Lines Matching +full:clang +full:- +full:msan +full:- +full:fuzz +full:- +full:unoptimized
2 american fuzzy lop++ - compiler instrumentation wrapper
3 -------------------------------------------------------
8 Copyright 2019-2024 AFLplusplus Project. All rights reserved.
14 https://www.apache.org/licenses/LICENSE-2.0
24 #include "alloc-inl.h"
25 #include "llvm-alternative-coverage.h"
37 #if (LLVM_MAJOR - 0 == 0)
43 #if (LLVM_MINOR - 0 == 0)
54 /** Global declarations -----BEGIN----- **/
60 PARAM_KEEP, // kept as-is
91 CLANG = 5 enumerator
104 "PCGUARD-NATIVE",
106 "CLANG",
122 "AUTOSELECT", "LLVM-LTO", "LLVM", "GCC_PLUGIN",
123 "GCC", "CLANG", ""
197 if (unlikely(aflcc->cc_par_cnt + 1 >= MAX_PARAMS_NUM)) in insert_param()
200 aflcc->cc_params[aflcc->cc_par_cnt++] = param; in insert_param()
228 aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path_fmt; in insert_object()
232 aflcc->cc_params[aflcc->cc_par_cnt++] = _obj_path; in insert_object()
240 /* Insert params into the new argv, make clang load the pass. */
245 insert_param(aflcc, "-fexperimental-new-pass-manager"); in load_llvm_pass()
247 insert_object(aflcc, pass, "-fpass-plugin=%s", 0); in load_llvm_pass()
249 insert_param(aflcc, "-Xclang"); in load_llvm_pass()
250 insert_param(aflcc, "-load"); in load_llvm_pass()
251 insert_param(aflcc, "-Xclang"); in load_llvm_pass()
301 /** Global declarations -----END----- **/
312 aflcc->cc_params = ck_alloc(MAX_PARAMS_NUM * sizeof(u8 *)); in aflcc_state_init()
313 aflcc->cc_par_cnt = 1; in aflcc_state_init()
315 aflcc->lto_flag = AFL_CLANG_FLTO; in aflcc_state_init()
317 // aflcc->march_opt = CFLAGS_OPT; in aflcc_state_init()
321 aflcc->argv0 = ck_strdup(argv0); in aflcc_state_init()
325 if ((cname = strrchr(aflcc->argv0, '/')) != NULL) { in aflcc_state_init()
331 cname = aflcc->argv0; in aflcc_state_init()
335 aflcc->callname = cname; in aflcc_state_init()
337 if (strlen(cname) > 2 && (strncmp(cname + strlen(cname) - 2, "++", 2) == 0 || in aflcc_state_init()
338 strstr(cname, "-g++") != NULL)) { in aflcc_state_init()
340 aflcc->plusplus_mode = 1; in aflcc_state_init()
348 aflcc->debug = 1; in aflcc_state_init()
357 if ((getenv("AFL_PASSTHROUGH") || getenv("AFL_NOOPT")) && (!aflcc->debug)) { in aflcc_state_init()
377 if all these attempts fail - we return NULL and the caller has to decide
382 u8 *argv0 = aflcc->argv0; in find_object()
391 if (aflcc->debug) DEBUGF("Trying %s\n", tmp); in find_object()
412 if (aflcc->debug) DEBUGF("Trying %s\n", tmp); in find_object()
424 if (aflcc->debug) DEBUGF("Trying %s\n", tmp); in find_object()
472 if (aflcc->debug) DEBUGF("Trying %s\n", tmp); in find_object()
493 if (aflcc->debug) DEBUGF("Trying %s\n", tmp); in find_object()
500 if (aflcc->debug) DEBUGF("Trying %s\n", tmp); in find_object()
506 if (aflcc->debug) DEBUGF("Trying ... giving up\n"); in find_object()
524 // on OSX clang masquerades as GCC in find_built_deps()
525 aflcc->have_gcc = 1; in find_built_deps()
527 aflcc->have_clang = 1; in find_built_deps()
536 aflcc->have_optimized_pcguard = 1; in find_built_deps()
545 aflcc->have_lto = 1; in find_built_deps()
550 if ((ptr = find_object(aflcc, "cmplog-routines-pass.so")) != NULL) { in find_built_deps()
552 aflcc->have_llvm = 1; in find_built_deps()
560 aflcc->have_llvm = 1; in find_built_deps()
563 if ((ptr = find_object(aflcc, "afl-gcc-pass.so")) != NULL) { in find_built_deps()
565 aflcc->have_gcc_plugin = 1; in find_built_deps()
571 ptr = find_object(aflcc, "afl-compiler-rt.o"); in find_built_deps()
576 "Unable to find 'afl-compiler-rt.o'. Please set the AFL_PATH " in find_built_deps()
581 if (aflcc->debug) { DEBUGF("rt=%s\n", ptr); } in find_built_deps()
588 /** compiler_mode & instrument_mode selecting -----BEGIN----- **/
590 /* Select compiler_mode by callname, such as "afl-clang-fast", etc. */
593 if (strncmp(aflcc->callname, "afl-clang-fast", 14) == 0) { in compiler_mode_by_callname()
595 /* afl-clang-fast is always created there by makefile in compiler_mode_by_callname()
596 just like afl-clang, burdened with special purposes: in compiler_mode_by_callname()
597 - If llvm-config is not available (i.e. LLVM_MAJOR is 0), in compiler_mode_by_callname()
598 or too old, it falls back to LLVM-NATIVE mode and let in compiler_mode_by_callname()
600 - Otherwise try default llvm instruments except LTO. in compiler_mode_by_callname()
603 aflcc->compiler_mode = LLVM; in compiler_mode_by_callname()
605 aflcc->compiler_mode = CLANG; in compiler_mode_by_callname()
612 if (strncmp(aflcc->callname, "afl-clang-lto", 13) == 0 || in compiler_mode_by_callname()
614 strncmp(aflcc->callname, "afl-lto", 7) == 0) { in compiler_mode_by_callname()
616 aflcc->compiler_mode = LTO; in compiler_mode_by_callname()
622 if (strncmp(aflcc->callname, "afl-gcc-fast", 12) == 0 || in compiler_mode_by_callname()
624 strncmp(aflcc->callname, "afl-g++-fast", 12) == 0) { in compiler_mode_by_callname()
626 aflcc->compiler_mode = GCC_PLUGIN; in compiler_mode_by_callname()
628 } else if (strncmp(aflcc->callname, "afl-gcc", 7) == 0 || in compiler_mode_by_callname()
630 strncmp(aflcc->callname, "afl-g++", 7) == 0) { in compiler_mode_by_callname()
632 aflcc->compiler_mode = GCC; in compiler_mode_by_callname()
634 } else if (strcmp(aflcc->callname, "afl-clang") == 0 || in compiler_mode_by_callname()
636 strcmp(aflcc->callname, "afl-clang++") == 0) { in compiler_mode_by_callname()
638 aflcc->compiler_mode = CLANG; in compiler_mode_by_callname()
652 aflcc->passthrough = 1; in compiler_mode_by_environ()
660 if (aflcc->compiler_mode) { in compiler_mode_by_environ()
675 aflcc->compiler_mode = LTO; in compiler_mode_by_environ()
679 aflcc->compiler_mode = LLVM; in compiler_mode_by_environ()
683 strncasecmp(ptr, "GCC-P", 5) == 0 || in compiler_mode_by_environ()
686 aflcc->compiler_mode = GCC_PLUGIN; in compiler_mode_by_environ()
690 aflcc->compiler_mode = GCC; in compiler_mode_by_environ()
692 } else if (strcasecmp(ptr, "CLANG") == 0) { in compiler_mode_by_environ()
694 aflcc->compiler_mode = CLANG; in compiler_mode_by_environ()
705 Select compiler_mode by command line options --afl-...
708 or AFL_CC_COMPILER. And "--afl_noopt"/"--afl-noopt" will
709 be overwritten by "-g".
717 if (strncmp(argv[i], "--afl", 5) == 0) { in compiler_mode_by_cmdline()
719 if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) { in compiler_mode_by_cmdline()
721 aflcc->passthrough = 1; in compiler_mode_by_cmdline()
722 argv[i] = "-g"; // we have to overwrite it, -g is always good in compiler_mode_by_cmdline()
727 if (aflcc->compiler_mode && !be_quiet) { in compiler_mode_by_cmdline()
730 "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " in compiler_mode_by_cmdline()
737 while (*ptr == '-') in compiler_mode_by_cmdline()
742 aflcc->compiler_mode = LTO; in compiler_mode_by_cmdline()
746 aflcc->compiler_mode = LLVM; in compiler_mode_by_cmdline()
750 strncasecmp(ptr, "PC-GUARD", 8) == 0) { in compiler_mode_by_cmdline()
752 aflcc->compiler_mode = LLVM; in compiler_mode_by_cmdline()
753 aflcc->instrument_mode = INSTRUMENT_PCGUARD; in compiler_mode_by_cmdline()
761 "PCGUARD (default in afl-cc).\n"); in compiler_mode_by_cmdline()
767 aflcc->compiler_mode = LLVM; in compiler_mode_by_cmdline()
768 aflcc->instrument_mode = INSTRUMENT_CLASSIC; in compiler_mode_by_cmdline()
773 strcasecmp(ptr, "LLVM-NATIVE") == 0) { in compiler_mode_by_cmdline()
775 aflcc->compiler_mode = LLVM; in compiler_mode_by_cmdline()
776 aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; in compiler_mode_by_cmdline()
780 strncasecmp(ptr, "GCC-P", 5) == 0 || in compiler_mode_by_cmdline()
783 aflcc->compiler_mode = GCC_PLUGIN; in compiler_mode_by_cmdline()
787 aflcc->compiler_mode = GCC; in compiler_mode_by_cmdline()
789 } else if (strncasecmp(ptr, "CLANG", 5) == 0) { in compiler_mode_by_cmdline()
791 aflcc->compiler_mode = CLANG; in compiler_mode_by_cmdline()
795 FATAL("Unknown --afl-... compiler mode: %s\n", argv[i]); in compiler_mode_by_cmdline()
805 - USE_TRACE_PC, AFL_USE_TRACE_PC, AFL_LLVM_USE_TRACE_PC, AFL_TRACE_PC
806 - AFL_LLVM_CALLER, AFL_LLVM_CTX, AFL_LLVM_CTX_K
807 - AFL_LLVM_NGRAM_SIZE
816 "(default in afl-cc).\n"); in instrument_mode_old_environ()
823 if (aflcc->instrument_mode == 0) in instrument_mode_old_environ()
824 aflcc->instrument_mode = INSTRUMENT_PCGUARD; in instrument_mode_old_environ()
825 else if (aflcc->instrument_mode != INSTRUMENT_PCGUARD) in instrument_mode_old_environ()
830 if (getenv("AFL_LLVM_CTX")) aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX; in instrument_mode_old_environ()
832 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; in instrument_mode_old_environ()
836 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_NGRAM; in instrument_mode_old_environ()
837 aflcc->ngram_size = atoi(getenv("AFL_LLVM_NGRAM_SIZE")); in instrument_mode_old_environ()
838 if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX) in instrument_mode_old_environ()
848 aflcc->ctx_k = atoi(getenv("AFL_LLVM_CTX_K")); in instrument_mode_old_environ()
849 if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K) in instrument_mode_old_environ()
850 FATAL("K-CTX instrumentation mode must be between 1 and CTX_MAX_K (%u)", in instrument_mode_old_environ()
852 if (aflcc->ctx_k == 1) { in instrument_mode_old_environ()
856 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; in instrument_mode_old_environ()
860 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX_K; in instrument_mode_old_environ()
884 if (aflcc->instrument_mode == INSTRUMENT_LTO) { in instrument_mode_new_environ()
886 aflcc->instrument_mode = INSTRUMENT_CLASSIC; in instrument_mode_new_environ()
887 aflcc->lto_mode = 1; in instrument_mode_new_environ()
889 } else if (!aflcc->instrument_mode || in instrument_mode_new_environ()
891 aflcc->instrument_mode == INSTRUMENT_AFL) { in instrument_mode_new_environ()
893 aflcc->instrument_mode = INSTRUMENT_AFL; in instrument_mode_new_environ()
898 instrument_mode_2str(aflcc->instrument_mode)); in instrument_mode_new_environ()
904 if (strncasecmp(ptr2, "pc-guard", strlen("pc-guard")) == 0 || in instrument_mode_new_environ()
907 if (!aflcc->instrument_mode || in instrument_mode_new_environ()
908 aflcc->instrument_mode == INSTRUMENT_PCGUARD) in instrument_mode_new_environ()
910 aflcc->instrument_mode = INSTRUMENT_PCGUARD; in instrument_mode_new_environ()
914 instrument_mode_2str(aflcc->instrument_mode)); in instrument_mode_new_environ()
919 strncasecmp(ptr2, "llvm-native", strlen("llvm-native")) == 0 || in instrument_mode_new_environ()
922 if (!aflcc->instrument_mode || in instrument_mode_new_environ()
923 aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) in instrument_mode_new_environ()
925 aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; in instrument_mode_new_environ()
929 instrument_mode_2str(aflcc->instrument_mode)); in instrument_mode_new_environ()
934 strncasecmp(ptr2, "llvm-codecov", strlen("llvm-codecov")) == 0) { in instrument_mode_new_environ()
936 if (!aflcc->instrument_mode || in instrument_mode_new_environ()
937 aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) { in instrument_mode_new_environ()
939 aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; in instrument_mode_new_environ()
940 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CODECOV; in instrument_mode_new_environ()
945 instrument_mode_2str(aflcc->instrument_mode)); in instrument_mode_new_environ()
956 "PCGUARD (default in afl-cc).\n"); in instrument_mode_new_environ()
962 aflcc->lto_mode = 1; in instrument_mode_new_environ()
963 if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_LTO) in instrument_mode_new_environ()
965 aflcc->instrument_mode = INSTRUMENT_LTO; in instrument_mode_new_environ()
969 instrument_mode_2str(aflcc->instrument_mode)); in instrument_mode_new_environ()
975 if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_GCC) in instrument_mode_new_environ()
977 aflcc->instrument_mode = INSTRUMENT_GCC; in instrument_mode_new_environ()
979 else if (aflcc->instrument_mode != INSTRUMENT_GCC) in instrument_mode_new_environ()
981 instrument_mode_2str(aflcc->instrument_mode)); in instrument_mode_new_environ()
983 aflcc->compiler_mode = GCC; in instrument_mode_new_environ()
987 if (strcasecmp(ptr2, "clang") == 0) { in instrument_mode_new_environ()
989 if (!aflcc->instrument_mode || aflcc->instrument_mode == INSTRUMENT_CLANG) in instrument_mode_new_environ()
991 aflcc->instrument_mode = INSTRUMENT_CLANG; in instrument_mode_new_environ()
993 else if (aflcc->instrument_mode != INSTRUMENT_CLANG) in instrument_mode_new_environ()
995 instrument_mode_2str(aflcc->instrument_mode)); in instrument_mode_new_environ()
997 aflcc->compiler_mode = CLANG; in instrument_mode_new_environ()
1001 if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || in instrument_mode_new_environ()
1002 strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || in instrument_mode_new_environ()
1003 strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { in instrument_mode_new_environ()
