# # american fuzzy lop - LLVM instrumentation # ----------------------------------------- # # Written by Laszlo Szekeres <lszekeres@google.com> and # Michal Zalewski <lcamtuf@google.com> # # LLVM integration design comes from Laszlo Szekeres. # # Copyright 2015, 2016 Google LLC All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # PREFIX ?= /usr/local HELPER_PATH = $(PREFIX)/lib/afl BIN_PATH = $(PREFIX)/bin VERSION = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2) LLVM_CONFIG ?= llvm-config CFLAGS ?= -O0 -funroll-loops CFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign \ -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \ -DVERSION=\"$(VERSION)\" ifdef AFL_TRACE_PC CFLAGS += -DUSE_TRACE_PC=1 endif CXXFLAGS ?= -O0 -funroll-loops CXXFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign \ -DVERSION=\"$(VERSION)\" -Wno-variadic-macros # Mark nodelete to work around unload bug in upstream LLVM 5.0+ CLANG_CFL = `$(LLVM_CONFIG) --cxxflags` -Wl,-znodelete -fno-rtti -fpic $(CXXFLAGS) CLANG_LFL = `$(LLVM_CONFIG) --ldflags` $(LDFLAGS) # User teor2345 reports that this is required to make things work on MacOS X. ifeq "$(shell uname)" "Darwin" CLANG_LFL += -Wl,-flat_namespace -Wl,-undefined,suppress endif # We were using llvm-config --bindir to get the location of clang, but # this seems to be busted on some distros, so using the one in $PATH is # probably better. ifeq "$(origin CC)" "default" CC = clang CXX = clang++ endif ifndef AFL_TRACE_PC PROGS = ../afl-clang-fast ../afl-llvm-pass.so ../afl-llvm-rt.o ../afl-llvm-rt-32.o ../afl-llvm-rt-64.o ../afl-llvm-rt-state-tracer.o ../afl-llvm-rt-state-tracer.o.cpp.o #../sock2shm_utils.o else PROGS = ../afl-clang-fast ../afl-llvm-rt.o ../afl-llvm-rt-32.o ../afl-llvm-rt-64.o ../afl-llvm-rt-state-tracer.o ../afl-llvm-rt-state-tracer.o.cpp.o #../sock2shm_utils.o endif CONTAINERS = ./containers.a TLSH = ./libtlsh.a MVPTREE = ./libmvptree.a STDCXX = $(shell find /usr/lib -name "libstdc++.a" | grep x86_64 | grep -v 32 | head -n 1) PTHREAD = $(shell find /usr/lib -name "libpthread.a" | grep x86_64 | grep -v 32 | head -n 1) all: test_deps $(PROGS) test_build all_done obj_section_rename test_deps: ifndef AFL_TRACE_PC @echo "[*] Checking for working 'llvm-config'..." @which $(LLVM_CONFIG) >/dev/null 2>&1 || ( echo "[-] Oops, can't find 'llvm-config'. Install clang or set \$$LLVM_CONFIG or \$$PATH beforehand."; echo " (Sometimes, the binary will be named llvm-config-3.5 or something like that.)"; exit 1 ) else @echo "[!] Note: using -fsanitize=trace-pc mode (this will fail with older LLVM)." endif @echo "[*] Checking for working '$(CC)'..." @which $(CC) >/dev/null 2>&1 || ( echo "[-] Oops, can't find '$(CC)'. Make sure that it's in your \$$PATH (or set \$$CC and \$$CXX)."; exit 1 ) @echo "[*] Checking for '../afl-showmap'..." @test -f ../afl-showmap || ( echo "[-] Oops, can't find '../afl-showmap'. Be sure to compile AFL first."; exit 1 ) @echo "[+] All set and ready to build." ../afl-clang-fast: afl-clang-fast.c | test_deps $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS) ln -sf afl-clang-fast ../afl-clang-fast++ ../afl-llvm-pass.so: afl-llvm-pass.so.cc | test_deps $(CXX) $(CLANG_CFL) -shared $< -o $@ $(CLANG_LFL) $(CONTAINERS): cd Containers && \ make static_clang && \ cp containers.a .. $(MVPTREE): cd mvptree && \ make && \ cp libmvptree.a .. $(TLSH): cd tlsh && \ mkdir -p build && \ cd build && \ cmake .. && \ make && \ cp ../lib/libtlsh.a ../.. ../afl-llvm-rt-state-tracer.o: afl-llvm-rt-state-tracer.o.c $(CONTAINERS) $(TLSH) $(MVPTREE) $(CC) $(CFLAGS) -fPIC -c $< -o $@.tmp.o ld -r -o $@ $@.tmp.o $(CONTAINERS) mv $@ $@.tmp.o ld -r -o $@ $@.tmp.o $(TLSH) mv $@ $@.tmp.o ld -r -o $@ $@.tmp.o $(MVPTREE) cp $@ $@.cpp.o mv $@ $@.tmp.o ld -r -o $@ $@.tmp.o $(STDCXX) rm $@.tmp.o # ../afl-llvm-rt-purity-check.o: afl-llvm-rt-purity-check.o.c ../sock2shm_utils.o # $(CC) $(CFLAGS) -fPIC -c $< -o $@.tmp.o # ld -r -o $@ $@.tmp.o ../sock2shm_utils.o $(CONTAINERS) $(PTHREAD) # cp $@ $@.cpp.o # mv $@ $@.tmp.o # ld -r -o $@ $@.tmp.o $(STDCXX) # rm $@.tmp.o # ../sock2shm_utils.o: ../sock2shm_utils.c # $(CC) $(CFLAGS) -fPIC -c $< -o $@ ../afl-llvm-rt.o: afl-llvm-rt.o.c | test_deps $(CC) $(CFLAGS) -fPIC -c $< -o $@ ../afl-llvm-rt-32.o: afl-llvm-rt.o.c | test_deps @printf "[*] Building 32-bit variant of the runtime (-m32)... " @$(CC) $(CFLAGS) -m32 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; else echo "failed (that's fine)"; fi ../afl-llvm-rt-64.o: afl-llvm-rt.o.c | test_deps @printf "[*] Building 64-bit variant of the runtime (-m64)... " @$(CC) $(CFLAGS) -m64 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; else echo "failed (that's fine)"; fi obj_section_rename: for OBJ_FILE in ../afl-llvm-rt*.o ; do \ objcopy --rename-section .data=.tracer_data $${OBJ_FILE}; \ objcopy --rename-section .bss=.tracer_bss $${OBJ_FILE}; \ done test_build: $(PROGS) @echo "[*] Testing the CC wrapper and instrumentation output..." unset AFL_USE_ASAN AFL_USE_MSAN AFL_INST_RATIO; AFL_QUIET=1 AFL_PATH=. AFL_CC=$(CC) ../afl-clang-fast $(CFLAGS) ../test-instr.c -o test-instr $(LDFLAGS) # Use /dev/null to avoid problems with optimization messing up expected # branches. See https://github.com/google/AFL/issues/30. ../afl-showmap -m none -q -o .test-instr0 ./test-instr < /dev/null echo 1 | ../afl-showmap -m none -q -o .test-instr1 ./test-instr @rm -f test-instr @cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation does not seem to be behaving correctly!"; echo; echo "Please ping <lcamtuf@google.com> to troubleshoot the issue."; echo; exit 1; fi @echo "[+] All right, the instrumentation seems to be working!" all_done: test_build @echo "[+] All done! You can now use '../afl-clang-fast' to compile programs." .NOTPARALLEL: clean clean: rm -f *.o *.so *~ a.out core core.[1-9][0-9]* test-instr .test-instr0 .test-instr1 rm -f $(PROGS) ../afl-clang-fast++