1# 2# american fuzzy lop++ - makefile 3# ----------------------------- 4# 5# Originally written by Michal Zalewski 6# 7# Copyright 2013, 2014, 2015, 2016, 2017 Google Inc. All rights reserved. 8# 9# Licensed under the Apache License, Version 2.0 (the "License"); 10# you may not use this file except in compliance with the License. 11# You may obtain a copy of the License at: 12# 13# https://www.apache.org/licenses/LICENSE-2.0 14# 15 16# For Heiko: 17#TEST_MMAP=1 18# the hash character is treated differently in different make versions 19# so use a variable for '#' 20HASH=\# 21 22PREFIX ?= /usr/local 23BIN_PATH = $(PREFIX)/bin 24HELPER_PATH = $(PREFIX)/lib/afl 25DOC_PATH = $(PREFIX)/share/doc/afl 26MISC_PATH = $(PREFIX)/share/afl 27MAN_PATH = $(PREFIX)/share/man/man8 28 29PROGNAME = afl 30VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f2) 31 32# PROGS intentionally omit afl-as, which gets installed elsewhere. 33 34PROGS = afl-fuzz afl-showmap afl-tmin afl-gotcpu afl-analyze 35SH_PROGS = afl-plot afl-cmin afl-cmin.bash afl-whatsup afl-system-config afl-persistent-config afl-cc 36MANPAGES=$(foreach p, $(PROGS) $(SH_PROGS), $(p).8) afl-as.8 37ASAN_OPTIONS=detect_leaks=0 38 39SYS = $(shell uname -s) 40ARCH = $(shell uname -m) 41 42$(info [*] Compiling afl++ for OS $(SYS) on ARCH $(ARCH)) 43 44ifdef NO_SPLICING 45 override CFLAGS_OPT += -DNO_SPLICING 46endif 47 48ifdef ASAN_BUILD 49 $(info Compiling ASAN version of binaries) 50 override CFLAGS += $(ASAN_CFLAGS) 51 LDFLAGS += $(ASAN_LDFLAGS) 52endif 53ifdef UBSAN_BUILD 54 $(info Compiling UBSAN version of binaries) 55 override CFLAGS += -fsanitize=undefined -fno-omit-frame-pointer 56 override LDFLAGS += -fsanitize=undefined 57endif 58ifdef MSAN_BUILD 59 $(info Compiling MSAN version of binaries) 60 CC := clang 61 override CFLAGS += -fsanitize=memory -fno-omit-frame-pointer 62 override LDFLAGS += -fsanitize=memory 63endif 64 65ifeq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" "" 66ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=full -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" 67 CFLAGS_FLTO ?= -flto=full 68else 69 ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=thin -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" 70 CFLAGS_FLTO ?= -flto=thin 71 else 72 ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" 73 CFLAGS_FLTO ?= -flto 74 endif 75 endif 76endif 77endif 78 79#ifeq "$(shell echo 'int main() {return 0; }' | $(CC) -fno-move-loop-invariants -fdisable-tree-cunrolli -x c - -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" 80# SPECIAL_PERFORMANCE += -fno-move-loop-invariants -fdisable-tree-cunrolli 81#endif 82 83#ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -march=native -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" 84# ifndef SOURCE_DATE_EPOCH 85# HAVE_MARCHNATIVE = 1 86# CFLAGS_OPT += -march=native 87# endif 88#endif 89 90ifneq "$(SYS)" "Darwin" 91 #ifeq "$(HAVE_MARCHNATIVE)" "1" 92 # SPECIAL_PERFORMANCE += -march=native 93 #endif 94 # OS X does not like _FORTIFY_SOURCE=2 95 ifndef DEBUG 96 CFLAGS_OPT += -D_FORTIFY_SOURCE=2 97 endif 98else 99 # On some odd MacOS system configurations, the Xcode sdk path is not set correctly 100 SDK_LD = -L$(shell xcrun --show-sdk-path)/usr/lib 101 LDFLAGS += $(SDK_LD) 102endif 103 104ifeq "$(SYS)" "SunOS" 105 CFLAGS_OPT += -Wno-format-truncation 106 LDFLAGS = -lkstat -lrt 107endif 108 109ifdef STATIC 110 $(info Compiling static version of binaries, disabling python though) 111 # Disable python for static compilation to simplify things 112 PYTHON_OK = 0 113 PYFLAGS= 114 PYTHON_INCLUDE = / 115 116 CFLAGS_OPT += -static 117 LDFLAGS += -lm -lpthread -lz -lutil 118endif 119 120ifdef PROFILING 121 $(info Compiling with profiling information, for analysis: gprof ./afl-fuzz gmon.out > prof.txt) 122 override CFLAGS_OPT += -pg -DPROFILING=1 123 override LDFLAGS += -pg 124endif 125 126ifdef INTROSPECTION 127 $(info Compiling with introspection documentation) 128 override CFLAGS_OPT += -DINTROSPECTION=1 129endif 130 131ifneq "$(ARCH)" "x86_64" 132 ifneq "$(patsubst i%86,i386,$(ARCH))" "i386" 133 ifneq "$(ARCH)" "amd64" 134 ifneq "$(ARCH)" "i86pc" 135 AFL_NO_X86=1 136 endif 137 endif 138 endif 139endif 140 141ifdef DEBUG 142 $(info Compiling DEBUG version of binaries) 143 override CFLAGS += -ggdb3 -O0 -Wall -Wextra -Werror $(CFLAGS_OPT) 144else 145 CFLAGS ?