48e0bSAndroid Build Coastguard Worker
1511*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc,
1512*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;"
1513*08b48e0bSAndroid Build Coastguard Worker "extern \"C\" void __afl_coverage_discard();"
1514*08b48e0bSAndroid Build Coastguard Worker "extern \"C\" void __afl_coverage_skip();"
1515*08b48e0bSAndroid Build Coastguard Worker "extern \"C\" void __afl_coverage_on();"
1516*08b48e0bSAndroid Build Coastguard Worker "extern \"C\" void __afl_coverage_off();");
1517*08b48e0bSAndroid Build Coastguard Worker
1518*08b48e0bSAndroid Build Coastguard Worker } else {
1519*08b48e0bSAndroid Build Coastguard Worker
1520*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc,
1521*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;"
1522*08b48e0bSAndroid Build Coastguard Worker "void __afl_coverage_discard();"
1523*08b48e0bSAndroid Build Coastguard Worker "void __afl_coverage_skip();"
1524*08b48e0bSAndroid Build Coastguard Worker "void __afl_coverage_on();"
1525*08b48e0bSAndroid Build Coastguard Worker "void __afl_coverage_off();");
1526*08b48e0bSAndroid Build Coastguard Worker
1527*08b48e0bSAndroid Build Coastguard Worker }
1528*08b48e0bSAndroid Build Coastguard Worker
1529*08b48e0bSAndroid Build Coastguard Worker insert_param(
1530*08b48e0bSAndroid Build Coastguard Worker aflcc,
1531*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = "
1532*08b48e0bSAndroid Build Coastguard Worker "1;");
1533*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_COVERAGE_ON()=__afl_coverage_on()");
1534*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_COVERAGE_OFF()=__afl_coverage_off()");
1535*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_COVERAGE_DISCARD()=__afl_coverage_discard()");
1536*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_COVERAGE_SKIP()=__afl_coverage_skip()");
1537*08b48e0bSAndroid Build Coastguard Worker
1538*08b48e0bSAndroid Build Coastguard Worker }
1539*08b48e0bSAndroid Build Coastguard Worker
1540*08b48e0bSAndroid Build Coastguard Worker /*
1541*08b48e0bSAndroid Build Coastguard Worker Macro defs for persistent mode. As documented in
1542*08b48e0bSAndroid Build Coastguard Worker instrumentation/README.persistent_mode.md, deferred forkserver initialization
1543*08b48e0bSAndroid Build Coastguard Worker and persistent mode are not available in afl-gcc and afl-clang.
1544*08b48e0bSAndroid Build Coastguard Worker */
add_defs_persistent_mode(aflcc_state_t * aflcc)1545*08b48e0bSAndroid Build Coastguard Worker void add_defs_persistent_mode(aflcc_state_t *aflcc) {
1546*08b48e0bSAndroid Build Coastguard Worker
1547*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) return;
1548*08b48e0bSAndroid Build Coastguard Worker
1549*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_HAVE_MANUAL_CONTROL=1");
1550*08b48e0bSAndroid Build Coastguard Worker
1551*08b48e0bSAndroid Build Coastguard Worker /* When the user tries to use persistent or deferred forkserver modes by
1552*08b48e0bSAndroid Build Coastguard Worker appending a single line to the program, we want to reliably inject a
1553*08b48e0bSAndroid Build Coastguard Worker signature into the binary (to be picked up by afl-fuzz) and we want
1554*08b48e0bSAndroid Build Coastguard Worker to call a function from the runtime .o file. This is unnecessarily
1555*08b48e0bSAndroid Build Coastguard Worker painful for three reasons:
1556*08b48e0bSAndroid Build Coastguard Worker
1557*08b48e0bSAndroid Build Coastguard Worker 1) We need to convince the compiler not to optimize out the signature.
1558*08b48e0bSAndroid Build Coastguard Worker This is done with __attribute__((used)).
1559*08b48e0bSAndroid Build Coastguard Worker
1560*08b48e0bSAndroid Build Coastguard Worker 2) We need to convince the linker, when called with -Wl,--gc-sections,
1561*08b48e0bSAndroid Build Coastguard Worker not to do the same. This is done by forcing an assignment to a
1562*08b48e0bSAndroid Build Coastguard Worker 'volatile' pointer.
1563*08b48e0bSAndroid Build Coastguard Worker
1564*08b48e0bSAndroid Build Coastguard Worker 3) We need to declare __afl_persistent_loop() in the global namespace,
1565*08b48e0bSAndroid Build Coastguard Worker but doing this within a method in a class is hard - :: and extern "C"
1566*08b48e0bSAndroid Build Coastguard Worker are forbidden and __attribute__((alias(...))) doesn't work. Hence the
1567*08b48e0bSAndroid Build Coastguard Worker __asm__ aliasing trick.
1568*08b48e0bSAndroid Build Coastguard Worker
1569*08b48e0bSAndroid Build Coastguard Worker */
1570*08b48e0bSAndroid Build Coastguard Worker
1571*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc,
1572*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_FUZZ_INIT()="
1573*08b48e0bSAndroid Build Coastguard Worker "int __afl_sharedmem_fuzzing = 1;"
1574*08b48e0bSAndroid Build Coastguard Worker "extern unsigned int *__afl_fuzz_len;"
1575*08b48e0bSAndroid Build Coastguard Worker "extern unsigned char *__afl_fuzz_ptr;"
1576*08b48e0bSAndroid Build Coastguard Worker "unsigned char __afl_fuzz_alt[1048576];"
1577*08b48e0bSAndroid Build Coastguard Worker "unsigned char *__afl_fuzz_alt_ptr = __afl_fuzz_alt;");
1578*08b48e0bSAndroid Build Coastguard Worker
1579*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc,
1580*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : "
1581*08b48e0bSAndroid Build Coastguard Worker "__afl_fuzz_alt_ptr)");
1582*08b48e0bSAndroid Build Coastguard Worker
1583*08b48e0bSAndroid Build Coastguard Worker insert_param(
1584*08b48e0bSAndroid Build Coastguard Worker aflcc,
1585*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : "
1586*08b48e0bSAndroid Build Coastguard Worker "(*__afl_fuzz_len = read(0, __afl_fuzz_alt_ptr, 1048576)) == 0xffffffff "
1587*08b48e0bSAndroid Build Coastguard Worker "? 0 : *__afl_fuzz_len)");
1588*08b48e0bSAndroid Build Coastguard Worker
1589*08b48e0bSAndroid Build Coastguard Worker insert_param(
1590*08b48e0bSAndroid Build Coastguard Worker aflcc,
1591*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_LOOP(_A)="
1592*08b48e0bSAndroid Build Coastguard Worker "({ static volatile const char *_B __attribute__((used,unused)); "
1593*08b48e0bSAndroid Build Coastguard Worker " _B = (const char*)\"" PERSIST_SIG
1594*08b48e0bSAndroid Build Coastguard Worker "\"; "
1595*08b48e0bSAndroid Build Coastguard Worker "extern __attribute__((visibility(\"default\"))) int __afl_connected;"
1596*08b48e0bSAndroid Build Coastguard Worker #ifdef __APPLE__
1597*08b48e0bSAndroid Build Coastguard Worker "__attribute__((visibility(\"default\"))) "
1598*08b48e0bSAndroid Build Coastguard Worker "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); "
1599*08b48e0bSAndroid Build Coastguard Worker #else
1600*08b48e0bSAndroid Build Coastguard Worker "__attribute__((visibility(\"default\"))) "
1601*08b48e0bSAndroid Build Coastguard Worker "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); "
1602*08b48e0bSAndroid Build Coastguard Worker #endif /* ^__APPLE__ */
1603*08b48e0bSAndroid Build Coastguard Worker // if afl is connected, we run _A times, else once.
1604*08b48e0bSAndroid Build Coastguard Worker "_L(__afl_connected ? _A : 1); })");
1605*08b48e0bSAndroid Build Coastguard Worker
1606*08b48e0bSAndroid Build Coastguard Worker insert_param(
1607*08b48e0bSAndroid Build Coastguard Worker aflcc,
1608*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_INIT()="
1609*08b48e0bSAndroid Build Coastguard Worker "do { static volatile const char *_A __attribute__((used,unused)); "
1610*08b48e0bSAndroid Build Coastguard Worker " _A = (const char*)\"" DEFER_SIG
1611*08b48e0bSAndroid Build Coastguard Worker "\"; "
1612*08b48e0bSAndroid Build Coastguard Worker #ifdef __APPLE__
1613*08b48e0bSAndroid Build Coastguard Worker "__attribute__((visibility(\"default\"))) "
1614*08b48e0bSAndroid Build Coastguard Worker "void _I(void) __asm__(\"___afl_manual_init\"); "
1615*08b48e0bSAndroid Build Coastguard Worker #else
1616*08b48e0bSAndroid Build Coastguard Worker "__attribute__((visibility(\"default\"))) "
1617*08b48e0bSAndroid Build Coastguard Worker "void _I(void) __asm__(\"__afl_manual_init\"); "
1618*08b48e0bSAndroid Build Coastguard Worker #endif /* ^__APPLE__ */
1619*08b48e0bSAndroid Build Coastguard Worker "_I(); } while (0)");
1620*08b48e0bSAndroid Build Coastguard Worker
1621*08b48e0bSAndroid Build Coastguard Worker }
1622*08b48e0bSAndroid Build Coastguard Worker
1623*08b48e0bSAndroid Build Coastguard Worker /*
1624*08b48e0bSAndroid Build Coastguard Worker Control macro def of _FORTIFY_SOURCE. It will do nothing
1625*08b48e0bSAndroid Build Coastguard Worker if we detect this routine has been called previously, or
1626*08b48e0bSAndroid Build Coastguard Worker the macro already here in these existing args.
1627*08b48e0bSAndroid Build Coastguard Worker */
add_defs_fortify(aflcc_state_t * aflcc,u8 action)1628*08b48e0bSAndroid Build Coastguard Worker void add_defs_fortify(aflcc_state_t *aflcc, u8 action) {
1629*08b48e0bSAndroid Build Coastguard Worker
1630*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_fortify) { return; }
1631*08b48e0bSAndroid Build Coastguard Worker
1632*08b48e0bSAndroid Build Coastguard Worker switch (action) {
1633*08b48e0bSAndroid Build Coastguard Worker
1634*08b48e0bSAndroid Build Coastguard Worker case 1:
1635*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D_FORTIFY_SOURCE=1");
1636*08b48e0bSAndroid Build Coastguard Worker break;
1637*08b48e0bSAndroid Build Coastguard Worker
1638*08b48e0bSAndroid Build Coastguard Worker case 2:
1639*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D_FORTIFY_SOURCE=2");
1640*08b48e0bSAndroid Build Coastguard Worker break;
1641*08b48e0bSAndroid Build Coastguard Worker
1642*08b48e0bSAndroid Build Coastguard Worker default: // OFF
1643*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-U_FORTIFY_SOURCE");
1644*08b48e0bSAndroid Build Coastguard Worker break;
1645*08b48e0bSAndroid Build Coastguard Worker
1646*08b48e0bSAndroid Build Coastguard Worker }
1647*08b48e0bSAndroid Build Coastguard Worker
1648*08b48e0bSAndroid Build Coastguard Worker aflcc->have_fortify = 1;
1649*08b48e0bSAndroid Build Coastguard Worker
1650*08b48e0bSAndroid Build Coastguard Worker }
1651*08b48e0bSAndroid Build Coastguard Worker
1652*08b48e0bSAndroid Build Coastguard Worker /* Macro defs of __AFL_LEAK_CHECK, __AFL_LSAN_ON and __AFL_LSAN_OFF */
add_defs_lsan_ctrl(aflcc_state_t * aflcc)1653*08b48e0bSAndroid Build Coastguard Worker void add_defs_lsan_ctrl(aflcc_state_t *aflcc) {
1654*08b48e0bSAndroid Build Coastguard Worker
1655*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-includesanitizer/lsan_interface.h");
1656*08b48e0bSAndroid Build Coastguard Worker insert_param(
1657*08b48e0bSAndroid Build Coastguard Worker aflcc,
1658*08b48e0bSAndroid Build Coastguard Worker "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) "
1659*08b48e0bSAndroid Build Coastguard Worker "_exit(23); }");
1660*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_LSAN_OFF()=__lsan_disable();");
1661*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-D__AFL_LSAN_ON()=__lsan_enable();");
1662*08b48e0bSAndroid Build Coastguard Worker
1663*08b48e0bSAndroid Build Coastguard Worker }
1664*08b48e0bSAndroid Build Coastguard Worker
1665*08b48e0bSAndroid Build Coastguard Worker /** Macro defs for the preprocessor -----END----- **/
1666*08b48e0bSAndroid Build Coastguard Worker
1667*08b48e0bSAndroid Build Coastguard Worker /** About -fsanitize -----BEGIN----- **/
1668*08b48e0bSAndroid Build Coastguard Worker
1669*08b48e0bSAndroid Build Coastguard Worker /* For input "-fsanitize=...", it:
1670*08b48e0bSAndroid Build Coastguard Worker
1671*08b48e0bSAndroid Build Coastguard Worker 1. may have various OOB traps :) if ... doesn't contain ',' or
1672*08b48e0bSAndroid Build Coastguard Worker the input has bad syntax such as "-fsantiz=,"
1673*08b48e0bSAndroid Build Coastguard Worker 2. strips any fuzzer* in ... and writes back (may result in "-fsanitize=")
1674*08b48e0bSAndroid Build Coastguard Worker 3. rets 1 if exactly "fuzzer" found, otherwise rets 0
1675*08b48e0bSAndroid Build Coastguard Worker */
fsanitize_fuzzer_comma(char * string)1676*08b48e0bSAndroid Build Coastguard Worker static u8 fsanitize_fuzzer_comma(char *string) {
1677*08b48e0bSAndroid Build Coastguard Worker
1678*08b48e0bSAndroid Build Coastguard Worker u8 detect_single_fuzzer = 0;
1679*08b48e0bSAndroid Build Coastguard Worker
1680*08b48e0bSAndroid Build Coastguard Worker char *p, *ptr = string + strlen("-fsanitize=");
1681*08b48e0bSAndroid Build Coastguard Worker // ck_alloc will check alloc failure
1682*08b48e0bSAndroid Build Coastguard Worker char *new = ck_alloc(strlen(string) + 1);
1683*08b48e0bSAndroid Build Coastguard Worker char *tmp = ck_alloc(strlen(ptr) + 1);
1684*08b48e0bSAndroid Build Coastguard Worker u32 count = 0, len, ende = 0;
1685*08b48e0bSAndroid Build Coastguard Worker
1686*08b48e0bSAndroid Build Coastguard Worker strcpy(new, "-fsanitize=");
1687*08b48e0bSAndroid Build Coastguard Worker
1688*08b48e0bSAndroid Build Coastguard Worker do {
1689*08b48e0bSAndroid Build Coastguard Worker
1690*08b48e0bSAndroid Build Coastguard Worker p = strchr(ptr, ',');
1691*08b48e0bSAndroid Build Coastguard Worker if (!p) {
1692*08b48e0bSAndroid Build Coastguard Worker
1693*08b48e0bSAndroid Build Coastguard Worker p = ptr + strlen(ptr) + 1;
1694*08b48e0bSAndroid Build Coastguard Worker ende = 1;
1695*08b48e0bSAndroid Build Coastguard Worker
1696*08b48e0bSAndroid Build Coastguard Worker }
1697*08b48e0bSAndroid Build Coastguard Worker
1698*08b48e0bSAndroid Build Coastguard Worker len = p - ptr;
1699*08b48e0bSAndroid Build Coastguard Worker if (len) {
1700*08b48e0bSAndroid Build Coastguard Worker
1701*08b48e0bSAndroid Build Coastguard Worker strncpy(tmp, ptr, len);
1702*08b48e0bSAndroid Build Coastguard Worker tmp[len] = 0;
1703*08b48e0bSAndroid Build Coastguard Worker // fprintf(stderr, "Found: %s\n", tmp);
1704*08b48e0bSAndroid Build Coastguard Worker ptr += len + 1;
1705*08b48e0bSAndroid Build Coastguard Worker if (*tmp) {
1706*08b48e0bSAndroid Build Coastguard Worker
1707*08b48e0bSAndroid Build Coastguard Worker u32 copy = 1;
1708*08b48e0bSAndroid Build Coastguard Worker if (!strcmp(tmp, "fuzzer")) {
1709*08b48e0bSAndroid Build Coastguard Worker
1710*08b48e0bSAndroid Build Coastguard Worker detect_single_fuzzer = 1;
1711*08b48e0bSAndroid Build Coastguard Worker copy = 0;
1712*08b48e0bSAndroid Build Coastguard Worker
1713*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(tmp, "fuzzer", 6)) {
1714*08b48e0bSAndroid Build Coastguard Worker
1715*08b48e0bSAndroid Build Coastguard Worker copy = 0;
1716*08b48e0bSAndroid Build Coastguard Worker
1717*08b48e0bSAndroid Build Coastguard Worker }
1718*08b48e0bSAndroid Build Coastguard Worker
1719*08b48e0bSAndroid Build Coastguard Worker if (copy) {
1720*08b48e0bSAndroid Build Coastguard Worker
1721*08b48e0bSAndroid Build Coastguard Worker if (count) { strcat(new, ","); }
1722*08b48e0bSAndroid Build Coastguard Worker strcat(new, tmp);
1723*08b48e0bSAndroid Build Coastguard Worker ++count;
1724*08b48e0bSAndroid Build Coastguard Worker
1725*08b48e0bSAndroid Build Coastguard Worker }
1726*08b48e0bSAndroid Build Coastguard Worker
1727*08b48e0bSAndroid Build Coastguard Worker }
1728*08b48e0bSAndroid Build Coastguard Worker
1729*08b48e0bSAndroid Build Coastguard Worker } else {
1730*08b48e0bSAndroid Build Coastguard Worker
1731*08b48e0bSAndroid Build Coastguard Worker ptr++;
1732*08b48e0bSAndroid Build Coastguard Worker
1733*08b48e0bSAndroid Build Coastguard Worker }
1734*08b48e0bSAndroid Build Coastguard Worker
1735*08b48e0bSAndroid Build Coastguard Worker } while (!ende);
1736*08b48e0bSAndroid Build Coastguard Worker
1737*08b48e0bSAndroid Build Coastguard Worker strcpy(string, new);
1738*08b48e0bSAndroid Build Coastguard Worker
1739*08b48e0bSAndroid Build Coastguard Worker ck_free(tmp);
1740*08b48e0bSAndroid Build Coastguard Worker ck_free(new);
1741*08b48e0bSAndroid Build Coastguard Worker
1742*08b48e0bSAndroid Build Coastguard Worker return detect_single_fuzzer;
1743*08b48e0bSAndroid Build Coastguard Worker
1744*08b48e0bSAndroid Build Coastguard Worker }
1745*08b48e0bSAndroid Build Coastguard Worker
1746*08b48e0bSAndroid Build Coastguard Worker /*
1747*08b48e0bSAndroid Build Coastguard Worker Parse and process possible -fsanitize related args, return PARAM_MISS
1748*08b48e0bSAndroid Build Coastguard Worker if nothing matched. We have 3 main tasks here for these args:
1749*08b48e0bSAndroid Build Coastguard Worker - Check which one of those sanitizers present here.
