forked from fuzztruction/fuzztruction
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathfuzztruction-source-clang-fast.c
209 lines (168 loc) · 5.19 KB
/
fuzztruction-source-clang-fast.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
/*
This is a wrapper for clang that allows to build targets with our custom compiler
pass.
*/
#define _GNU_SOURCE
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <libgen.h>
#include <string.h>
#include <stdbool.h>
#include <stdint.h>
#include "debug.h"
#include <assert.h>
#include <llvm/Config/llvm-config.h>
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef uint64_t u64;
typedef struct {
bool is_cxx;
bool is_64bit;
bool x_set;
bool o_set;
} arg_settings_t;
typedef struct {
char const **argv;
int argc;
} args_t;
const char* PASS_SO_NAME = "fuzztruction-source-llvm-pass.so";
char *pass_path;
void find_pass()
{
char *guess;
char *cwd;
cwd = getcwd(NULL, 0);
if (!cwd) {
PFATAL("Failed to get CWD");
}
/* Test if we find it in the cwd */
if (asprintf(&guess, "%s/%s", cwd, PASS_SO_NAME) < 0) {
free(cwd);
PFATAL("Failed to allocate");
}
if (!access(guess, R_OK))
pass_path = guess;
free(cwd);
if (!pass_path) {
free(pass_path);
pass_path = NULL;
} else {
goto done;
}
// FIXME: this path should not be absolute.
if (asprintf(&guess, "/home/user/fuzztruction/generator/pass/%s", PASS_SO_NAME) < 0) {
PFATAL("Failed to allocate");
}
if (!access(guess, R_OK))
pass_path = guess;
done:
if (!pass_path) {
free(pass_path);
FATAL("Failed to find %s\n", PASS_SO_NAME);
}
}
arg_settings_t* parse_argv(char const *argv[], int argc) {
arg_settings_t* self = malloc(sizeof(*self));
if (!self)
PFATAL("Error during malloc");
memset(self, 0x00, sizeof(*self));
char* argv0 = strdup(argv[0]);
if (!argv0)
PFATAL("Error durring alloc");
/* name points into argv0 */
char* name = basename(argv0);
if(!strcmp(name, "fuzztruction-source-clang-fast++")) {
//printf("#fuzztruction-source-clang-fast++ was called\n");
self->is_cxx = true;
}
free(argv0);
while(argc--) {
const char* cur = *(argv++);
if (!strcmp(cur, "-m32"))
self->is_64bit = false;
if (!strcmp(cur, "-m64"))
self->is_64bit = true;
if (!strcmp(cur, "-x"))
self->x_set = true;
if (!strcmp(cur, "-o"))
self->o_set = true;
}
return self;
}
args_t* rewrite_argv(const char *argv[], int argc, arg_settings_t* arg_settings) {
const int max_args = argc + 64;
args_t* self = malloc(sizeof(*self));
self->argc = 0;
self->argv = malloc(sizeof(*self->argv) * max_args);
/* Inject/Replace arguments */
self->argv[self->argc++] = arg_settings->is_cxx ? "clang++" : "clang";
// Ignore unkown args
self->argv[self->argc++] = "-Qunused-arguments";
// Make sure llvm does not use builtins, since we want to
// replace all calls with out custom instrumented implementations.
// self->argv[self->argc++] = "-fno-builtin-memcpy";
// self->argv[self->argc++] = "-fno-builtin-memmove";
//self->argv[self->argc++] = "-fno-slp-vectorize";
//self->argv[self->argc++] = "-fno-vectorize";
//self->argv[self->argc++] = "-mno-sse2";
//self->argv[self->argc++] = "-mno-avx";
#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */
#if LLVM_VERSION_MAJOR < 16
self->argv[self->argc++] = "-fexperimental-new-pass-manager";
#endif
char *pass_plugin_flag;
if (asprintf(&pass_plugin_flag, "-fpass-plugin=%s", pass_path) < 0) {
PFATAL("Failed to allocate");
}
self->argv[self->argc++] = pass_plugin_flag;
#else
#error "Unsupported LLVM version"
#endif
/* Process initially passed arguments and potentially drop some of these */
const char** current = &argv[1];
while(*current) {
if (!strcmp(*current, "-Wl,-z,defs") || !strcmp(*current, "-Wl,--no-undefined")) {
current++;
continue;
}
self->argv[self->argc++] = *current;
current++;
}
// Link against our agent that is called by a call our pass injected into main().
self->argv[self->argc++] = "-L/home/user/fuzztruction/target/debug";
self->argv[self->argc++] = "-lgenerator_agent";
self->argv[self->argc++] = "-DNDEBUG";
// Enable debug output.
//self->argv[self->argc++] = "-v";
self->argv[self->argc] = NULL;
return self;
}
int main(int argc, char const *argv[])
{
arg_settings_t* arg_settings;
args_t* new_args;
if (argc < 2) {
FATAL("Not enough arguments");
}
/*
Get the path to the runtime object file and the pass library.
Sets pass_path.
*/
find_pass();
/* Parse the flags intended for clang and deduce information we might need */
arg_settings = parse_argv(argv, argc);
new_args = rewrite_argv(argv, argc, arg_settings);
free(arg_settings);
// printf("rewritten call:\n");
// printf("#argc=%d\n", new_args->argc);
// for (int i = 0; i < new_args->argc; i++) {
// printf("#[%d]=%s\n", i, new_args->argv[i]);
// }
// fflush(NULL);
execvp(new_args->argv[0], (char**)new_args->argv);
PFATAL("Failed to execute %s\n", new_args->argv[0]);
return 0;
}