ph2ocwf5z
/
AFLplusplus
forked from p98n2ja4z/AFLplusplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

emmm

Browse Source
five
Five 1 month ago
parent cf9ee76aae e12b99bad1
commit e950591f61
4 changed files with 526 additions and 0 deletions
Show Stats Download Patch File Download Diff File

BIN
doc/李林轩_AFL源码分析_AFLanalyse.c.docx
View File

Binary file not shown.

180
src/AFLplusplus-stable/src/afl-as.c
Unescape View File

@ -91,6 +91,7 @@ static u8 use_64bit = 0;
to keep the code simple. */
static void edit_params(int argc, char **argv) {
<<<<<<< HEAD
u8 *tmp_dir = getenv("TMPDIR"), *afl_as = getenv("AFL_AS");
u32 i, input_index;
#ifdef __APPLE__
@ -126,10 +127,98 @@ static void edit_params(int argc, char **argv) {
}
#ifdef __APPLE__
if (!strcmp(argv[i], "-arch") && i + 1 < (u32)argc) {
=======
u8 *tmp_dir = getenv("TMPDIR"), *afl_as = getenv("AFL_AS");
u32 i, input_index;
#ifdef __APPLE__
u8 use_clang_as = 0;
/* On MacOS X, the Xcode cctool 'as' driver is a bit stale and does not work
with the code generated by newer versions of clang that are hand-built
by the user. See the thread here: https://goo.gl/HBWDtn.
To work around this, when using clang and running without AFL_AS
specified, we will actually call 'clang -c' instead of 'as -q' to
compile the assembly file.
The tools aren't cmdline-compatible, but at least for now, we can
seemingly get away with this by making only very minor tweaks. Thanks
to Nico Weber for the idea. */
if (clang_mode && !afl_as) {
use_clang_as = 1;
afl_as = getenv("AFL_CC");
if (!afl_as) afl_as = getenv("AFL_CXX");
if (!afl_as) afl_as = "clang";
}
#endif /* __APPLE__ */
/* Although this is not documented, GCC also uses TEMP and TMP when TMPDIR
is not set. We need to check these non-standard variables to properly
handle the pass_thru logic later on. */
if (!tmp_dir) { tmp_dir = getenv("TEMP"); }
if (!tmp_dir) { tmp_dir = getenv("TMP"); }
if (!tmp_dir) { tmp_dir = "/tmp"; }
as_params = ck_alloc((argc + 32) * sizeof(u8 *));
if (unlikely((INT_MAX - 32) < argc || !as_params)) {
FATAL("Too many parameters passed to as");
}
as_params[0] = afl_as ? afl_as : (u8 *)"as";
as_params[argc] = 0;
/* Find the input file. It's usually located near the end.
Assume there won't be any arguments referring to files after the input
file, e.g. as input.s -o output.o */
for (input_index = argc - 1; input_index > 0; input_index--) {
input_file = argv[input_index];
/* Clang may add debug arguments after the input file. */
if (strncmp(input_file, "-g", 2)) break;
}
if (input_index == 0)
FATAL("Could not find input file (not called through afl-gcc?)");
for (i = 1; (s32)i < argc; i++) {
if (i == input_index) continue;
if (!strcmp(argv[i], "--64")) {
use_64bit = 1;
} else if (!strcmp(argv[i], "--32")) {
use_64bit = 0;
}
#ifdef __APPLE__
/* The Apple case is a bit different... */
if (!strcmp(argv[i], "-arch") && i + 1 < (u32)argc) {
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
if (!strcmp(argv[i + 1], "x86_64"))
use_64bit = 1;
else if (!strcmp(argv[i + 1], "i386"))
FATAL("Sorry, 32-bit Apple platforms are not supported.");
<<<<<<< HEAD
}
if (clang_mode && (!strcmp(argv[i], "-q") || !strcmp(argv[i], "-Q")))
continue;
@ -155,17 +244,93 @@ static void edit_params(int argc, char **argv) {
input_file = NULL;
}
} else {
=======
}
/* Strip options that set the preference for a particular upstream
assembler in Xcode. */
if (clang_mode && (!strcmp(argv[i], "-q") || !strcmp(argv[i], "-Q")))
continue;
#endif /* __APPLE__ */
as_params[as_par_cnt++] = argv[i];
}
#ifdef __APPLE__
/* When calling clang as the upstream assembler, append -c -x assembler
and hope for the best. */
if (use_clang_as) {
as_params[as_par_cnt++] = "-c";
as_params[as_par_cnt++] = "-x";
as_params[as_par_cnt++] = "assembler";
}
#endif /* __APPLE__ */
if (input_file[0] == '-') {
if (!strcmp(input_file + 1, "-version")) {
just_version = 1;
modified_file = input_file;
goto wrap_things_up;
}
if (input_file[1]) {
FATAL("Incorrect use (not called through afl-gcc?)");
} else {
input_file = NULL;
}
} else {
/* Check if this looks like a standard invocation as a part of an attempt
to compile a program, rather than using gcc on an ad-hoc .s file in
a format we may not understand. This works around an issue compiling
NSS. */
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
if (strncmp(input_file, tmp_dir, strlen(tmp_dir)) &&
strncmp(input_file, "/var/tmp/", 9) &&
strncmp(input_file, "/tmp/", 5) &&
getenv("AFL_AS_FORCE_INSTRUMENT") == NULL) {
<<<<<<< HEAD
pass_thru = 1;
} else if (getenv("AFL_AS_FORCE_INSTRUMENT")) {
unsetenv("AFL_AS_FORCE_INSTRUMENT");
}
}
modified_file = alloc_printf("%s/.afl-%u-%u-%u.s", tmp_dir, (u32)getpid(),
(u32)time(NULL), (u32)random());
=======
pass_thru = 1;
} else if (getenv("AFL_AS_FORCE_INSTRUMENT")) {
unsetenv("AFL_AS_FORCE_INSTRUMENT");
}
}
modified_file = alloc_printf("%s/.afl-%u-%u-%u.s", tmp_dir, (u32)getpid(),
(u32)time(NULL), (u32)random());
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
wrap_things_up:
as_params[as_par_cnt++] = modified_file;
@ -189,7 +354,13 @@ static void add_instrumentation(void) {
skip_app = 0, instrument_next = 0;
#ifdef __APPLE__
<<<<<<< HEAD
u8 *colon_pos;
=======
u8 *colon_pos;
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
#endif /* __APPLE__ */
if (input_file) {
@ -212,6 +383,15 @@ static void add_instrumentation(void) {
if (!outf) { PFATAL("fdopen() failed"); }
while (fgets(line, MAX_LINE, inf)) {
<<<<<<< HEAD
=======
/* In some cases, we want to defer writing the instrumentation trampoline
until after all the labels, macros, comments, etc. If we're in this
mode, and if the line starts with a tab followed by a character, dump
the trampoline now. */
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
if (!pass_thru && !skip_intel && !skip_app && !skip_csect && instr_ok &&
instrument_next && line[0] == '\t' && isalpha(line[1])) {