1013 "you must set the K-CTX K with (e.g. for value 2) " in instrument_mode_new_environ()
1014 "AFL_LLVM_INSTRUMENT=ctx-2"); in instrument_mode_new_environ()
1018 aflcc->ctx_k = atoi(ptr3); in instrument_mode_new_environ()
1019 if (aflcc->ctx_k < 1 || aflcc->ctx_k > CTX_MAX_K) in instrument_mode_new_environ()
1021 "K-CTX instrumentation option must be between 1 and CTX_MAX_K " in instrument_mode_new_environ()
1025 if (aflcc->ctx_k == 1) { in instrument_mode_new_environ()
1027 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; in instrument_mode_new_environ()
1033 aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_CTX_K); in instrument_mode_new_environ()
1034 u8 *ptr4 = alloc_printf("%u", aflcc->ctx_k); in instrument_mode_new_environ()
1043 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX; in instrument_mode_new_environ()
1050 aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER; in instrument_mode_new_environ()
1069 "AFL_LLVM_INSTRUMENT=ngram-2"); in instrument_mode_new_environ()
1073 aflcc->ngram_size = atoi(ptr3); in instrument_mode_new_environ()
1075 if (aflcc->ngram_size < 2 || aflcc->ngram_size > NGRAM_SIZE_MAX) { in instrument_mode_new_environ()
1084 aflcc->instrument_opt_mode |= (INSTRUMENT_OPT_NGRAM); in instrument_mode_new_environ()
1085 u8 *ptr4 = alloc_printf("%u", aflcc->ngram_size); in instrument_mode_new_environ()
1107 aflcc->have_instr_env = 1; in instrument_mode_by_environ()
1111 if (aflcc->have_instr_env && getenv("AFL_DONT_OPTIMIZE") && !be_quiet) { in instrument_mode_by_environ()
1125 Workaround to ensure CALLER, CTX, K-CTX and NGRAM
1130 if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && in instrument_opt_mode_exclude()
1131 (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER)) { in instrument_opt_mode_exclude()
1137 if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) && in instrument_opt_mode_exclude()
1138 (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { in instrument_opt_mode_exclude()
1140 FATAL("you cannot set CTX and K-CTX together"); in instrument_opt_mode_exclude()
1144 if ((aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) && in instrument_opt_mode_exclude()
1145 (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K)) { in instrument_opt_mode_exclude()
1147 FATAL("you cannot set CALLER and K-CTX together"); in instrument_opt_mode_exclude()
1151 if (aflcc->instrument_opt_mode && aflcc->compiler_mode != LLVM) in instrument_opt_mode_exclude()
1154 if (aflcc->instrument_opt_mode && in instrument_opt_mode_exclude()
1155 aflcc->instrument_opt_mode != INSTRUMENT_OPT_CODECOV && in instrument_opt_mode_exclude()
1156 aflcc->instrument_mode != INSTRUMENT_CLASSIC) in instrument_opt_mode_exclude()
1170 if (aflcc->instrument_opt_mode && in mode_final_checkout()
1171 aflcc->instrument_mode == INSTRUMENT_DEFAULT && in mode_final_checkout()
1172 (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == UNSET)) { in mode_final_checkout()
1174 aflcc->instrument_mode = INSTRUMENT_CLASSIC; in mode_final_checkout()
1175 aflcc->compiler_mode = LLVM; in mode_final_checkout()
1179 if (!aflcc->compiler_mode) { in mode_final_checkout()
1181 // lto is not a default because outside of afl-cc RANLIB and AR have to in mode_final_checkout()
1183 if (aflcc->have_llvm) in mode_final_checkout()
1184 aflcc->compiler_mode = LLVM; in mode_final_checkout()
1185 else if (aflcc->have_gcc_plugin) in mode_final_checkout()
1186 aflcc->compiler_mode = GCC_PLUGIN; in mode_final_checkout()
1187 else if (aflcc->have_gcc) in mode_final_checkout()
1188 aflcc->compiler_mode = GCC; in mode_final_checkout()
1189 else if (aflcc->have_clang) in mode_final_checkout()
1190 aflcc->compiler_mode = CLANG; in mode_final_checkout()
1191 else if (aflcc->have_lto) in mode_final_checkout()
1192 aflcc->compiler_mode = LTO; in mode_final_checkout()
1198 switch (aflcc->compiler_mode) { in mode_final_checkout()
1201 if (!aflcc->have_gcc) FATAL("afl-gcc is not available on your platform!"); in mode_final_checkout()
1203 case CLANG: in mode_final_checkout()
1204 if (!aflcc->have_clang) in mode_final_checkout()
1205 FATAL("afl-clang is not available on your platform!"); in mode_final_checkout()
1208 if (!aflcc->have_llvm) in mode_final_checkout()
1214 if (!aflcc->have_gcc_plugin) in mode_final_checkout()
1220 if (!aflcc->have_lto) in mode_final_checkout()
1230 if (aflcc->compiler_mode == GCC) { aflcc->instrument_mode = INSTRUMENT_GCC; } in mode_final_checkout()
1232 if (aflcc->compiler_mode == CLANG) { in mode_final_checkout()
1236 if (!aflcc->have_optimized_pcguard && in mode_final_checkout()
1237 (aflcc->instrument_mode == INSTRUMENT_DEFAULT || in mode_final_checkout()
1238 aflcc->instrument_mode == INSTRUMENT_PCGUARD)) { in mode_final_checkout()
1240 aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; in mode_final_checkout()
1244 aflcc->instrument_mode = INSTRUMENT_CLANG; in mode_final_checkout()
1245 setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as in mode_final_checkout()
1251 if (aflcc->compiler_mode == LTO) { in mode_final_checkout()
1253 if (aflcc->instrument_mode == 0 || in mode_final_checkout()
1254 aflcc->instrument_mode == INSTRUMENT_LTO || in mode_final_checkout()
1255 aflcc->instrument_mode == INSTRUMENT_CFG || in mode_final_checkout()
1256 aflcc->instrument_mode == INSTRUMENT_PCGUARD) { in mode_final_checkout()
1258 aflcc->lto_mode = 1; in mode_final_checkout()
1260 // if (!aflcc->instrument_mode) { in mode_final_checkout()
1262 aflcc->instrument_mode = INSTRUMENT_PCGUARD; in mode_final_checkout()
1266 } else if (aflcc->instrument_mode == INSTRUMENT_CLASSIC) { in mode_final_checkout()
1268 aflcc->lto_mode = 1; in mode_final_checkout()
1274 WARNF("afl-clang-lto called with mode %s, using that mode instead", in mode_final_checkout()
1275 instrument_mode_2str(aflcc->instrument_mode)); in mode_final_checkout()
1283 if (aflcc->instrument_mode == 0 && aflcc->compiler_mode < GCC_PLUGIN) { in mode_final_checkout()
1287 if (aflcc->have_instr_env) { in mode_final_checkout()
1289 aflcc->instrument_mode = INSTRUMENT_AFL; in mode_final_checkout()
1301 aflcc->instrument_mode = INSTRUMENT_PCGUARD; in mode_final_checkout()
1304 aflcc->instrument_mode = INSTRUMENT_AFL; in mode_final_checkout()
1309 if (!aflcc->instrument_opt_mode && aflcc->lto_mode && in mode_final_checkout()
1310 aflcc->instrument_mode == INSTRUMENT_CFG) { in mode_final_checkout()
1312 aflcc->instrument_mode = INSTRUMENT_PCGUARD; in mode_final_checkout()
1317 if (aflcc->lto_mode) in mode_final_checkout()
1323 if (aflcc->lto_mode) { in mode_final_checkout()
1325 if (aflcc->lto_flag[0] != '-') in mode_final_checkout()
1327 "Using afl-clang-lto is not possible because Makefile magic did not " in mode_final_checkout()
1328 "identify the correct -flto flag"); in mode_final_checkout()
