From 523a54e9e96126edc376f0cfeee4042599d00923 Mon Sep 17 00:00:00 2001 From: toka Date: Wed, 21 Feb 2024 19:32:41 +0100 Subject: [PATCH 01/24] adding fuzzers --- .../libafl_ctx_large_map/builder.Dockerfile | 54 ++++++++++++++ fuzzers/libafl_ctx_large_map/description.md | 11 +++ fuzzers/libafl_ctx_large_map/fuzzer.py | 71 +++++++++++++++++++ .../libafl_ctx_large_map/runner.Dockerfile | 25 +++++++ .../libafl_ctx_small_map/builder.Dockerfile | 54 ++++++++++++++ fuzzers/libafl_ctx_small_map/description.md | 11 +++ fuzzers/libafl_ctx_small_map/fuzzer.py | 71 +++++++++++++++++++ .../libafl_ctx_small_map/runner.Dockerfile | 25 +++++++ .../libafl_ngram_large_map/builder.Dockerfile | 54 ++++++++++++++ fuzzers/libafl_ngram_large_map/description.md | 11 +++ fuzzers/libafl_ngram_large_map/fuzzer.py | 71 +++++++++++++++++++ .../libafl_ngram_large_map/runner.Dockerfile | 25 +++++++ .../libafl_ngram_small_map/builder.Dockerfile | 54 ++++++++++++++ fuzzers/libafl_ngram_small_map/description.md | 11 +++ fuzzers/libafl_ngram_small_map/fuzzer.py | 71 +++++++++++++++++++ .../libafl_ngram_small_map/runner.Dockerfile | 25 +++++++ 16 files changed, 644 insertions(+) create mode 100644 fuzzers/libafl_ctx_large_map/builder.Dockerfile create mode 100644 fuzzers/libafl_ctx_large_map/description.md create mode 100755 fuzzers/libafl_ctx_large_map/fuzzer.py create mode 100644 fuzzers/libafl_ctx_large_map/runner.Dockerfile create mode 100644 fuzzers/libafl_ctx_small_map/builder.Dockerfile create mode 100644 fuzzers/libafl_ctx_small_map/description.md create mode 100755 fuzzers/libafl_ctx_small_map/fuzzer.py create mode 100644 fuzzers/libafl_ctx_small_map/runner.Dockerfile create mode 100644 fuzzers/libafl_ngram_large_map/builder.Dockerfile create mode 100644 fuzzers/libafl_ngram_large_map/description.md create mode 100755 fuzzers/libafl_ngram_large_map/fuzzer.py create mode 100644 fuzzers/libafl_ngram_large_map/runner.Dockerfile create mode 100644 fuzzers/libafl_ngram_small_map/builder.Dockerfile create mode 100644 fuzzers/libafl_ngram_small_map/description.md create mode 100755 fuzzers/libafl_ngram_small_map/fuzzer.py create mode 100644 fuzzers/libafl_ngram_small_map/runner.Dockerfile diff --git a/fuzzers/libafl_ctx_large_map/builder.Dockerfile b/fuzzers/libafl_ctx_large_map/builder.Dockerfile new file mode 100644 index 000000000..12d7d27f4 --- /dev/null +++ b/fuzzers/libafl_ctx_large_map/builder.Dockerfile @@ -0,0 +1,54 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 \ + cargo && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl + +# Checkout a current commit +RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +# Note that due a nightly bug it is currently fixed to a known version on top! + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + cd ./fuzzers/fuzzbench_ctx && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl/fuzzers/fuzzbench_ctx && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_large_map/description.md b/fuzzers/libafl_ctx_large_map/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_ctx_large_map/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ctx_large_map/fuzzer.py b/fuzzers/libafl_ctx_large_map/fuzzer.py new file mode 100755 index 000000000..cfd2a64d7 --- /dev/null +++ b/fuzzers/libafl_ctx_large_map/fuzzer.py @@ -0,0 +1,71 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ[ + 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + os.environ[ + 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + fuzzer_env = os.environ.copy() + fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + print(command) + subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_large_map/runner.Dockerfile b/fuzzers/libafl_ctx_large_map/runner.Dockerfile new file mode 100644 index 000000000..f0c5eb6cc --- /dev/null +++ b/fuzzers/libafl_ctx_large_map/runner.Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +RUN apt install libjemalloc2 + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ctx_small_map/builder.Dockerfile b/fuzzers/libafl_ctx_small_map/builder.Dockerfile new file mode 100644 index 000000000..df6064b96 --- /dev/null +++ b/fuzzers/libafl_ctx_small_map/builder.Dockerfile @@ -0,0 +1,54 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 \ + cargo && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl + +# Checkout a current commit +RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +# Note that due a nightly bug it is currently fixed to a known version on top! + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ + export LIBAFL_EDGES_MAP_SIZE=262144 && \ + cd ./fuzzers/fuzzbench_ctx && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl/fuzzers/fuzzbench_ctx && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_small_map/description.md b/fuzzers/libafl_ctx_small_map/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_ctx_small_map/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ctx_small_map/fuzzer.py b/fuzzers/libafl_ctx_small_map/fuzzer.py new file mode 100755 index 000000000..cfd2a64d7 --- /dev/null +++ b/fuzzers/libafl_ctx_small_map/fuzzer.py @@ -0,0 +1,71 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ[ + 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + os.environ[ + 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + fuzzer_env = os.environ.copy() + fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + print(command) + subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_small_map/runner.Dockerfile b/fuzzers/libafl_ctx_small_map/runner.Dockerfile new file mode 100644 index 000000000..f0c5eb6cc --- /dev/null +++ b/fuzzers/libafl_ctx_small_map/runner.Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +RUN apt install libjemalloc2 + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ngram_large_map/builder.Dockerfile b/fuzzers/libafl_ngram_large_map/builder.Dockerfile new file mode 100644 index 000000000..9793a12bc --- /dev/null +++ b/fuzzers/libafl_ngram_large_map/builder.Dockerfile @@ -0,0 +1,54 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 \ + cargo && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl + +# Checkout a current commit +RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +# Note that due a nightly bug it is currently fixed to a known version on top! + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + cd ./fuzzers/fuzzbench && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl/fuzzers/fuzzbench_ngram && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_large_map/description.md b/fuzzers/libafl_ngram_large_map/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_ngram_large_map/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ngram_large_map/fuzzer.py b/fuzzers/libafl_ngram_large_map/fuzzer.py new file mode 100755 index 000000000..cfd2a64d7 --- /dev/null +++ b/fuzzers/libafl_ngram_large_map/fuzzer.py @@ -0,0 +1,71 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ[ + 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + os.environ[ + 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + fuzzer_env = os.environ.copy() + fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + print(command) + subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_large_map/runner.Dockerfile b/fuzzers/libafl_ngram_large_map/runner.Dockerfile new file mode 100644 index 000000000..f0c5eb6cc --- /dev/null +++ b/fuzzers/libafl_ngram_large_map/runner.Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +RUN apt install libjemalloc2 + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ngram_small_map/builder.Dockerfile b/fuzzers/libafl_ngram_small_map/builder.Dockerfile new file mode 100644 index 000000000..a6d141a8a --- /dev/null +++ b/fuzzers/libafl_ngram_small_map/builder.Dockerfile @@ -0,0 +1,54 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 \ + cargo && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl + +# Checkout a current commit +RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +# Note that due a nightly bug it is currently fixed to a known version on top! + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ + export LIBAFL_EDGES_MAP_SIZE=262144 && \ + cd ./fuzzers/fuzzbench_ngram && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl/fuzzers/fuzzbench_ngram && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_small_map/description.md b/fuzzers/libafl_ngram_small_map/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_ngram_small_map/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ngram_small_map/fuzzer.py b/fuzzers/libafl_ngram_small_map/fuzzer.py new file mode 100755 index 000000000..cfd2a64d7 --- /dev/null +++ b/fuzzers/libafl_ngram_small_map/fuzzer.py @@ -0,0 +1,71 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ[ + 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + os.environ[ + 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + fuzzer_env = os.environ.copy() + fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + print(command) + subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_small_map/runner.Dockerfile b/fuzzers/libafl_ngram_small_map/runner.Dockerfile new file mode 100644 index 000000000..f0c5eb6cc --- /dev/null +++ b/fuzzers/libafl_ngram_small_map/runner.Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +RUN apt install libjemalloc2 + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 From 9a4686b982587b7773545c3afe226b732c209f56 Mon Sep 17 00:00:00 2001 From: toka Date: Wed, 21 Feb 2024 19:37:56 +0100 Subject: [PATCH 02/24] small fix --- fuzzers/libafl_ngram_large_map/builder.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzzers/libafl_ngram_large_map/builder.Dockerfile b/fuzzers/libafl_ngram_large_map/builder.Dockerfile index 9793a12bc..8094efc1d 100644 --- a/fuzzers/libafl_ngram_large_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_large_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./fuzzers/fuzzbench && \ + cd ./fuzzers/fuzzbench_ngram && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main # Auxiliary weak references. From 7b7676b371ef1a741c9676b0de198179e6913181 Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 16:02:59 +0100 Subject: [PATCH 03/24] fixes --- fuzzers/libafl_ctx_large_map/builder.Dockerfile | 15 +++++++++++---- fuzzers/libafl_ctx_large_map/fuzzer.py | 4 ++-- fuzzers/libafl_ctx_small_map/builder.Dockerfile | 15 +++++++++++---- fuzzers/libafl_ctx_small_map/fuzzer.py | 4 ++-- fuzzers/libafl_ngram_large_map/builder.Dockerfile | 15 +++++++++++---- fuzzers/libafl_ngram_large_map/fuzzer.py | 4 ++-- fuzzers/libafl_ngram_small_map/builder.Dockerfile | 15 +++++++++++---- fuzzers/libafl_ngram_small_map/fuzzer.py | 4 ++-- 8 files changed, 52 insertions(+), 24 deletions(-) diff --git a/fuzzers/libafl_ctx_large_map/builder.Dockerfile b/fuzzers/libafl_ctx_large_map/builder.Dockerfile index 12d7d27f4..1d5c21c3e 100644 --- a/fuzzers/libafl_ctx_large_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_large_map/builder.Dockerfile @@ -18,7 +18,7 @@ FROM $parent_image # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ rm /rustup.sh # Install dependencies. @@ -26,12 +26,19 @@ RUN apt-get update && \ apt-get remove -y llvm-10 && \ apt-get install -y \ build-essential \ - llvm-11 \ - clang-12 \ - cargo && \ + lsb-release wget software-properties-common gnupg && \ apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ apt-utils apt-transport-https ca-certificates joe curl && \ + wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 + +RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh && \ PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make # Download libafl. diff --git a/fuzzers/libafl_ctx_large_map/fuzzer.py b/fuzzers/libafl_ctx_large_map/fuzzer.py index cfd2a64d7..ce5f73b13 100755 --- a/fuzzers/libafl_ctx_large_map/fuzzer.py +++ b/fuzzers/libafl_ctx_large_map/fuzzer.py @@ -41,9 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + 'CC'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc' os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + 'CXX'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' diff --git a/fuzzers/libafl_ctx_small_map/builder.Dockerfile b/fuzzers/libafl_ctx_small_map/builder.Dockerfile index df6064b96..4f6313889 100644 --- a/fuzzers/libafl_ctx_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_small_map/builder.Dockerfile @@ -18,7 +18,7 @@ FROM $parent_image # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ rm /rustup.sh # Install dependencies. @@ -26,12 +26,19 @@ RUN apt-get update && \ apt-get remove -y llvm-10 && \ apt-get install -y \ build-essential \ - llvm-11 \ - clang-12 \ - cargo && \ + lsb-release wget software-properties-common gnupg && \ apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ apt-utils apt-transport-https ca-certificates joe curl && \ + wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 + +RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh && \ PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make # Download libafl. diff --git a/fuzzers/libafl_ctx_small_map/fuzzer.py b/fuzzers/libafl_ctx_small_map/fuzzer.py index cfd2a64d7..ce5f73b13 100755 --- a/fuzzers/libafl_ctx_small_map/fuzzer.py +++ b/fuzzers/libafl_ctx_small_map/fuzzer.py @@ -41,9 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + 'CC'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc' os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + 'CXX'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' diff --git a/fuzzers/libafl_ngram_large_map/builder.Dockerfile b/fuzzers/libafl_ngram_large_map/builder.Dockerfile index 8094efc1d..73bacd6d3 100644 --- a/fuzzers/libafl_ngram_large_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_large_map/builder.Dockerfile @@ -18,7 +18,7 @@ FROM $parent_image # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ rm /rustup.sh # Install dependencies. @@ -26,12 +26,19 @@ RUN apt-get update && \ apt-get remove -y llvm-10 && \ apt-get install -y \ build-essential \ - llvm-11 \ - clang-12 \ - cargo && \ + lsb-release wget software-properties-common gnupg && \ apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ apt-utils apt-transport-https ca-certificates joe curl && \ + wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 + +RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh && \ PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make # Download libafl. diff --git a/fuzzers/libafl_ngram_large_map/fuzzer.py b/fuzzers/libafl_ngram_large_map/fuzzer.py index cfd2a64d7..678c21510 100755 --- a/fuzzers/libafl_ngram_large_map/fuzzer.py +++ b/fuzzers/libafl_ngram_large_map/fuzzer.py @@ -41,9 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + 'CC'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc' os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + 'CXX'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' diff --git a/fuzzers/libafl_ngram_small_map/builder.Dockerfile b/fuzzers/libafl_ngram_small_map/builder.Dockerfile index a6d141a8a..981cdbcff 100644 --- a/fuzzers/libafl_ngram_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_small_map/builder.Dockerfile @@ -18,7 +18,7 @@ FROM $parent_image # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ rm /rustup.sh # Install dependencies. @@ -26,12 +26,19 @@ RUN apt-get update && \ apt-get remove -y llvm-10 && \ apt-get install -y \ build-essential \ - llvm-11 \ - clang-12 \ - cargo && \ + lsb-release wget software-properties-common gnupg && \ apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ apt-utils apt-transport-https ca-certificates joe curl && \ + wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 + +RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh && \ PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make # Download libafl. diff --git a/fuzzers/libafl_ngram_small_map/fuzzer.py b/fuzzers/libafl_ngram_small_map/fuzzer.py index cfd2a64d7..678c21510 100755 --- a/fuzzers/libafl_ngram_small_map/fuzzer.py +++ b/fuzzers/libafl_ngram_small_map/fuzzer.py @@ -41,9 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' + 'CC'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc' os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + 'CXX'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' From 4715f3084d0f3cf6492f888ab061172c28f89332 Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 16:11:17 +0100 Subject: [PATCH 04/24] add another map size variant --- fuzzers/libafl_ctx_mid_map/builder.Dockerfile | 61 ++++++++++++++++ fuzzers/libafl_ctx_mid_map/description.md | 11 +++ fuzzers/libafl_ctx_mid_map/fuzzer.py | 71 +++++++++++++++++++ fuzzers/libafl_ctx_mid_map/runner.Dockerfile | 25 +++++++ .../libafl_ctx_small_map/builder.Dockerfile | 2 +- .../libafl_ngram_mid_map/builder.Dockerfile | 61 ++++++++++++++++ fuzzers/libafl_ngram_mid_map/description.md | 11 +++ fuzzers/libafl_ngram_mid_map/fuzzer.py | 71 +++++++++++++++++++ .../libafl_ngram_mid_map/runner.Dockerfile | 25 +++++++ .../libafl_ngram_small_map/builder.Dockerfile | 2 +- 10 files changed, 338 insertions(+), 2 deletions(-) create mode 100644 fuzzers/libafl_ctx_mid_map/builder.Dockerfile create mode 100644 fuzzers/libafl_ctx_mid_map/description.md create mode 100755 fuzzers/libafl_ctx_mid_map/fuzzer.py create mode 100644 fuzzers/libafl_ctx_mid_map/runner.Dockerfile create mode 100644 fuzzers/libafl_ngram_mid_map/builder.Dockerfile create mode 100644 fuzzers/libafl_ngram_mid_map/description.md create mode 100755 fuzzers/libafl_ngram_mid_map/fuzzer.py create mode 100644 fuzzers/libafl_ngram_mid_map/runner.Dockerfile diff --git a/fuzzers/libafl_ctx_mid_map/builder.Dockerfile b/fuzzers/libafl_ctx_mid_map/builder.Dockerfile new file mode 100644 index 000000000..4f6313889 --- /dev/null +++ b/fuzzers/libafl_ctx_mid_map/builder.Dockerfile @@ -0,0 +1,61 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + lsb-release wget software-properties-common gnupg && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 + +RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl + +# Checkout a current commit +RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +# Note that due a nightly bug it is currently fixed to a known version on top! + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ + export LIBAFL_EDGES_MAP_SIZE=262144 && \ + cd ./fuzzers/fuzzbench_ctx && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl/fuzzers/fuzzbench_ctx && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_mid_map/description.md b/fuzzers/libafl_ctx_mid_map/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_ctx_mid_map/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ctx_mid_map/fuzzer.py b/fuzzers/libafl_ctx_mid_map/fuzzer.py new file mode 100755 index 000000000..ce5f73b13 --- /dev/null +++ b/fuzzers/libafl_ctx_mid_map/fuzzer.py @@ -0,0 +1,71 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ[ + 'CC'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc' + os.environ[ + 'CXX'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + fuzzer_env = os.environ.copy() + fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + print(command) + subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_mid_map/runner.Dockerfile b/fuzzers/libafl_ctx_mid_map/runner.Dockerfile new file mode 100644 index 000000000..f0c5eb6cc --- /dev/null +++ b/fuzzers/libafl_ctx_mid_map/runner.Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +RUN apt install libjemalloc2 + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ctx_small_map/builder.Dockerfile b/fuzzers/libafl_ctx_small_map/builder.Dockerfile index 4f6313889..7e10f3fe4 100644 --- a/fuzzers/libafl_ctx_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_small_map/builder.Dockerfile @@ -51,7 +51,7 @@ RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=262144 && \ + export LIBAFL_EDGES_MAP_SIZE=65536 && \ cd ./fuzzers/fuzzbench_ctx && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main diff --git a/fuzzers/libafl_ngram_mid_map/builder.Dockerfile b/fuzzers/libafl_ngram_mid_map/builder.Dockerfile new file mode 100644 index 000000000..981cdbcff --- /dev/null +++ b/fuzzers/libafl_ngram_mid_map/builder.Dockerfile @@ -0,0 +1,61 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + lsb-release wget software-properties-common gnupg && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 + +RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl + +# Checkout a current commit +RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +# Note that due a nightly bug it is currently fixed to a known version on top! + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ + export LIBAFL_EDGES_MAP_SIZE=262144 && \ + cd ./fuzzers/fuzzbench_ngram && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl/fuzzers/fuzzbench_ngram && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_mid_map/description.md b/fuzzers/libafl_ngram_mid_map/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_ngram_mid_map/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ngram_mid_map/fuzzer.py b/fuzzers/libafl_ngram_mid_map/fuzzer.py new file mode 100755 index 000000000..678c21510 --- /dev/null +++ b/fuzzers/libafl_ngram_mid_map/fuzzer.py @@ -0,0 +1,71 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ[ + 'CC'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc' + os.environ[ + 'CXX'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + fuzzer_env = os.environ.copy() + fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + print(command) + subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_mid_map/runner.Dockerfile b/fuzzers/libafl_ngram_mid_map/runner.Dockerfile new file mode 100644 index 000000000..f0c5eb6cc --- /dev/null +++ b/fuzzers/libafl_ngram_mid_map/runner.Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +RUN apt install libjemalloc2 + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ngram_small_map/builder.Dockerfile b/fuzzers/libafl_ngram_small_map/builder.Dockerfile index 981cdbcff..18aa1909c 100644 --- a/fuzzers/libafl_ngram_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_small_map/builder.Dockerfile @@ -51,7 +51,7 @@ RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=262144 && \ + export LIBAFL_EDGES_MAP_SIZE=65536 && \ cd ./fuzzers/fuzzbench_ngram && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main From 324c1b61d027c6ddc7eaa61391e79642c6fcac63 Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 16:22:43 +0100 Subject: [PATCH 05/24] fomatto --- fuzzers/libafl_ctx_large_map/fuzzer.py | 60 +++++++++++++----------- fuzzers/libafl_ctx_mid_map/fuzzer.py | 60 +++++++++++++----------- fuzzers/libafl_ctx_small_map/fuzzer.py | 60 +++++++++++++----------- fuzzers/libafl_ngram_large_map/fuzzer.py | 60 +++++++++++++----------- fuzzers/libafl_ngram_mid_map/fuzzer.py | 60 +++++++++++++----------- fuzzers/libafl_ngram_small_map/fuzzer.py | 60 +++++++++++++----------- 6 files changed, 198 insertions(+), 162 deletions(-) diff --git a/fuzzers/libafl_ctx_large_map/fuzzer.py b/fuzzers/libafl_ctx_large_map/fuzzer.py index ce5f73b13..2aefd57fc 100755 --- a/fuzzers/libafl_ctx_large_map/fuzzer.py +++ b/fuzzers/libafl_ctx_large_map/fuzzer.py @@ -22,38 +22,44 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' + os.environ["ASAN_OPTIONS"] = ( + "abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0" + ) + os.environ["UBSAN_OPTIONS"] = ( + "abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0" + ) # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc' - os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx' + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc" + ) + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx" + ) - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" + os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) + cflags = ["--libafl"] + utils.append_flags("CFLAGS", cflags) + utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("LDFLAGS", cflags) - os.environ['FUZZER_LIB'] = '/stub_rt.a' + os.environ["FUZZER_LIB"] = "/stub_rt.a" utils.build_benchmark() @@ -63,9 +69,9 @@ def fuzz(input_corpus, output_corpus, target_binary): dictionary_path = utils.get_dictionary_path(target_binary) command = [target_binary] if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) + command += ["-x", dictionary_path] + command += ["-o", output_corpus, "-i", input_corpus] fuzzer_env = os.environ.copy() - fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" print(command) - subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) + subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_mid_map/fuzzer.py b/fuzzers/libafl_ctx_mid_map/fuzzer.py index ce5f73b13..2aefd57fc 100755 --- a/fuzzers/libafl_ctx_mid_map/fuzzer.py +++ b/fuzzers/libafl_ctx_mid_map/fuzzer.py @@ -22,38 +22,44 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' + os.environ["ASAN_OPTIONS"] = ( + "abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0" + ) + os.environ["UBSAN_OPTIONS"] = ( + "abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0" + ) # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc' - os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx' + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc" + ) + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx" + ) - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" + os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) + cflags = ["--libafl"] + utils.append_flags("CFLAGS", cflags) + utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("LDFLAGS", cflags) - os.environ['FUZZER_LIB'] = '/stub_rt.a' + os.environ["FUZZER_LIB"] = "/stub_rt.a" utils.build_benchmark() @@ -63,9 +69,9 @@ def fuzz(input_corpus, output_corpus, target_binary): dictionary_path = utils.get_dictionary_path(target_binary) command = [target_binary] if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) + command += ["-x", dictionary_path] + command += ["-o", output_corpus, "-i", input_corpus] fuzzer_env = os.environ.copy() - fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" print(command) - subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) + subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_small_map/fuzzer.py b/fuzzers/libafl_ctx_small_map/fuzzer.py index ce5f73b13..2aefd57fc 100755 --- a/fuzzers/libafl_ctx_small_map/fuzzer.py +++ b/fuzzers/libafl_ctx_small_map/fuzzer.py @@ -22,38 +22,44 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' + os.environ["ASAN_OPTIONS"] = ( + "abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0" + ) + os.environ["UBSAN_OPTIONS"] = ( + "abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0" + ) # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc' - os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx' + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc" + ) + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx" + ) - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" + os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) + cflags = ["--libafl"] + utils.append_flags("CFLAGS", cflags) + utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("LDFLAGS", cflags) - os.environ['FUZZER_LIB'] = '/stub_rt.a' + os.environ["FUZZER_LIB"] = "/stub_rt.a" utils.build_benchmark() @@ -63,9 +69,9 @@ def fuzz(input_corpus, output_corpus, target_binary): dictionary_path = utils.get_dictionary_path(target_binary) command = [target_binary] if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) + command += ["-x", dictionary_path] + command += ["-o", output_corpus, "-i", input_corpus] fuzzer_env = os.environ.copy() - fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" print(command) - subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) + subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_large_map/fuzzer.py