1750*08b48e0bSAndroid Build Coastguard Worker - Check if libfuzzer present. We need to block the request of enable
1751*08b48e0bSAndroid Build Coastguard Worker libfuzzer, and link harness with our libAFLDriver.a later.
1752*08b48e0bSAndroid Build Coastguard Worker - Check if SanCov allow/denylist options present. We need to try switching
1753*08b48e0bSAndroid Build Coastguard Worker to LLVMNATIVE instead of using our optimized PCGUARD anyway. If we
1754*08b48e0bSAndroid Build Coastguard Worker can't make it finally for various reasons, just drop these options.
1755*08b48e0bSAndroid Build Coastguard Worker */
parse_fsanitize(aflcc_state_t * aflcc,u8 * cur_argv,u8 scan)1756*08b48e0bSAndroid Build Coastguard Worker param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
1757*08b48e0bSAndroid Build Coastguard Worker
1758*08b48e0bSAndroid Build Coastguard Worker param_st final_ = PARAM_MISS;
1759*08b48e0bSAndroid Build Coastguard Worker
1760*08b48e0bSAndroid Build Coastguard Worker // MACRO START
1761*08b48e0bSAndroid Build Coastguard Worker #define HAVE_SANITIZER_SCAN_KEEP(v, k) \
1762*08b48e0bSAndroid Build Coastguard Worker do { \
1763*08b48e0bSAndroid Build Coastguard Worker \
1764*08b48e0bSAndroid Build Coastguard Worker if (strstr(cur_argv, "=" STRINGIFY(k)) || \
1765*08b48e0bSAndroid Build Coastguard Worker strstr(cur_argv, "," STRINGIFY(k))) { \
1766*08b48e0bSAndroid Build Coastguard Worker \
1767*08b48e0bSAndroid Build Coastguard Worker if (scan) { \
1768*08b48e0bSAndroid Build Coastguard Worker \
1769*08b48e0bSAndroid Build Coastguard Worker aflcc->have_##v = 1; \
1770*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN; \
1771*08b48e0bSAndroid Build Coastguard Worker \
1772*08b48e0bSAndroid Build Coastguard Worker } else { \
1773*08b48e0bSAndroid Build Coastguard Worker \
1774*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_KEEP; \
1775*08b48e0bSAndroid Build Coastguard Worker \
1776*08b48e0bSAndroid Build Coastguard Worker } \
1777*08b48e0bSAndroid Build Coastguard Worker \
1778*08b48e0bSAndroid Build Coastguard Worker } \
1779*08b48e0bSAndroid Build Coastguard Worker \
1780*08b48e0bSAndroid Build Coastguard Worker } while (0)
1781*08b48e0bSAndroid Build Coastguard Worker
1782*08b48e0bSAndroid Build Coastguard Worker // MACRO END
1783*08b48e0bSAndroid Build Coastguard Worker
1784*08b48e0bSAndroid Build Coastguard Worker if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize="))) {
1785*08b48e0bSAndroid Build Coastguard Worker
1786*08b48e0bSAndroid Build Coastguard Worker HAVE_SANITIZER_SCAN_KEEP(asan, address);
1787*08b48e0bSAndroid Build Coastguard Worker HAVE_SANITIZER_SCAN_KEEP(msan, memory);
1788*08b48e0bSAndroid Build Coastguard Worker HAVE_SANITIZER_SCAN_KEEP(ubsan, undefined);
1789*08b48e0bSAndroid Build Coastguard Worker HAVE_SANITIZER_SCAN_KEEP(tsan, thread);
1790*08b48e0bSAndroid Build Coastguard Worker HAVE_SANITIZER_SCAN_KEEP(lsan, leak);
1791*08b48e0bSAndroid Build Coastguard Worker HAVE_SANITIZER_SCAN_KEEP(cfisan, cfi);
1792*08b48e0bSAndroid Build Coastguard Worker
1793*08b48e0bSAndroid Build Coastguard Worker }
1794*08b48e0bSAndroid Build Coastguard Worker
1795*08b48e0bSAndroid Build Coastguard Worker #undef HAVE_SANITIZER_SCAN_KEEP
1796*08b48e0bSAndroid Build Coastguard Worker
1797*08b48e0bSAndroid Build Coastguard Worker // We can't use a "else if" there, because some of the following
1798*08b48e0bSAndroid Build Coastguard Worker // matching rules overlap with those in the if-statement above.
1799*08b48e0bSAndroid Build Coastguard Worker if (!strcmp(cur_argv, "-fsanitize=fuzzer")) {
1800*08b48e0bSAndroid Build Coastguard Worker
1801*08b48e0bSAndroid Build Coastguard Worker if (scan) {
1802*08b48e0bSAndroid Build Coastguard Worker
1803*08b48e0bSAndroid Build Coastguard Worker aflcc->need_aflpplib = 1;
1804*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
1805*08b48e0bSAndroid Build Coastguard Worker
1806*08b48e0bSAndroid Build Coastguard Worker } else {
1807*08b48e0bSAndroid Build Coastguard Worker
1808*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
1809*08b48e0bSAndroid Build Coastguard Worker
1810*08b48e0bSAndroid Build Coastguard Worker }
1811*08b48e0bSAndroid Build Coastguard Worker
1812*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize=")) &&
1813*08b48e0bSAndroid Build Coastguard Worker
1814*08b48e0bSAndroid Build Coastguard Worker strchr(cur_argv, ',') &&
1815*08b48e0bSAndroid Build Coastguard Worker !strstr(cur_argv, "=,")) { // avoid OOB errors
1816*08b48e0bSAndroid Build Coastguard Worker
1817*08b48e0bSAndroid Build Coastguard Worker if (scan) {
1818*08b48e0bSAndroid Build Coastguard Worker
1819*08b48e0bSAndroid Build Coastguard Worker u8 *cur_argv_ = ck_strdup(cur_argv);
1820*08b48e0bSAndroid Build Coastguard Worker
1821*08b48e0bSAndroid Build Coastguard Worker if (fsanitize_fuzzer_comma(cur_argv_)) {
1822*08b48e0bSAndroid Build Coastguard Worker
1823*08b48e0bSAndroid Build Coastguard Worker aflcc->need_aflpplib = 1;
1824*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
1825*08b48e0bSAndroid Build Coastguard Worker
1826*08b48e0bSAndroid Build Coastguard Worker }
1827*08b48e0bSAndroid Build Coastguard Worker
1828*08b48e0bSAndroid Build Coastguard Worker ck_free(cur_argv_);
1829*08b48e0bSAndroid Build Coastguard Worker
1830*08b48e0bSAndroid Build Coastguard Worker } else {
1831*08b48e0bSAndroid Build Coastguard Worker
1832*08b48e0bSAndroid Build Coastguard Worker fsanitize_fuzzer_comma(cur_argv);
1833*08b48e0bSAndroid Build Coastguard Worker if (!cur_argv || strlen(cur_argv) <= strlen("-fsanitize="))
1834*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP; // this means it only has "fuzzer" previously.
1835*08b48e0bSAndroid Build Coastguard Worker
1836*08b48e0bSAndroid Build Coastguard Worker }
1837*08b48e0bSAndroid Build Coastguard Worker
1838*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) &&
1839*08b48e0bSAndroid Build Coastguard Worker
1840*08b48e0bSAndroid Build Coastguard Worker strstr(cur_argv, "list=")) {
1841*08b48e0bSAndroid Build Coastguard Worker
1842*08b48e0bSAndroid Build Coastguard Worker if (scan) {
1843*08b48e0bSAndroid Build Coastguard Worker
1844*08b48e0bSAndroid Build Coastguard Worker aflcc->have_instr_list = 1;
1845*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
1846*08b48e0bSAndroid Build Coastguard Worker
1847*08b48e0bSAndroid Build Coastguard Worker } else {
1848*08b48e0bSAndroid Build Coastguard Worker
1849*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE) {
1850*08b48e0bSAndroid Build Coastguard Worker
1851*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); }
1852*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
1853*08b48e0bSAndroid Build Coastguard Worker
1854*08b48e0bSAndroid Build Coastguard Worker } else {
1855*08b48e0bSAndroid Build Coastguard Worker
1856*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_KEEP;
1857*08b48e0bSAndroid Build Coastguard Worker
1858*08b48e0bSAndroid Build Coastguard Worker }
1859*08b48e0bSAndroid Build Coastguard Worker
1860*08b48e0bSAndroid Build Coastguard Worker }
1861*08b48e0bSAndroid Build Coastguard Worker
1862*08b48e0bSAndroid Build Coastguard Worker }
1863*08b48e0bSAndroid Build Coastguard Worker
1864*08b48e0bSAndroid Build Coastguard Worker if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv);
1865*08b48e0bSAndroid Build Coastguard Worker
1866*08b48e0bSAndroid Build Coastguard Worker return final_;
1867*08b48e0bSAndroid Build Coastguard Worker
1868*08b48e0bSAndroid Build Coastguard Worker }
1869*08b48e0bSAndroid Build Coastguard Worker
1870*08b48e0bSAndroid Build Coastguard Worker /*
1871*08b48e0bSAndroid Build Coastguard Worker Add params for sanitizers. Here we need to consider:
1872*08b48e0bSAndroid Build Coastguard Worker - Use static runtime for asan, as much as possible.
1873*08b48e0bSAndroid Build Coastguard Worker - ASAN, MSAN, AFL_HARDEN are mutually exclusive.
1874*08b48e0bSAndroid Build Coastguard Worker - Add options if not found there, on request of AFL_USE_ASAN, AFL_USE_MSAN,
1875*08b48e0bSAndroid Build Coastguard Worker etc.
1876*08b48e0bSAndroid Build Coastguard Worker - Update have_* so that functions called after this can have correct context.
1877*08b48e0bSAndroid Build Coastguard Worker However this also means any functions called before should NOT depend on
1878*08b48e0bSAndroid Build Coastguard Worker these have_*, otherwise they may not work as expected.
1879*08b48e0bSAndroid Build Coastguard Worker */
add_sanitizers(aflcc_state_t * aflcc,char ** envp)1880*08b48e0bSAndroid Build Coastguard Worker void add_sanitizers(aflcc_state_t *aflcc, char **envp) {
1881*08b48e0bSAndroid Build Coastguard Worker
1882*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_USE_ASAN") || aflcc->have_asan) {
1883*08b48e0bSAndroid Build Coastguard Worker
1884*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_USE_MSAN") || aflcc->have_msan)
1885*08b48e0bSAndroid Build Coastguard Worker FATAL("ASAN and MSAN are mutually exclusive");
1886*08b48e0bSAndroid Build Coastguard Worker
1887*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_HARDEN"))
1888*08b48e0bSAndroid Build Coastguard Worker FATAL("ASAN and AFL_HARDEN are mutually exclusive");
1889*08b48e0bSAndroid Build Coastguard Worker
1890*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC_PLUGIN && !aflcc->have_staticasan) {
1891*08b48e0bSAndroid Build Coastguard Worker
1892*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-static-libasan");
1893*08b48e0bSAndroid Build Coastguard Worker
1894*08b48e0bSAndroid Build Coastguard Worker }
1895*08b48e0bSAndroid Build Coastguard Worker
1896*08b48e0bSAndroid Build Coastguard Worker add_defs_fortify(aflcc, 0);
1897*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_asan) { insert_param(aflcc, "-fsanitize=address"); }
1898*08b48e0bSAndroid Build Coastguard Worker aflcc->have_asan = 1;
1899*08b48e0bSAndroid Build Coastguard Worker
1900*08b48e0bSAndroid Build Coastguard Worker } else if (getenv("AFL_USE_MSAN") || aflcc->have_msan) {
1901*08b48e0bSAndroid Build Coastguard Worker
1902*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_USE_ASAN") || aflcc->have_asan)
1903*08b48e0bSAndroid Build Coastguard Worker FATAL("ASAN and MSAN are mutually exclusive");
1904*08b48e0bSAndroid Build Coastguard Worker
1905*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_HARDEN"))
1906*08b48e0bSAndroid Build Coastguard Worker FATAL("MSAN and AFL_HARDEN are mutually exclusive");
1907*08b48e0bSAndroid Build Coastguard Worker
1908*08b48e0bSAndroid Build Coastguard Worker add_defs_fortify(aflcc, 0);
1909*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_msan) { insert_param(aflcc, "-fsanitize=memory"); }
1910*08b48e0bSAndroid Build Coastguard Worker aflcc->have_msan = 1;
1911*08b48e0bSAndroid Build Coastguard Worker
1912*08b48e0bSAndroid Build Coastguard Worker }
1913*08b48e0bSAndroid Build Coastguard Worker
1914*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_USE_UBSAN") || aflcc->have_ubsan) {
1915*08b48e0bSAndroid Build Coastguard Worker
1916*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_ubsan) {
1917*08b48e0bSAndroid Build Coastguard Worker
1918*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fsanitize=undefined");
1919*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fsanitize-undefined-trap-on-error");
1920*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-sanitize-recover=all");
1921*08b48e0bSAndroid Build Coastguard Worker
1922*08b48e0bSAndroid Build Coastguard Worker }
1923*08b48e0bSAndroid Build Coastguard Worker
1924*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_fp) {
1925*08b48e0bSAndroid Build Coastguard Worker
1926*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-omit-frame-pointer");
1927*08b48e0bSAndroid Build Coastguard Worker aflcc->have_fp = 1;
1928*08b48e0bSAndroid Build Coastguard Worker
1929*08b48e0bSAndroid Build Coastguard Worker }
1930*08b48e0bSAndroid Build Coastguard Worker
1931*08b48e0bSAndroid Build Coastguard Worker aflcc->have_ubsan = 1;
1932*08b48e0bSAndroid Build Coastguard Worker
1933*08b48e0bSAndroid Build Coastguard Worker }
1934*08b48e0bSAndroid Build Coastguard Worker
1935*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_USE_TSAN") || aflcc->have_tsan) {
1936*08b48e0bSAndroid Build Coastguard Worker
1937*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_fp) {
1938*08b48e0bSAndroid Build Coastguard Worker
1939*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-omit-frame-pointer");
1940*08b48e0bSAndroid Build Coastguard Worker aflcc->have_fp = 1;
1941*08b48e0bSAndroid Build Coastguard Worker
1942*08b48e0bSAndroid Build Coastguard Worker }
1943*08b48e0bSAndroid Build Coastguard Worker
1944*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_tsan) { insert_param(aflcc, "-fsanitize=thread"); }
1945*08b48e0bSAndroid Build Coastguard Worker aflcc->have_tsan = 1;
1946*08b48e0bSAndroid Build Coastguard Worker
1947*08b48e0bSAndroid Build Coastguard Worker }
1948*08b48e0bSAndroid Build Coastguard Worker
1949*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_USE_LSAN") && !aflcc->have_lsan) {
1950*08b48e0bSAndroid Build Coastguard Worker
1951*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fsanitize=leak");
1952*08b48e0bSAndroid Build Coastguard Worker add_defs_lsan_ctrl(aflcc);
1953*08b48e0bSAndroid Build Coastguard Worker aflcc->have_lsan = 1;
1954*08b48e0bSAndroid Build Coastguard Worker
1955*08b48e0bSAndroid Build Coastguard Worker }
1956*08b48e0bSAndroid Build Coastguard Worker
1957*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_USE_CFISAN") || aflcc->have_cfisan) {
1958*08b48e0bSAndroid Build Coastguard Worker
1959*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) {
1960*08b48e0bSAndroid Build Coastguard Worker
1961*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_fcf) { insert_param(aflcc, "-fcf-protection=full"); }
1962*08b48e0bSAndroid Build Coastguard Worker
1963*08b48e0bSAndroid Build Coastguard Worker } else {
1964*08b48e0bSAndroid Build Coastguard Worker
1965*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->lto_mode && !aflcc->have_flto) {
1966*08b48e0bSAndroid Build Coastguard Worker
1967*08b48e0bSAndroid Build Coastguard Worker uint32_t i = 0, found = 0;
1968*08b48e0bSAndroid Build Coastguard Worker while (envp[i] != NULL && !found) {
1969*08b48e0bSAndroid Build Coastguard Worker
1970*08b48e0bSAndroid Build Coastguard Worker if (strncmp("-flto", envp[i++], 5) == 0) found = 1;
1971*08b48e0bSAndroid Build Coastguard Worker
1972*08b48e0bSAndroid Build Coastguard Worker }
1973*08b48e0bSAndroid Build Coastguard Worker
1974*08b48e0bSAndroid Build Coastguard Worker if (!found) { insert_param(aflcc, "-flto"); }
1975*08b48e0bSAndroid Build Coastguard Worker aflcc->have_flto = 1;
1976*08b48e0bSAndroid Build Coastguard Worker
1977*08b48e0bSAndroid Build Coastguard Worker }
1978*08b48e0bSAndroid Build Coastguard Worker
1979*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_cfisan) { insert_param(aflcc, "-fsanitize=cfi"); }
1980*08b48e0bSAndroid Build Coastguard Worker
1981*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_hidden) {
1982*08b48e0bSAndroid Build Coastguard Worker
1983*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fvisibility=hidden");
1984*08b48e0bSAndroid Build Coastguard Worker aflcc->have_hidden = 1;
1985*08b48e0bSAndroid Build Coastguard Worker
1986*08b48e0bSAndroid Build Coastguard Worker }
1987*08b48e0bSAndroid Build Coastguard Worker
1988*08b48e0bSAndroid Build Coastguard Worker aflcc->have_cfisan = 1;
1989*08b48e0bSAndroid Build Coastguard Worker
1990*08b48e0bSAndroid Build Coastguard Worker }
1991*08b48e0bSAndroid Build Coastguard Worker
1992*08b48e0bSAndroid Build Coastguard Worker }
1993*08b48e0bSAndroid Build Coastguard Worker
1994*08b48e0bSAndroid Build Coastguard Worker }
1995*08b48e0bSAndroid Build Coastguard Worker
1996*08b48e0bSAndroid Build Coastguard Worker /* Add params to enable LLVM SanCov, the native PCGUARD */
add_native_pcguard(aflcc_state_t * aflcc)1997*08b48e0bSAndroid Build Coastguard Worker void add_native_pcguard(aflcc_state_t *aflcc) {
1998*08b48e0bSAndroid Build Coastguard Worker
1999*08b48e0bSAndroid Build Coastguard Worker /* If there is a rust ASan runtime on the command line, it is likely we're
2000*08b48e0bSAndroid Build Coastguard Worker * linking from rust and adding native flags requiring the sanitizer runtime
2001*08b48e0bSAndroid Build Coastguard Worker * will trigger native clang to add yet another runtime, causing linker
2002*08b48e0bSAndroid Build Coastguard Worker * errors. For now we shouldn't add instrumentation here, we're linking
2003*08b48e0bSAndroid Build Coastguard Worker * anyway.