1330 aflcc->compiler_mode = LTO; in mode_final_checkout()
1341 if (aflcc->instrument_mode == INSTRUMENT_PCGUARD && aflcc->have_instr_env) { in mode_final_checkout()
1367 aflcc->cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") || in mode_final_checkout()
1378 char *ptr2 = alloc_printf(" + NGRAM-%u", aflcc->ngram_size); in mode_notification()
1379 char *ptr3 = alloc_printf(" + K-CTX-%u", aflcc->ctx_k); in mode_notification()
1382 "%s%s%s%s%s", instrument_mode_2str(aflcc->instrument_mode), in mode_notification()
1383 (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX) ? " + CTX" : "", in mode_notification()
1384 (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CALLER) ? " + CALLER" : "", in mode_notification()
1385 (aflcc->instrument_opt_mode & INSTRUMENT_OPT_NGRAM) ? ptr2 : "", in mode_notification()
1386 (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CTX_K) ? ptr3 : ""); in mode_notification()
1391 if ((isatty(2) && !be_quiet) || aflcc->debug) { in mode_notification()
1394 "afl-cc" VERSION cRST in mode_notification()
1395 " by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: %s-%s\n", in mode_notification()
1396 compiler_mode_2str(aflcc->compiler_mode), ptr1); in mode_notification()
1403 (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG)) { in mode_notification()
1407 "gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast " in mode_notification()
1416 - specified by env AFL_CXX
1417 - g++ or clang++
1418 - CLANGPP_BIN or LLVM_BINDIR/clang++
1420 - specified by env AFL_CC
1421 - gcc or clang
1422 - CLANG_BIN or LLVM_BINDIR/clang
1429 if (aflcc->plusplus_mode) { in add_real_argv0()
1435 if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { in add_real_argv0()
1439 } else if (aflcc->compiler_mode == CLANG) { in add_real_argv0()
1441 alt_cxx = "clang++"; in add_real_argv0()
1446 snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", in add_real_argv0()
1456 aflcc->cc_params[0] = alt_cxx; in add_real_argv0()
1464 if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { in add_real_argv0()
1468 } else if (aflcc->compiler_mode == CLANG) { in add_real_argv0()
1470 alt_cc = "clang"; in add_real_argv0()
1475 snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", in add_real_argv0()
1485 aflcc->cc_params[0] = alt_cc; in add_real_argv0()
1491 /** compiler_mode & instrument_mode selecting -----END----- **/
1493 /** Macro defs for the preprocessor -----BEGIN----- **/
1497 insert_param(aflcc, "-D__AFL_COMPILER=1"); in add_defs_common()
1498 insert_param(aflcc, "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"); in add_defs_common()
1505 2-selective-instrumentation-with-_afl_coverage-directives
1509 if (aflcc->plusplus_mode) { in add_defs_selective_instr()
1512 "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" in add_defs_selective_instr()
1521 "-D__AFL_COVERAGE()=int __afl_selective_coverage = 1;" in add_defs_selective_instr()
1531 "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " in add_defs_selective_instr()
1533 insert_param(aflcc, "-D__AFL_COVERAGE_ON()=__afl_coverage_on()"); in add_defs_selective_instr()
1534 insert_param(aflcc, "-D__AFL_COVERAGE_OFF()=__afl_coverage_off()"); in add_defs_selective_instr()
1535 insert_param(aflcc, "-D__AFL_COVERAGE_DISCARD()=__afl_coverage_discard()"); in add_defs_selective_instr()
1536 insert_param(aflcc, "-D__AFL_COVERAGE_SKIP()=__afl_coverage_skip()"); in add_defs_selective_instr()
1543 and persistent mode are not available in afl-gcc and afl-clang.
1547 if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) return; in add_defs_persistent_mode()
1549 insert_param(aflcc, "-D__AFL_HAVE_MANUAL_CONTROL=1"); in add_defs_persistent_mode()
1553 signature into the binary (to be picked up by afl-fuzz) and we want in add_defs_persistent_mode()
1560 2) We need to convince the linker, when called with -Wl,--gc-sections, in add_defs_persistent_mode()
1565 but doing this within a method in a class is hard - :: and extern "C" in add_defs_persistent_mode()
1572 "-D__AFL_FUZZ_INIT()=" in add_defs_persistent_mode()
1580 "-D__AFL_FUZZ_TESTCASE_BUF=(__afl_fuzz_ptr ? __afl_fuzz_ptr : " in add_defs_persistent_mode()
1585 "-D__AFL_FUZZ_TESTCASE_LEN=(__afl_fuzz_ptr ? *__afl_fuzz_len : " in add_defs_persistent_mode()
1591 "-D__AFL_LOOP(_A)=" in add_defs_persistent_mode()
1608 "-D__AFL_INIT()=" in add_defs_persistent_mode()
1630 if (aflcc->have_fortify) { return; } in add_defs_fortify()
1635 insert_param(aflcc, "-D_FORTIFY_SOURCE=1"); in add_defs_fortify()
1639 insert_param(aflcc, "-D_FORTIFY_SOURCE=2"); in add_defs_fortify()
1643 insert_param(aflcc, "-U_FORTIFY_SOURCE"); in add_defs_fortify()
1648 aflcc->have_fortify = 1; in add_defs_fortify()
1655 insert_param(aflcc, "-includesanitizer/lsan_interface.h"); in add_defs_lsan_ctrl()
1658 "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) " in add_defs_lsan_ctrl()
1660 insert_param(aflcc, "-D__AFL_LSAN_OFF()=__lsan_disable();"); in add_defs_lsan_ctrl()
1661 insert_param(aflcc, "-D__AFL_LSAN_ON()=__lsan_enable();"); in add_defs_lsan_ctrl()
1665 /** Macro defs for the preprocessor -----END----- **/
1667 /** About -fsanitize -----BEGIN----- **/
1669 /* For input "-fsanitize=...", it:
1672 the input has bad syntax such as "-fsantiz=,"
1673 2. strips any fuzzer* in ... and writes back (may result in "-fsanitize=")
1680 char *p, *ptr = string + strlen("-fsanitize="); in fsanitize_fuzzer_comma()
1686 strcpy(new, "-fsanitize="); in fsanitize_fuzzer_comma()
1698 len = p - ptr; in fsanitize_fuzzer_comma()
1747 Parse and process possible -fsanitize related args, return PARAM_MISS
1749 - Check which one of those sanitizers present here.
1750 - Check if libfuzzer present. We need to block the request of enable
1752 - Check if SanCov allow/denylist options present. We need to try switching
1769 aflcc->have_##v = 1; \ in parse_fsanitize()
1784 if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize="))) { in parse_fsanitize()
1787 HAVE_SANITIZER_SCAN_KEEP(msan, memory); in parse_fsanitize()
1798 // matching rules overlap with those in the if-statement above. in parse_fsanitize()
1799 if (!strcmp(cur_argv, "-fsanitize=fuzzer")) { in parse_fsanitize()
1803 aflcc->need_aflpplib = 1; in parse_fsanitize()
1812 } else if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize=")) && in parse_fsanitize()
1823 aflcc->need_aflpplib = 1; in parse_fsanitize()
1833 if (!cur_argv || strlen(cur_argv) <= strlen("-fsanitize=")) in parse_fsanitize()
1838 } else if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && in parse_fsanitize()
1844 aflcc->have_instr_list = 1; in parse_fsanitize()
1849 if (aflcc->instrument_mode != INSTRUMENT_LLVMNATIVE) { in parse_fsanitize()
1851 if (!be_quiet) { WARNF("Found '%s' - stripping!", cur_argv); } in parse_fsanitize()
1872 - Use static runtime for asan, as much as possible.