b/fuzzers/libafl_ngram_large_map/fuzzer.py index 678c21510..10d65497e 100755 --- a/fuzzers/libafl_ngram_large_map/fuzzer.py +++ b/fuzzers/libafl_ngram_large_map/fuzzer.py @@ -22,38 +22,44 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' + os.environ["ASAN_OPTIONS"] = ( + "abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0" + ) + os.environ["UBSAN_OPTIONS"] = ( + "abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0" + ) # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc' - os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx' + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc" + ) + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx" + ) - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" + os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) + cflags = ["--libafl"] + utils.append_flags("CFLAGS", cflags) + utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("LDFLAGS", cflags) - os.environ['FUZZER_LIB'] = '/stub_rt.a' + os.environ["FUZZER_LIB"] = "/stub_rt.a" utils.build_benchmark() @@ -63,9 +69,9 @@ def fuzz(input_corpus, output_corpus, target_binary): dictionary_path = utils.get_dictionary_path(target_binary) command = [target_binary] if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) + command += ["-x", dictionary_path] + command += ["-o", output_corpus, "-i", input_corpus] fuzzer_env = os.environ.copy() - fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" print(command) - subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) + subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_mid_map/fuzzer.py b/fuzzers/libafl_ngram_mid_map/fuzzer.py index 678c21510..10d65497e 100755 --- a/fuzzers/libafl_ngram_mid_map/fuzzer.py +++ b/fuzzers/libafl_ngram_mid_map/fuzzer.py @@ -22,38 +22,44 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' + os.environ["ASAN_OPTIONS"] = ( + "abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0" + ) + os.environ["UBSAN_OPTIONS"] = ( + "abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0" + ) # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc' - os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx' + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc" + ) + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx" + ) - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" + os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) + cflags = ["--libafl"] + utils.append_flags("CFLAGS", cflags) + utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("LDFLAGS", cflags) - os.environ['FUZZER_LIB'] = '/stub_rt.a' + os.environ["FUZZER_LIB"] = "/stub_rt.a" utils.build_benchmark() @@ -63,9 +69,9 @@ def fuzz(input_corpus, output_corpus, target_binary): dictionary_path = utils.get_dictionary_path(target_binary) command = [target_binary] if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) + command += ["-x", dictionary_path] + command += ["-o", output_corpus, "-i", input_corpus] fuzzer_env = os.environ.copy() - fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" print(command) - subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) + subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_small_map/fuzzer.py b/fuzzers/libafl_ngram_small_map/fuzzer.py index 678c21510..10d65497e 100755 --- a/fuzzers/libafl_ngram_small_map/fuzzer.py +++ b/fuzzers/libafl_ngram_small_map/fuzzer.py @@ -22,38 +22,44 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' + os.environ["ASAN_OPTIONS"] = ( + "abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0" + ) + os.environ["UBSAN_OPTIONS"] = ( + "abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0" + ) # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc' - os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx' + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc" + ) + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx" + ) - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" + os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) + cflags = ["--libafl"] + utils.append_flags("CFLAGS", cflags) + utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("LDFLAGS", cflags) - os.environ['FUZZER_LIB'] = '/stub_rt.a' + os.environ["FUZZER_LIB"] = "/stub_rt.a" utils.build_benchmark() @@ -63,9 +69,9 @@ def fuzz(input_corpus, output_corpus, target_binary): dictionary_path = utils.get_dictionary_path(target_binary) command = [target_binary] if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) + command += ["-x", dictionary_path] + command += ["-o", output_corpus, "-i", input_corpus] fuzzer_env = os.environ.copy() - fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" print(command) - subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) + subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) From 26b1f82d5408e10d456ccb2a1c220fa7ef97b92b Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 16:49:25 +0100 Subject: [PATCH 06/24] add adaptive --- .../builder.Dockerfile | 5 ++- .../description.md | 0 .../fuzzer.py | 4 +-- .../runner.Dockerfile | 0 fuzzers/libafl_ctx_large_map/fuzzer.py | 34 ++++++++----------- .../builder.Dockerfile | 5 ++- .../description.md | 0 .../fuzzer.py | 4 +-- .../runner.Dockerfile | 0 fuzzers/libafl_ngram_large_map/fuzzer.py | 34 ++++++++----------- fuzzers/libafl_ngram_mid_map/fuzzer.py | 34 ++++++++----------- 11 files changed, 50 insertions(+), 70 deletions(-) rename fuzzers/{libafl_ctx_small_map => libafl_ctx_adaptive_map}/builder.Dockerfile (95%) rename fuzzers/{libafl_ctx_small_map => libafl_ctx_adaptive_map}/description.md (100%) rename fuzzers/{libafl_ctx_small_map => libafl_ctx_adaptive_map}/fuzzer.py (93%) rename fuzzers/{libafl_ctx_small_map => libafl_ctx_adaptive_map}/runner.Dockerfile (100%) rename fuzzers/{libafl_ngram_small_map => libafl_ngram_adaptive_map}/builder.Dockerfile (95%) rename fuzzers/{libafl_ngram_small_map => libafl_ngram_adaptive_map}/description.md (100%) rename fuzzers/{libafl_ngram_small_map => libafl_ngram_adaptive_map}/fuzzer.py (93%) rename fuzzers/{libafl_ngram_small_map => libafl_ngram_adaptive_map}/runner.Dockerfile (100%) diff --git a/fuzzers/libafl_ctx_small_map/builder.Dockerfile b/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile similarity index 95% rename from fuzzers/libafl_ctx_small_map/builder.Dockerfile rename to fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile index 7e10f3fe4..ef421e741 100644 --- a/fuzzers/libafl_ctx_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile @@ -51,11 +51,10 @@ RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=65536 && \ - cd ./fuzzers/fuzzbench_ctx && \ + cd ./fuzzers/fuzzbench_ctx_adaptive && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main # Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ctx && \ +RUN cd /libafl/fuzzers/fuzzbench_ctx_adaptive && \ clang -c stub_rt.c && \ ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_small_map/description.md