2004*08b48e0bSAndroid Build Coastguard Worker */
2005*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_rust_asanrt) { return; }
2006*08b48e0bSAndroid Build Coastguard Worker
2007*08b48e0bSAndroid Build Coastguard Worker /* If llvm-config doesn't figure out LLVM_MAJOR, just
2008*08b48e0bSAndroid Build Coastguard Worker go on anyway and let compiler complain if doesn't work. */
2009*08b48e0bSAndroid Build Coastguard Worker
2010*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR > 0 && LLVM_MAJOR < 6
2011*08b48e0bSAndroid Build Coastguard Worker FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+");
2012*08b48e0bSAndroid Build Coastguard Worker #else
2013*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR == 0
2014*08b48e0bSAndroid Build Coastguard Worker WARNF(
2015*08b48e0bSAndroid Build Coastguard Worker "pcguard instrumentation with pc-table requires LLVM 6.0.1+"
2016*08b48e0bSAndroid Build Coastguard Worker " otherwise the compiler will fail");
2017*08b48e0bSAndroid Build Coastguard Worker #endif
2018*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) {
2019*08b48e0bSAndroid Build Coastguard Worker
2020*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc,
2021*08b48e0bSAndroid Build Coastguard Worker "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table");
2022*08b48e0bSAndroid Build Coastguard Worker
2023*08b48e0bSAndroid Build Coastguard Worker } else {
2024*08b48e0bSAndroid Build Coastguard Worker
2025*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard,pc-table");
2026*08b48e0bSAndroid Build Coastguard Worker
2027*08b48e0bSAndroid Build Coastguard Worker }
2028*08b48e0bSAndroid Build Coastguard Worker
2029*08b48e0bSAndroid Build Coastguard Worker #endif
2030*08b48e0bSAndroid Build Coastguard Worker
2031*08b48e0bSAndroid Build Coastguard Worker }
2032*08b48e0bSAndroid Build Coastguard Worker
2033*08b48e0bSAndroid Build Coastguard Worker /*
2034*08b48e0bSAndroid Build Coastguard Worker Add params to launch our optimized PCGUARD on request.
2035*08b48e0bSAndroid Build Coastguard Worker It will fallback to use the native PCGUARD in some cases. If so, plz
2036*08b48e0bSAndroid Build Coastguard Worker bear in mind that instrument_mode will be set to INSTRUMENT_LLVMNATIVE.
2037*08b48e0bSAndroid Build Coastguard Worker */
add_optimized_pcguard(aflcc_state_t * aflcc)2038*08b48e0bSAndroid Build Coastguard Worker void add_optimized_pcguard(aflcc_state_t *aflcc) {
2039*08b48e0bSAndroid Build Coastguard Worker
2040*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR >= 13
2041*08b48e0bSAndroid Build Coastguard Worker #if defined __ANDROID__ || ANDROID
2042*08b48e0bSAndroid Build Coastguard Worker
2043*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard");
2044*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE;
2045*08b48e0bSAndroid Build Coastguard Worker
2046*08b48e0bSAndroid Build Coastguard Worker #else
2047*08b48e0bSAndroid Build Coastguard Worker
2048*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_instr_list) {
2049*08b48e0bSAndroid Build Coastguard Worker
2050*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet)
2051*08b48e0bSAndroid Build Coastguard Worker SAYF(
2052*08b48e0bSAndroid Build Coastguard Worker "Using unoptimized trace-pc-guard, due usage of "
2053*08b48e0bSAndroid Build Coastguard Worker "-fsanitize-coverage-allow/denylist, you can use "
2054*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_ALLOWLIST/AFL_LLVM_DENYLIST instead.\n");
2055*08b48e0bSAndroid Build Coastguard Worker
2056*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard");
2057*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE;
2058*08b48e0bSAndroid Build Coastguard Worker
2059*08b48e0bSAndroid Build Coastguard Worker } else {
2060*08b48e0bSAndroid Build Coastguard Worker
2061*08b48e0bSAndroid Build Coastguard Worker /* Since LLVM_MAJOR >= 13 we use new pass manager */
2062*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR < 16
2063*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fexperimental-new-pass-manager");
2064*08b48e0bSAndroid Build Coastguard Worker #endif
2065*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "SanitizerCoveragePCGUARD.so", "-fpass-plugin=%s", 0);
2066*08b48e0bSAndroid Build Coastguard Worker
2067*08b48e0bSAndroid Build Coastguard Worker }
2068*08b48e0bSAndroid Build Coastguard Worker
2069*08b48e0bSAndroid Build Coastguard Worker #endif // defined __ANDROID__ || ANDROID
2070*08b48e0bSAndroid Build Coastguard Worker #else // LLVM_MAJOR < 13
2071*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR >= 4
2072*08b48e0bSAndroid Build Coastguard Worker
2073*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet)
2074*08b48e0bSAndroid Build Coastguard Worker SAYF(
2075*08b48e0bSAndroid Build Coastguard Worker "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for "
2076*08b48e0bSAndroid Build Coastguard Worker "enhanced version.\n");
2077*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard");
2078*08b48e0bSAndroid Build Coastguard Worker aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE;
2079*08b48e0bSAndroid Build Coastguard Worker
2080*08b48e0bSAndroid Build Coastguard Worker #else
2081*08b48e0bSAndroid Build Coastguard Worker
2082*08b48e0bSAndroid Build Coastguard Worker FATAL("pcguard instrumentation requires LLVM 4.0.1+");
2083*08b48e0bSAndroid Build Coastguard Worker
2084*08b48e0bSAndroid Build Coastguard Worker #endif
2085*08b48e0bSAndroid Build Coastguard Worker #endif
2086*08b48e0bSAndroid Build Coastguard Worker
2087*08b48e0bSAndroid Build Coastguard Worker }
2088*08b48e0bSAndroid Build Coastguard Worker
2089*08b48e0bSAndroid Build Coastguard Worker /** About -fsanitize -----END----- **/
2090*08b48e0bSAndroid Build Coastguard Worker
2091*08b48e0bSAndroid Build Coastguard Worker /** Linking behaviors -----BEGIN----- **/
2092*08b48e0bSAndroid Build Coastguard Worker
2093*08b48e0bSAndroid Build Coastguard Worker /*
2094*08b48e0bSAndroid Build Coastguard Worker Parse and process possible linking stage related args,
2095*08b48e0bSAndroid Build Coastguard Worker return PARAM_MISS if nothing matched.
2096*08b48e0bSAndroid Build Coastguard Worker */
parse_linking_params(aflcc_state_t * aflcc,u8 * cur_argv,u8 scan,u8 * skip_next,char ** argv)2097*08b48e0bSAndroid Build Coastguard Worker param_st parse_linking_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan,
2098*08b48e0bSAndroid Build Coastguard Worker u8 *skip_next, char **argv) {
2099*08b48e0bSAndroid Build Coastguard Worker
2100*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode && !strncmp(cur_argv, "-flto=thin", 10)) {
2101*08b48e0bSAndroid Build Coastguard Worker
2102*08b48e0bSAndroid Build Coastguard Worker FATAL(
2103*08b48e0bSAndroid Build Coastguard Worker "afl-clang-lto cannot work with -flto=thin. Switch to -flto=full or "
2104*08b48e0bSAndroid Build Coastguard Worker "use afl-clang-fast!");
2105*08b48e0bSAndroid Build Coastguard Worker
2106*08b48e0bSAndroid Build Coastguard Worker }
2107*08b48e0bSAndroid Build Coastguard Worker
2108*08b48e0bSAndroid Build Coastguard Worker param_st final_ = PARAM_MISS;
2109*08b48e0bSAndroid Build Coastguard Worker
2110*08b48e0bSAndroid Build Coastguard Worker if (!strcmp(cur_argv, "-shared") || !strcmp(cur_argv, "-dynamiclib")) {
2111*08b48e0bSAndroid Build Coastguard Worker
2112*08b48e0bSAndroid Build Coastguard Worker if (scan) {
2113*08b48e0bSAndroid Build Coastguard Worker
2114*08b48e0bSAndroid Build Coastguard Worker aflcc->shared_linking = 1;
2115*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2116*08b48e0bSAndroid Build Coastguard Worker
2117*08b48e0bSAndroid Build Coastguard Worker } else {
2118*08b48e0bSAndroid Build Coastguard Worker
2119*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_KEEP;
2120*08b48e0bSAndroid Build Coastguard Worker
2121*08b48e0bSAndroid Build Coastguard Worker }
2122*08b48e0bSAndroid Build Coastguard Worker
2123*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-Wl,-r") || !strcmp(cur_argv, "-Wl,-i") ||
2124*08b48e0bSAndroid Build Coastguard Worker
2125*08b48e0bSAndroid Build Coastguard Worker !strcmp(cur_argv, "-Wl,--relocatable") ||
2126*08b48e0bSAndroid Build Coastguard Worker !strcmp(cur_argv, "-r") || !strcmp(cur_argv, "--relocatable")) {
2127*08b48e0bSAndroid Build Coastguard Worker
2128*08b48e0bSAndroid Build Coastguard Worker if (scan) {
2129*08b48e0bSAndroid Build Coastguard Worker
2130*08b48e0bSAndroid Build Coastguard Worker aflcc->partial_linking = 1;
2131*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2132*08b48e0bSAndroid Build Coastguard Worker
2133*08b48e0bSAndroid Build Coastguard Worker } else {
2134*08b48e0bSAndroid Build Coastguard Worker
2135*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_KEEP;
2136*08b48e0bSAndroid Build Coastguard Worker
2137*08b48e0bSAndroid Build Coastguard Worker }
2138*08b48e0bSAndroid Build Coastguard Worker
2139*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-fuse-ld=", 9) ||
2140*08b48e0bSAndroid Build Coastguard Worker
2141*08b48e0bSAndroid Build Coastguard Worker !strncmp(cur_argv, "--ld-path=", 10)) {
2142*08b48e0bSAndroid Build Coastguard Worker
2143*08b48e0bSAndroid Build Coastguard Worker if (scan) {
2144*08b48e0bSAndroid Build Coastguard Worker
2145*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2146*08b48e0bSAndroid Build Coastguard Worker
2147*08b48e0bSAndroid Build Coastguard Worker } else {
2148*08b48e0bSAndroid Build Coastguard Worker
2149*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode)
2150*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
2151*08b48e0bSAndroid Build Coastguard Worker else
2152*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_KEEP;
2153*08b48e0bSAndroid Build Coastguard Worker
2154*08b48e0bSAndroid Build Coastguard Worker }
2155*08b48e0bSAndroid Build Coastguard Worker
2156*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-Wl,-z,defs") ||
2157*08b48e0bSAndroid Build Coastguard Worker
2158*08b48e0bSAndroid Build Coastguard Worker !strcmp(cur_argv, "-Wl,--no-undefined") ||
2159*08b48e0bSAndroid Build Coastguard Worker !strcmp(cur_argv, "-Wl,-no-undefined") ||
2160*08b48e0bSAndroid Build Coastguard Worker !strcmp(cur_argv, "--no-undefined") ||
2161*08b48e0bSAndroid Build Coastguard Worker strstr(cur_argv, "afl-compiler-rt") ||
2162*08b48e0bSAndroid Build Coastguard Worker strstr(cur_argv, "afl-llvm-rt")) {
2163*08b48e0bSAndroid Build Coastguard Worker
2164*08b48e0bSAndroid Build Coastguard Worker if (scan) {
2165*08b48e0bSAndroid Build Coastguard Worker
2166*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2167*08b48e0bSAndroid Build Coastguard Worker
2168*08b48e0bSAndroid Build Coastguard Worker } else {
2169*08b48e0bSAndroid Build Coastguard Worker
2170*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
2171*08b48e0bSAndroid Build Coastguard Worker
2172*08b48e0bSAndroid Build Coastguard Worker }
2173*08b48e0bSAndroid Build Coastguard Worker
2174*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-z") || !strcmp(cur_argv, "-Wl,-z")) {
2175*08b48e0bSAndroid Build Coastguard Worker
2176*08b48e0bSAndroid Build Coastguard Worker u8 *param = *(argv + 1);
2177*08b48e0bSAndroid Build Coastguard Worker if (param && (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs"))) {
2178*08b48e0bSAndroid Build Coastguard Worker
2179*08b48e0bSAndroid Build Coastguard Worker *skip_next = 1;
2180*08b48e0bSAndroid Build Coastguard Worker
2181*08b48e0bSAndroid Build Coastguard Worker if (scan) {
2182*08b48e0bSAndroid Build Coastguard Worker
2183*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2184*08b48e0bSAndroid Build Coastguard Worker
2185*08b48e0bSAndroid Build Coastguard Worker } else {
2186*08b48e0bSAndroid Build Coastguard Worker
2187*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
2188*08b48e0bSAndroid Build Coastguard Worker
2189*08b48e0bSAndroid Build Coastguard Worker }
2190*08b48e0bSAndroid Build Coastguard Worker
2191*08b48e0bSAndroid Build Coastguard Worker }
2192*08b48e0bSAndroid Build Coastguard Worker
2193*08b48e0bSAndroid Build Coastguard Worker }
2194*08b48e0bSAndroid Build Coastguard Worker
2195*08b48e0bSAndroid Build Coastguard Worker // Try to warn user for some unsupported cases
2196*08b48e0bSAndroid Build Coastguard Worker if (scan && final_ == PARAM_MISS) {
2197*08b48e0bSAndroid Build Coastguard Worker
2198*08b48e0bSAndroid Build Coastguard Worker u8 *ptr_ = NULL;
2199*08b48e0bSAndroid Build Coastguard Worker
2200*08b48e0bSAndroid Build Coastguard Worker if (!strcmp(cur_argv, "-Xlinker") && (ptr_ = *(argv + 1))) {
2201*08b48e0bSAndroid Build Coastguard Worker
2202*08b48e0bSAndroid Build Coastguard Worker if (!strcmp(ptr_, "defs")) {
2203*08b48e0bSAndroid Build Coastguard Worker
2204*08b48e0bSAndroid Build Coastguard Worker WARNF("'-Xlinker' 'defs' detected. This may result in a bad link.");
2205*08b48e0bSAndroid Build Coastguard Worker
2206*08b48e0bSAndroid Build Coastguard Worker } else if (strstr(ptr_, "-no-undefined")) {
2207*08b48e0bSAndroid Build Coastguard Worker
2208*08b48e0bSAndroid Build Coastguard Worker WARNF(
2209*08b48e0bSAndroid Build Coastguard Worker "'-Xlinker' '%s' detected. The latter option may be dropped and "
2210*08b48e0bSAndroid Build Coastguard Worker "result in a bad link.",
2211*08b48e0bSAndroid Build Coastguard Worker ptr_);
2212*08b48e0bSAndroid Build Coastguard Worker
2213*08b48e0bSAndroid Build Coastguard Worker }
2214*08b48e0bSAndroid Build Coastguard Worker
2215*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-Wl,", 4) &&
2216*08b48e0bSAndroid Build Coastguard Worker
2217*08b48e0bSAndroid Build Coastguard Worker (u8 *)strrchr(cur_argv, ',') != (cur_argv + 3)) {
2218*08b48e0bSAndroid Build Coastguard Worker
2219*08b48e0bSAndroid Build Coastguard Worker ptr_ = cur_argv + 4;
2220*08b48e0bSAndroid Build Coastguard Worker
2221*08b48e0bSAndroid Build Coastguard Worker if (strstr(ptr_, "-shared") || strstr(ptr_, "-dynamiclib")) {
2222*08b48e0bSAndroid Build Coastguard Worker
2223*08b48e0bSAndroid Build Coastguard Worker WARNF(
2224*08b48e0bSAndroid Build Coastguard Worker "'%s': multiple link options after '-Wl,' may break shared "
2225*08b48e0bSAndroid Build Coastguard Worker "linking.",
2226*08b48e0bSAndroid Build Coastguard Worker ptr_);
2227*08b48e0bSAndroid Build Coastguard Worker
2228*08b48e0bSAndroid Build Coastguard Worker }
2229*08b48e0bSAndroid Build Coastguard Worker
2230*08b48e0bSAndroid Build Coastguard Worker if (strstr(ptr_, "-r,") || strstr(ptr_, "-i,") || strstr(ptr_, ",-r") ||
2231*08b48e0bSAndroid Build Coastguard Worker strstr(ptr_, ",-i") || strstr(ptr_, "--relocatable")) {
2232*08b48e0bSAndroid Build Coastguard Worker
2233*08b48e0bSAndroid Build Coastguard Worker WARNF(
2234*08b48e0bSAndroid Build Coastguard Worker "'%s': multiple link options after '-Wl,' may break partial "
2235*08b48e0bSAndroid Build Coastguard Worker "linking.",
2236*08b48e0bSAndroid Build Coastguard Worker ptr_);
2237*08b48e0bSAndroid Build Coastguard Worker
2238*08b48e0bSAndroid Build Coastguard Worker }
2239*08b48e0bSAndroid Build Coastguard Worker
2240*08b48e0bSAndroid Build Coastguard Worker if (strstr(ptr_, "defs") || strstr(ptr_, "no-undefined")) {
2241*08b48e0bSAndroid Build Coastguard Worker
2242*08b48e0bSAndroid Build Coastguard Worker WARNF(
2243*08b48e0bSAndroid Build Coastguard Worker "'%s': multiple link options after '-Wl,' may enable report "
2244*08b48e0bSAndroid Build Coastguard Worker "unresolved symbol references and result in a bad link.",
2245*08b48e0bSAndroid Build Coastguard Worker ptr_);
2246*08b48e0bSAndroid Build Coastguard Worker
2247*08b48e0bSAndroid Build Coastguard Worker }
2248*08b48e0bSAndroid Build Coastguard Worker
2249*08b48e0bSAndroid Build Coastguard Worker }
2250*08b48e0bSAndroid Build Coastguard Worker
2251*08b48e0bSAndroid Build Coastguard Worker }
2252*08b48e0bSAndroid Build Coastguard Worker
2253*08b48e0bSAndroid Build Coastguard Worker if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv);
2254*08b48e0bSAndroid Build Coastguard Worker
2255*08b48e0bSAndroid Build Coastguard Worker return final_;
2256*08b48e0bSAndroid Build Coastguard Worker
2257*08b48e0bSAndroid Build Coastguard Worker }
2258*08b48e0bSAndroid Build Coastguard Worker
2259*08b48e0bSAndroid Build Coastguard Worker /* Add params to specify the linker used in LTO */
add_lto_linker(aflcc_state_t * aflcc)2260*08b48e0bSAndroid Build Coastguard Worker void add_lto_linker(aflcc_state_t *aflcc) {
2261*08b48e0bSAndroid Build Coastguard Worker
2262*08b48e0bSAndroid Build Coastguard Worker unsetenv("AFL_LD");
2263*08b48e0bSAndroid Build Coastguard Worker unsetenv("AFL_LD_CALLER");
2264*08b48e0bSAndroid Build Coastguard Worker
2265*08b48e0bSAndroid Build Coastguard Worker u8 *ld_path = NULL;
2266*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_REAL_LD")) {
2267*08b48e0bSAndroid Build Coastguard Worker
2268*08b48e0bSAndroid Build Coastguard Worker ld_path = strdup(getenv("AFL_REAL_LD"));
2269*08b48e0bSAndroid Build Coastguard Worker
2270*08b48e0bSAndroid Build Coastguard Worker } else {
2271*08b48e0bSAndroid Build Coastguard Worker
2272*08b48e0bSAndroid Build Coastguard Worker ld_path = strdup(AFL_REAL_LD);
2273*08b48e0bSAndroid Build Coastguard Worker
2274*08b48e0bSAndroid Build Coastguard Worker }
2275*08b48e0bSAndroid Build Coastguard Worker
2276*08b48e0bSAndroid Build Coastguard Worker if (!ld_path || !*ld_path) {
2277*08b48e0bSAndroid Build Coastguard Worker
2278*08b48e0bSAndroid Build Coastguard Worker if (ld_path) {
2279*08b48e0bSAndroid Build Coastguard Worker
2280*08b48e0bSAndroid Build Coastguard Worker // Freeing empty string
2281*08b48e0bSAndroid Build Coastguard Worker free(ld_path);
2282*08b48e0bSAndroid Build Coastguard Worker
2283*08b48e0bSAndroid Build Coastguard Worker }
2284*08b48e0bSAndroid Build Coastguard Worker
2285*08b48e0bSAndroid Build Coastguard Worker ld_path = strdup("ld.lld");
2286*08b48e0bSAndroid Build Coastguard Worker
2287*08b48e0bSAndroid Build Coastguard Worker }
2288*08b48e0bSAndroid Build Coastguard Worker
2289*08b48e0bSAndroid Build Coastguard Worker if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); }
2290*08b48e0bSAndroid Build Coastguard Worker #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12
2291*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, alloc_printf("--ld-path=%s", ld_path));
2292*08b48e0bSAndroid Build Coastguard Worker #else
2293*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path));
2294*08b48e0bSAndroid Build Coastguard Worker #endif
2295*08b48e0bSAndroid Build Coastguard Worker free(ld_path);
2296*08b48e0bSAndroid Build Coastguard Worker
2297*08b48e0bSAndroid Build Coastguard Worker }
2298*08b48e0bSAndroid Build Coastguard Worker
2299*08b48e0bSAndroid Build Coastguard Worker /* Add params to launch SanitizerCoverageLTO.so when linking */
add_lto_passes(aflcc_state_t * aflcc)2300*08b48e0bSAndroid Build Coastguard Worker void add_lto_passes(aflcc_state_t *aflcc) {
2301*08b48e0bSAndroid Build Coastguard Worker
2302*08b48e0bSAndroid Build Coastguard Worker #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15
2303*08b48e0bSAndroid Build Coastguard Worker // The NewPM implementation only works fully since LLVM 15.
2304*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,--load-pass-plugin=%s",
2305*08b48e0bSAndroid Build Coastguard Worker 0);
2306*08b48e0bSAndroid Build Coastguard Worker #elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13
2307*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,--lto-legacy-pass-manager");
2308*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0);
2309*08b48e0bSAndroid Build Coastguard Worker #else
2310*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-experimental-new-pass-manager");
2311*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0);
2312*08b48e0bSAndroid Build Coastguard Worker #endif
2313*08b48e0bSAndroid Build Coastguard Worker
2314*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,--allow-multiple-definition");
2315*08b48e0bSAndroid Build Coastguard Worker
2316*08b48e0bSAndroid Build Coastguard Worker }
2317*08b48e0bSAndroid Build Coastguard Worker
2318*08b48e0bSAndroid Build Coastguard Worker /* Add params to link with libAFLDriver.a on request */
add_aflpplib(aflcc_state_t * aflcc)2319*08b48e0bSAndroid Build Coastguard Worker static void add_aflpplib(aflcc_state_t *aflcc) {
2320*08b48e0bSAndroid Build Coastguard Worker
2321*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->need_aflpplib) return;
2322*08b48e0bSAndroid Build Coastguard Worker
2323*08b48e0bSAndroid Build Coastguard Worker u8 *afllib = find_object(aflcc, "libAFLDriver.a");
2324*08b48e0bSAndroid Build Coastguard Worker
2325*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet) {
2326*08b48e0bSAndroid Build Coastguard Worker
2327*08b48e0bSAndroid Build Coastguard Worker OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a");
2328*08b48e0bSAndroid Build Coastguard Worker
2329*08b48e0bSAndroid Build Coastguard Worker }
2330*08b48e0bSAndroid Build Coastguard Worker
2331*08b48e0bSAndroid Build Coastguard Worker if (!afllib) {
2332*08b48e0bSAndroid Build Coastguard Worker
2333*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet) {
2334*08b48e0bSAndroid Build Coastguard Worker
2335*08b48e0bSAndroid Build Coastguard Worker WARNF(
2336*08b48e0bSAndroid Build Coastguard Worker "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in "
2337*08b48e0bSAndroid Build Coastguard Worker "the flags - this will fail!");
2338*08b48e0bSAndroid Build Coastguard Worker
2339*08b48e0bSAndroid Build Coastguard Worker }
2340*08b48e0bSAndroid Build Coastguard Worker
2341*08b48e0bSAndroid Build Coastguard Worker } else {
2342*08b48e0bSAndroid Build Coastguard Worker
2343*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, afllib);
2344*08b48e0bSAndroid Build Coastguard Worker
2345*08b48e0bSAndroid Build Coastguard Worker #ifdef __APPLE__
2346*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,-undefined");
2347*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "dynamic_lookup");
2348*08b48e0bSAndroid Build Coastguard Worker #endif
2349*08b48e0bSAndroid Build Coastguard Worker
2350*08b48e0bSAndroid Build Coastguard Worker }
2351*08b48e0bSAndroid Build Coastguard Worker
2352*08b48e0bSAndroid Build Coastguard Worker }
2353*08b48e0bSAndroid Build Coastguard Worker
2354*08b48e0bSAndroid Build Coastguard Worker /* Add params to link with runtimes depended by our instrumentation */
add_runtime(aflcc_state_t * aflcc)2355*08b48e0bSAndroid Build Coastguard Worker void add_runtime(aflcc_state_t *aflcc) {
2356*08b48e0bSAndroid Build Coastguard Worker
2357*08b48e0bSAndroid Build Coastguard Worker if (aflcc->preprocessor_only || aflcc->have_c || !aflcc->non_dash) {
2358*08b48e0bSAndroid Build Coastguard Worker
2359*08b48e0bSAndroid Build Coastguard Worker /* In the preprocessor_only case (-E), we are not actually compiling at
2360*08b48e0bSAndroid Build Coastguard Worker all but requesting the compiler to output preprocessed sources only.
2361*08b48e0bSAndroid Build Coastguard Worker We must not add the runtime in this case because the compiler will
2362*08b48e0bSAndroid Build Coastguard Worker simply output its binary content back on stdout, breaking any build
2363*08b48e0bSAndroid Build Coastguard Worker systems that rely on a separate source preprocessing step. */
2364*08b48e0bSAndroid Build Coastguard Worker return;
2365*08b48e0bSAndroid Build Coastguard Worker
2366*08b48e0bSAndroid Build Coastguard Worker }
2367*08b48e0bSAndroid Build Coastguard Worker
2368*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC &&
2369*08b48e0bSAndroid Build Coastguard Worker !getenv("AFL_LLVM_NO_RPATH")) {
2370*08b48e0bSAndroid Build Coastguard Worker
2371*08b48e0bSAndroid Build Coastguard Worker // in case LLVM is installed not via a package manager or "make install"
2372*08b48e0bSAndroid Build Coastguard Worker // e.g. compiled download or compiled from github then its ./lib directory
2373*08b48e0bSAndroid Build Coastguard Worker // might not be in the search path. Add it if so.
2374*08b48e0bSAndroid Build Coastguard Worker const char *libdir = LLVM_LIBDIR;
2375*08b48e0bSAndroid Build Coastguard Worker if (aflcc->plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) &&
2376*08b48e0bSAndroid Build Coastguard Worker strncmp(libdir, "/lib", 4)) {
2377*08b48e0bSAndroid Build Coastguard Worker
2378*08b48e0bSAndroid Build Coastguard Worker u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR);
2379*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, libdir_opt);
2380*08b48e0bSAndroid Build Coastguard Worker
2381*08b48e0bSAndroid Build Coastguard Worker }
2382*08b48e0bSAndroid Build Coastguard Worker
2383*08b48e0bSAndroid Build Coastguard Worker }
2384*08b48e0bSAndroid Build Coastguard Worker
2385*08b48e0bSAndroid Build Coastguard Worker #ifndef __ANDROID__
2386*08b48e0bSAndroid Build Coastguard Worker
2387*08b48e0bSAndroid Build Coastguard Worker #define M32_ERR_MSG "-m32 is not supported by your compiler"
2388*08b48e0bSAndroid Build Coastguard Worker #define M64_ERR_MSG "-m64 is not supported by your compiler"
2389*08b48e0bSAndroid Build Coastguard Worker
2390*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode != GCC && aflcc->compiler_mode != CLANG) {
2391*08b48e0bSAndroid Build Coastguard Worker
2392*08b48e0bSAndroid Build Coastguard Worker switch (aflcc->bit_mode) {
2393*08b48e0bSAndroid Build Coastguard Worker
2394*08b48e0bSAndroid Build Coastguard Worker case 0:
2395*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->shared_linking && !aflcc->partial_linking)
2396*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-compiler-rt.o", 0, 0);
2397*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode) insert_object(aflcc, "afl-llvm-rt-lto.o", 0, 0);
2398*08b48e0bSAndroid Build Coastguard Worker break;
2399*08b48e0bSAndroid Build Coastguard Worker
2400*08b48e0bSAndroid Build Coastguard Worker case 32:
2401*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->shared_linking && !aflcc->partial_linking)
2402*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-compiler-rt-32.o", 0, M32_ERR_MSG);
2403*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode)
2404*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-llvm-rt-lto-32.o", 0, M32_ERR_MSG);
2405*08b48e0bSAndroid Build Coastguard Worker break;
2406*08b48e0bSAndroid Build Coastguard Worker
2407*08b48e0bSAndroid Build Coastguard Worker case 64:
2408*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->shared_linking && !aflcc->partial_linking)
2409*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-compiler-rt-64.o", 0, M64_ERR_MSG);
2410*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode)
2411*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-llvm-rt-lto-64.o", 0, M64_ERR_MSG);
2412*08b48e0bSAndroid Build Coastguard Worker break;
2413*08b48e0bSAndroid Build Coastguard Worker
2414*08b48e0bSAndroid Build Coastguard Worker }
2415*08b48e0bSAndroid Build Coastguard Worker
2416*08b48e0bSAndroid Build Coastguard Worker #if __AFL_CODE_COVERAGE
2417*08b48e0bSAndroid Build Coastguard Worker // Required for dladdr used in afl-compiler-rt.o
2418*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-ldl");
2419*08b48e0bSAndroid Build Coastguard Worker #endif
2420*08b48e0bSAndroid Build Coastguard Worker
2421*08b48e0bSAndroid Build Coastguard Worker #if !defined(__APPLE__) && !defined(__sun)
2422*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->shared_linking && !aflcc->partial_linking)
2423*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "dynamic_list.txt", "-Wl,--dynamic-list=%s", 0);
2424*08b48e0bSAndroid Build Coastguard Worker #endif
2425*08b48e0bSAndroid Build Coastguard Worker
2426*08b48e0bSAndroid Build Coastguard Worker #if defined(__APPLE__)
2427*08b48e0bSAndroid Build Coastguard Worker if (aflcc->shared_linking || aflcc->partial_linking) {
2428*08b48e0bSAndroid Build Coastguard Worker
2429*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,-U");
2430*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,___afl_area_ptr");
2431*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,-U");
2432*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,___sanitizer_cov_trace_pc_guard_init");
2433*08b48e0bSAndroid Build Coastguard Worker
2434*08b48e0bSAndroid Build Coastguard Worker }
2435*08b48e0bSAndroid Build Coastguard Worker
2436*08b48e0bSAndroid Build Coastguard Worker #endif
2437*08b48e0bSAndroid Build Coastguard Worker
2438*08b48e0bSAndroid Build Coastguard Worker }
2439*08b48e0bSAndroid Build Coastguard Worker
2440*08b48e0bSAndroid Build Coastguard Worker #endif
2441*08b48e0bSAndroid Build Coastguard Worker
2442*08b48e0bSAndroid Build Coastguard Worker add_aflpplib(aflcc);
2443*08b48e0bSAndroid Build Coastguard Worker
2444*08b48e0bSAndroid Build Coastguard Worker #if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__
2445*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wl,-lrt");
2446*08b48e0bSAndroid Build Coastguard Worker #endif
2447*08b48e0bSAndroid Build Coastguard Worker
2448*08b48e0bSAndroid Build Coastguard Worker }
2449*08b48e0bSAndroid Build Coastguard Worker
2450*08b48e0bSAndroid Build Coastguard Worker /** Linking behaviors -----END----- **/
2451*08b48e0bSAndroid Build Coastguard Worker
2452*08b48e0bSAndroid Build Coastguard Worker /** Miscellaneous routines -----BEGIN----- **/
2453*08b48e0bSAndroid Build Coastguard Worker
2454*08b48e0bSAndroid Build Coastguard Worker /*
2455*08b48e0bSAndroid Build Coastguard Worker Add params to make compiler driver use our afl-as
2456*08b48e0bSAndroid Build Coastguard Worker as assembler, required by the vanilla instrumentation.
2457*08b48e0bSAndroid Build Coastguard Worker */
add_assembler(aflcc_state_t * aflcc)2458*08b48e0bSAndroid Build Coastguard Worker void add_assembler(aflcc_state_t *aflcc) {
2459*08b48e0bSAndroid Build Coastguard Worker
2460*08b48e0bSAndroid Build Coastguard Worker u8 *afl_as = find_object(aflcc, "as");
2461*08b48e0bSAndroid Build Coastguard Worker
2462*08b48e0bSAndroid Build Coastguard Worker if (!afl_as) FATAL("Cannot find 'as' (symlink to 'afl-as').");
2463*08b48e0bSAndroid Build Coastguard Worker
2464*08b48e0bSAndroid Build Coastguard Worker u8 *slash = strrchr(afl_as, '/');
2465*08b48e0bSAndroid Build Coastguard Worker if (slash) *slash = 0;
2466*08b48e0bSAndroid Build Coastguard Worker
2467*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-B");
2468*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, afl_as);
2469*08b48e0bSAndroid Build Coastguard Worker
2470*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == CLANG) insert_param(aflcc, "-no-integrated-as");
2471*08b48e0bSAndroid Build Coastguard Worker
2472*08b48e0bSAndroid Build Coastguard Worker }
2473*08b48e0bSAndroid Build Coastguard Worker
2474*08b48e0bSAndroid Build Coastguard Worker /* Add params to launch the gcc plugins for instrumentation. */
add_gcc_plugin(aflcc_state_t * aflcc)2475*08b48e0bSAndroid Build Coastguard Worker void add_gcc_plugin(aflcc_state_t *aflcc) {
2476*08b48e0bSAndroid Build Coastguard Worker
2477*08b48e0bSAndroid Build Coastguard Worker if (aflcc->cmplog_mode) {
2478*08b48e0bSAndroid Build Coastguard Worker
2479*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-gcc-cmplog-pass.so", "-fplugin=%s", 0);
2480*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-gcc-cmptrs-pass.so", "-fplugin=%s", 0);
2481*08b48e0bSAndroid Build Coastguard Worker
2482*08b48e0bSAndroid Build Coastguard Worker }
2483*08b48e0bSAndroid Build Coastguard Worker
2484*08b48e0bSAndroid Build Coastguard Worker insert_object(aflcc, "afl-gcc-pass.so", "-fplugin=%s", 0);
2485*08b48e0bSAndroid Build Coastguard Worker
2486*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-if-conversion");
2487*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-if-conversion2");
2488*08b48e0bSAndroid Build Coastguard Worker
2489*08b48e0bSAndroid Build Coastguard Worker }
2490*08b48e0bSAndroid Build Coastguard Worker
2491*08b48e0bSAndroid Build Coastguard Worker /* Add some miscellaneous params required by our instrumentation. */
add_misc_params(aflcc_state_t * aflcc)2492*08b48e0bSAndroid Build Coastguard Worker void add_misc_params(aflcc_state_t *aflcc) {
2493*08b48e0bSAndroid Build Coastguard Worker
2494*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") ||
2495*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_LAF_ALL") || getenv("AFL_LLVM_CMPLOG") ||
2496*08b48e0bSAndroid Build Coastguard Worker aflcc->lto_mode) {
2497*08b48e0bSAndroid Build Coastguard Worker
2498*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-strcmp");
2499*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-strncmp");
2500*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-strcasecmp");
2501*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-strncasecmp");
2502*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-memcmp");
2503*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-bcmp");
2504*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-strstr");
2505*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-builtin-strcasestr");
2506*08b48e0bSAndroid Build Coastguard Worker
2507*08b48e0bSAndroid Build Coastguard Worker }
2508*08b48e0bSAndroid Build Coastguard Worker
2509*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_pic) { insert_param(aflcc, "-fPIC"); }
2510*08b48e0bSAndroid Build Coastguard Worker
2511*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_HARDEN")) {
2512*08b48e0bSAndroid Build Coastguard Worker
2513*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fstack-protector-all");
2514*08b48e0bSAndroid Build Coastguard Worker
2515*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->fortify_set) add_defs_fortify(aflcc, 2);
2516*08b48e0bSAndroid Build Coastguard Worker
2517*08b48e0bSAndroid Build Coastguard Worker }
2518*08b48e0bSAndroid Build Coastguard Worker
2519*08b48e0bSAndroid Build Coastguard Worker if (!getenv("AFL_DONT_OPTIMIZE")) {
2520*08b48e0bSAndroid Build Coastguard Worker
2521*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-g");
2522*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_o) insert_param(aflcc, "-O3");
2523*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_unroll) insert_param(aflcc, "-funroll-loops");
2524*08b48e0bSAndroid Build Coastguard Worker // if (strlen(aflcc->march_opt) > 1 && aflcc->march_opt[0] == '-')
2525*08b48e0bSAndroid Build Coastguard Worker // insert_param(aflcc, aflcc->march_opt);
2526*08b48e0bSAndroid Build Coastguard Worker
2527*08b48e0bSAndroid Build Coastguard Worker }
2528*08b48e0bSAndroid Build Coastguard Worker
2529*08b48e0bSAndroid Build Coastguard Worker if (aflcc->x_set) {
2530*08b48e0bSAndroid Build Coastguard Worker
2531*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-x");
2532*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "none");
2533*08b48e0bSAndroid Build Coastguard Worker
2534*08b48e0bSAndroid Build Coastguard Worker }
2535*08b48e0bSAndroid Build Coastguard Worker
2536*08b48e0bSAndroid Build Coastguard Worker }
2537*08b48e0bSAndroid Build Coastguard Worker
2538*08b48e0bSAndroid Build Coastguard Worker /*
2539*08b48e0bSAndroid Build Coastguard Worker Parse and process a variety of args under our matching rules,
2540*08b48e0bSAndroid Build Coastguard Worker return PARAM_MISS if nothing matched.
