'Why one of my global variables lost in llvm ir code and afl.pass.so.cc executed error?

I'm not native English, please ignore my grammar mistakes. I modified the source code of afl.llvm.so.cc of afl 2.57b.But I found one of the global variables lost. Here are my code of creating global variables:

 //Sensitive Function Pointer
  GlobalVariable *AFLMemFuncPtr =
      new GlobalVariable(M, PointerType::get(Int32Ty, 0), false,
                         GlobalVariable::ExternalLinkage, 0, "__afl_memfunc_ptr");

  //Memory Read and Write Pointer
  GlobalVariable *AFLMemReadWritePtr =
      new GlobalVariable(M, PointerType::get(Int32Ty, 0), false,
                         GlobalValue::ExternalLinkage, 0, "__afl_memreadwrite_ptr");
  /* Instrument all the things! */

    //Sub Function Call Pointer
  GlobalVariable *AFLCallPtr =
      new GlobalVariable(M, PointerType::get(Int32Ty, 0), false,
                         GlobalValue::ExternalLinkage, 0, "__afl_call_ptr");
                         
  GlobalVariable *AFLPrevLoc = new GlobalVariable(
      M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_loc",
      0, GlobalVariable::GeneralDynamicTLSModel, 0, false);

This is the code where I use CreateStore function:

if (mem_readwrite_cnt > 0) {

LoadInst *MemReadPtr = IRB.CreateLoad(AFLMemReadWritePtr);
MemReadPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None));
// Set MemPtr
Value *MemReadPtrIdx = IRB.CreateGEP(MemReadPtr, IRB.CreateXor(PrevLocCasted, CurLoc));

LoadInst *MemReadCount = IRB.CreateLoad(MemReadPtrIdx);
MemReadCount->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None));
// Add
Value *MemReadIncr = IRB.CreateAdd(MemReadCount, ConstantInt::get(Int32Ty, mem_readwrite_cnt));

StoreInst *tmpStoreInst = IRB.CreateStore(MemReadIncr, MemReadPtrIdx);
tmpStoreInst->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None));

} The other two pointers are used in the same way. Then, I use afl-clang-fast compile .c to .ll. Here are some code of the .ll file.

@__afl_area_ptr = external local_unnamed_addr global i8*
@__afl_memreadwrite_ptr = external local_unnamed_addr global i32*
@__afl_call_ptr = external local_unnamed_addr global i32*
@__afl_prev_loc = external thread_local local_unnamed_addr global i32

I don't know why __afl_memfunc_ptr is lost, and the test-instr compiled program executed failed with signal 11.

Can someone help me to solve the problem? Thanks.

c++llvmamerican-fuzzy-lop


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions