Support transformations on intermediate LLVM code (.ll)

[vfoltsgt]

Is there a possibility to make custom changes to the generated .ll code and continue with the producing final binary? Specifically, I'm interested in applying AFL instrumentation. I tried to compile/link produced .ll with clang and got linker errors.
I looked at the source code and it seems like the original binary is used to merge .ll into the final binary (.ll alone cannot be used to produce the final binary). Could you please clarify how does this work or maybe point me to some documentation?

[pnwamk]

You are correct: the original binary is used to generate the final binary with the lifted .ll.

As a quick hack that might work, the combination of reopt's -O1 --opt=PATH flags will cause reopt to call PATH -O1 as a subprocess, to which it will write the generated LLVM over the process's STDIN (in binary mode) and then read back the result over the process's STDOUT.

Would using that with an appropriately chosen PATH allow you to perform the LLVM -> LLVM transformation you're aiming for?

[vfoltsgt]

Thanks for the suggestion. This might work if I can apply AFL instrumentation to .ll having .ll as an output. I'll experiment with this. So far I've been using afl-clang on .ll getting rewritten binary as a result but this approach won't work here.

[vfoltsgt]

Closing this issue: seems like afl-clang cannot produce transformed .ll as output and researching/modifying afl-clang is out of the scope.