Skip to content

Commit

Permalink
Recover useful CmpLog updates from #1630 (#1684)
Browse files Browse the repository at this point in the history
* add

* ci

* wip

* make type name more clear

* last

* add

* more fix

* chg

* fmt

* save changes

* fix_handler

* cfg

* win

* fix

* toml

* f

* more

* fix all the stuff

* fix

* revert fuzzers/fuzzbench to origin/main
  • Loading branch information
tokatoka authored Jan 3, 2024
1 parent 9b2a178 commit 75fcd47
Show file tree
Hide file tree
Showing 13 changed files with 545 additions and 544 deletions.
4 changes: 2 additions & 2 deletions libafl/src/mutators/token_mutations.rs
Original file line number Diff line number Diff line change
Expand Up @@ -715,8 +715,8 @@ impl AFLppRedQueen {
};

// Try arith
let diff: i64 = (pattern - b_val) as i64;
let new_diff: i64 = (another_pattern - o_b_val) as i64;
let diff = pattern as i64 - b_val as i64;
let new_diff = another_pattern as i64 - o_b_val as i64;

if diff == new_diff && diff != 0 {
let new_repl: u64 = (repl as i64 - diff) as u64;
Expand Down
1 change: 0 additions & 1 deletion libafl_cc/build.rs
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,6 @@ pub const LIBAFL_CC_LLVM_VERSION: Option<usize> = None;
"autotokens-pass.cc",
"coverage-accounting-pass.cc",
"cmplog-instructions-pass.cc",
"cmplog-switches-pass.cc",
] {
build_pass(
bindir_path,
Expand Down
6 changes: 0 additions & 6 deletions libafl_cc/src/clang.rs
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,6 @@ pub enum LLVMPasses {
#[cfg(unix)]
/// The CmpLog Instruction pass
CmpLogInstructions,
#[cfg(unix)]
/// The CmpLog Switch pass
CmpLogSwitches,
}

impl LLVMPasses {
Expand All @@ -69,9 +66,6 @@ impl LLVMPasses {
#[cfg(unix)]
LLVMPasses::CmpLogInstructions => PathBuf::from(env!("OUT_DIR"))
.join(format!("cmplog-instructions-pass.{}", dll_extension())),
#[cfg(unix)]
LLVMPasses::CmpLogSwitches => PathBuf::from(env!("OUT_DIR"))
.join(format!("cmplog-switches-pass.{}", dll_extension())),
}
}
}
Expand Down
124 changes: 120 additions & 4 deletions libafl_cc/src/cmplog-instructions-pass.cc
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,11 @@ llvmGetPassPluginInfo() {
#if LLVM_VERSION_MAJOR <= 13
using OptimizationLevel = typename PassBuilder::OptimizationLevel;
#endif
#if LLVM_VERSION_MAJOR >= 16
PB.registerOptimizerEarlyEPCallback(
#else
PB.registerOptimizerLastEPCallback(
#endif
[](ModulePassManager &MPM, OptimizationLevel OL) {
MPM.addPass(CmpLogInstructions());
});
Expand All @@ -121,6 +125,7 @@ Iterator Unique(Iterator first, Iterator last) {

bool CmpLogInstructions::hookInstrs(Module &M) {
std::vector<Instruction *> icomps;
std::vector<SwitchInst *> switches;
LLVMContext &C = M.getContext();

Type *VoidTy = Type::getVoidTy(C);
Expand Down Expand Up @@ -202,8 +207,16 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
}
}
}

for (auto &BB : F) {
SwitchInst *switchInst = nullptr;
if ((switchInst = dyn_cast<SwitchInst>(BB.getTerminator()))) {
if (switchInst->getNumCases() > 1) { switches.push_back(switchInst); }
}
}
}

switches.erase(Unique(switches.begin(), switches.end()), switches.end());
if (icomps.size()) {
// if (!be_quiet) errs() << "Hooking " << icomps.size() <<
// " cmp instructions\n";
Expand Down Expand Up @@ -500,11 +513,114 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
}
}

if (icomps.size()) {
return true;
} else {
return false;
if (switches.size()) {
for (auto &SI : switches) {
Value *Val = SI->getCondition();
unsigned int max_size = Val->getType()->getIntegerBitWidth();
unsigned int cast_size;
unsigned char do_cast = 0;

if (!SI->getNumCases() || max_size < 16) {
// skipping trivial switch
continue;
}

if (max_size % 8) {
max_size = (((max_size / 8) + 1) * 8);
do_cast = 1;
}

if (max_size > 128) {
// can't handle this

max_size = 128;
do_cast = 1;
}

IRBuilder<> IRB(SI->getParent());
IRB.SetInsertPoint(SI);

switch (max_size) {
case 8:
case 16:
case 32:
case 64:
case 128:
cast_size = max_size;
break;
default:
cast_size = 128;
do_cast = 1;
}

// The predicate of the switch clause
Value *CompareTo = Val;
if (do_cast) {
CompareTo =
IRB.CreateIntCast(CompareTo, IntegerType::get(C, cast_size), false);
}

for (SwitchInst::CaseIt i = SI->case_begin(), e = SI->case_end(); i != e;
++i) {
// Who uses LLVM Major < 5?? :p
ConstantInt *cint = i->getCaseValue();

if (cint) {
std::vector<Value *> args;
args.push_back(CompareTo);

Value *new_param = cint;
if (do_cast) {
new_param =
IRB.CreateIntCast(cint, IntegerType::get(C, cast_size), false);
}

if (new_param) {
args.push_back(new_param);
if (CmplogExtended) {
ConstantInt *attribute = ConstantInt::get(Int8Ty, 1);
args.push_back(attribute);
}
if (cast_size != max_size) {
// not 8, 16, 32, 64, 128.
ConstantInt *bitsize =
ConstantInt::get(Int8Ty, (max_size / 8) - 1);
args.push_back(bitsize); // we have the arg for size in hookinsN
}

switch (cast_size) {
case 8:
IRB.CreateCall(cmplogHookIns1, args);
break;
case 16:
IRB.CreateCall(cmplogHookIns2, args);
break;
case 32:
IRB.CreateCall(cmplogHookIns4, args);
break;
case 64:
IRB.CreateCall(cmplogHookIns8, args);
break;
case 128:
#ifdef WORD_SIZE_64
if (max_size == 128) {
IRB.CreateCall(cmplogHookIns16, args);

} else {
IRB.CreateCall(cmplogHookInsN, args);
}

#endif
break;
default:
break;
}
}
}
}
}
}
return true;
}

#if USE_NEW_PM
Expand Down
Loading

0 comments on commit 75fcd47

Please sign in to comment.