2541*08b48e0bSAndroid Build Coastguard Worker */
parse_misc_params(aflcc_state_t * aflcc,u8 * cur_argv,u8 scan)2542*08b48e0bSAndroid Build Coastguard Worker param_st parse_misc_params(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
2543*08b48e0bSAndroid Build Coastguard Worker
2544*08b48e0bSAndroid Build Coastguard Worker param_st final_ = PARAM_MISS;
2545*08b48e0bSAndroid Build Coastguard Worker
2546*08b48e0bSAndroid Build Coastguard Worker // MACRO START
2547*08b48e0bSAndroid Build Coastguard Worker #define SCAN_KEEP(dst, src) \
2548*08b48e0bSAndroid Build Coastguard Worker do { \
2549*08b48e0bSAndroid Build Coastguard Worker \
2550*08b48e0bSAndroid Build Coastguard Worker if (scan) { \
2551*08b48e0bSAndroid Build Coastguard Worker \
2552*08b48e0bSAndroid Build Coastguard Worker dst = src; \
2553*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN; \
2554*08b48e0bSAndroid Build Coastguard Worker \
2555*08b48e0bSAndroid Build Coastguard Worker } else { \
2556*08b48e0bSAndroid Build Coastguard Worker \
2557*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_KEEP; \
2558*08b48e0bSAndroid Build Coastguard Worker \
2559*08b48e0bSAndroid Build Coastguard Worker } \
2560*08b48e0bSAndroid Build Coastguard Worker \
2561*08b48e0bSAndroid Build Coastguard Worker } while (0)
2562*08b48e0bSAndroid Build Coastguard Worker
2563*08b48e0bSAndroid Build Coastguard Worker // MACRO END
2564*08b48e0bSAndroid Build Coastguard Worker
2565*08b48e0bSAndroid Build Coastguard Worker if (!strncasecmp(cur_argv, "-fpic", 5)) {
2566*08b48e0bSAndroid Build Coastguard Worker
2567*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_pic, 1);
2568*08b48e0bSAndroid Build Coastguard Worker
2569*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-m32") ||
2570*08b48e0bSAndroid Build Coastguard Worker
2571*08b48e0bSAndroid Build Coastguard Worker !strcmp(cur_argv, "armv7a-linux-androideabi")) {
2572*08b48e0bSAndroid Build Coastguard Worker
2573*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->bit_mode, 32);
2574*08b48e0bSAndroid Build Coastguard Worker
2575*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-m64")) {
2576*08b48e0bSAndroid Build Coastguard Worker
2577*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->bit_mode, 64);
2578*08b48e0bSAndroid Build Coastguard Worker
2579*08b48e0bSAndroid Build Coastguard Worker } else if (strstr(cur_argv, "FORTIFY_SOURCE")) {
2580*08b48e0bSAndroid Build Coastguard Worker
2581*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->fortify_set, 1);
2582*08b48e0bSAndroid Build Coastguard Worker
2583*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-x")) {
2584*08b48e0bSAndroid Build Coastguard Worker
2585*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->x_set, 1);
2586*08b48e0bSAndroid Build Coastguard Worker
2587*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-E")) {
2588*08b48e0bSAndroid Build Coastguard Worker
2589*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->preprocessor_only, 1);
2590*08b48e0bSAndroid Build Coastguard Worker
2591*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "--target=wasm32-wasi")) {
2592*08b48e0bSAndroid Build Coastguard Worker
2593*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->passthrough, 1);
2594*08b48e0bSAndroid Build Coastguard Worker
2595*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-c")) {
2596*08b48e0bSAndroid Build Coastguard Worker
2597*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_c, 1);
2598*08b48e0bSAndroid Build Coastguard Worker
2599*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-static-libasan")) {
2600*08b48e0bSAndroid Build Coastguard Worker
2601*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_staticasan, 1);
2602*08b48e0bSAndroid Build Coastguard Worker
2603*08b48e0bSAndroid Build Coastguard Worker } else if (strstr(cur_argv, "librustc") && strstr(cur_argv, "_rt.asan.a")) {
2604*08b48e0bSAndroid Build Coastguard Worker
2605*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_rust_asanrt, 1);
2606*08b48e0bSAndroid Build Coastguard Worker
2607*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-fno-omit-frame-pointer")) {
2608*08b48e0bSAndroid Build Coastguard Worker
2609*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_fp, 1);
2610*08b48e0bSAndroid Build Coastguard Worker
2611*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-fvisibility=hidden")) {
2612*08b48e0bSAndroid Build Coastguard Worker
2613*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_hidden, 1);
2614*08b48e0bSAndroid Build Coastguard Worker
2615*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-flto") || !strcmp(cur_argv, "-flto=full")) {
2616*08b48e0bSAndroid Build Coastguard Worker
2617*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_flto, 1);
2618*08b48e0bSAndroid Build Coastguard Worker
2619*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-D_FORTIFY_SOURCE",
2620*08b48e0bSAndroid Build Coastguard Worker
2621*08b48e0bSAndroid Build Coastguard Worker strlen("-D_FORTIFY_SOURCE"))) {
2622*08b48e0bSAndroid Build Coastguard Worker
2623*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_fortify, 1);
2624*08b48e0bSAndroid Build Coastguard Worker
2625*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-fcf-protection", strlen("-fcf-protection"))) {
2626*08b48e0bSAndroid Build Coastguard Worker
2627*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_cfisan, 1);
2628*08b48e0bSAndroid Build Coastguard Worker
2629*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-O", 2)) {
2630*08b48e0bSAndroid Build Coastguard Worker
2631*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_o, 1);
2632*08b48e0bSAndroid Build Coastguard Worker
2633*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-funroll-loop", 13)) {
2634*08b48e0bSAndroid Build Coastguard Worker
2635*08b48e0bSAndroid Build Coastguard Worker SCAN_KEEP(aflcc->have_unroll, 1);
2636*08b48e0bSAndroid Build Coastguard Worker
2637*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "--afl", 5)) {
2638*08b48e0bSAndroid Build Coastguard Worker
2639*08b48e0bSAndroid Build Coastguard Worker if (scan)
2640*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2641*08b48e0bSAndroid Build Coastguard Worker else
2642*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
2643*08b48e0bSAndroid Build Coastguard Worker
2644*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-fno-unroll", 11)) {
2645*08b48e0bSAndroid Build Coastguard Worker
2646*08b48e0bSAndroid Build Coastguard Worker if (scan)
2647*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2648*08b48e0bSAndroid Build Coastguard Worker else
2649*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
2650*08b48e0bSAndroid Build Coastguard Worker
2651*08b48e0bSAndroid Build Coastguard Worker } else if (!strcmp(cur_argv, "-pipe") && aflcc->compiler_mode == GCC_PLUGIN) {
2652*08b48e0bSAndroid Build Coastguard Worker
2653*08b48e0bSAndroid Build Coastguard Worker if (scan)
2654*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2655*08b48e0bSAndroid Build Coastguard Worker else
2656*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
2657*08b48e0bSAndroid Build Coastguard Worker
2658*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(cur_argv, "-stdlib=", 8) &&
2659*08b48e0bSAndroid Build Coastguard Worker
2660*08b48e0bSAndroid Build Coastguard Worker (aflcc->compiler_mode == GCC ||
2661*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode == GCC_PLUGIN)) {
2662*08b48e0bSAndroid Build Coastguard Worker
2663*08b48e0bSAndroid Build Coastguard Worker if (scan) {
2664*08b48e0bSAndroid Build Coastguard Worker
2665*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_SCAN;
2666*08b48e0bSAndroid Build Coastguard Worker
2667*08b48e0bSAndroid Build Coastguard Worker } else {
2668*08b48e0bSAndroid Build Coastguard Worker
2669*08b48e0bSAndroid Build Coastguard Worker if (!be_quiet) WARNF("Found '%s' - stripping!", cur_argv);
2670*08b48e0bSAndroid Build Coastguard Worker final_ = PARAM_DROP;
2671*08b48e0bSAndroid Build Coastguard Worker
2672*08b48e0bSAndroid Build Coastguard Worker }
2673*08b48e0bSAndroid Build Coastguard Worker
2674*08b48e0bSAndroid Build Coastguard Worker } else if (cur_argv[0] != '-') {
2675*08b48e0bSAndroid Build Coastguard Worker
2676*08b48e0bSAndroid Build Coastguard Worker /* It's a weak, loose pattern, with very different purpose
2677*08b48e0bSAndroid Build Coastguard Worker than others. We handle it at last, cautiously and robustly. */
2678*08b48e0bSAndroid Build Coastguard Worker
2679*08b48e0bSAndroid Build Coastguard Worker if (scan && cur_argv[0] != '@') // response file support
2680*08b48e0bSAndroid Build Coastguard Worker aflcc->non_dash = 1;
2681*08b48e0bSAndroid Build Coastguard Worker
2682*08b48e0bSAndroid Build Coastguard Worker }
2683*08b48e0bSAndroid Build Coastguard Worker
2684*08b48e0bSAndroid Build Coastguard Worker #undef SCAN_KEEP
2685*08b48e0bSAndroid Build Coastguard Worker
2686*08b48e0bSAndroid Build Coastguard Worker if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv);
2687*08b48e0bSAndroid Build Coastguard Worker
2688*08b48e0bSAndroid Build Coastguard Worker return final_;
2689*08b48e0bSAndroid Build Coastguard Worker
2690*08b48e0bSAndroid Build Coastguard Worker }
2691*08b48e0bSAndroid Build Coastguard Worker
2692*08b48e0bSAndroid Build Coastguard Worker /** Miscellaneous routines -----END----- **/
2693*08b48e0bSAndroid Build Coastguard Worker
2694*08b48e0bSAndroid Build Coastguard Worker /* Print help message on request */
maybe_usage(aflcc_state_t * aflcc,int argc,char ** argv)2695*08b48e0bSAndroid Build Coastguard Worker static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) {
2696*08b48e0bSAndroid Build Coastguard Worker
2697*08b48e0bSAndroid Build Coastguard Worker if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) {
2698*08b48e0bSAndroid Build Coastguard Worker
2699*08b48e0bSAndroid Build Coastguard Worker printf("afl-cc" VERSION
2700*08b48e0bSAndroid Build Coastguard Worker " by Michal Zalewski, Laszlo Szekeres, Marc Heuse\n");
2701*08b48e0bSAndroid Build Coastguard Worker
2702*08b48e0bSAndroid Build Coastguard Worker SAYF(
2703*08b48e0bSAndroid Build Coastguard Worker "\n"
2704*08b48e0bSAndroid Build Coastguard Worker "afl-cc/afl-c++ [options]\n"
2705*08b48e0bSAndroid Build Coastguard Worker "\n"
2706*08b48e0bSAndroid Build Coastguard Worker "This is a helper application for afl-fuzz. It serves as a drop-in "
2707*08b48e0bSAndroid Build Coastguard Worker "replacement\n"
2708*08b48e0bSAndroid Build Coastguard Worker "for gcc and clang, letting you recompile third-party code with the "
2709*08b48e0bSAndroid Build Coastguard Worker "required\n"
2710*08b48e0bSAndroid Build Coastguard Worker "runtime instrumentation. A common use pattern would be one of the "
2711*08b48e0bSAndroid Build Coastguard Worker "following:\n\n"
2712*08b48e0bSAndroid Build Coastguard Worker
2713*08b48e0bSAndroid Build Coastguard Worker " CC=afl-cc CXX=afl-c++ ./configure --disable-shared\n"
2714*08b48e0bSAndroid Build Coastguard Worker " cmake -DCMAKE_C_COMPILERC=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ .\n"
2715*08b48e0bSAndroid Build Coastguard Worker " CC=afl-cc CXX=afl-c++ meson\n\n");
2716*08b48e0bSAndroid Build Coastguard Worker
2717*08b48e0bSAndroid Build Coastguard Worker SAYF(
2718*08b48e0bSAndroid Build Coastguard Worker " |------------- FEATURES "
2719*08b48e0bSAndroid Build Coastguard Worker "-------------|\n"
2720*08b48e0bSAndroid Build Coastguard Worker "MODES: NCC PERSIST DICT LAF "
2721*08b48e0bSAndroid Build Coastguard Worker "CMPLOG SELECT\n"
2722*08b48e0bSAndroid Build Coastguard Worker " [LLVM] LLVM: %s%s\n"
2723*08b48e0bSAndroid Build Coastguard Worker " PCGUARD %s yes yes module yes yes "
2724*08b48e0bSAndroid Build Coastguard Worker "yes\n"
2725*08b48e0bSAndroid Build Coastguard Worker " NATIVE AVAILABLE no yes no no "
2726*08b48e0bSAndroid Build Coastguard Worker "part. yes\n"
2727*08b48e0bSAndroid Build Coastguard Worker " CLASSIC %s no yes module yes yes "
2728*08b48e0bSAndroid Build Coastguard Worker "yes\n"
2729*08b48e0bSAndroid Build Coastguard Worker " - NORMAL\n"
2730*08b48e0bSAndroid Build Coastguard Worker " - CALLER\n"
2731*08b48e0bSAndroid Build Coastguard Worker " - CTX\n"
2732*08b48e0bSAndroid Build Coastguard Worker " - NGRAM-{2-16}\n"
2733*08b48e0bSAndroid Build Coastguard Worker " [LTO] LLVM LTO: %s%s\n"
2734*08b48e0bSAndroid Build Coastguard Worker " PCGUARD DEFAULT yes yes yes yes yes "
2735*08b48e0bSAndroid Build Coastguard Worker " yes\n"
2736*08b48e0bSAndroid Build Coastguard Worker " CLASSIC yes yes yes yes yes "
2737*08b48e0bSAndroid Build Coastguard Worker " yes\n"
2738*08b48e0bSAndroid Build Coastguard Worker " [GCC_PLUGIN] gcc plugin: %s%s\n"
2739*08b48e0bSAndroid Build Coastguard Worker " CLASSIC DEFAULT no yes no no no "
2740*08b48e0bSAndroid Build Coastguard Worker "yes\n"
2741*08b48e0bSAndroid Build Coastguard Worker " [GCC/CLANG] simple gcc/clang: %s%s\n"
2742*08b48e0bSAndroid Build Coastguard Worker " CLASSIC DEFAULT no no no no no "
2743*08b48e0bSAndroid Build Coastguard Worker "no\n\n",
2744*08b48e0bSAndroid Build Coastguard Worker aflcc->have_llvm ? "AVAILABLE" : "unavailable!",
2745*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode == LLVM ? " [SELECTED]" : "",
2746*08b48e0bSAndroid Build Coastguard Worker aflcc->have_llvm ? "AVAILABLE" : "unavailable!",
2747*08b48e0bSAndroid Build Coastguard Worker aflcc->have_llvm ? "AVAILABLE" : "unavailable!",
2748*08b48e0bSAndroid Build Coastguard Worker aflcc->have_lto ? "AVAILABLE" : "unavailable!",
2749*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode == LTO ? " [SELECTED]" : "",
2750*08b48e0bSAndroid Build Coastguard Worker aflcc->have_gcc_plugin ? "AVAILABLE" : "unavailable!",
2751*08b48e0bSAndroid Build Coastguard Worker aflcc->compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "",
2752*08b48e0bSAndroid Build Coastguard Worker aflcc->have_gcc && aflcc->have_clang
2753*08b48e0bSAndroid Build Coastguard Worker ? "AVAILABLE"
2754*08b48e0bSAndroid Build Coastguard Worker : (aflcc->have_gcc
2755*08b48e0bSAndroid Build Coastguard Worker ? "GCC ONLY "
2756*08b48e0bSAndroid Build Coastguard Worker : (aflcc->have_clang ? "CLANG ONLY" : "unavailable!")),
2757*08b48e0bSAndroid Build Coastguard Worker (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG)
2758*08b48e0bSAndroid Build Coastguard Worker ? " [SELECTED]"
2759*08b48e0bSAndroid Build Coastguard Worker : "");
2760*08b48e0bSAndroid Build Coastguard Worker
2761*08b48e0bSAndroid Build Coastguard Worker SAYF(
2762*08b48e0bSAndroid Build Coastguard Worker "Modes:\n"
2763*08b48e0bSAndroid Build Coastguard Worker " To select the compiler mode use a symlink version (e.g. "
2764*08b48e0bSAndroid Build Coastguard Worker "afl-clang-fast), set\n"
2765*08b48e0bSAndroid Build Coastguard Worker " the environment variable AFL_CC_COMPILER to a mode (e.g. LLVM) or "
2766*08b48e0bSAndroid Build Coastguard Worker "use the\n"
2767*08b48e0bSAndroid Build Coastguard Worker " command line parameter --afl-MODE (e.g. --afl-llvm). If none is "
2768*08b48e0bSAndroid Build Coastguard Worker "selected,\n"
2769*08b48e0bSAndroid Build Coastguard Worker " afl-cc will select the best available (LLVM -> GCC_PLUGIN -> GCC).\n"
2770*08b48e0bSAndroid Build Coastguard Worker " The best is LTO but it often needs RANLIB and AR settings outside "
2771*08b48e0bSAndroid Build Coastguard Worker "of afl-cc.\n\n");
2772*08b48e0bSAndroid Build Coastguard Worker
2773*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0)
2774*08b48e0bSAndroid Build Coastguard Worker #define NATIVE_MSG \
2775*08b48e0bSAndroid Build Coastguard Worker " LLVM-NATIVE: use llvm's native PCGUARD instrumentation (less " \
2776*08b48e0bSAndroid Build Coastguard Worker "performant)\n"
2777*08b48e0bSAndroid Build Coastguard Worker #else
2778*08b48e0bSAndroid Build Coastguard Worker #define NATIVE_MSG ""
2779*08b48e0bSAndroid Build Coastguard Worker #endif
2780*08b48e0bSAndroid Build Coastguard Worker
2781*08b48e0bSAndroid Build Coastguard Worker SAYF(
2782*08b48e0bSAndroid Build Coastguard Worker "Sub-Modes: (set via env AFL_LLVM_INSTRUMENT, afl-cc selects the best "
2783*08b48e0bSAndroid Build Coastguard Worker "available)\n"
2784*08b48e0bSAndroid Build Coastguard Worker " PCGUARD: Dominator tree instrumentation (best!) (README.llvm.md)\n"
2785*08b48e0bSAndroid Build Coastguard Worker
2786*08b48e0bSAndroid Build Coastguard Worker NATIVE_MSG
2787*08b48e0bSAndroid Build Coastguard Worker
2788*08b48e0bSAndroid Build Coastguard Worker " CLASSIC: decision target instrumentation (README.llvm.md)\n"
2789*08b48e0bSAndroid Build Coastguard Worker " CALLER: CLASSIC + single callee context "
2790*08b48e0bSAndroid Build Coastguard Worker "(instrumentation/README.ctx.md)\n"
2791*08b48e0bSAndroid Build Coastguard Worker " CTX: CLASSIC + full callee context "
2792*08b48e0bSAndroid Build Coastguard Worker "(instrumentation/README.ctx.md)\n"
2793*08b48e0bSAndroid Build Coastguard Worker " NGRAM-x: CLASSIC + previous path "
2794*08b48e0bSAndroid Build Coastguard Worker "((instrumentation/README.ngram.md)\n\n");
2795*08b48e0bSAndroid Build Coastguard Worker
2796*08b48e0bSAndroid Build Coastguard Worker #undef NATIVE_MSG
2797*08b48e0bSAndroid Build Coastguard Worker
2798*08b48e0bSAndroid Build Coastguard Worker SAYF(
2799*08b48e0bSAndroid Build Coastguard Worker "Features: (see documentation links)\n"
2800*08b48e0bSAndroid Build Coastguard Worker " NCC: non-colliding coverage [automatic] (that is an amazing "
2801*08b48e0bSAndroid Build Coastguard Worker "thing!)\n"
2802*08b48e0bSAndroid Build Coastguard Worker " (instrumentation/README.lto.md)\n"
2803*08b48e0bSAndroid Build Coastguard Worker " PERSIST: persistent mode support [code] (huge speed increase!)\n"
2804*08b48e0bSAndroid Build Coastguard Worker " (instrumentation/README.persistent_mode.md)\n"
2805*08b48e0bSAndroid Build Coastguard Worker " DICT: dictionary in the target [yes=automatic or LLVM module "
2806*08b48e0bSAndroid Build Coastguard Worker "pass]\n"
2807*08b48e0bSAndroid Build Coastguard Worker " (instrumentation/README.lto.md + "
2808*08b48e0bSAndroid Build Coastguard Worker "instrumentation/README.llvm.md)\n"
2809*08b48e0bSAndroid Build Coastguard Worker " LAF: comparison splitting [env] "
2810*08b48e0bSAndroid Build Coastguard Worker "(instrumentation/README.laf-intel.md)\n"
2811*08b48e0bSAndroid Build Coastguard Worker " CMPLOG: input2state exploration [env] "
2812*08b48e0bSAndroid Build Coastguard Worker "(instrumentation/README.cmplog.md)\n"
2813*08b48e0bSAndroid Build Coastguard Worker " SELECT: selective instrumentation (allow/deny) on filename or "
2814*08b48e0bSAndroid Build Coastguard Worker "function [env]\n"
2815*08b48e0bSAndroid Build Coastguard Worker " (instrumentation/README.instrument_list.md)\n\n");
2816*08b48e0bSAndroid Build Coastguard Worker
2817*08b48e0bSAndroid Build Coastguard Worker if (argc < 2 || strncmp(argv[1], "-hh", 3)) {
2818*08b48e0bSAndroid Build Coastguard Worker
2819*08b48e0bSAndroid Build Coastguard Worker SAYF(
2820*08b48e0bSAndroid Build Coastguard Worker "To see all environment variables for the configuration of afl-cc "
2821*08b48e0bSAndroid Build Coastguard Worker "use \"-hh\".\n");
2822*08b48e0bSAndroid Build Coastguard Worker
2823*08b48e0bSAndroid Build Coastguard Worker } else {
2824*08b48e0bSAndroid Build Coastguard Worker
2825*08b48e0bSAndroid Build Coastguard Worker SAYF(
2826*08b48e0bSAndroid Build Coastguard Worker "Environment variables used:\n"
2827*08b48e0bSAndroid Build Coastguard Worker " AFL_CC: path to the C compiler to use\n"
2828*08b48e0bSAndroid Build Coastguard Worker " AFL_CXX: path to the C++ compiler to use\n"
2829*08b48e0bSAndroid Build Coastguard Worker " AFL_DEBUG: enable developer debugging output\n"
2830*08b48e0bSAndroid Build Coastguard Worker " AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n"
2831*08b48e0bSAndroid Build Coastguard Worker " AFL_NO_BUILTIN: no builtins for string compare functions (for "
2832*08b48e0bSAndroid Build Coastguard Worker "libtokencap.so)\n"
2833*08b48e0bSAndroid Build Coastguard Worker " AFL_NOOPT: behave like a normal compiler (to pass configure "
2834*08b48e0bSAndroid Build Coastguard Worker "tests)\n"
2835*08b48e0bSAndroid Build Coastguard Worker " AFL_PATH: path to instrumenting pass and runtime "
2836*08b48e0bSAndroid Build Coastguard Worker "(afl-compiler-rt.*o)\n"
2837*08b48e0bSAndroid Build Coastguard Worker " AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n"
2838*08b48e0bSAndroid Build Coastguard Worker " AFL_INST_RATIO: percentage of branches to instrument\n"
2839*08b48e0bSAndroid Build Coastguard Worker " AFL_QUIET: suppress verbose output\n"
2840*08b48e0bSAndroid Build Coastguard Worker " AFL_HARDEN: adds code hardening to catch memory bugs\n"
2841*08b48e0bSAndroid Build Coastguard Worker " AFL_USE_ASAN: activate address sanitizer\n"
2842*08b48e0bSAndroid Build Coastguard Worker " AFL_USE_CFISAN: activate control flow sanitizer\n"
2843*08b48e0bSAndroid Build Coastguard Worker " AFL_USE_MSAN: activate memory sanitizer\n"
2844*08b48e0bSAndroid Build Coastguard Worker " AFL_USE_UBSAN: activate undefined behaviour sanitizer\n"
2845*08b48e0bSAndroid Build Coastguard Worker " AFL_USE_TSAN: activate thread sanitizer\n"
2846*08b48e0bSAndroid Build Coastguard Worker " AFL_USE_LSAN: activate leak-checker sanitizer\n");
2847*08b48e0bSAndroid Build Coastguard Worker
2848*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_gcc_plugin)
2849*08b48e0bSAndroid Build Coastguard Worker SAYF(
2850*08b48e0bSAndroid Build Coastguard Worker "\nGCC Plugin-specific environment variables:\n"
2851*08b48e0bSAndroid Build Coastguard Worker " AFL_GCC_CMPLOG: log operands of comparisons (RedQueen mutator)\n"
2852*08b48e0bSAndroid Build Coastguard Worker " AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n"
2853*08b48e0bSAndroid Build Coastguard Worker " AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n"
2854*08b48e0bSAndroid Build Coastguard Worker " AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by "
2855*08b48e0bSAndroid Build Coastguard Worker "filename\n");
2856*08b48e0bSAndroid Build Coastguard Worker
2857*08b48e0bSAndroid Build Coastguard Worker #if LLVM_MAJOR >= 9
2858*08b48e0bSAndroid Build Coastguard Worker #define COUNTER_BEHAVIOUR \
2859*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_SKIP_NEVERZERO: do not skip zero on trace counters\n"
2860*08b48e0bSAndroid Build Coastguard Worker #else
2861*08b48e0bSAndroid Build Coastguard Worker #define COUNTER_BEHAVIOUR \
2862*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n"
2863*08b48e0bSAndroid Build Coastguard Worker #endif
2864*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_llvm)
2865*08b48e0bSAndroid Build Coastguard Worker SAYF(
2866*08b48e0bSAndroid Build Coastguard Worker "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment "
2867*08b48e0bSAndroid Build Coastguard Worker "variables:\n"
2868*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_THREADSAFE_INST: instrument with thread safe counters, "
2869*08b48e0bSAndroid Build Coastguard Worker "disables neverzero\n"
2870*08b48e0bSAndroid Build Coastguard Worker
2871*08b48e0bSAndroid Build Coastguard Worker COUNTER_BEHAVIOUR
2872*08b48e0bSAndroid Build Coastguard Worker
2873*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_DICT2FILE: generate an afl dictionary based on found "
2874*08b48e0bSAndroid Build Coastguard Worker "comparisons\n"
2875*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_DICT2FILE_NO_MAIN: skip parsing main() for the "
2876*08b48e0bSAndroid Build Coastguard Worker "dictionary\n"
2877*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_INJECTIONS_ALL: enables all injections hooking\n"
2878*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_INJECTIONS_SQL: enables SQL injections hooking\n"
2879*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_INJECTIONS_LDAP: enables LDAP injections hooking\n"
2880*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_INJECTIONS_XSS: enables XSS injections hooking\n"
2881*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LAF_ALL: enables all LAF splits/transforms\n"
2882*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LAF_SPLIT_COMPARES: enable cascaded comparisons\n"
2883*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n"
2884*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LAF_SPLIT_SWITCHES: cascaded comparisons on switches\n"
2885*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LAF_SPLIT_FLOATS: cascaded comparisons on floats\n"
2886*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LAF_TRANSFORM_COMPARES: cascade comparisons for string "
2887*08b48e0bSAndroid Build Coastguard Worker "functions\n"
2888*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_ALLOWLIST/AFL_LLVM_DENYLIST: enable "
2889*08b48e0bSAndroid Build Coastguard Worker "instrument allow/\n"
2890*08b48e0bSAndroid Build Coastguard Worker " deny listing (selective instrumentation)\n");
2891*08b48e0bSAndroid Build Coastguard Worker
2892*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_llvm)
2893*08b48e0bSAndroid Build Coastguard Worker SAYF(
2894*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen "
2895*08b48e0bSAndroid Build Coastguard Worker "mutator)\n"
2896*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_INSTRUMENT: set instrumentation mode:\n"
2897*08b48e0bSAndroid Build Coastguard Worker " CLASSIC, PCGUARD, LTO, GCC, CLANG, CALLER, CTX, NGRAM-2 "
2898*08b48e0bSAndroid Build Coastguard Worker "..-16\n"
2899*08b48e0bSAndroid Build Coastguard Worker " You can also use the old environment variables instead:\n"
2900*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_USE_TRACE_PC: use LLVM trace-pc-guard instrumentation\n"
2901*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_CALLER: use single context sensitive coverage (for "
2902*08b48e0bSAndroid Build Coastguard Worker "CLASSIC)\n"
2903*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_CTX: use full context sensitive coverage (for "
2904*08b48e0bSAndroid Build Coastguard Worker "CLASSIC)\n"
2905*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_NGRAM_SIZE: use ngram prev_loc count coverage (for "
2906*08b48e0bSAndroid Build Coastguard Worker "CLASSIC)\n"
2907*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_NO_RPATH: disable rpath setting for custom LLVM "
2908*08b48e0bSAndroid Build Coastguard Worker "locations\n");
2909*08b48e0bSAndroid Build Coastguard Worker
2910*08b48e0bSAndroid Build Coastguard Worker #ifdef AFL_CLANG_FLTO
2911*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_lto)
2912*08b48e0bSAndroid Build Coastguard Worker SAYF(
2913*08b48e0bSAndroid Build Coastguard Worker "\nLTO/afl-clang-lto specific environment variables:\n"
2914*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_MAP_ADDR: use a fixed coverage map address (speed), "
2915*08b48e0bSAndroid Build Coastguard Worker "e.g. "
2916*08b48e0bSAndroid Build Coastguard Worker "0x10000\n"
2917*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_DOCUMENT_IDS: write all edge IDs and the corresponding "
2918*08b48e0bSAndroid Build Coastguard Worker "functions\n"
2919*08b48e0bSAndroid Build Coastguard Worker " into this file (LTO mode)\n"
2920*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LTO_DONTWRITEID: don't write the highest ID used to a "
2921*08b48e0bSAndroid Build Coastguard Worker "global var\n"
2922*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LTO_STARTID: from which ID to start counting from for "
2923*08b48e0bSAndroid Build Coastguard Worker "a "
2924*08b48e0bSAndroid Build Coastguard Worker "bb\n"
2925*08b48e0bSAndroid Build Coastguard Worker " AFL_REAL_LD: use this lld linker instead of the compiled in "
2926*08b48e0bSAndroid Build Coastguard Worker "path\n"
2927*08b48e0bSAndroid Build Coastguard Worker " AFL_LLVM_LTO_SKIPINIT: don't inject initialization code "
2928*08b48e0bSAndroid Build Coastguard Worker "(used in WAFL mode)\n"
2929*08b48e0bSAndroid Build Coastguard Worker "If anything fails - be sure to read README.lto.md!\n");
2930*08b48e0bSAndroid Build Coastguard Worker #endif
2931*08b48e0bSAndroid Build Coastguard Worker
2932*08b48e0bSAndroid Build Coastguard Worker SAYF(
2933*08b48e0bSAndroid Build Coastguard Worker "\nYou can supply --afl-noopt to not instrument, like AFL_NOOPT. "
2934*08b48e0bSAndroid Build Coastguard Worker "(this is helpful\n"
2935*08b48e0bSAndroid Build Coastguard Worker "in some build systems if you do not want to instrument "
2936*08b48e0bSAndroid Build Coastguard Worker "everything.\n");
2937*08b48e0bSAndroid Build Coastguard Worker
2938*08b48e0bSAndroid Build Coastguard Worker }
2939*08b48e0bSAndroid Build Coastguard Worker
2940*08b48e0bSAndroid Build Coastguard Worker SAYF(
2941*08b48e0bSAndroid Build Coastguard Worker "\nFor any information on the available instrumentations and options "
2942*08b48e0bSAndroid Build Coastguard Worker "please \n"
2943*08b48e0bSAndroid Build Coastguard Worker "consult the README.md, especially section 3.1 about instrumenting "
2944*08b48e0bSAndroid Build Coastguard Worker "targets.\n\n");
2945*08b48e0bSAndroid Build Coastguard Worker
2946*08b48e0bSAndroid Build Coastguard Worker #if (LLVM_MAJOR >= 3)
2947*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_lto)
2948*08b48e0bSAndroid Build Coastguard Worker SAYF("afl-cc LTO with ld=%s %s\n", AFL_REAL_LD, AFL_CLANG_FLTO);
2949*08b48e0bSAndroid Build Coastguard Worker if (aflcc->have_llvm)
2950*08b48e0bSAndroid Build Coastguard Worker SAYF("afl-cc LLVM version %d using the binary path \"%s\".\n", LLVM_MAJOR,
2951*08b48e0bSAndroid Build Coastguard Worker LLVM_BINDIR);
2952*08b48e0bSAndroid Build Coastguard Worker #endif
2953*08b48e0bSAndroid Build Coastguard Worker
2954*08b48e0bSAndroid Build Coastguard Worker #ifdef USEMMAP
2955*08b48e0bSAndroid Build Coastguard Worker #if !defined(__HAIKU__)
2956*08b48e0bSAndroid Build Coastguard Worker SAYF("Compiled with shm_open support.\n");
2957*08b48e0bSAndroid Build Coastguard Worker #else
2958*08b48e0bSAndroid Build Coastguard Worker SAYF("Compiled with shm_open support (adds -lrt when linking).\n");
2959*08b48e0bSAndroid Build Coastguard Worker #endif
2960*08b48e0bSAndroid Build Coastguard Worker #else
2961*08b48e0bSAndroid Build Coastguard Worker SAYF("Compiled with shmat support.\n");
2962*08b48e0bSAndroid Build Coastguard Worker #endif
2963*08b48e0bSAndroid Build Coastguard Worker SAYF("\n");
2964*08b48e0bSAndroid Build Coastguard Worker
2965*08b48e0bSAndroid Build Coastguard Worker SAYF(
2966*08b48e0bSAndroid Build Coastguard Worker "Do not be overwhelmed :) afl-cc uses good defaults if no options are "
2967*08b48e0bSAndroid Build Coastguard Worker "selected.\n"
2968*08b48e0bSAndroid Build Coastguard Worker "Read the documentation for FEATURES though, all are good but few are "
2969*08b48e0bSAndroid Build Coastguard Worker "defaults.\n"
2970*08b48e0bSAndroid Build Coastguard Worker "Recommended is afl-clang-lto with AFL_LLVM_CMPLOG or afl-clang-fast "
2971*08b48e0bSAndroid Build Coastguard Worker "with\n"
2972*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_CMPLOG and "
2973*08b48e0bSAndroid Build Coastguard Worker "AFL_LLVM_DICT2FILE+AFL_LLVM_DICT2FILE_NO_MAIN.\n\n");
2974*08b48e0bSAndroid Build Coastguard Worker
2975*08b48e0bSAndroid Build Coastguard Worker if (LLVM_MAJOR < 13) {
2976*08b48e0bSAndroid Build Coastguard Worker
2977*08b48e0bSAndroid Build Coastguard Worker SAYF(
2978*08b48e0bSAndroid Build Coastguard Worker "Warning: It is highly recommended to use at least LLVM version 13 "
2979*08b48e0bSAndroid Build Coastguard Worker "(or better, higher) rather than %d!\n\n",
2980*08b48e0bSAndroid Build Coastguard Worker LLVM_MAJOR);
2981*08b48e0bSAndroid Build Coastguard Worker
2982*08b48e0bSAndroid Build Coastguard Worker }
2983*08b48e0bSAndroid Build Coastguard Worker
2984*08b48e0bSAndroid Build Coastguard Worker exit(1);
2985*08b48e0bSAndroid Build Coastguard Worker
2986*08b48e0bSAndroid Build Coastguard Worker }
2987*08b48e0bSAndroid Build Coastguard Worker
2988*08b48e0bSAndroid Build Coastguard Worker }
2989*08b48e0bSAndroid Build Coastguard Worker
2990*08b48e0bSAndroid Build Coastguard Worker /*
2991*08b48e0bSAndroid Build Coastguard Worker Process params passed to afl-cc.