319
src/AFLplusplus-stable/src/afl-cc.c
Unescape View File

@ -1895,6 +1895,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
these have_*, otherwise they may not work as expected.
*/
void add_sanitizers(aflcc_state_t *aflcc, char **envp) {
<<<<<<< HEAD
if (getenv("AFL_USE_ASAN") || aflcc->have_asan) {
if (getenv("AFL_USE_MSAN") || aflcc->have_msan)
FATAL("ASAN and MSAN are mutually exclusive");
@ -1963,6 +1964,127 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) {
aflcc->have_cfisan = 1;
}
}
=======
if (getenv("AFL_USE_ASAN") || aflcc->have_asan) {
if (getenv("AFL_USE_MSAN") || aflcc->have_msan)
FATAL("ASAN and MSAN are mutually exclusive");
if (getenv("AFL_HARDEN"))
FATAL("ASAN and AFL_HARDEN are mutually exclusive");
if (aflcc->compiler_mode == GCC_PLUGIN && !aflcc->have_staticasan) {
insert_param(aflcc, "-static-libasan");
}
add_defs_fortify(aflcc, 0);
if (!aflcc->have_asan) {
insert_param(aflcc, "-fsanitize=address");
insert_param(aflcc, "-fno-common");
}
aflcc->have_asan = 1;
} else if (getenv("AFL_USE_MSAN") || aflcc->have_msan) {
if (getenv("AFL_USE_ASAN") || aflcc->have_asan)
FATAL("ASAN and MSAN are mutually exclusive");
if (getenv("AFL_HARDEN"))
FATAL("MSAN and AFL_HARDEN are mutually exclusive");
add_defs_fortify(aflcc, 0);
if (!aflcc->have_msan) { insert_param(aflcc, "-fsanitize=memory"); }
aflcc->have_msan = 1;
}
if (getenv("AFL_USE_UBSAN") || aflcc->have_ubsan) {
if (!aflcc->have_ubsan) {
insert_param(aflcc, "-fsanitize=undefined");
insert_param(aflcc, "-fsanitize-undefined-trap-on-error");
insert_param(aflcc, "-fno-sanitize-recover=all");
}
if (!aflcc->have_fp) {
insert_param(aflcc, "-fno-omit-frame-pointer");
aflcc->have_fp = 1;
}
aflcc->have_ubsan = 1;
}
if (getenv("AFL_USE_TSAN") || aflcc->have_tsan) {
if (!aflcc->have_fp) {
insert_param(aflcc, "-fno-omit-frame-pointer");
aflcc->have_fp = 1;
}
if (!aflcc->have_tsan) { insert_param(aflcc, "-fsanitize=thread"); }
aflcc->have_tsan = 1;
}
if (getenv("AFL_USE_LSAN") && !aflcc->have_lsan) {
insert_param(aflcc, "-fsanitize=leak");
add_defs_lsan_ctrl(aflcc);
aflcc->have_lsan = 1;
}
if (getenv("AFL_USE_CFISAN") || aflcc->have_cfisan) {
if (aflcc->compiler_mode == GCC_PLUGIN || aflcc->compiler_mode == GCC) {
if (!aflcc->have_fcf) { insert_param(aflcc, "-fcf-protection=full"); }
} else {
if (!aflcc->lto_mode && !aflcc->have_flto) {
uint32_t i = 0, found = 0;
while (envp[i] != NULL && !found) {
if (strncmp("-flto", envp[i++], 5) == 0) found = 1;
}
if (!found) { insert_param(aflcc, "-flto"); }
aflcc->have_flto = 1;
}
if (!aflcc->have_cfisan) { insert_param(aflcc, "-fsanitize=cfi"); }
if (!aflcc->have_hidden) {
insert_param(aflcc, "-fvisibility=hidden");
aflcc->have_hidden = 1;
}
aflcc->have_cfisan = 1;
}
}
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
}
/* Add params to enable LLVM SanCov, the native PCGUARD */
@ -3031,6 +3153,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) {
static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc,
char **argv) {
<<<<<<< HEAD
u8 skip_next = 0;
while (--argc) {
u8 *cur = *(++argv);
@ -3067,12 +3190,106 @@ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc,
char *arg_buf = NULL;
u64 arg_len = 0;
enum fsm_state {
=======
// for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]);
/* Process the argument list. */
u8 skip_next = 0;
while (--argc) {
u8 *cur = *(++argv);
if (skip_next > 0) {
skip_next--;
continue;
}
if (PARAM_MISS != parse_misc_params(aflcc, cur, scan)) continue;
if (PARAM_MISS != parse_fsanitize(aflcc, cur, scan)) continue;
if (PARAM_MISS != parse_linking_params(aflcc, cur, scan, &skip_next, argv))
continue;
/* Response file support -----BEGIN-----
We have two choices - move everything to the command line or
rewrite the response files to temporary files and delete them
afterwards. We choose the first for easiness.
For clang, llvm::cl::ExpandResponseFiles does this, however it
only has C++ interface. And for gcc there is expandargv in libiberty,
written in C, but we can't simply copy-paste since its LGPL licensed.
So here we use an equivalent FSM as alternative, and try to be compatible
with the two above. See:
- https://gcc.gnu.org/onlinedocs/gcc/Overall-Options.html
- driver::expand_at_files in gcc.git/gcc/gcc.c
- expandargv in gcc.git/libiberty/argv.c
- llvm-project.git/clang/tools/driver/driver.cpp
- ExpandResponseFiles in
llvm-project.git/llvm/lib/Support/CommandLine.cpp
*/
if (*cur == '@') {
u8 *filename = cur + 1;
if (aflcc->debug) { DEBUGF("response file=%s\n", filename); }
// Check not found or empty? let the compiler complain if so.
FILE *f = fopen(filename, "r");
if (!f) {
if (!scan) insert_param(aflcc, cur);
continue;
}
struct stat st;
if (fstat(fileno(f), &st) || !S_ISREG(st.st_mode) || st.st_size < 1) {
fclose(f);
if (!scan) insert_param(aflcc, cur);
continue;
}
// Limit the number of response files, the max value
// just keep consistent with expandargv. Only do this in
// scan mode, and not touch rsp_count anymore in the next.
static u32 rsp_count = 2000;
if (scan) {
if (rsp_count == 0) FATAL("Too many response files provided!");
--rsp_count;
}
// argc, argv acquired from this rsp file. Note that
// process_params ignores argv[0], we need to put a const "" here.
u32 argc_read = 1;
char **argv_read = ck_alloc(sizeof(char *));
argv_read[0] = "";
char *arg_buf = NULL;
u64 arg_len = 0;
enum fsm_state {
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
fsm_whitespace, // whitespace seen so far
fsm_double_quote, // have unpaired double quote
fsm_single_quote, // have unpaired single quote
fsm_backslash, // a backslash is seen with no unpaired quote
fsm_normal // a normal char is seen
<<<<<<< HEAD
};
=======
};
// Workaround to append c to arg buffer, and append the buffer to argv
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
#define ARG_ALLOC(c) \
do { \
\
@ -3255,6 +3472,7 @@ static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc,
/* Process each of the existing argv, also add a few new args. */
static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv,
char **envp) {
<<<<<<< HEAD
add_real_argv0(aflcc);
if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC) {
insert_param(aflcc, "-Wno-unused-command-line-argument");
@ -3301,6 +3519,107 @@ static void edit_params(aflcc_state_t *aflcc, u32 argc, char **argv,
load_llvm_pass(aflcc, "afl-llvm-pass.so");
}
}
=======
add_real_argv0(aflcc);
// prevent unnecessary build errors
if (aflcc->compiler_mode != GCC_PLUGIN && aflcc->compiler_mode != GCC) {
insert_param(aflcc, "-Wno-unused-command-line-argument");
}
if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == CLANG) {
add_assembler(aflcc);
}
if (aflcc->compiler_mode == GCC_PLUGIN) { add_gcc_plugin(aflcc); }
if (aflcc->compiler_mode == LLVM || aflcc->compiler_mode == LTO) {
if (aflcc->lto_mode && aflcc->have_instr_env) {
load_llvm_pass(aflcc, "afl-llvm-lto-instrumentlist.so");
}
if (getenv("AFL_LLVM_DICT2FILE")) {
load_llvm_pass(aflcc, "afl-llvm-dict2file.so");
}
// laf
if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) {
load_llvm_pass(aflcc, "split-switches-pass.so");
}
if (getenv("LAF_TRANSFORM_COMPARES") ||
getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) {
load_llvm_pass(aflcc, "compare-transform-pass.so");
}
if (getenv("LAF_SPLIT_COMPARES") || getenv("AFL_LLVM_LAF_SPLIT_COMPARES") ||
getenv("AFL_LLVM_LAF_SPLIT_FLOATS")) {
load_llvm_pass(aflcc, "split-compares-pass.so");
}
// /laf
if (aflcc->cmplog_mode) {
insert_param(aflcc, "-fno-inline");
load_llvm_pass(aflcc, "cmplog-switches-pass.so");
// reuse split switches from laf
load_llvm_pass(aflcc, "split-switches-pass.so");
}
// #if LLVM_MAJOR >= 13
// // Use the old pass manager in LLVM 14 which the AFL++ passes still
// use. insert_param(aflcc, "-flegacy-pass-manager");
// #endif
if (aflcc->lto_mode) {
insert_param(aflcc, aflcc->lto_flag);
if (!aflcc->have_c) {
add_lto_linker(aflcc);
add_lto_passes(aflcc);
}
} else {
if (aflcc->instrument_mode == INSTRUMENT_PCGUARD) {
add_optimized_pcguard(aflcc);
} else if (aflcc->instrument_mode == INSTRUMENT_LLVMNATIVE) {
add_native_pcguard(aflcc);
} else {
load_llvm_pass(aflcc, "afl-llvm-pass.so");
}
}
>>>>>>> e12b99bad19de97a02e9fe14b9b2c048338b2ab7
if (aflcc->cmplog_mode) {
load_llvm_pass(aflcc, "cmplog-instructions-pass.so");

