-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathselectfuzz_slicer.patch
More file actions
67 lines (59 loc) · 2.75 KB
/
selectfuzz_slicer.patch
File metadata and controls
67 lines (59 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
index 28bf281..2bd2993 100755
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@@ -36,6 +36,8 @@
static u8* obj_path; /* Path to runtime libraries */
static u8** cc_params; /* Parameters passed to the real CC */
static u32 cc_par_cnt = 1; /* Param count, including argv0 */
+static u8* slicer_pass;
+static u8* workspace;
/* Try to find the runtime libraries. If that fails, abort. */
@@ -44,6 +46,8 @@ static void find_obj(u8* argv0) {
u8 *afl_path = getenv("AFL_PATH");
u8 *slash, *tmp;
+ slicer_pass = getenv("SLICER_PASS");
+ workspace = getenv("WORKSPACE");
if (afl_path) {
@@ -125,6 +129,18 @@ static void edit_params(u32 argc, char** argv) {
cc_params[cc_par_cnt++] = "-sanitizer-coverage-block-threshold=0";
WARNF("Disabling AFLGO features..\n");
#else
+ if (getenv("USE_SLICER_PASS") && strcmp(getenv("USE_SLICER_PASS"), "1") == 0) {
+ cc_params[cc_par_cnt++] = "-Xclang";
+ cc_params[cc_par_cnt++] = "-load";
+ cc_params[cc_par_cnt++] = "-Xclang";
+ cc_params[cc_par_cnt++] = alloc_printf("%s", slicer_pass);
+ cc_params[cc_par_cnt++] = "-mllvm";
+ cc_params[cc_par_cnt++] = alloc_printf("-slice-mark=%s/slice_info/slice_mark", workspace);
+ cc_params[cc_par_cnt++] = "-mllvm";
+ cc_params[cc_par_cnt++] = alloc_printf("-preserve-functions=%s/slice_info/dontTouchFuncNames.txt", workspace);
+ cc_params[cc_par_cnt++] = "-mllvm";
+ cc_params[cc_par_cnt++] = alloc_printf("-erase-functions=%s/slice_info/funcsToErase.txt", workspace);
+ }
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] = "-load";
cc_params[cc_par_cnt++] = "-Xclang";
diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc
index 0318735..512db99 100755
--- a/llvm_mode/afl-llvm-pass.so.cc
+++ b/llvm_mode/afl-llvm-pass.so.cc
@@ -348,7 +348,7 @@ bool AFLCoverage::runOnModule(Module &M) {
//debug << "module: " << M.getSourceFileName() << "\n";
bool has_BBs = false;
- std::string funcName = F.getName();
+ std::string funcName = F.getName().str();
/* Black list of function names */
if (isBlacklisted(&F)) {
@@ -419,7 +419,11 @@ bool AFLCoverage::runOnModule(Module &M) {
Twine t(newname);
SmallString<256> NameData;
StringRef NameRef = t.toStringRef(NameData);
- BB.setValueName(ValueName::Create(NameRef));
+ // BB.setValueName(ValueName::Create(NameRef));
+
+ // set NameRef as the value name of the BB
+ MallocAllocator Allocator;
+ BB.setValueName(ValueName::Create(NameRef, Allocator));
}
bbnames << BB.getName().str() << "\n";