b/fuzzers/libafl_ctx_adaptive_map/description.md similarity index 100% rename from fuzzers/libafl_ctx_small_map/description.md rename to fuzzers/libafl_ctx_adaptive_map/description.md diff --git a/fuzzers/libafl_ctx_small_map/fuzzer.py b/fuzzers/libafl_ctx_adaptive_map/fuzzer.py similarity index 93% rename from fuzzers/libafl_ctx_small_map/fuzzer.py rename to fuzzers/libafl_ctx_adaptive_map/fuzzer.py index 2aefd57fc..a5f1c6171 100755 --- a/fuzzers/libafl_ctx_small_map/fuzzer.py +++ b/fuzzers/libafl_ctx_adaptive_map/fuzzer.py @@ -45,10 +45,10 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc" + "/libafl/fuzzers/fuzzbench_ctx_adaptive/target/release-fuzzbench/libafl_cc" ) os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx" + "/libafl/fuzzers/fuzzbench_ctx_adaptive/target/release-fuzzbench/libafl_cxx" ) os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" diff --git a/fuzzers/libafl_ctx_small_map/runner.Dockerfile b/fuzzers/libafl_ctx_adaptive_map/runner.Dockerfile similarity index 100% rename from fuzzers/libafl_ctx_small_map/runner.Dockerfile rename to fuzzers/libafl_ctx_adaptive_map/runner.Dockerfile diff --git a/fuzzers/libafl_ctx_large_map/fuzzer.py b/fuzzers/libafl_ctx_large_map/fuzzer.py index 2aefd57fc..b9587fd17 100755 --- a/fuzzers/libafl_ctx_large_map/fuzzer.py +++ b/fuzzers/libafl_ctx_large_map/fuzzer.py @@ -22,22 +22,18 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ( - "abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0" - ) - os.environ["UBSAN_OPTIONS"] = ( - "abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0" - ) + os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0") + os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0") # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) @@ -45,11 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc" - ) + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc") os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx" - ) + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" diff --git a/fuzzers/libafl_ngram_small_map/builder.Dockerfile b/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile similarity index 95% rename from fuzzers/libafl_ngram_small_map/builder.Dockerfile rename to fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile index 18aa1909c..9125f8f94 100644 --- a/fuzzers/libafl_ngram_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile @@ -51,11 +51,10 @@ RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=65536 && \ - cd ./fuzzers/fuzzbench_ngram && \ + cd ./fuzzers/fuzzbench_ngram_adaptive && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main # Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ngram && \ +RUN cd /libafl/fuzzers/fuzzbench_ngram_adaptive && \ clang -c stub_rt.c && \ ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_small_map/description.md b/fuzzers/libafl_ngram_adaptive_map/description.md similarity index 100% rename from fuzzers/libafl_ngram_small_map/description.md rename to fuzzers/libafl_ngram_adaptive_map/description.md diff --git a/fuzzers/libafl_ngram_small_map/fuzzer.py b/fuzzers/libafl_ngram_adaptive_map/fuzzer.py similarity index 93% rename from fuzzers/libafl_ngram_small_map/fuzzer.py rename to fuzzers/libafl_ngram_adaptive_map/fuzzer.py index 10d65497e..dda603e24 100755 --- a/fuzzers/libafl_ngram_small_map/fuzzer.py +++ b/fuzzers/libafl_ngram_adaptive_map/fuzzer.py @@ -45,10 +45,10 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc" + "/libafl/fuzzers/fuzzbench_ngram_adaptive/target/release-fuzzbench/libafl_cc" ) os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx" + "/libafl/fuzzers/fuzzbench_ngram_adaptive/target/release-fuzzbench/libafl_cxx" ) os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" diff --git a/fuzzers/libafl_ngram_small_map/runner.Dockerfile b/fuzzers/libafl_ngram_adaptive_map/runner.Dockerfile similarity index 100% rename from fuzzers/libafl_ngram_small_map/runner.Dockerfile rename to fuzzers/libafl_ngram_adaptive_map/runner.Dockerfile diff --git a/fuzzers/libafl_ngram_large_map/fuzzer.py b/fuzzers/libafl_ngram_large_map/fuzzer.py index 10d65497e..502bfa1e9 100755 --- a/fuzzers/libafl_ngram_large_map/fuzzer.py +++ b/fuzzers/libafl_ngram_large_map/fuzzer.py @@ -22,22 +22,18 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ( - "abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0" - ) - os.environ["UBSAN_OPTIONS"] = ( - "abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0" - ) + os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0") + os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0") # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) @@ -45,11 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc" - ) + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc") os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx" - ) + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" diff --git a/fuzzers/libafl_ngram_mid_map/fuzzer.py b/fuzzers/libafl_ngram_mid_map/fuzzer.py index 10d65497e..502bfa1e9 100755 --- a/fuzzers/libafl_ngram_mid_map/fuzzer.py +++ b/fuzzers/libafl_ngram_mid_map/fuzzer.py @@ -22,22 +22,18 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ( - "abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0" - ) - os.environ["UBSAN_OPTIONS"] = ( - "abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0" - ) + os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0") + os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0") # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) @@ -45,11 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc" - ) + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc") os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx" - ) + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" From 6d6fc6f8ef457e035ebe4c61935ec06eddd101a2 Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 16:54:27 +0100 Subject: [PATCH 07/24] add adaptive --- fuzzers/libafl_ctx_adaptive_map/fuzzer.py | 38 +++++++++------------ fuzzers/libafl_ctx_mid_map/fuzzer.py | 34 ++++++++---------- fuzzers/libafl_ngram_adaptive_map/fuzzer.py | 38 +++++++++------------ 3 files changed, 46 insertions(+), 64 deletions(-) diff --git a/fuzzers/libafl_ctx_adaptive_map/fuzzer.py b/fuzzers/libafl_ctx_adaptive_map/fuzzer.py index a5f1c6171..097b6c522 100755 --- a/fuzzers/libafl_ctx_adaptive_map/fuzzer.py +++ b/fuzzers/libafl_ctx_adaptive_map/fuzzer.py @@ -22,34 +22,28 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ( - "abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0" - ) - os.environ["UBSAN_OPTIONS"] = ( - "abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0" - ) + os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0") + os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0") # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ctx_adaptive/target/release-fuzzbench/libafl_cc" - ) - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ctx_adaptive/target/release-fuzzbench/libafl_cxx" - ) + os.environ["CC"] = ("/libafl/fuzzers/fuzzbench_ctx_adaptive/ \ + target/release-fuzzbench/libafl_cc") + os.environ["CXX"] = ("/libafl/fuzzers/fuzzbench_ctx_adaptive/ \ + target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" diff --git a/fuzzers/libafl_ctx_mid_map/fuzzer.py b/fuzzers/libafl_ctx_mid_map/fuzzer.py index 2aefd57fc..b9587fd17 100755 --- a/fuzzers/libafl_ctx_mid_map/fuzzer.py +++ b/fuzzers/libafl_ctx_mid_map/fuzzer.py @@ -22,22 +22,18 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ( - "abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0" - ) - os.environ["UBSAN_OPTIONS"] = ( - "abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0" - ) + os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0") + os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0") # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) @@ -45,11 +41,9 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc" - ) + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc") os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx" - ) + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" diff --git a/fuzzers/libafl_ngram_adaptive_map/fuzzer.py b/fuzzers/libafl_ngram_adaptive_map/fuzzer.py index dda603e24..d065d4346 100755 --- a/fuzzers/libafl_ngram_adaptive_map/fuzzer.py +++ b/fuzzers/libafl_ngram_adaptive_map/fuzzer.py @@ -22,34 +22,28 @@ def prepare_fuzz_environment(input_corpus): """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ( - "abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0" - ) - os.environ["UBSAN_OPTIONS"] = ( - "abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0" - ) + os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" + "malloc_context_size=0:symbolize=0:" + "allocator_may_return_null=1:" + "detect_odr_violation=0:handle_segv=0:" + "handle_sigbus=0:handle_abort=0:" + "handle_sigfpe=0:handle_sigill=0") + os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" + "allocator_release_to_os_interval_ms=500:" + "handle_abort=0:handle_segv=0:" + "handle_sigbus=0:handle_sigfpe=0:" + "handle_sigill=0:print_stacktrace=0:" + "symbolize=0:symbolize_inline_frames=0") # Create at least one non-empty seed to start. utils.create_seed_file_for_empty_corpus(input_corpus) def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ngram_adaptive/target/release-fuzzbench/libafl_cc" - ) - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ngram_adaptive/target/release-fuzzbench/libafl_cxx" - ) + os.environ["CC"] = ("/libafl/fuzzers/fuzzbench_ngram_adaptive/ \ + target/release-fuzzbench/libafl_cc") + os.environ["CXX"] = ("/libafl/fuzzers/fuzzbench_ngram_adaptive/ \ + target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" From 42af850a6993e67a319ae625c71be3ff0cb17547 Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 16:58:58 +0100 Subject: [PATCH 08/24] update commit --- fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile | 2 +- fuzzers/libafl_ctx_large_map/builder.Dockerfile | 2 +- fuzzers/libafl_ctx_mid_map/builder.Dockerfile | 2 +- fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile | 2 +- fuzzers/libafl_ngram_large_map/builder.Dockerfile | 2 +- fuzzers/libafl_ngram_mid_map/builder.Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile b/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile index ef421e741..0ca137d0a 100644 --- a/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ctx_large_map/builder.Dockerfile b/fuzzers/libafl_ctx_large_map/builder.Dockerfile index 1d5c21c3e..744f53e34 100644 --- a/fuzzers/libafl_ctx_large_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_large_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ctx_mid_map/builder.Dockerfile b/fuzzers/libafl_ctx_mid_map/builder.Dockerfile index 4f6313889..2ee5a83f9 100644 --- a/fuzzers/libafl_ctx_mid_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_mid_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile b/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile index 9125f8f94..9698d2e00 100644 --- a/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ngram_large_map/builder.Dockerfile b/fuzzers/libafl_ngram_large_map/builder.Dockerfile index 73bacd6d3..ff5ceaf06 100644 --- a/fuzzers/libafl_ngram_large_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_large_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ngram_mid_map/builder.Dockerfile b/fuzzers/libafl_ngram_mid_map/builder.Dockerfile index 981cdbcff..17dbe3323 100644 --- a/fuzzers/libafl_ngram_mid_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_mid_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 47e38899df71c3ca45bb2667f7d7ee99a855c6f9 || true +RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. From e88e34719ad7f05c240287e2f526ebcb37ddb46c Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 17:47:14 +0100 Subject: [PATCH 09/24] bring back small map --- .../builder.Dockerfile | 5 +++-- .../description.md | 0 .../fuzzer.py | 8 ++++---- .../runner.Dockerfile | 0 .../builder.Dockerfile | 5 +++-- .../description.md | 0 .../fuzzer.py | 8 ++++---- .../runner.Dockerfile | 0 8 files changed, 14 insertions(+), 12 deletions(-) rename fuzzers/{libafl_ctx_adaptive_map => libafl_ctx_small_map}/builder.Dockerfile (95%) rename fuzzers/{libafl_ctx_adaptive_map => libafl_ctx_small_map}/description.md (100%) rename fuzzers/{libafl_ctx_adaptive_map => libafl_ctx_small_map}/fuzzer.py (92%) rename fuzzers/{libafl_ctx_adaptive_map => libafl_ctx_small_map}/runner.Dockerfile (100%) rename fuzzers/{libafl_ngram_adaptive_map => libafl_ngram_small_map}/builder.Dockerfile (95%) rename fuzzers/{libafl_ngram_adaptive_map => libafl_ngram_small_map}/description.md (100%) rename fuzzers/{libafl_ngram_adaptive_map => libafl_ngram_small_map}/fuzzer.py (92%) rename fuzzers/{libafl_ngram_adaptive_map => libafl_ngram_small_map}/runner.Dockerfile (100%) diff --git a/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile b/fuzzers/libafl_ctx_small_map/builder.Dockerfile similarity index 95% rename from fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile rename to fuzzers/libafl_ctx_small_map/builder.Dockerfile index 0ca137d0a..9fd57700a 100644 --- a/fuzzers/libafl_ctx_adaptive_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_small_map/builder.Dockerfile @@ -51,10 +51,11 @@ RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73 # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ - cd ./fuzzers/fuzzbench_ctx_adaptive && \ + export LIBAFL_EDGES_MAP_SIZE=131072 && \ + cd ./fuzzers/fuzzbench_ctx && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main # Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ctx_adaptive && \ +RUN cd /libafl/fuzzers/fuzzbench_ctx && \ clang -c stub_rt.c && \ ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_adaptive_map/description.md b/fuzzers/libafl_ctx_small_map/description.md similarity