= -O2 $(CFLAGS_OPT) # -funroll-loops is slower on modern compilers 146endif 147 148override CFLAGS += -g -Wno-pointer-sign -Wno-variadic-macros -Wall -Wextra -Wno-pointer-arith \ 149 -fPIC -I include/ -DAFL_PATH=\"$(HELPER_PATH)\" \ 150 -DBIN_PATH=\"$(BIN_PATH)\" -DDOC_PATH=\"$(DOC_PATH)\" 151# -fstack-protector 152 153ifeq "$(SYS)" "FreeBSD" 154 override CFLAGS += -I /usr/local/include/ 155 override LDFLAGS += -L /usr/local/lib/ 156endif 157 158ifeq "$(SYS)" "DragonFly" 159 override CFLAGS += -I /usr/local/include/ 160 override LDFLAGS += -L /usr/local/lib/ 161endif 162 163ifeq "$(SYS)" "OpenBSD" 164 override CFLAGS += -I /usr/local/include/ -mno-retpoline 165 override LDFLAGS += -Wl,-z,notext -L /usr/local/lib/ 166endif 167 168ifeq "$(SYS)" "NetBSD" 169 override CFLAGS += -I /usr/pkg/include/ 170 override LDFLAGS += -L /usr/pkg/lib/ 171endif 172 173ifeq "$(SYS)" "Haiku" 174 SHMAT_OK=0 175 override CFLAGS += -DUSEMMAP=1 -Wno-error=format 176 override LDFLAGS += -Wno-deprecated-declarations -lgnu -lnetwork 177 #SPECIAL_PERFORMANCE += -DUSEMMAP=1 178endif 179 180AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c) 181 182ifneq "$(shell command -v python3m 2>/dev/null)" "" 183 ifneq "$(shell command -v python3m-config 2>/dev/null)" "" 184 PYTHON_INCLUDE ?= $(shell python3m-config --includes) 185 PYTHON_VERSION ?= $(strip $(shell python3m --version 2>&1)) 186 # Starting with python3.8, we need to pass the `embed` flag. Earlier versions didn't know this flag. 187 ifeq "$(shell python3m-config --embed --libs 2>/dev/null | grep -q lpython && echo 1 )" "1" 188 PYTHON_LIB ?= $(shell python3m-config --libs --embed --ldflags) 189 else 190 PYTHON_LIB ?= $(shell python3m-config --ldflags) 191 endif 192 endif 193endif 194 195ifeq "$(PYTHON_INCLUDE)" "" 196 ifneq "$(shell command -v python3 2>/dev/null)" "" 197 ifneq "$(shell command -v python3-config 2>/dev/null)" "" 198 PYTHON_INCLUDE ?= $(shell python3-config --includes) 199 PYTHON_VERSION ?= $(strip $(shell python3 --version 2>&1)) 200 # Starting with python3.8, we need to pass the `embed` flag. Earier versions didn't know this flag. 201 ifeq "$(shell python3-config --embed --libs 2>/dev/null | grep -q lpython && echo 1 )" "1" 202 PYTHON_LIB ?= $(shell python3-config --libs --embed --ldflags) 203 else 204 PYTHON_LIB ?= $(shell python3-config --ldflags) 205 endif 206 endif 207 endif 208endif 209 210ifeq "$(PYTHON_INCLUDE)" "" 211 ifneq "$(shell command -v python 2>/dev/null)" "" 212 ifneq "$(shell command -v python-config 2>/dev/null)" "" 213 PYTHON_INCLUDE ?= $(shell python-config --includes) 214 PYTHON_LIB ?= $(shell python-config --ldflags) 215 PYTHON_VERSION ?= $(strip $(shell python --version 2>&1)) 216 endif 217 endif 218endif 219 220# Old Ubuntu and others dont have python/python3-config so we hardcode 3.7 221ifeq "$(PYTHON_INCLUDE)" "" 222 ifneq "$(shell command -v python3.7 2>/dev/null)" "" 223 ifneq "$(shell command -v python3.7-config 2>/dev/null)" "" 224 PYTHON_INCLUDE ?= $(shell python3.7-config --includes) 225 PYTHON_LIB ?= $(shell python3.7-config --ldflags) 226 PYTHON_VERSION ?= $(strip $(shell python3.7 --version 2>&1)) 227 endif 228 endif 229endif 230 231# Old Ubuntu and others dont have python/python2-config so we hardcode 2.7 232ifeq "$(PYTHON_INCLUDE)" "" 233 ifneq "$(shell command -v python2.7 2>/dev/null)" "" 234 ifneq "$(shell command -v python2.7-config 2>/dev/null)" "" 235 PYTHON_INCLUDE ?= $(shell python2.7-config --includes) 236 PYTHON_LIB ?= $(shell python2.7-config --ldflags) 237 PYTHON_VERSION ?= $(strip $(shell python2.7 --version 2>&1)) 238 endif 239 endif 240endif 241 242ifdef SOURCE_DATE_EPOCH 243 BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/null || date -u "+%Y-%m-%d") 244else 245 BUILD_DATE ?