1873 - ASAN, MSAN, AFL_HARDEN are mutually exclusive.
1874 - Add options if not found there, on request of AFL_USE_ASAN, AFL_USE_MSAN,
1876 - Update have_* so that functions called after this can have correct context.
1882 if (getenv("AFL_USE_ASAN") || aflcc->have_asan) { in add_sanitizers()
1884 if (getenv("AFL_USE_MSAN") || aflcc->have_msan) in add_sanitizers()
1885 FATAL("ASAN and MSAN are mutually exclusive"); in add_sanitizers()
1890 if (aflcc->compiler_mode == GCC_PLUGIN && !aflcc->have_staticasan) { in add_sanitizers()
1892 insert_param(aflcc, "-static-libasan"); in add_sanitizers()
1897 if (!aflcc->have_asan) { insert_param(aflcc, "-fsanitize=address"); } in add_sanitizers()
1898 aflcc->have_asan = 1; in add_sanitizers()
1900 } else if (getenv("AFL_USE_MSAN") || aflcc->have_msan) { in add_sanitizers()
1902 if (getenv("AFL_USE_ASAN") || aflcc->have_asan) in add_sanitizers()
1903 FATAL("ASAN and MSAN are mutually exclusive"); in add_sanitizers()
1906 FATAL("MSAN and AFL_HARDEN are mutually exclusive"); in add_sanitizers()
1909 if (!aflcc->have_msan) { insert_param(aflcc, "-fsanitize=memory"); } in add_sanitizers()
1910 aflcc->have_msan = 1; in add_sanitizers()
1914 if (getenv("AFL_USE_UBSAN") || aflcc->have_ubsan) { in add_sanitizers()
1916 if (!aflcc->have_ubsan) { in add_sanitizers()
1918 insert_param(aflcc, "-fsanitize=undefined"); in add_sanitizers()
1919 insert_param(aflcc, "-fsanitize-undefined-trap-on-error"); in add_sanitizers()
1920 insert_param(aflcc, "-fno-sanitize-recover=all"); in add_sanitizers()
1924 if (!aflcc->have_fp) { in add_sanitizers()
1926 insert_param(aflcc, "-fno-omit-frame-pointer"); in add_sanitizers()
1927 aflcc->have_fp = 1; in add_sanitizers()
1931 aflcc->have_ubsan = 1; in add_sanitizers()
1935 if (getenv("AFL_USE_TSAN") || aflcc->have_tsan) { in add_sanitizers()
1937 if (!aflcc->have_fp) { in add_sanitizers()
1939 insert_param(aflcc, "-fno-omit-frame-pointer"); in add_sanitizers()
1940 aflcc->have_fp = 1; in add_sanitizers()
1944 if (!aflcc->have_tsan) { insert_param(aflcc, "-fsanitize=thread"); } in add_sanitizers()
1945 aflcc->have_tsan = 1; in add_sanitizers()
1949 if (getenv("AFL_USE_LSAN") && !aflcc->have_lsan) { in add_sanitizers()
1951 insert_param(aflcc, "-fsanitize=leak"); in add_sanitizers()
1953 aflcc->have_lsan = 1; in add_sanitizers()
1957 if (getenv("AFL_USE_CFISAN") || aflcc->have_cfisan) { in add_sanitizers()
1959 if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) { in add_sanitizers()
1961 if (!aflcc->have_fcf) { insert_param(aflcc, "-fcf-protection=full"); } in add_sanitizers()
1965 if (!aflcc->lto_mode && !aflcc->have_flto) { in add_sanitizers()
1970 if (strncmp("-flto", envp[i++], 5) == 0) found = 1; in add_sanitizers()
1974 if (!found) { insert_param(aflcc, "-flto"); } in add_sanitizers()
1975 aflcc->have_flto = 1; in add_sanitizers()
1979 if (!aflcc->have_cfisan) { insert_param(aflcc, "-fsanitize=cfi"); } in add_sanitizers()
1981 if (!aflcc->have_hidden) { in add_sanitizers()
1983 insert_param(aflcc, "-fvisibility=hidden"); in add_sanitizers()
1984 aflcc->have_hidden = 1; in add_sanitizers()
1988 aflcc->have_cfisan = 1; in add_sanitizers()
2001 * will trigger native clang to add yet another runtime, causing linker in add_native_pcguard()
2005 if (aflcc->have_rust_asanrt) { return; } in add_native_pcguard()
2007 /* If llvm-config doesn't figure out LLVM_MAJOR, just in add_native_pcguard()
2011 FATAL("pcguard instrumentation with pc-table requires LLVM 6.0.1+"); in add_native_pcguard()
2015 "pcguard instrumentation with pc-table requires LLVM 6.0.1+" in add_native_pcguard()
2018 if (aflcc->instrument_opt_mode & INSTRUMENT_OPT_CODECOV) { in add_native_pcguard()
2021 "-fsanitize-coverage=trace-pc-guard,bb,no-prune,pc-table"); in add_native_pcguard()
2025 insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard,pc-table"); in add_native_pcguard()
2043 insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); in add_optimized_pcguard()
2044 aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; in add_optimized_pcguard()
2048 if (aflcc->have_instr_list) { in add_optimized_pcguard()
2052 "Using unoptimized trace-pc-guard, due usage of " in add_optimized_pcguard()
2053 "-fsanitize-coverage-allow/denylist, you can use " in add_optimized_pcguard()
2056 insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); in add_optimized_pcguard()
2057 aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; in add_optimized_pcguard()
2063 insert_param(aflcc, "-fexperimental-new-pass-manager"); in add_optimized_pcguard()
2065 insert_object(aflcc, "SanitizerCoveragePCGUARD.so", "-fpass-plugin=%s", 0); in add_optimized_pcguard()
2075 "Using unoptimized trace-pc-guard, upgrade to LLVM 13+ for " in add_optimized_pcguard()
2077 insert_param(aflcc, "-fsanitize-coverage=trace-pc-guard"); in add_optimized_pcguard()
2078 aflcc->instrument_mode = INSTRUMENT_LLVMNATIVE; in add_optimized_pcguard()
2089 /** About -fsanitize -----END----- **/
2091 /** Linking behaviors -----BEGIN----- **/
2100 if (aflcc->lto_mode && !strncmp(cur_argv, "-flto=thin", 10)) { in parse_linking_params()
2103 "afl-clang-lto cannot work with -flto=thin. Switch to -flto=full or " in parse_linking_params()
2104 "use afl-clang-fast!"); in parse_linking_params()
2110 if (!strcmp(cur_argv, "-shared") || !strcmp(cur_argv, "-dynamiclib")) { in parse_linking_params()
2114 aflcc->shared_linking = 1; in parse_linking_params()
2123 } else if (!strcmp(cur_argv, "-Wl,-r") || !strcmp(cur_argv, "-Wl,-i") || in parse_linking_params()
2125 !strcmp(cur_argv, "-Wl,--relocatable") || in parse_linking_params()
2126 !strcmp(cur_argv, "-r") || !strcmp(cur_argv, "--relocatable")) { in parse_linking_params()
2130 aflcc->partial_linking = 1; in parse_linking_params()
2139 } else if (!strncmp(cur_argv, "-fuse-ld=", 9) || in parse_linking_params()
2141 !strncmp(cur_argv, "--ld-path=", 10)) { in parse_linking_params()
2149 if (aflcc->lto_mode) in parse_linking_params()
2156 } else if (!strcmp(cur_argv, "-Wl,-z,defs") || in parse_linking_params()
2158 !strcmp(cur_argv, "-Wl,--no-undefined") || in parse_linking_params()
2159 !strcmp(cur_argv, "-Wl,-no-undefined") || in parse_linking_params()
2160 !strcmp(cur_argv, "--no-undefined") || in parse_linking_params()
2161 strstr(cur_argv, "afl-compiler-rt") || in parse_linking_params()
2162 strstr(cur_argv, "afl-llvm-rt")) { in parse_linking_params()
2174 } else if (!strcmp(cur_argv, "-z") || !strcmp(cur_argv, "-Wl,-z")) { in parse_linking_params()
2177 if (param && (!strcmp(param, "defs") || !strcmp(param, "-Wl,defs"))) { in parse_linking_params()
2200 if (!strcmp(cur_argv, "-Xlinker") && (ptr_ = *(argv + 1))) { in parse_linking_params()
2204 WARNF("'-Xlinker' 'defs' detected. This may result in a bad link."); in parse_linking_params()
2206 } else if (strstr(ptr_, "-no-undefined")) { in parse_linking_params()
2209 "'-Xlinker' '%s' detected. The latter option may be dropped and " in parse_linking_params()
2215 } else if (!strncmp(cur_argv, "-Wl,", 4) && in parse_linking_params()
2221 if (strstr(ptr_, "-shared") || strstr(ptr_, "-dynamiclib")) { in parse_linking_params()
2224 "'%s': multiple link options after '-Wl,' may break shared " in parse_linking_params()
2230 if (strstr(ptr_, "-r,") || strstr(ptr_, "-i,") || strstr(ptr_, ",-r") || in parse_linking_params()
2231 strstr(ptr_, ",-i") || strstr(ptr_, "--relocatable")) { in parse_linking_params()
2234 "'%s': multiple link options after '-Wl,' may break partial " in parse_linking_params()
2240 if (strstr(ptr_, "defs") || strstr(ptr_, "no-undefined")) { in parse_linking_params()
2243 "'%s': multiple link options after '-Wl,' may enable report " in parse_linking_params()
2291 insert_param(aflcc, alloc_printf("--ld-path=%s", ld_path)); in add_lto_linker()
2293 insert_param(aflcc, alloc_printf("-fuse-ld=%s", ld_path)); in add_lto_linker()
2304 insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,--load-pass-plugin=%s", in add_lto_passes()
2307 insert_param(aflcc, "-Wl,--lto-legacy-pass-manager"); in add_lto_passes()
2308 insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); in add_lto_passes()
2310 insert_param(aflcc, "-fno-experimental-new-pass-manager"); in add_lto_passes()
2311 insert_object(aflcc, "SanitizerCoverageLTO.so", "-Wl,-mllvm=-load=%s", 0); in add_lto_passes()
2314 insert_param(aflcc, "-Wl,--allow-multiple-definition"); in add_lto_passes()
2321 if (!aflcc->need_aflpplib) return; in add_aflpplib()
2327 OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); in add_aflpplib()
2336 "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " in add_aflpplib()
2337 "the flags - this will fail!"); in add_aflpplib()
2346 insert_param(aflcc, "-Wl,-undefined"); in add_aflpplib()
2357 if (aflcc->preprocessor_only || aflcc->have_c || !aflcc->non_dash) { in add_runtime()
2359 /* In the preprocessor_only case (-E), we are not actually compiling at in add_runtime()
2368 if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC && in add_runtime()
2375 if (aflcc->plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && in add_runtime()
2378 u8 *libdir_opt = strdup("-Wl,-rpath=" LLVM_LIBDIR); in add_runtime()
2387 #define M32_ERR_MSG "-m32 is not supported by your compiler" in add_runtime()
2388 #define M64_ERR_MSG "-m64 is not supported by your compiler" in add_runtime()
2390 if (aflcc->compiler_mode != GCC && aflcc->compiler_mode != CLANG) { in add_runtime()
2392 switch (aflcc->bit_mode) { in add_runtime()
2395 if (!aflcc->shared_linking && !aflcc->partial_linking) in add_runtime()
2396 insert_object(aflcc, "afl-compiler-rt.o", 0, 0); in add_runtime()
2397 if (aflcc->lto_mode) insert_object(aflcc, "afl-llvm-rt-lto.o", 0, 0); in add_runtime()
2401 if (!aflcc->shared_linking && !aflcc->partial_linking) in add_runtime()
2402 insert_object(aflcc, "afl-compiler-rt-32.o", 0, M32_ERR_MSG); in add_runtime()
2403 if (aflcc->lto_mode) in add_runtime()
2404 insert_object(aflcc, "afl-llvm-rt-lto-32.o", 0, M32_ERR_MSG); in add_runtime()
2408 if (!aflcc->shared_linking && !aflcc->partial_linking) in add_runtime()
2409 insert_object(aflcc, "afl-compiler-rt-64.o", 0, M64_ERR_MSG); in add_runtime()
2410 if (aflcc->lto_mode) in add_runtime()
2411 insert_object(aflcc, "afl-llvm-rt-lto-64.o", 0, M64_ERR_MSG); in add_runtime()
2417 // Required for dladdr used in afl-compiler-rt.o in add_runtime()
2418 insert_param(aflcc, "-ldl"); in add_runtime()
2422 if (!aflcc->shared_linking && !aflcc->partial_linking) in add_runtime()
2423 insert_object(aflcc, "dynamic_list.txt", "-Wl,--dynamic-list=%s", 0); in add_runtime()
2427 if (aflcc->shared_linking || aflcc->partial_linking) { in add_runtime()
2429 insert_param(aflcc, "-Wl,-U"); in add_runtime()
2430 insert_param(aflcc, "-Wl,___afl_area_ptr"); in add_runtime()
2431 insert_param(aflcc, "-Wl,-U"); in add_runtime()
2432 insert_param(aflcc, "-Wl,___sanitizer_cov_trace_pc_guard_init"); in add_runtime()
2445 insert_param(aflcc, "-Wl,-lrt"); in add_runtime()
2450 /** Linking behaviors -----END----- **/
2452 /** Miscellaneous routines -----BEGIN----- **/
2455 Add params to make compiler driver use our afl-as
2462 if (!afl_as) FATAL("Cannot find 'as' (symlink to 'afl-as')."); in add_assembler()
2467 insert_param(aflcc, "-B"); in add_assembler()
2470 if (aflcc->compiler_mode == CLANG) insert_param(aflcc, "-no-integrated-as"); in add_assembler()
2477 if (aflcc->cmplog_mode) { in add_gcc_plugin()
2479 insert_object(aflcc, "afl-gcc-cmplog-pass.so", "-fplugin=%s", 0); in add_gcc_plugin()
2480 insert_object(aflcc, "afl-gcc-cmptrs-pass.so", "-fplugin=%s", 0); in add_gcc_plugin()
2484 insert_object(aflcc, "afl-gcc-pass.so", "-fplugin=%s", 0); in add_gcc_plugin()
2486 insert_param(aflcc, "-fno-if-conversion"); in add_gcc_plugin()
2487 insert_param(aflcc, "-fno-if-conversion2"); in add_gcc_plugin()
2496 aflcc->lto_mode) { in add_misc_params()
2498 insert_param(aflcc, "-fno-builtin-strcmp"); in add_misc_params()
2499 insert_param(aflcc, "-fno-builtin-strncmp"); in add_misc_params()
2500 insert_param(aflcc, "-fno-builtin-strcasecmp"); in add_misc_params()
2501 insert_param(aflcc, "-fno-builtin-strncasecmp"); in add_misc_params()