2992*08b48e0bSAndroid Build Coastguard Worker
2993*08b48e0bSAndroid Build Coastguard Worker We have two working modes, *scan* and *non-scan*. In scan mode,
2994*08b48e0bSAndroid Build Coastguard Worker the main task is to set some variables in aflcc according to current argv[i],
2995*08b48e0bSAndroid Build Coastguard Worker while in non-scan mode, is to choose keep or drop current argv[i].
2996*08b48e0bSAndroid Build Coastguard Worker
2997*08b48e0bSAndroid Build Coastguard Worker We have several matching routines being called sequentially in the while-loop,
2998*08b48e0bSAndroid Build Coastguard Worker and each of them try to parse and match current argv[i] according to their own
2999*08b48e0bSAndroid Build Coastguard Worker rules. If one miss match, the next will then take over. In non-scan mode, each
3000*08b48e0bSAndroid Build Coastguard Worker argv[i] mis-matched by all the routines will be kept.
3001*08b48e0bSAndroid Build Coastguard Worker
3002*08b48e0bSAndroid Build Coastguard Worker These routines are:
3003*08b48e0bSAndroid Build Coastguard Worker 1. parse_misc_params
3004*08b48e0bSAndroid Build Coastguard Worker 2. parse_fsanitize
3005*08b48e0bSAndroid Build Coastguard Worker 3. parse_linking_params
3006*08b48e0bSAndroid Build Coastguard Worker 4. `if (*cur == '@') {...}`, i.e., parse response files
3007*08b48e0bSAndroid Build Coastguard Worker */
process_params(aflcc_state_t * aflcc,u8 scan,u32 argc,char ** argv)3008*08b48e0bSAndroid Build Coastguard Worker static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc,
3009*08b48e0bSAndroid Build Coastguard Worker char **argv) {
3010*08b48e0bSAndroid Build Coastguard Worker
3011*08b48e0bSAndroid Build Coastguard Worker // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]);
3012*08b48e0bSAndroid Build Coastguard Worker
3013*08b48e0bSAndroid Build Coastguard Worker /* Process the argument list. */
3014*08b48e0bSAndroid Build Coastguard Worker
3015*08b48e0bSAndroid Build Coastguard Worker u8 skip_next = 0;
3016*08b48e0bSAndroid Build Coastguard Worker while (--argc) {
3017*08b48e0bSAndroid Build Coastguard Worker
3018*08b48e0bSAndroid Build Coastguard Worker u8 *cur = *(++argv);
3019*08b48e0bSAndroid Build Coastguard Worker
3020*08b48e0bSAndroid Build Coastguard Worker if (skip_next > 0) {
3021*08b48e0bSAndroid Build Coastguard Worker
3022*08b48e0bSAndroid Build Coastguard Worker skip_next--;
3023*08b48e0bSAndroid Build Coastguard Worker continue;
3024*08b48e0bSAndroid Build Coastguard Worker
3025*08b48e0bSAndroid Build Coastguard Worker }
3026*08b48e0bSAndroid Build Coastguard Worker
3027*08b48e0bSAndroid Build Coastguard Worker if (PARAM_MISS != parse_misc_params(aflcc, cur, scan)) continue;
3028*08b48e0bSAndroid Build Coastguard Worker
3029*08b48e0bSAndroid Build Coastguard Worker if (PARAM_MISS != parse_fsanitize(aflcc, cur, scan)) continue;
3030*08b48e0bSAndroid Build Coastguard Worker
3031*08b48e0bSAndroid Build Coastguard Worker if (PARAM_MISS != parse_linking_params(aflcc, cur, scan, &skip_next, argv))
3032*08b48e0bSAndroid Build Coastguard Worker continue;
3033*08b48e0bSAndroid Build Coastguard Worker
3034*08b48e0bSAndroid Build Coastguard Worker /* Response file support -----BEGIN-----
3035*08b48e0bSAndroid Build Coastguard Worker We have two choices - move everything to the command line or
3036*08b48e0bSAndroid Build Coastguard Worker rewrite the response files to temporary files and delete them
3037*08b48e0bSAndroid Build Coastguard Worker afterwards. We choose the first for easiness.
3038*08b48e0bSAndroid Build Coastguard Worker For clang, llvm::cl::ExpandResponseFiles does this, however it
3039*08b48e0bSAndroid Build Coastguard Worker only has C++ interface. And for gcc there is expandargv in libiberty,
3040*08b48e0bSAndroid Build Coastguard Worker written in C, but we can't simply copy-paste since its LGPL licensed.
3041*08b48e0bSAndroid Build Coastguard Worker So here we use an equivalent FSM as alternative, and try to be compatible
3042*08b48e0bSAndroid Build Coastguard Worker with the two above. See:
3043*08b48e0bSAndroid Build Coastguard Worker - https://gcc.gnu.org/onlinedocs/gcc/Overall-Options.html
3044*08b48e0bSAndroid Build Coastguard Worker - driver::expand_at_files in gcc.git/gcc/gcc.c
3045*08b48e0bSAndroid Build Coastguard Worker - expandargv in gcc.git/libiberty/argv.c
3046*08b48e0bSAndroid Build Coastguard Worker - llvm-project.git/clang/tools/driver/driver.cpp
3047*08b48e0bSAndroid Build Coastguard Worker - ExpandResponseFiles in
3048*08b48e0bSAndroid Build Coastguard Worker llvm-project.git/llvm/lib/Support/CommandLine.cpp
3049*08b48e0bSAndroid Build Coastguard Worker */
3050*08b48e0bSAndroid Build Coastguard Worker if (*cur == '@') {
3051*08b48e0bSAndroid Build Coastguard Worker
3052*08b48e0bSAndroid Build Coastguard Worker u8 *filename = cur + 1;
3053*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) { DEBUGF("response file=%s\n", filename); }
3054*08b48e0bSAndroid Build Coastguard Worker
3055*08b48e0bSAndroid Build Coastguard Worker // Check not found or empty? let the compiler complain if so.
3056*08b48e0bSAndroid Build Coastguard Worker FILE *f = fopen(filename, "r");
3057*08b48e0bSAndroid Build Coastguard Worker if (!f) {
3058*08b48e0bSAndroid Build Coastguard Worker
3059*08b48e0bSAndroid Build Coastguard Worker if (!scan) insert_param(aflcc, cur);
3060*08b48e0bSAndroid Build Coastguard Worker continue;
3061*08b48e0bSAndroid Build Coastguard Worker
3062*08b48e0bSAndroid Build Coastguard Worker }
3063*08b48e0bSAndroid Build Coastguard Worker
3064*08b48e0bSAndroid Build Coastguard Worker struct stat st;
3065*08b48e0bSAndroid Build Coastguard Worker if (fstat(fileno(f), &st) || !S_ISREG(st.st_mode) || st.st_size < 1) {
3066*08b48e0bSAndroid Build Coastguard Worker
3067*08b48e0bSAndroid Build Coastguard Worker fclose(f);
3068*08b48e0bSAndroid Build Coastguard Worker if (!scan) insert_param(aflcc, cur);
3069*08b48e0bSAndroid Build Coastguard Worker continue;
3070*08b48e0bSAndroid Build Coastguard Worker
3071*08b48e0bSAndroid Build Coastguard Worker }
3072*08b48e0bSAndroid Build Coastguard Worker
3073*08b48e0bSAndroid Build Coastguard Worker // Limit the number of response files, the max value
3074*08b48e0bSAndroid Build Coastguard Worker // just keep consistent with expandargv. Only do this in
3075*08b48e0bSAndroid Build Coastguard Worker // scan mode, and not touch rsp_count anymore in the next.
3076*08b48e0bSAndroid Build Coastguard Worker static u32 rsp_count = 2000;
3077*08b48e0bSAndroid Build Coastguard Worker if (scan) {
3078*08b48e0bSAndroid Build Coastguard Worker
3079*08b48e0bSAndroid Build Coastguard Worker if (rsp_count == 0) FATAL("Too many response files provided!");
3080*08b48e0bSAndroid Build Coastguard Worker
3081*08b48e0bSAndroid Build Coastguard Worker --rsp_count;
3082*08b48e0bSAndroid Build Coastguard Worker
3083*08b48e0bSAndroid Build Coastguard Worker }
3084*08b48e0bSAndroid Build Coastguard Worker
3085*08b48e0bSAndroid Build Coastguard Worker // argc, argv acquired from this rsp file. Note that
3086*08b48e0bSAndroid Build Coastguard Worker // process_params ignores argv[0], we need to put a const "" here.
3087*08b48e0bSAndroid Build Coastguard Worker u32 argc_read = 1;
3088*08b48e0bSAndroid Build Coastguard Worker char **argv_read = ck_alloc(sizeof(char *));
3089*08b48e0bSAndroid Build Coastguard Worker argv_read[0] = "";
3090*08b48e0bSAndroid Build Coastguard Worker
3091*08b48e0bSAndroid Build Coastguard Worker char *arg_buf = NULL;
3092*08b48e0bSAndroid Build Coastguard Worker u64 arg_len = 0;
3093*08b48e0bSAndroid Build Coastguard Worker
3094*08b48e0bSAndroid Build Coastguard Worker enum fsm_state {
3095*08b48e0bSAndroid Build Coastguard Worker
3096*08b48e0bSAndroid Build Coastguard Worker fsm_whitespace, // whitespace seen so far
3097*08b48e0bSAndroid Build Coastguard Worker fsm_double_quote, // have unpaired double quote
3098*08b48e0bSAndroid Build Coastguard Worker fsm_single_quote, // have unpaired single quote
3099*08b48e0bSAndroid Build Coastguard Worker fsm_backslash, // a backslash is seen with no unpaired quote
3100*08b48e0bSAndroid Build Coastguard Worker fsm_normal // a normal char is seen
3101*08b48e0bSAndroid Build Coastguard Worker
3102*08b48e0bSAndroid Build Coastguard Worker };
3103*08b48e0bSAndroid Build Coastguard Worker
3104*08b48e0bSAndroid Build Coastguard Worker // Workaround to append c to arg buffer, and append the buffer to argv
3105*08b48e0bSAndroid Build Coastguard Worker #define ARG_ALLOC(c) \
3106*08b48e0bSAndroid Build Coastguard Worker do { \
3107*08b48e0bSAndroid Build Coastguard Worker \
3108*08b48e0bSAndroid Build Coastguard Worker ++arg_len; \
3109*08b48e0bSAndroid Build Coastguard Worker arg_buf = ck_realloc(arg_buf, (arg_len + 1) * sizeof(char)); \
3110*08b48e0bSAndroid Build Coastguard Worker arg_buf[arg_len] = '\0'; \
3111*08b48e0bSAndroid Build Coastguard Worker arg_buf[arg_len - 1] = (char)c; \
3112*08b48e0bSAndroid Build Coastguard Worker \
3113*08b48e0bSAndroid Build Coastguard Worker } while (0)
3114*08b48e0bSAndroid Build Coastguard Worker
3115*08b48e0bSAndroid Build Coastguard Worker #define ARG_STORE() \
3116*08b48e0bSAndroid Build Coastguard Worker do { \
3117*08b48e0bSAndroid Build Coastguard Worker \
3118*08b48e0bSAndroid Build Coastguard Worker ++argc_read; \
3119*08b48e0bSAndroid Build Coastguard Worker argv_read = ck_realloc(argv_read, argc_read * sizeof(char *)); \
3120*08b48e0bSAndroid Build Coastguard Worker argv_read[argc_read - 1] = arg_buf; \
3121*08b48e0bSAndroid Build Coastguard Worker arg_buf = NULL; \
3122*08b48e0bSAndroid Build Coastguard Worker arg_len = 0; \
3123*08b48e0bSAndroid Build Coastguard Worker \
3124*08b48e0bSAndroid Build Coastguard Worker } while (0)
3125*08b48e0bSAndroid Build Coastguard Worker
3126*08b48e0bSAndroid Build Coastguard Worker int cur_chr = (int)' '; // init as whitespace, as a good start :)
3127*08b48e0bSAndroid Build Coastguard Worker enum fsm_state state_ = fsm_whitespace;
3128*08b48e0bSAndroid Build Coastguard Worker
3129*08b48e0bSAndroid Build Coastguard Worker while (cur_chr != EOF) {
3130*08b48e0bSAndroid Build Coastguard Worker
3131*08b48e0bSAndroid Build Coastguard Worker switch (state_) {
3132*08b48e0bSAndroid Build Coastguard Worker
3133*08b48e0bSAndroid Build Coastguard Worker case fsm_whitespace:
3134*08b48e0bSAndroid Build Coastguard Worker
3135*08b48e0bSAndroid Build Coastguard Worker if (arg_buf) {
3136*08b48e0bSAndroid Build Coastguard Worker
3137*08b48e0bSAndroid Build Coastguard Worker ARG_STORE();
3138*08b48e0bSAndroid Build Coastguard Worker break;
3139*08b48e0bSAndroid Build Coastguard Worker
3140*08b48e0bSAndroid Build Coastguard Worker }
3141*08b48e0bSAndroid Build Coastguard Worker
3142*08b48e0bSAndroid Build Coastguard Worker if (isspace(cur_chr)) {
3143*08b48e0bSAndroid Build Coastguard Worker
3144*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3145*08b48e0bSAndroid Build Coastguard Worker
3146*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'\'') {
3147*08b48e0bSAndroid Build Coastguard Worker
3148*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_single_quote;
3149*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3150*08b48e0bSAndroid Build Coastguard Worker
3151*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'"') {
3152*08b48e0bSAndroid Build Coastguard Worker
3153*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_double_quote;
3154*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3155*08b48e0bSAndroid Build Coastguard Worker
3156*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'\\') {
3157*08b48e0bSAndroid Build Coastguard Worker
3158*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_backslash;
3159*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3160*08b48e0bSAndroid Build Coastguard Worker
3161*08b48e0bSAndroid Build Coastguard Worker } else {
3162*08b48e0bSAndroid Build Coastguard Worker
3163*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_normal;
3164*08b48e0bSAndroid Build Coastguard Worker
3165*08b48e0bSAndroid Build Coastguard Worker }
3166*08b48e0bSAndroid Build Coastguard Worker
3167*08b48e0bSAndroid Build Coastguard Worker break;
3168*08b48e0bSAndroid Build Coastguard Worker
3169*08b48e0bSAndroid Build Coastguard Worker case fsm_normal:
3170*08b48e0bSAndroid Build Coastguard Worker
3171*08b48e0bSAndroid Build Coastguard Worker if (isspace(cur_chr)) {
3172*08b48e0bSAndroid Build Coastguard Worker
3173*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_whitespace;
3174*08b48e0bSAndroid Build Coastguard Worker
3175*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'\'') {
3176*08b48e0bSAndroid Build Coastguard Worker
3177*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_single_quote;
3178*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3179*08b48e0bSAndroid Build Coastguard Worker
3180*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'\"') {
3181*08b48e0bSAndroid Build Coastguard Worker
3182*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_double_quote;
3183*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3184*08b48e0bSAndroid Build Coastguard Worker
3185*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'\\') {
3186*08b48e0bSAndroid Build Coastguard Worker
3187*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_backslash;
3188*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3189*08b48e0bSAndroid Build Coastguard Worker
3190*08b48e0bSAndroid Build Coastguard Worker } else {
3191*08b48e0bSAndroid Build Coastguard Worker
3192*08b48e0bSAndroid Build Coastguard Worker ARG_ALLOC(cur_chr);
3193*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3194*08b48e0bSAndroid Build Coastguard Worker
3195*08b48e0bSAndroid Build Coastguard Worker }
3196*08b48e0bSAndroid Build Coastguard Worker
3197*08b48e0bSAndroid Build Coastguard Worker break;
3198*08b48e0bSAndroid Build Coastguard Worker
3199*08b48e0bSAndroid Build Coastguard Worker case fsm_backslash:
3200*08b48e0bSAndroid Build Coastguard Worker
3201*08b48e0bSAndroid Build Coastguard Worker ARG_ALLOC(cur_chr);
3202*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3203*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_normal;
3204*08b48e0bSAndroid Build Coastguard Worker
3205*08b48e0bSAndroid Build Coastguard Worker break;
3206*08b48e0bSAndroid Build Coastguard Worker
3207*08b48e0bSAndroid Build Coastguard Worker case fsm_single_quote:
3208*08b48e0bSAndroid Build Coastguard Worker
3209*08b48e0bSAndroid Build Coastguard Worker if (cur_chr == (int)'\\') {
3210*08b48e0bSAndroid Build Coastguard Worker
3211*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3212*08b48e0bSAndroid Build Coastguard Worker if (cur_chr == EOF) break;
3213*08b48e0bSAndroid Build Coastguard Worker ARG_ALLOC(cur_chr);
3214*08b48e0bSAndroid Build Coastguard Worker
3215*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'\'') {
3216*08b48e0bSAndroid Build Coastguard Worker
3217*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_normal;
3218*08b48e0bSAndroid Build Coastguard Worker
3219*08b48e0bSAndroid Build Coastguard Worker } else {
3220*08b48e0bSAndroid Build Coastguard Worker
3221*08b48e0bSAndroid Build Coastguard Worker ARG_ALLOC(cur_chr);
3222*08b48e0bSAndroid Build Coastguard Worker
3223*08b48e0bSAndroid Build Coastguard Worker }
3224*08b48e0bSAndroid Build Coastguard Worker
3225*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3226*08b48e0bSAndroid Build Coastguard Worker break;
3227*08b48e0bSAndroid Build Coastguard Worker
3228*08b48e0bSAndroid Build Coastguard Worker case fsm_double_quote:
3229*08b48e0bSAndroid Build Coastguard Worker
3230*08b48e0bSAndroid Build Coastguard Worker if (cur_chr == (int)'\\') {
3231*08b48e0bSAndroid Build Coastguard Worker
3232*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3233*08b48e0bSAndroid Build Coastguard Worker if (cur_chr == EOF) break;
3234*08b48e0bSAndroid Build Coastguard Worker ARG_ALLOC(cur_chr);
3235*08b48e0bSAndroid Build Coastguard Worker
3236*08b48e0bSAndroid Build Coastguard Worker } else if (cur_chr == (int)'"') {
3237*08b48e0bSAndroid Build Coastguard Worker
3238*08b48e0bSAndroid Build Coastguard Worker state_ = fsm_normal;
3239*08b48e0bSAndroid Build Coastguard Worker
3240*08b48e0bSAndroid Build Coastguard Worker } else {
3241*08b48e0bSAndroid Build Coastguard Worker
3242*08b48e0bSAndroid Build Coastguard Worker ARG_ALLOC(cur_chr);
3243*08b48e0bSAndroid Build Coastguard Worker
3244*08b48e0bSAndroid Build Coastguard Worker }
3245*08b48e0bSAndroid Build Coastguard Worker
3246*08b48e0bSAndroid Build Coastguard Worker cur_chr = fgetc(f);
3247*08b48e0bSAndroid Build Coastguard Worker break;
3248*08b48e0bSAndroid Build Coastguard Worker
3249*08b48e0bSAndroid Build Coastguard Worker default:
3250*08b48e0bSAndroid Build Coastguard Worker break;
3251*08b48e0bSAndroid Build Coastguard Worker
3252*08b48e0bSAndroid Build Coastguard Worker }
3253*08b48e0bSAndroid Build Coastguard Worker
3254*08b48e0bSAndroid Build Coastguard Worker }
3255*08b48e0bSAndroid Build Coastguard Worker
3256*08b48e0bSAndroid Build Coastguard Worker if (arg_buf) { ARG_STORE(); } // save the pending arg after EOF
3257*08b48e0bSAndroid Build Coastguard Worker
3258*08b48e0bSAndroid Build Coastguard Worker #undef ARG_ALLOC
3259*08b48e0bSAndroid Build Coastguard Worker #undef ARG_STORE
3260*08b48e0bSAndroid Build Coastguard Worker
3261*08b48e0bSAndroid Build Coastguard Worker if (argc_read > 1) { process_params(aflcc, scan, argc_read, argv_read); }
3262*08b48e0bSAndroid Build Coastguard Worker
3263*08b48e0bSAndroid Build Coastguard Worker // We cannot free argv_read[] unless we don't need to keep any
3264*08b48e0bSAndroid Build Coastguard Worker // reference in cc_params. Never free argv[0], the const "".