= $(shell date "+%Y-%m-%d") 246endif 247 248ifneq "$(filter Linux GNU%,$(SYS))" "" 249 override LDFLAGS += -ldl -lrt -lm 250endif 251 252ifneq "$(findstring FreeBSD, $(SYS))" "" 253 override CFLAGS += -pthread 254 override LDFLAGS += -lpthread 255endif 256 257ifneq "$(findstring NetBSD, $(SYS))" "" 258 override CFLAGS += -pthread 259 override LDFLAGS += -lpthread 260endif 261 262ifneq "$(findstring OpenBSD, $(SYS))" "" 263 override CFLAGS += -pthread 264 override LDFLAGS += -lpthread 265endif 266 267COMM_HDR = include/alloc-inl.h include/config.h include/debug.h include/types.h 268 269ifeq "$(shell echo '$(HASH)include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) $(CFLAGS) -x c - -o .test $(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" 270 PYTHON_OK=1 271 PYFLAGS=-DUSE_PYTHON $(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) -DPYTHON_VERSION="\"$(PYTHON_VERSION)\"" 272else 273 PYTHON_OK=0 274 PYFLAGS= 275endif 276 277ifdef NO_PYTHON 278 PYTHON_OK=0 279 PYFLAGS= 280endif 281 282IN_REPO=0 283ifeq "$(shell command -v git >/dev/null && git status >/dev/null 2>&1 && echo 1 || echo 0)" "1" 284 IN_REPO=1 285endif 286ifeq "$(shell command -v svn >/dev/null && svn proplist . 2>/dev/null && echo 1 || echo 0)" "1" 287 IN_REPO=1 288endif 289 290ifeq "$(shell echo 'int main() { return 0;}' | $(CC) $(CFLAGS) -fsanitize=address -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" 291 ASAN_CFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -DASAN_BUILD 292 ASAN_LDFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer 293endif 294 295ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) $(CFLAGS) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" 296 SHMAT_OK=1 297else 298 SHMAT_OK=0 299 override CFLAGS+=-DUSEMMAP=1 300 LDFLAGS += -Wno-deprecated-declarations 301endif 302 303ifdef TEST_MMAP 304 SHMAT_OK=0 305 override CFLAGS += -DUSEMMAP=1 306 LDFLAGS += -Wno-deprecated-declarations 307endif 308 309.PHONY: all 310all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin test_build all_done 311 -$(MAKE) -C utils/aflpp_driver 312 313.PHONY: llvm 314llvm: 315 -$(MAKE) -j4 -f GNUmakefile.llvm 316 @test -e afl-cc || { echo "[-] Compiling afl-cc failed. You seem not to have a working compiler." ; exit 1; } 317 318.PHONY: gcc_plugin 319gcc_plugin: 320ifneq "$(SYS)" "Darwin" 321 -$(MAKE) -f GNUmakefile.gcc_plugin 322endif 323 324.PHONY: man 325man: $(MANPAGES) 326 327.PHONY: test 328test: tests 329 330.PHONY: tests 331tests: source-only 332 @cd test ; ./test-all.sh 333 @rm -f test/errors 334 335.PHONY: performance-tests 336performance-tests: performance-test 337.PHONY: test-performance 338test-performance: performance-test 339 340.PHONY: performance-test 341performance-test: source-only 342 @cd test ; ./test-performance.sh 343 344 345# hint: make targets are also listed in the top level README.md 346.PHONY: help 347help: 348 @echo "HELP --- the following make targets exist:" 349 @echo "==========================================" 350 @echo "all: the main afl++ binaries and llvm/gcc instrumentation" 351 @echo "binary-only: everything for binary-only fuzzing: frida_mode, nyx_mode, qemu_mode, frida_mode, unicorn_mode, coresight_mode, libdislocator, libtokencap" 352 @echo "source-only: everything for source code fuzzing: nyx_mode, libdislocator, libtokencap" 353 @echo "distrib: everything (for both binary-only and source code fuzzing)" 354 @echo "man: creates simple man pages from the help option of the programs" 355 @echo "install: installs everything you have compiled with the build option above" 356 @echo "clean: cleans everything compiled (not downloads when on a checkout)" 357 @echo "deepclean: cleans everything including downloads" 358 @echo "uninstall: uninstall afl++ from the system" 359 @echo "code-format: format the code, do this before you commit and send a PR please!" 360 @echo "tests: this runs the test framework. It is more catered for the developers, but if you run into problems this helps pinpointing the problem" 361 @echo "unit: perform unit tests (based on cmocka and GNU linker)" 362 @echo "document: creates afl-fuzz-document which will only do one run and save all manipulated inputs into out/queue/mutations" 363 @echo "help: shows these build options :-)" 364 @echo "==========================================" 365 @echo "Recommended: \"distrib\" or \"source-only\", then \"install\"" 366 @echo 367 @echo Known build environment options: 368 @echo "==========================================" 369 @echo STATIC - compile AFL++ static 370 @echo ASAN_BUILD - compiles with memory sanitizer for debug purposes 371 @echo DEBUG - no optimization, -ggdb3, all warnings and -Werror 372 @echo PROFILING - compile afl-fuzz with profiling information 373 @echo INTROSPECTION - compile afl-fuzz with mutation introspection 374 @echo NO_PYTHON - disable python support 375 @echo NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing 376 @echo NO_NYX - disable building nyx mode dependencies 377 @echo AFL_NO_X86 - if compiling on non-intel/amd platforms 378 @echo "LLVM_CONFIG - if your distro doesn't use the standard name for llvm-config (e.g. Debian)" 379 @echo "==========================================" 380 @echo e.g.: make ASAN_BUILD=1 381 382.PHONY: test_x86 383ifndef AFL_NO_X86 384test_x86: 385 @echo "[*] Checking for the default compiler cc..." 386 @type $(CC) >/dev/null || ( echo; echo "Oops, looks like there is no compiler '"$(CC)"' in your path."; echo; echo "Don't panic! You can restart with '"$(_)" CC=<yourCcompiler>'."; echo; exit 1 ) 387 @echo "[*] Testing the PATH environment variable..." 388 @test "$${PATH}" != "$${PATH#.:}" && { echo "Please remove current directory '.' from PATH to avoid recursion of 'as', thanks!"; echo; exit 1; } || : 389 @echo "[*] Checking for the ability to compile x86 code..." 390 @echo 'int main() { __asm__("xorb %al, %al"); }' | $(CC) $(CFLAGS) $(LDFLAGS) -w -x c - -o .test1 || ( echo; echo "Oops, looks like your compiler can't generate x86 code."; echo; echo "Don't panic! You can use the LLVM or QEMU mode, but see docs/INSTALL first."; echo "(To ignore this error, set AFL_NO_X86=1 and try again.)"; echo; exit 1 ) 391 @rm -f .test1 392else 393test_x86: 394 @echo "[!] Note: skipping x86 compilation checks (AFL_NO_X86 set)." 395endif 396 397.PHONY: test_shm 398ifeq "$(SHMAT_OK)" "1" 399test_shm: 400 @echo "[+] shmat seems to be working." 401 @rm -f .test2 402else 403test_shm: 404 @echo "[-] shmat seems not to be working, switching to mmap implementation" 405endif 406 407.PHONY: test_python 408ifeq "$(PYTHON_OK)" "1" 409test_python: 410 @rm -f .test 2> /dev/null 411 @echo "[+] $(PYTHON_VERSION) support seems to be working." 412else 413test_python: 414 @echo "[-] You seem to need to install the package python3-dev, python2-dev or python-dev (and perhaps python[23]-apt), but it is optional so we continue" 415endif 416 417.PHONY: ready 418ready: 419 @echo "[+] Everything seems to be working, ready to compile." 420 421afl-as: src/afl-as.c include/afl-as.h $(COMM_HDR) | test_x86 422 $(CC) $(CFLAGS) src/$@.c -o $@ $(LDFLAGS) 423 @ln -sf afl-as as 424 425src/afl-performance.o : $(COMM_HDR) src/afl-performance.c include/hash.h 426 $(CC) $(CFLAGS) $(CFLAGS_OPT) -Iinclude -c src/afl-performance.c -o src/afl-performance.o 427 428src/afl-common.o : $(COMM_HDR) src/afl-common.c include/common.h 429 $(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-common.c -o src/afl-common.o 430 431src/afl-forkserver.o : $(COMM_HDR) src/afl-forkserver.c include/forkserver.h 432 $(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-forkserver.c -o src/afl-forkserver.o 433 434src/afl-sharedmem.o : $(COMM_HDR) src/afl-sharedmem.c include/sharedmem.h 435 $(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-sharedmem.c -o src/afl-sharedmem.o 436 437afl-fuzz: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o | test_x86 438 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(PYFLAGS) $(LDFLAGS) -lm 439 440afl-showmap: src/afl-showmap.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o $(COMM_HDR) | test_x86 441 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(LDFLAGS) 442 443afl-tmin: src/afl-tmin.