2502 insert_param(aflcc, "-fno-builtin-memcmp"); in add_misc_params()
2503 insert_param(aflcc, "-fno-builtin-bcmp"); in add_misc_params()
2504 insert_param(aflcc, "-fno-builtin-strstr"); in add_misc_params()
2505 insert_param(aflcc, "-fno-builtin-strcasestr"); in add_misc_params()
2509 if (!aflcc->have_pic) { insert_param(aflcc, "-fPIC"); } in add_misc_params()
2513 insert_param(aflcc, "-fstack-protector-all"); in add_misc_params()
2515 if (!aflcc->fortify_set) add_defs_fortify(aflcc, 2); in add_misc_params()
2521 insert_param(aflcc, "-g"); in add_misc_params()
2522 if (!aflcc->have_o) insert_param(aflcc, "-O3"); in add_misc_params()
2523 if (!aflcc->have_unroll) insert_param(aflcc, "-funroll-loops"); in add_misc_params()
2524 // if (strlen(aflcc->march_opt) > 1 && aflcc->march_opt[0] == '-') in add_misc_params()
2525 // insert_param(aflcc, aflcc->march_opt); in add_misc_params()
2529 if (aflcc->x_set) { in add_misc_params()
2531 insert_param(aflcc, "-x"); in add_misc_params()
2565 if (!strncasecmp(cur_argv, "-fpic", 5)) { in parse_misc_params()
2567 SCAN_KEEP(aflcc->have_pic, 1); in parse_misc_params()
2569 } else if (!strcmp(cur_argv, "-m32") || in parse_misc_params()
2571 !strcmp(cur_argv, "armv7a-linux-androideabi")) { in parse_misc_params()
2573 SCAN_KEEP(aflcc->bit_mode, 32); in parse_misc_params()
2575 } else if (!strcmp(cur_argv, "-m64")) { in parse_misc_params()
2577 SCAN_KEEP(aflcc->bit_mode, 64); in parse_misc_params()
2581 SCAN_KEEP(aflcc->fortify_set, 1); in parse_misc_params()
2583 } else if (!strcmp(cur_argv, "-x")) { in parse_misc_params()
2585 SCAN_KEEP(aflcc->x_set, 1); in parse_misc_params()
2587 } else if (!strcmp(cur_argv, "-E")) { in parse_misc_params()
2589 SCAN_KEEP(aflcc->preprocessor_only, 1); in parse_misc_params()
2591 } else if (!strcmp(cur_argv, "--target=wasm32-wasi")) { in parse_misc_params()
2593 SCAN_KEEP(aflcc->passthrough, 1); in parse_misc_params()
2595 } else if (!strcmp(cur_argv, "-c")) { in parse_misc_params()
2597 SCAN_KEEP(aflcc->have_c, 1); in parse_misc_params()
2599 } else if (!strcmp(cur_argv, "-static-libasan")) { in parse_misc_params()
2601 SCAN_KEEP(aflcc->have_staticasan, 1); in parse_misc_params()
2605 SCAN_KEEP(aflcc->have_rust_asanrt, 1); in parse_misc_params()
2607 } else if (!strcmp(cur_argv, "-fno-omit-frame-pointer")) { in parse_misc_params()
2609 SCAN_KEEP(aflcc->have_fp, 1); in parse_misc_params()
2611 } else if (!strcmp(cur_argv, "-fvisibility=hidden")) { in parse_misc_params()
2613 SCAN_KEEP(aflcc->have_hidden, 1); in parse_misc_params()
2615 } else if (!strcmp(cur_argv, "-flto") || !strcmp(cur_argv, "-flto=full")) { in parse_misc_params()
2617 SCAN_KEEP(aflcc->have_flto, 1); in parse_misc_params()
2619 } else if (!strncmp(cur_argv, "-D_FORTIFY_SOURCE", in parse_misc_params()
2621 strlen("-D_FORTIFY_SOURCE"))) { in parse_misc_params()
2623 SCAN_KEEP(aflcc->have_fortify, 1); in parse_misc_params()
2625 } else if (!strncmp(cur_argv, "-fcf-protection", strlen("-fcf-protection"))) { in parse_misc_params()
2627 SCAN_KEEP(aflcc->have_cfisan, 1); in parse_misc_params()
2629 } else if (!strncmp(cur_argv, "-O", 2)) { in parse_misc_params()
2631 SCAN_KEEP(aflcc->have_o, 1); in parse_misc_params()
2633 } else if (!strncmp(cur_argv, "-funroll-loop", 13)) { in parse_misc_params()
2635 SCAN_KEEP(aflcc->have_unroll, 1); in parse_misc_params()
2637 } else if (!strncmp(cur_argv, "--afl", 5)) { in parse_misc_params()
2644 } else if (!strncmp(cur_argv, "-fno-unroll", 11)) { in parse_misc_params()
2651 } else if (!strcmp(cur_argv, "-pipe") && aflcc->compiler_mode == GCC_PLUGIN) { in parse_misc_params()
2658 } else if (!strncmp(cur_argv, "-stdlib=", 8) && in parse_misc_params()
2660 (aflcc->compiler_mode == GCC || in parse_misc_params()
2661 aflcc->compiler_mode == GCC_PLUGIN)) { in parse_misc_params()
2669 if (!be_quiet) WARNF("Found '%s' - stripping!", cur_argv); in parse_misc_params()
2674 } else if (cur_argv[0] != '-') { in parse_misc_params()
2680 aflcc->non_dash = 1; in parse_misc_params()
2692 /** Miscellaneous routines -----END----- **/
2697 if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { in maybe_usage()
2699 printf("afl-cc" VERSION in maybe_usage()
2704 "afl-cc/afl-c++ [options]\n" in maybe_usage()
2706 "This is a helper application for afl-fuzz. It serves as a drop-in " in maybe_usage()
2708 "for gcc and clang, letting you recompile third-party code with the " in maybe_usage()
2713 " CC=afl-cc CXX=afl-c++ ./configure --disable-shared\n" in maybe_usage()
2714 " cmake -DCMAKE_C_COMPILERC=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ .\n" in maybe_usage()
2715 " CC=afl-cc CXX=afl-c++ meson\n\n"); in maybe_usage()
2718 " |------------- FEATURES " in maybe_usage()
2719 "-------------|\n" in maybe_usage()
2729 " - NORMAL\n" in maybe_usage()
2730 " - CALLER\n" in maybe_usage()
2731 " - CTX\n" in maybe_usage()
2732 " - NGRAM-{2-16}\n" in maybe_usage()
2741 " [GCC/CLANG] simple gcc/clang: %s%s\n" in maybe_usage()
2744 aflcc->have_llvm ? "AVAILABLE" : "unavailable!", in maybe_usage()
2745 aflcc->compiler_mode == LLVM ? " [SELECTED]" : "", in maybe_usage()
2746 aflcc->have_llvm ? "AVAILABLE" : "unavailable!", in maybe_usage()
2747 aflcc->have_llvm ? "AVAILABLE" : "unavailable!", in maybe_usage()
2748 aflcc->have_lto ? "AVAILABLE" : "unavailable!", in maybe_usage()
2749 aflcc->compiler_mode == LTO ? " [SELECTED]" : "", in maybe_usage()
2750 aflcc->have_gcc_plugin ? "AVAILABLE" : "unavailable!", in maybe_usage()
2751 aflcc->compiler_mode == GCC_PLUGIN ? " [SELECTED]" : "", in maybe_usage()
2752 aflcc->have_gcc && aflcc->have_clang in maybe_usage()
2754 : (aflcc->have_gcc in maybe_usage()
2756 : (aflcc->have_clang ? "CLANG ONLY" : "unavailable!")), in maybe_usage()
2757 (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) in maybe_usage()
2764 "afl-clang-fast), set\n" in maybe_usage()
2767 " command line parameter --afl-MODE (e.g. --afl-llvm). If none is " in maybe_usage()
2769 " afl-cc will select the best available (LLVM -> GCC_PLUGIN -> GCC).\n" in maybe_usage()
2771 "of afl-cc.\n\n"); in maybe_usage()