27
新建 文本文档.txt
Unescape View File

@ -0,0 +1,27 @@
《汲取历史智慧,推动改革前行——从“党史六对”看全面深化改革》
在中国革命和建设的宏伟画卷中,“党史六对”如同六颗璀璨的星辰,照亮了我们前行的道路。这些对谈不仅是历史的见证,更是党的思想路线和工作方法的生动体现。本文将从“党史六对”中汲取智慧,探讨其对当前全面深化改革的启示和动力。
**一、历史智慧的现代启示**
“党史六对”中蕴含的历史智慧,为我们今天的改革提供了宝贵的启示。从“荷树对”的开阔视野,到“枣园对”的实事求是,再到“窑洞对”的自身过硬,每一个故事都强调了改革者应有的素质和态度。
1. **开阔视野,拥抱改革**:“荷树对”教导我们,改革者需要有开阔的视野,能够放眼世界,吸收国际先进经验,同时坚持自主创新,确保改革措施既符合国际潮流,又具有中国特色。
2. **实事求是,指导改革**:“枣园对”中,实事求是的原则被反复强调。这一原则至今仍是我们推进改革的指导思想。改革必须基于实际情况,解决实际问题,坚持以人民为中心,确保改革措施切实有效。
3. **自身过硬,勇于担当**:“窑洞对”和“赶考对”都强调了党的领导和党员干部的模范带头作用。在改革中,党的领导是关键,党必须加强自身建设,提高执政能力和领导水平,确保改革的正确方向。同时,党员干部要发挥模范带头作用,以身作则,引领改革。
**二、现实问题的启示**
在全面深化改革的过程中,我们必须保持警惕,防范各种风险。这包括经济风险、社会风险和政治风险。我们要建立健全风险防控机制,确保改革的稳健推进。同时,我们必须坚持党的领导,加强党的建设,提高党的执政能力和领导水平,确保改革的正确方向。
**三、贯通百年奋斗历程的全面论述**
“党史六对”不仅是历史的回顾,更是对未来的启迪。它们为我们提供了全面深化改革的智慧和动力,指引我们在新时代的征程中不断前进。让我们从这些宝贵的历史经验中汲取力量,以更加坚定的步伐,推动中国式现代化,实现中华民族的伟大复兴。
在党的百年奋斗历程中,每一次重大的历史转折都伴随着思想的交锋和理论的创新。从新民主主义革命到社会主义革命,从改革开放到新时代的全面深化改革,每一次改革都是对党的理论和实践的深刻反思和总结。
今天,我们面临着新的挑战和考验。全面深化改革是一场深刻的社会变革,需要我们勇于担当,敢于碰硬,不断推动改革向前发展。我们必须坚持党的领导,加强党的建设,提高党的执政能力和领导水平,确保改革的正确方向。同时,我们必须坚持问题导向,以人民为中心,确保改革措施切实有效,符合人民群众的利益和期待。
我们从“党史六对”中汲取智慧,以更加坚定的步伐,推动中国式现代化,实现中华民族的伟大复兴。在新时代的征程中,让我们继续发扬党的优良传统,为实现党的目标而努力,为全面建设社会主义现代化国家而奋斗。
Write Preview
Loading…
Cancel
Save