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o $(COMM_HDR) | test_x86 444 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(LDFLAGS) 445 446afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o $(COMM_HDR) | test_x86 447 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o -o $@ $(LDFLAGS) 448 449afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86 450 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o -o $@ $(LDFLAGS) 451 452.PHONY: document 453document: afl-fuzz-document 454 455# document all mutations and only do one run (use with only one input file!) 456afl-fuzz-document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-performance.o | test_x86 457 $(CC) -D_DEBUG=\"1\" -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.c src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS) 458 459test/unittests/unit_maybe_alloc.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_maybe_alloc.c $(AFL_FUZZ_FILES) 460 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o 461 462unit_maybe_alloc: test/unittests/unit_maybe_alloc.o 463 @$(CC) $(CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_maybe_alloc.o -o test/unittests/unit_maybe_alloc $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka 464 ./test/unittests/unit_maybe_alloc 465 466test/unittests/unit_hash.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_hash.c $(AFL_FUZZ_FILES) src/afl-performance.o 467 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_hash.c -o test/unittests/unit_hash.o 468 469unit_hash: test/unittests/unit_hash.o src/afl-performance.o 470 @$(CC) $(CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf $^ -o test/unittests/unit_hash $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka 471 ./test/unittests/unit_hash 472 473test/unittests/unit_rand.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_rand.c $(AFL_FUZZ_FILES) src/afl-performance.o 474 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_rand.c -o test/unittests/unit_rand.o 475 476unit_rand: test/unittests/unit_rand.o src/afl-common.o src/afl-performance.o 477 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf $^ -o test/unittests/unit_rand $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka 478 ./test/unittests/unit_rand 479 480test/unittests/unit_list.o : $(COMM_HDR) include/list.h test/unittests/unit_list.c $(AFL_FUZZ_FILES) 481 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_list.c -o test/unittests/unit_list.o 482 483unit_list: test/unittests/unit_list.o 484 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_list.o -o test/unittests/unit_list $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka 485 ./test/unittests/unit_list 486 487test/unittests/unit_preallocable.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_preallocable.c $(AFL_FUZZ_FILES) 488 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_preallocable.c -o test/unittests/unit_preallocable.o 489 490unit_preallocable: test/unittests/unit_preallocable.o 491 @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_preallocable.o -o test/unittests/unit_preallocable $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka 492 ./test/unittests/unit_preallocable 493 494.PHONY: unit_clean 495unit_clean: 496 @rm -f ./test/unittests/unit_preallocable ./test/unittests/unit_list ./test/unittests/unit_maybe_alloc test/unittests/*.o 497 498.PHONY: unit 499ifneq "$(SYS)" "Darwin" 500unit: unit_maybe_alloc unit_preallocable unit_list unit_clean unit_rand unit_hash 501else 502unit: 503 @echo [-] unit tests are skipped on Darwin \(lacks GNU linker feature --wrap\) 504endif 505 506.PHONY: code-format 507code-format: 508 ./.custom-format.py -i src/*.c 509 ./.custom-format.py -i include/*.h 510 ./.custom-format.py -i instrumentation/*.h 511 ./.custom-format.py -i instrumentation/*.cc 512 ./.custom-format.py -i instrumentation/*.c 513 ./.custom-format.py -i *.h 514 ./.custom-format.py -i *.c 515 @#./.custom-format.py -i custom_mutators/*/*.c* # destroys libfuzzer :-( 516 @#./.custom-format.py -i custom_mutators/*/*.h # destroys honggfuzz :-( 517 ./.custom-format.py -i utils/*/*.c* 518 ./.custom-format.py -i utils/*/*.h 519 ./.custom-format.py -i test/*.c 520 ./.custom-format.py -i frida_mode/src/*.c 521 ./.custom-format.py -i frida_mode/include/*.h 522 -./.custom-format.py -i frida_mode/src/*/*.c 523 ./.custom-format.py -i qemu_mode/libcompcov/*.c 524 ./.custom-format.py -i qemu_mode/libcompcov/*.cc 525 ./.custom-format.py -i qemu_mode/libcompcov/*.h 526 ./.custom-format.py -i qemu_mode/libqasan/*.c 527 ./.custom-format.py -i qemu_mode/libqasan/*.h 528 529 530.PHONY: test_build 531ifndef AFL_NO_X86 532test_build: afl-cc afl-gcc afl-as afl-showmap 533 @echo "[*] Testing the CC wrapper afl-cc and its instrumentation output..." 534 @unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_LSAN AFL_USE_ASAN AFL_USE_MSAN; ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-cc test-instr.c $(LDFLAGS) -o test-instr 2>&1 || (echo "Oops, afl-cc failed"; exit 1 ) 535 ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr0 ./test-instr < /dev/null 536 echo 1 | ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr1 ./test-instr 537 @rm -f test-instr 538 @cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation of afl-cc does not seem to be behaving correctly!"; echo; echo "Please post to https://github.com/AFLplusplus/AFLplusplus/issues to troubleshoot the issue."; echo; exit 1; fi 539 @echo 540 @echo "[+] All right, the instrumentation of afl-cc seems to be working!" 541# @echo "[*] Testing the CC wrapper afl-gcc and its instrumentation output..." 542# @unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_LSAN AFL_USE_ASAN AFL_USE_MSAN; AFL_CC=$(CC) ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-gcc test-instr.c -o test-instr 2>&1 || (echo "Oops, afl-gcc failed"; exit 1 ) 543# ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr0 ./test-instr < /dev/null 544# echo 1 | ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr1 ./test-instr 545# @rm -f test-instr 546# @cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation of afl-gcc does not seem to be behaving correctly!"; \ 547# gcc -v 2>&1 | grep -q -- --with-as= && ( echo; echo "Gcc is configured not to use an external assembler with the -B option." ) || \ 548# ( echo; echo "Please post to https://github.com/AFLplusplus/AFLplusplus/issues to troubleshoot the issue." ); echo; exit 0; fi 549# @echo 550# @echo "[+] All right, the instrumentation of afl-gcc seems to be working!" 551else 552test_build: afl-cc afl-as afl-showmap 553 @echo "[!] Note: skipping build tests (you may need to use LLVM or QEMU mode)." 554endif 555 556.PHONY: all_done 557all_done: test_build 558 @test -e afl-cc && echo "[+] Main compiler 'afl-cc' successfully built!" || { echo "[-] Main compiler 'afl-cc' failed to build, set up a working build environment first!" ; exit 1 ; } 559 @test -e cmplog-instructions-pass.so && echo "[+] LLVM mode for 'afl-cc' successfully built!" || echo "[-] LLVM mode for 'afl-cc' failed to build, likely you either don't have llvm installed, or you need to set LLVM_CONFIG, to point to e.g. llvm-config-11. See instrumentation/README.llvm.md how to do this. Highly recommended!" 560 @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode for 'afl-cc' successfully built!" || echo "[-] LLVM LTO mode for 'afl-cc' failed to build, this would need LLVM 11+, see instrumentation/README.lto.md how to build it" 561 @test -e afl-gcc-pass.so && echo "[+] gcc_plugin for 'afl-cc' successfully built!" || echo "[-] gcc_plugin for 'afl-cc' failed to build, unless you really need it that is fine - or read instrumentation/README.gcc_plugin.md how to build it" 562 @echo "[+] All done! Be sure to review the README.md - it's pretty short and useful." 563 @if [ "$(SYS)" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecifically for MacOS.\n\n"; fi 564 @! tty <&1 >/dev/null || printf "\033[0;30mNOTE: If you can read this, your terminal probably uses white background.\nThis will make the UI hard to read. See docs/status_screen.md for advice.\033[0m\n" 2>/dev/null 565 566.NOTPARALLEL: clean all 567 568.PHONY: clean 569clean: 570 rm -rf $(PROGS) afl-fuzz-document afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump .test .test1 .test2 test-instr .test-instr0 .test-instr1 afl-cs-proxy afl-qemu-trace afl-gcc-fast afl-g++-fast ld *.so *.8 test/unittests/*.o test/unittests/unit_maybe_alloc test/unittests/preallocable .afl-* afl-gcc afl-g++ afl-clang afl-clang++ test/unittests/unit_hash test/unittests/unit_rand *.dSYM lib*.a 571 -$(MAKE) -f GNUmakefile.llvm clean 572 -$(MAKE) -f GNUmakefile.gcc_plugin clean 573 -$(MAKE) -C utils/libdislocator clean 574 -$(MAKE) -C utils/libtokencap clean 575 $(MAKE) -C utils/aflpp_driver clean 576 -$(MAKE) -C utils/afl_network_proxy clean 577 -$(MAKE) -C utils/socket_fuzzing clean 578 -$(MAKE) -C utils/argv_fuzzing clean 579 -$(MAKE) -C utils/plot_ui clean 580 -$(MAKE) -C qemu_mode/unsigaction clean 581 -$(MAKE) -C qemu_mode/libcompcov clean 582 -$(MAKE) -C qemu_mode/libqasan clean 583 -$(MAKE) -C frida_mode clean 584 rm -rf nyx_mode/packer/linux_initramfs/init.cpio.gz nyx_mode/libnyx/libnyx/target/release/* nyx_mode/QEMU-Nyx/x86_64-softmmu/qemu-system-x86_64 585ifeq "$(IN_REPO)" "1" 586 -test -e coresight_mode/coresight-trace/Makefile && $(MAKE) -C coresight_mode/coresight-trace clean || true 587 -test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true 588 -test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true 589 -test -e nyx_mode/QEMU-Nyx/Makefile && $(MAKE) -C nyx_mode/QEMU-Nyx clean || true 590else 591 rm -rf coresight_mode/coresight_trace 592 rm -rf qemu_mode/qemuafl 593 rm -rf unicorn_mode/unicornafl 594endif 595 596.PHONY: deepclean 597deepclean: clean 598 rm -rf coresight_mode/coresight-trace 599 rm -rf unicorn_mode/unicornafl 600 rm -rf qemu_mode/qemuafl 601 rm -rf nyx_mode/libnyx nyx_mode/packer nyx_mode/QEMU-Nyx 602ifeq "$(IN_REPO)" "1" 603 git checkout coresight_mode/coresight-trace 604 git checkout unicorn_mode/unicornafl 605 git checkout qemu_mode/qemuafl 606 git checkout nyx_mode/libnyx 607 git checkout nyx_mode/packer 608 git checkout nyx_mode/QEMU-Nyx 609endif 610 611.PHONY: distrib 612distrib: all 613 -$(MAKE) -j4 -f GNUmakefile.llvm 614ifneq "$(SYS)" "Darwin" 615 -$(MAKE) -f GNUmakefile.gcc_plugin 616endif 617 -$(MAKE) -C utils/libdislocator 618 -$(MAKE) -C utils/libtokencap 619 -$(MAKE) -C utils/afl_network_proxy 620 -$(MAKE) -C utils/socket_fuzzing 621 -$(MAKE) -C utils/argv_fuzzing 622 # -$(MAKE) -C utils/plot_ui 623 -$(MAKE) -C frida_mode 624ifneq "$(SYS)" "Darwin" 625ifeq "$(ARCH)" "aarch64" 626 -$(MAKE) -C coresight_mode 627endif 628ifeq "$(SYS)" "Linux" 629ifndef NO_NYX 630 -cd nyx_mode && ./build_nyx_support.sh 631endif 632endif 633 -cd qemu_mode && sh ./build_qemu_support.sh 634 -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh 635endif 636 637.PHONY: binary-only 638binary-only: test_shm test_python ready $(PROGS) 639 -$(MAKE) -C utils/libdislocator 640 -$(MAKE) -C utils/libtokencap 641 -$(MAKE) -C utils/afl_network_proxy 642 -$(MAKE) -C utils/socket_fuzzing 643 -$(MAKE) -C utils/argv_fuzzing 644 # -$(MAKE) -C utils/plot_ui 645 -$(MAKE) -C frida_mode 646ifneq "$(SYS)" "Darwin" 647ifeq "$(ARCH)" "aarch64" 648 -$(MAKE) -C coresight_mode 649endif 650ifeq "$(SYS)" "Linux" 651ifndef NO_NYX 652 -cd nyx_mode && ./build_nyx_support.sh 653endif 654endif 655 -cd qemu_mode && sh ./build_qemu_support.sh 656 -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh 657endif 658 659.PHONY: source-only 660source-only: all 661 -$(MAKE) -j4 -f GNUmakefile.llvm 662ifneq "$(SYS)" "Darwin" 663 -$(MAKE) -f GNUmakefile.gcc_plugin 664endif 665 -$(MAKE) -C utils/libdislocator 666 -$(MAKE) -C utils/libtokencap 667 # -$(MAKE) -C utils/plot_ui 668ifeq "$(SYS)" "Linux" 669ifndef NO_NYX 670 -cd nyx_mode && ./build_nyx_support.sh 671endif 672endif 673 674%.8: % 675 @echo .TH $* 8 $(BUILD_DATE) "afl++" > $@ 676 @echo .SH NAME >> $@ 677 @echo .B $* >> $@ 678 @echo >> $@ 679 @echo .SH SYNOPSIS >> $@ 680 @./$* -h 2>&1 | head -n 3 | tail -n 1 | sed 's/^\.