2775 " LLVM-NATIVE: use llvm's native PCGUARD instrumentation (less " \ in maybe_usage()
2782 "Sub-Modes: (set via env AFL_LLVM_INSTRUMENT, afl-cc selects the best " in maybe_usage()
2793 " NGRAM-x: CLASSIC + previous path " in maybe_usage()
2800 " NCC: non-colliding coverage [automatic] (that is an amazing " in maybe_usage()
2810 "(instrumentation/README.laf-intel.md)\n" in maybe_usage()
2817 if (argc < 2 || strncmp(argv[1], "-hh", 3)) { in maybe_usage()
2820 "To see all environment variables for the configuration of afl-cc " in maybe_usage()
2821 "use \"-hh\".\n"); in maybe_usage()
2830 " AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" in maybe_usage()
2836 "(afl-compiler-rt.*o)\n" in maybe_usage()
2846 " AFL_USE_LSAN: activate leak-checker sanitizer\n"); in maybe_usage()
2848 if (aflcc->have_gcc_plugin) in maybe_usage()
2850 "\nGCC Plugin-specific environment variables:\n" in maybe_usage()
2864 if (aflcc->have_llvm) in maybe_usage()
2866 "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment " in maybe_usage()
2892 if (aflcc->have_llvm) in maybe_usage()
2897 " CLASSIC, PCGUARD, LTO, GCC, CLANG, CALLER, CTX, NGRAM-2 " in maybe_usage()
2898 "..-16\n" in maybe_usage()
2900 " AFL_LLVM_USE_TRACE_PC: use LLVM trace-pc-guard instrumentation\n" in maybe_usage()
2911 if (aflcc->have_lto) in maybe_usage()
2913 "\nLTO/afl-clang-lto specific environment variables:\n" in maybe_usage()
2929 "If anything fails - be sure to read README.lto.md!\n"); in maybe_usage()
2933 "\nYou can supply --afl-noopt to not instrument, like AFL_NOOPT. " in maybe_usage()
2947 if (aflcc->have_lto) in maybe_usage()
2948 SAYF("afl-cc LTO with ld=%s %s\n", AFL_REAL_LD, AFL_CLANG_FLTO); in maybe_usage()
2949 if (aflcc->have_llvm) in maybe_usage()
2950 SAYF("afl-cc LLVM version %d using the binary path \"%s\".\n", LLVM_MAJOR, in maybe_usage()
2958 SAYF("Compiled with shm_open support (adds -lrt when linking).\n"); in maybe_usage()
2966 "Do not be overwhelmed :) afl-cc uses good defaults if no options are " in maybe_usage()
2970 "Recommended is afl-clang-lto with AFL_LLVM_CMPLOG or afl-clang-fast " in maybe_usage()
2991 Process params passed to afl-cc.
2993 We have two working modes, *scan* and *non-scan*. In scan mode,
2995 while in non-scan mode, is to choose keep or drop current argv[i].
2997 We have several matching routines being called sequentially in the while-loop,
2999 rules. If one miss match, the next will then take over. In non-scan mode, each
3000 argv[i] mis-matched by all the routines will be kept.
3016 while (--argc) { in process_params()
3022 skip_next--; in process_params()
3034 /* Response file support -----BEGIN----- in process_params()
3035 We have two choices - move everything to the command line or in process_params()
3038 For clang, llvm::cl::ExpandResponseFiles does this, however it in process_params()
3040 written in C, but we can't simply copy-paste since its LGPL licensed. in process_params()
3043 - https://gcc.gnu.org/onlinedocs/gcc/Overall-Options.html in process_params()
3044 - driver::expand_at_files in gcc.git/gcc/gcc.c in process_params()
3045 - expandargv in gcc.git/libiberty/argv.c in process_params()
3046 - llvm-project.git/clang/tools/driver/driver.cpp in process_params()
3047 - ExpandResponseFiles in in process_params()
3048 llvm-project.git/llvm/lib/Support/CommandLine.cpp in process_params()
3053 if (aflcc->debug) { DEBUGF("response file=%s\n", filename); } in process_params()
3081 --rsp_count; in process_params()
3111 arg_buf[arg_len - 1] = (char)c; \ in process_params()
3120 argv_read[argc_read - 1] = arg_buf; \ in process_params()
3268 ck_free(argv_read[--argc_read]); in process_params()
3276 } /* Response file support -----END----- */ in process_params()
3291 if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC) { in edit_params()
3293 insert_param(aflcc, "-Wno-unused-command-line-argument"); in edit_params()
3297 if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) { in edit_params()
3303 if (aflcc->compiler_mode == GCC_PLUGIN) { add_gcc_plugin(aflcc); } in edit_params()
3305 if (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == LTO) { in edit_params()
3307 if (aflcc->lto_mode && aflcc->have_instr_env) { in edit_params()
3309 load_llvm_pass(aflcc, "afl-llvm-lto-instrumentlist.so"); in edit_params()
3315 load_llvm_pass(aflcc, "afl-llvm-dict2file.so"); in edit_params()
3322 load_llvm_pass(aflcc, "split-switches-pass.so"); in edit_params()
3329 load_llvm_pass(aflcc, "compare-transform-pass.so"); in edit_params()
3336 load_llvm_pass(aflcc, "split-compares-pass.so"); in edit_params()
3342 if (aflcc->cmplog_mode) { in edit_params()
3344 insert_param(aflcc, "-fno-inline"); in edit_params()
3346 load_llvm_pass(aflcc, "cmplog-switches-pass.so"); in edit_params()
3348 load_llvm_pass(aflcc, "split-switches-pass.so"); in edit_params()
3354 // use. insert_param(aflcc, "-flegacy-pass-manager"); in edit_params()
3357 if (aflcc->lto_mode) { in edit_params()
3359 insert_param(aflcc, aflcc->lto_flag); in edit_params()
3361 if (!aflcc->have_c) { in edit_params()
3370 if (aflcc->instrument_mode == INSTRUMENT_PCGUARD) { in edit_params()
3374 } else if (aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) { in edit_params()
3380 load_llvm_pass(aflcc, "afl-llvm-pass.so"); in edit_params()
3386 if (aflcc->cmplog_mode) { in edit_params()
3388 load_llvm_pass(aflcc, "cmplog-instructions-pass.so"); in edit_params()
3389 load_llvm_pass(aflcc, "cmplog-routines-pass.so"); in edit_params()
3398 load_llvm_pass(aflcc, "injection-pass.so"); in edit_params()
3402 // insert_param(aflcc, "-Qunused-arguments"); in edit_params()
3448 if (aflcc->debug) debugf_args(argc, argv); in main()
3452 if (aflcc->debug) in main()
3453 debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); in main()
3455 if (aflcc->passthrough) { in main()
3457 argv[0] = aflcc->cc_params[0]; in main()
3458 execvp(aflcc->cc_params[0], (char **)argv); in main()
3462 execvp(aflcc->cc_params[0], (char **)aflcc->cc_params); in main()
3466 FATAL("Oops, failed to execute '%s' - check your PATH", aflcc->cc_params[0]); in main()