3265*08b48e0bSAndroid Build Coastguard Worker if (scan) {
3266*08b48e0bSAndroid Build Coastguard Worker
3267*08b48e0bSAndroid Build Coastguard Worker while (argc_read > 1)
3268*08b48e0bSAndroid Build Coastguard Worker ck_free(argv_read[--argc_read]);
3269*08b48e0bSAndroid Build Coastguard Worker
3270*08b48e0bSAndroid Build Coastguard Worker ck_free(argv_read);
3271*08b48e0bSAndroid Build Coastguard Worker
3272*08b48e0bSAndroid Build Coastguard Worker }
3273*08b48e0bSAndroid Build Coastguard Worker
3274*08b48e0bSAndroid Build Coastguard Worker continue;
3275*08b48e0bSAndroid Build Coastguard Worker
3276*08b48e0bSAndroid Build Coastguard Worker } /* Response file support -----END----- */
3277*08b48e0bSAndroid Build Coastguard Worker
3278*08b48e0bSAndroid Build Coastguard Worker if (!scan) insert_param(aflcc, cur);
3279*08b48e0bSAndroid Build Coastguard Worker
3280*08b48e0bSAndroid Build Coastguard Worker }
3281*08b48e0bSAndroid Build Coastguard Worker
3282*08b48e0bSAndroid Build Coastguard Worker }
3283*08b48e0bSAndroid Build Coastguard Worker
3284*08b48e0bSAndroid Build Coastguard Worker /* Process each of the existing argv, also add a few new args. */
edit_params(aflcc_state_t * aflcc,u32 argc,char ** argv,char ** envp)3285*08b48e0bSAndroid Build Coastguard Worker static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv,
3286*08b48e0bSAndroid Build Coastguard Worker char **envp) {
3287*08b48e0bSAndroid Build Coastguard Worker
3288*08b48e0bSAndroid Build Coastguard Worker add_real_argv0(aflcc);
3289*08b48e0bSAndroid Build Coastguard Worker
3290*08b48e0bSAndroid Build Coastguard Worker // prevent unnecessary build errors
3291*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC) {
3292*08b48e0bSAndroid Build Coastguard Worker
3293*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-Wno-unused-command-line-argument");
3294*08b48e0bSAndroid Build Coastguard Worker
3295*08b48e0bSAndroid Build Coastguard Worker }
3296*08b48e0bSAndroid Build Coastguard Worker
3297*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) {
3298*08b48e0bSAndroid Build Coastguard Worker
3299*08b48e0bSAndroid Build Coastguard Worker add_assembler(aflcc);
3300*08b48e0bSAndroid Build Coastguard Worker
3301*08b48e0bSAndroid Build Coastguard Worker }
3302*08b48e0bSAndroid Build Coastguard Worker
3303*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == GCC_PLUGIN) { add_gcc_plugin(aflcc); }
3304*08b48e0bSAndroid Build Coastguard Worker
3305*08b48e0bSAndroid Build Coastguard Worker if (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == LTO) {
3306*08b48e0bSAndroid Build Coastguard Worker
3307*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode && aflcc->have_instr_env) {
3308*08b48e0bSAndroid Build Coastguard Worker
3309*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "afl-llvm-lto-instrumentlist.so");
3310*08b48e0bSAndroid Build Coastguard Worker
3311*08b48e0bSAndroid Build Coastguard Worker }
3312*08b48e0bSAndroid Build Coastguard Worker
3313*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_DICT2FILE")) {
3314*08b48e0bSAndroid Build Coastguard Worker
3315*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "afl-llvm-dict2file.so");
3316*08b48e0bSAndroid Build Coastguard Worker
3317*08b48e0bSAndroid Build Coastguard Worker }
3318*08b48e0bSAndroid Build Coastguard Worker
3319*08b48e0bSAndroid Build Coastguard Worker // laf
3320*08b48e0bSAndroid Build Coastguard Worker if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) {
3321*08b48e0bSAndroid Build Coastguard Worker
3322*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "split-switches-pass.so");
3323*08b48e0bSAndroid Build Coastguard Worker
3324*08b48e0bSAndroid Build Coastguard Worker }
3325*08b48e0bSAndroid Build Coastguard Worker
3326*08b48e0bSAndroid Build Coastguard Worker if (getenv("LAF_TRANSFORM_COMPARES") ||
3327*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) {
3328*08b48e0bSAndroid Build Coastguard Worker
3329*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "compare-transform-pass.so");
3330*08b48e0bSAndroid Build Coastguard Worker
3331*08b48e0bSAndroid Build Coastguard Worker }
3332*08b48e0bSAndroid Build Coastguard Worker
3333*08b48e0bSAndroid Build Coastguard Worker if (getenv("LAF_SPLIT_COMPARES") || getenv("AFL_LLVM_LAF_SPLIT_COMPARES") ||
3334*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_LAF_SPLIT_FLOATS")) {
3335*08b48e0bSAndroid Build Coastguard Worker
3336*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "split-compares-pass.so");
3337*08b48e0bSAndroid Build Coastguard Worker
3338*08b48e0bSAndroid Build Coastguard Worker }
3339*08b48e0bSAndroid Build Coastguard Worker
3340*08b48e0bSAndroid Build Coastguard Worker // /laf
3341*08b48e0bSAndroid Build Coastguard Worker
3342*08b48e0bSAndroid Build Coastguard Worker if (aflcc->cmplog_mode) {
3343*08b48e0bSAndroid Build Coastguard Worker
3344*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, "-fno-inline");
3345*08b48e0bSAndroid Build Coastguard Worker
3346*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "cmplog-switches-pass.so");
3347*08b48e0bSAndroid Build Coastguard Worker // reuse split switches from laf
3348*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "split-switches-pass.so");
3349*08b48e0bSAndroid Build Coastguard Worker
3350*08b48e0bSAndroid Build Coastguard Worker }
3351*08b48e0bSAndroid Build Coastguard Worker
3352*08b48e0bSAndroid Build Coastguard Worker // #if LLVM_MAJOR >= 13
3353*08b48e0bSAndroid Build Coastguard Worker // // Use the old pass manager in LLVM 14 which the AFL++ passes still
3354*08b48e0bSAndroid Build Coastguard Worker // use. insert_param(aflcc, "-flegacy-pass-manager");
3355*08b48e0bSAndroid Build Coastguard Worker // #endif
3356*08b48e0bSAndroid Build Coastguard Worker
3357*08b48e0bSAndroid Build Coastguard Worker if (aflcc->lto_mode) {
3358*08b48e0bSAndroid Build Coastguard Worker
3359*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, aflcc->lto_flag);
3360*08b48e0bSAndroid Build Coastguard Worker
3361*08b48e0bSAndroid Build Coastguard Worker if (!aflcc->have_c) {
3362*08b48e0bSAndroid Build Coastguard Worker
3363*08b48e0bSAndroid Build Coastguard Worker add_lto_linker(aflcc);
3364*08b48e0bSAndroid Build Coastguard Worker add_lto_passes(aflcc);
3365*08b48e0bSAndroid Build Coastguard Worker
3366*08b48e0bSAndroid Build Coastguard Worker }
3367*08b48e0bSAndroid Build Coastguard Worker
3368*08b48e0bSAndroid Build Coastguard Worker } else {
3369*08b48e0bSAndroid Build Coastguard Worker
3370*08b48e0bSAndroid Build Coastguard Worker if (aflcc->instrument_mode == INSTRUMENT_PCGUARD) {
3371*08b48e0bSAndroid Build Coastguard Worker
3372*08b48e0bSAndroid Build Coastguard Worker add_optimized_pcguard(aflcc);
3373*08b48e0bSAndroid Build Coastguard Worker
3374*08b48e0bSAndroid Build Coastguard Worker } else if (aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) {
3375*08b48e0bSAndroid Build Coastguard Worker
3376*08b48e0bSAndroid Build Coastguard Worker add_native_pcguard(aflcc);
3377*08b48e0bSAndroid Build Coastguard Worker
3378*08b48e0bSAndroid Build Coastguard Worker } else {
3379*08b48e0bSAndroid Build Coastguard Worker
3380*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "afl-llvm-pass.so");
3381*08b48e0bSAndroid Build Coastguard Worker
3382*08b48e0bSAndroid Build Coastguard Worker }
3383*08b48e0bSAndroid Build Coastguard Worker
3384*08b48e0bSAndroid Build Coastguard Worker }
3385*08b48e0bSAndroid Build Coastguard Worker
3386*08b48e0bSAndroid Build Coastguard Worker if (aflcc->cmplog_mode) {
3387*08b48e0bSAndroid Build Coastguard Worker
3388*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "cmplog-instructions-pass.so");
3389*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "cmplog-routines-pass.so");
3390*08b48e0bSAndroid Build Coastguard Worker
3391*08b48e0bSAndroid Build Coastguard Worker }
3392*08b48e0bSAndroid Build Coastguard Worker
3393*08b48e0bSAndroid Build Coastguard Worker if (getenv("AFL_LLVM_INJECTIONS_ALL") ||
3394*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_INJECTIONS_SQL") ||
3395*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_INJECTIONS_LDAP") ||
3396*08b48e0bSAndroid Build Coastguard Worker getenv("AFL_LLVM_INJECTIONS_XSS")) {
3397*08b48e0bSAndroid Build Coastguard Worker
3398*08b48e0bSAndroid Build Coastguard Worker load_llvm_pass(aflcc, "injection-pass.so");
3399*08b48e0bSAndroid Build Coastguard Worker
3400*08b48e0bSAndroid Build Coastguard Worker }
3401*08b48e0bSAndroid Build Coastguard Worker
3402*08b48e0bSAndroid Build Coastguard Worker // insert_param(aflcc, "-Qunused-arguments");
3403*08b48e0bSAndroid Build Coastguard Worker
3404*08b48e0bSAndroid Build Coastguard Worker }
3405*08b48e0bSAndroid Build Coastguard Worker
3406*08b48e0bSAndroid Build Coastguard Worker /* Inspect the command line parameters. */
3407*08b48e0bSAndroid Build Coastguard Worker
3408*08b48e0bSAndroid Build Coastguard Worker process_params(aflcc, 0, argc, argv);
3409*08b48e0bSAndroid Build Coastguard Worker
3410*08b48e0bSAndroid Build Coastguard Worker add_sanitizers(aflcc, envp);
3411*08b48e0bSAndroid Build Coastguard Worker
3412*08b48e0bSAndroid Build Coastguard Worker add_misc_params(aflcc);
3413*08b48e0bSAndroid Build Coastguard Worker
3414*08b48e0bSAndroid Build Coastguard Worker add_defs_common(aflcc);
3415*08b48e0bSAndroid Build Coastguard Worker add_defs_selective_instr(aflcc);
3416*08b48e0bSAndroid Build Coastguard Worker add_defs_persistent_mode(aflcc);
3417*08b48e0bSAndroid Build Coastguard Worker
3418*08b48e0bSAndroid Build Coastguard Worker add_runtime(aflcc);
3419*08b48e0bSAndroid Build Coastguard Worker
3420*08b48e0bSAndroid Build Coastguard Worker insert_param(aflcc, NULL);
3421*08b48e0bSAndroid Build Coastguard Worker
3422*08b48e0bSAndroid Build Coastguard Worker }
3423*08b48e0bSAndroid Build Coastguard Worker
3424*08b48e0bSAndroid Build Coastguard Worker /* Main entry point */
main(int argc,char ** argv,char ** envp)3425*08b48e0bSAndroid Build Coastguard Worker int main(int argc, char **argv, char **envp) {
3426*08b48e0bSAndroid Build Coastguard Worker
3427*08b48e0bSAndroid Build Coastguard Worker aflcc_state_t *aflcc = malloc(sizeof(aflcc_state_t));
3428*08b48e0bSAndroid Build Coastguard Worker aflcc_state_init(aflcc, (u8 *)argv[0]);
3429*08b48e0bSAndroid Build Coastguard Worker
3430*08b48e0bSAndroid Build Coastguard Worker check_environment_vars(envp);
3431*08b48e0bSAndroid Build Coastguard Worker
3432*08b48e0bSAndroid Build Coastguard Worker find_built_deps(aflcc);
3433*08b48e0bSAndroid Build Coastguard Worker
3434*08b48e0bSAndroid Build Coastguard Worker compiler_mode_by_callname(aflcc);
3435*08b48e0bSAndroid Build Coastguard Worker compiler_mode_by_environ(aflcc);
3436*08b48e0bSAndroid Build Coastguard Worker compiler_mode_by_cmdline(aflcc, argc, argv);
3437*08b48e0bSAndroid Build Coastguard Worker
3438*08b48e0bSAndroid Build Coastguard Worker instrument_mode_by_environ(aflcc);
3439*08b48e0bSAndroid Build Coastguard Worker
3440*08b48e0bSAndroid Build Coastguard Worker mode_final_checkout(aflcc, argc, argv);
3441*08b48e0bSAndroid Build Coastguard Worker
3442*08b48e0bSAndroid Build Coastguard Worker process_params(aflcc, 1, argc, argv);
3443*08b48e0bSAndroid Build Coastguard Worker
3444*08b48e0bSAndroid Build Coastguard Worker maybe_usage(aflcc, argc, argv);
3445*08b48e0bSAndroid Build Coastguard Worker
3446*08b48e0bSAndroid Build Coastguard Worker mode_notification(aflcc);
3447*08b48e0bSAndroid Build Coastguard Worker
3448*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug) debugf_args(argc, argv);
3449*08b48e0bSAndroid Build Coastguard Worker
3450*08b48e0bSAndroid Build Coastguard Worker edit_params(aflcc, argc, argv, envp);
3451*08b48e0bSAndroid Build Coastguard Worker
3452*08b48e0bSAndroid Build Coastguard Worker if (aflcc->debug)
3453*08b48e0bSAndroid Build Coastguard Worker debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params);
3454*08b48e0bSAndroid Build Coastguard Worker
3455*08b48e0bSAndroid Build Coastguard Worker if (aflcc->passthrough) {
3456*08b48e0bSAndroid Build Coastguard Worker
3457*08b48e0bSAndroid Build Coastguard Worker argv[0] = aflcc->cc_params[0];
3458*08b48e0bSAndroid Build Coastguard Worker execvp(aflcc->cc_params[0], (char **)argv);
3459*08b48e0bSAndroid Build Coastguard Worker
3460*08b48e0bSAndroid Build Coastguard Worker } else {
3461*08b48e0bSAndroid Build Coastguard Worker
3462*08b48e0bSAndroid Build Coastguard Worker execvp(aflcc->cc_params[0], (char **)aflcc->cc_params);
3463*08b48e0bSAndroid Build Coastguard Worker
3464*08b48e0bSAndroid Build Coastguard Worker }
3465*08b48e0bSAndroid Build Coastguard Worker
3466*08b48e0bSAndroid Build Coastguard Worker FATAL("Oops, failed to execute '%s' - check your PATH", aflcc->cc_params[0]);
3467*08b48e0bSAndroid Build Coastguard Worker
3468*08b48e0bSAndroid Build Coastguard Worker return 0;
3469*08b48e0bSAndroid Build Coastguard Worker
3470*08b48e0bSAndroid Build Coastguard Worker }
3471*08b48e0bSAndroid Build Coastguard Worker
3472