\///' >> $@ 681 @echo >> $@ 682 @echo .SH OPTIONS >> $@ 683 @echo .nf >> $@ 684 @./$* -hh 2>&1 | tail -n +4 >> $@ 685 @echo >> $@ 686 @echo .SH AUTHOR >> $@ 687 @echo "afl++ was written by Michal \"lcamtuf\" Zalewski and is maintained by Marc \"van Hauser\" Heuse <mh@mh-sec.de>, Heiko \"hexcoder-\" Eissfeldt <heiko.eissfeldt@hexco.de>, Andrea Fioraldi <andreafioraldi@gmail.com> and Dominik Maier <domenukk@gmail.com>" >> $@ 688 @echo The homepage of afl++ is: https://github.com/AFLplusplus/AFLplusplus >> $@ 689 @echo >> $@ 690 @echo .SH LICENSE >> $@ 691 @echo Apache License Version 2.0, January 2004 >> $@ 692 693.PHONY: install 694install: all $(MANPAGES) 695 @install -d -m 755 $${DESTDIR}$(BIN_PATH) $${DESTDIR}$(HELPER_PATH) $${DESTDIR}$(DOC_PATH) $${DESTDIR}$(MISC_PATH) 696 @rm -f $${DESTDIR}$(BIN_PATH)/afl-plot.sh 697 @rm -f $${DESTDIR}$(BIN_PATH)/afl-as 698 @rm -f $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt.o $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt-32.o $${DESTDIR}$(HELPER_PATH)/afl-llvm-rt-64.o $${DESTDIR}$(HELPER_PATH)/afl-gcc-rt.o 699 install -m 755 $(PROGS) $(SH_PROGS) $${DESTDIR}$(BIN_PATH) 700 @if [ -f afl-qemu-trace ]; then install -m 755 afl-qemu-trace $${DESTDIR}$(BIN_PATH); fi 701 @if [ -f utils/plot_ui/afl-plot-ui ]; then install -m 755 utils/plot_ui/afl-plot-ui $${DESTDIR}$(BIN_PATH); fi 702 @if [ -f libdislocator.so ]; then set -e; install -m 755 libdislocator.so $${DESTDIR}$(HELPER_PATH); fi 703 @if [ -f libtokencap.so ]; then set -e; install -m 755 libtokencap.so $${DESTDIR}$(HELPER_PATH); fi 704 @if [ -f libcompcov.so ]; then set -e; install -m 755 libcompcov.so $${DESTDIR}$(HELPER_PATH); fi 705 @if [ -f libqasan.so ]; then set -e; install -m 755 libqasan.so $${DESTDIR}$(HELPER_PATH); fi 706 @if [ -f afl-fuzz-document ]; then set -e; install -m 755 afl-fuzz-document $${DESTDIR}$(BIN_PATH); fi 707 @if [ -f socketfuzz32.so -o -f socketfuzz64.so ]; then $(MAKE) -C utils/socket_fuzzing install; fi 708 @if [ -f argvfuzz32.so -o -f argvfuzz64.so ]; then $(MAKE) -C utils/argv_fuzzing install; fi 709 @if [ -f afl-frida-trace.so ]; then install -m 755 afl-frida-trace.so $${DESTDIR}$(HELPER_PATH); fi 710 @if [ -f libnyx.so ]; then install -m 755 libnyx.so $${DESTDIR}$(HELPER_PATH); fi 711 @if [ -f utils/afl_network_proxy/afl-network-server ]; then $(MAKE) -C utils/afl_network_proxy install; fi 712 @if [ -f utils/aflpp_driver/libAFLDriver.a ]; then set -e; install -m 644 utils/aflpp_driver/libAFLDriver.a $${DESTDIR}$(HELPER_PATH); fi 713 @if [ -f utils/aflpp_driver/libAFLQemuDriver.a ]; then set -e; install -m 644 utils/aflpp_driver/libAFLQemuDriver.a $${DESTDIR}$(HELPER_PATH); fi 714 -$(MAKE) -f GNUmakefile.llvm install 715ifneq "$(SYS)" "Darwin" 716 -$(MAKE) -f GNUmakefile.gcc_plugin install 717endif 718 ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-gcc 719 ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-g++ 720 ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-clang 721 ln -sf afl-cc $${DESTDIR}$(BIN_PATH)/afl-clang++ 722 @mkdir -m 0755 -p ${DESTDIR}$(MAN_PATH) 723 install -m0644 *.8 ${DESTDIR}$(MAN_PATH) 724 install -m 755 afl-as $${DESTDIR}$(HELPER_PATH) 725 ln -sf afl-as $${DESTDIR}$(HELPER_PATH)/as 726 install -m 644 docs/*.md $${DESTDIR}$(DOC_PATH) 727 cp -r testcases/ $${DESTDIR}$(MISC_PATH) 728 cp -r dictionaries/ $${DESTDIR}$(MISC_PATH) 729 730.PHONY: uninstall 731uninstall: 732 -cd $${DESTDIR}$(BIN_PATH) && rm -f $(PROGS) $(SH_PROGS) afl-cs-proxy afl-qemu-trace afl-plot-ui afl-fuzz-document afl-network-server afl-g* afl-plot.sh afl-as afl-ld-lto afl-c* afl-lto* 733 -cd $${DESTDIR}$(HELPER_PATH) && rm -f afl-g*.*o afl-llvm-*.*o afl-compiler-*.*o libdislocator.so libtokencap.so libcompcov.so libqasan.so afl-frida-trace.so libnyx.so socketfuzz*.so argvfuzz*.so libAFLDriver.a libAFLQemuDriver.a as afl-as SanitizerCoverage*.so compare-transform-pass.so cmplog-*-pass.so split-*-pass.so dynamic_list.txt 734 -rm -rf $${DESTDIR}$(MISC_PATH)/testcases $${DESTDIR}$(MISC_PATH)/dictionaries 735 -sh -c "ls docs/*.md | sed 's|^docs/|$${DESTDIR}$(DOC_PATH)/|' | xargs rm -f" 736 -cd $${DESTDIR}$(MAN_PATH) && rm -f $(MANPAGES) 737 -rmdir $${DESTDIR}$(BIN_PATH) 2>/dev/null 738 -rmdir $${DESTDIR}$(HELPER_PATH) 2>/dev/null 739 -rmdir $${DESTDIR}$(MISC_PATH) 2>/dev/null 740 -rmdir $${DESTDIR}$(DOC_PATH) 2>/dev/null 741 -rmdir $${DESTDIR}$(MAN_PATH) 2>/dev/null 742