index 100% rename from fuzzers/libafl_ctx_adaptive_map/description.md rename to fuzzers/libafl_ctx_small_map/description.md diff --git a/fuzzers/libafl_ctx_adaptive_map/fuzzer.py b/fuzzers/libafl_ctx_small_map/fuzzer.py similarity index 92% rename from fuzzers/libafl_ctx_adaptive_map/fuzzer.py rename to fuzzers/libafl_ctx_small_map/fuzzer.py index 097b6c522..b9587fd17 100755 --- a/fuzzers/libafl_ctx_adaptive_map/fuzzer.py +++ b/fuzzers/libafl_ctx_small_map/fuzzer.py @@ -40,10 +40,10 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ["CC"] = ("/libafl/fuzzers/fuzzbench_ctx_adaptive/ \ - target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ("/libafl/fuzzers/fuzzbench_ctx_adaptive/ \ - target/release-fuzzbench/libafl_cxx") + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc") + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" diff --git a/fuzzers/libafl_ctx_adaptive_map/runner.Dockerfile b/fuzzers/libafl_ctx_small_map/runner.Dockerfile similarity index 100% rename from fuzzers/libafl_ctx_adaptive_map/runner.Dockerfile rename to fuzzers/libafl_ctx_small_map/runner.Dockerfile diff --git a/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile b/fuzzers/libafl_ngram_small_map/builder.Dockerfile similarity index 95% rename from fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile rename to fuzzers/libafl_ngram_small_map/builder.Dockerfile index 9698d2e00..cc1ae4baa 100644 --- a/fuzzers/libafl_ngram_adaptive_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_small_map/builder.Dockerfile @@ -51,10 +51,11 @@ RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73 # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ - cd ./fuzzers/fuzzbench_ngram_adaptive && \ + export LIBAFL_EDGES_MAP_SIZE=131072 && \ + cd ./fuzzers/fuzzbench_ngram && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main # Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ngram_adaptive && \ +RUN cd /libafl/fuzzers/fuzzbench_ngram && \ clang -c stub_rt.c && \ ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_adaptive_map/description.md b/fuzzers/libafl_ngram_small_map/description.md similarity index 100% rename from fuzzers/libafl_ngram_adaptive_map/description.md rename to fuzzers/libafl_ngram_small_map/description.md diff --git a/fuzzers/libafl_ngram_adaptive_map/fuzzer.py b/fuzzers/libafl_ngram_small_map/fuzzer.py similarity index 92% rename from fuzzers/libafl_ngram_adaptive_map/fuzzer.py rename to fuzzers/libafl_ngram_small_map/fuzzer.py index d065d4346..502bfa1e9 100755 --- a/fuzzers/libafl_ngram_adaptive_map/fuzzer.py +++ b/fuzzers/libafl_ngram_small_map/fuzzer.py @@ -40,10 +40,10 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ["CC"] = ("/libafl/fuzzers/fuzzbench_ngram_adaptive/ \ - target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ("/libafl/fuzzers/fuzzbench_ngram_adaptive/ \ - target/release-fuzzbench/libafl_cxx") + os.environ["CC"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc") + os.environ["CXX"] = ( + "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx") os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" diff --git a/fuzzers/libafl_ngram_adaptive_map/runner.Dockerfile b/fuzzers/libafl_ngram_small_map/runner.Dockerfile similarity index 100% rename from fuzzers/libafl_ngram_adaptive_map/runner.Dockerfile rename to fuzzers/libafl_ngram_small_map/runner.Dockerfile From 37ea80af228dfe86268f1d991a8c85172c34cf7c Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 18:17:25 +0100 Subject: [PATCH 10/24] c++14 --- fuzzers/libafl_ctx_large_map/fuzzer.py | 3 ++- fuzzers/libafl_ctx_mid_map/fuzzer.py | 3 ++- fuzzers/libafl_ctx_small_map/fuzzer.py | 3 ++- fuzzers/libafl_ngram_large_map/fuzzer.py | 3 ++- fuzzers/libafl_ngram_mid_map/fuzzer.py | 3 ++- fuzzers/libafl_ngram_small_map/fuzzer.py | 3 ++- 6 files changed, 12 insertions(+), 6 deletions(-) diff --git a/fuzzers/libafl_ctx_large_map/fuzzer.py b/fuzzers/libafl_ctx_large_map/fuzzer.py index b9587fd17..12246e007 100755 --- a/fuzzers/libafl_ctx_large_map/fuzzer.py +++ b/fuzzers/libafl_ctx_large_map/fuzzer.py @@ -49,8 +49,9 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] + cxxflags = ['--libafl', '--std=c++14'] utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) os.environ["FUZZER_LIB"] = "/stub_rt.a" diff --git a/fuzzers/libafl_ctx_mid_map/fuzzer.py b/fuzzers/libafl_ctx_mid_map/fuzzer.py index b9587fd17..12246e007 100755 --- a/fuzzers/libafl_ctx_mid_map/fuzzer.py +++ b/fuzzers/libafl_ctx_mid_map/fuzzer.py @@ -49,8 +49,9 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] + cxxflags = ['--libafl', '--std=c++14'] utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) os.environ["FUZZER_LIB"] = "/stub_rt.a" diff --git a/fuzzers/libafl_ctx_small_map/fuzzer.py b/fuzzers/libafl_ctx_small_map/fuzzer.py index b9587fd17..12246e007 100755 --- a/fuzzers/libafl_ctx_small_map/fuzzer.py +++ b/fuzzers/libafl_ctx_small_map/fuzzer.py @@ -49,8 +49,9 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] + cxxflags = ['--libafl', '--std=c++14'] utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) os.environ["FUZZER_LIB"] = "/stub_rt.a" diff --git a/fuzzers/libafl_ngram_large_map/fuzzer.py b/fuzzers/libafl_ngram_large_map/fuzzer.py index 502bfa1e9..55496f41e 100755 --- a/fuzzers/libafl_ngram_large_map/fuzzer.py +++ b/fuzzers/libafl_ngram_large_map/fuzzer.py @@ -49,8 +49,9 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] + cxxflags = ['--libafl', '--std=c++14'] utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) os.environ["FUZZER_LIB"] = "/stub_rt.a" diff --git a/fuzzers/libafl_ngram_mid_map/fuzzer.py b/fuzzers/libafl_ngram_mid_map/fuzzer.py index 502bfa1e9..55496f41e 100755 --- a/fuzzers/libafl_ngram_mid_map/fuzzer.py +++ b/fuzzers/libafl_ngram_mid_map/fuzzer.py @@ -49,8 +49,9 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] + cxxflags = ['--libafl', '--std=c++14'] utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) os.environ["FUZZER_LIB"] = "/stub_rt.a" diff --git a/fuzzers/libafl_ngram_small_map/fuzzer.py b/fuzzers/libafl_ngram_small_map/fuzzer.py index 502bfa1e9..55496f41e 100755 --- a/fuzzers/libafl_ngram_small_map/fuzzer.py +++ b/fuzzers/libafl_ngram_small_map/fuzzer.py @@ -49,8 +49,9 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] + cxxflags = ['--libafl', '--std=c++14'] utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cflags) + utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) os.environ["FUZZER_LIB"] = "/stub_rt.a" From 43844f00846d995baf7d41e3e288374ef4fe331a Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 19:01:46 +0100 Subject: [PATCH 11/24] another fix? --- fuzzers/libafl_ctx_large_map/builder.Dockerfile | 2 +- fuzzers/libafl_ctx_mid_map/builder.Dockerfile | 2 +- fuzzers/libafl_ctx_small_map/builder.Dockerfile | 2 +- fuzzers/libafl_ngram_large_map/builder.Dockerfile | 2 +- fuzzers/libafl_ngram_mid_map/builder.Dockerfile | 2 +- fuzzers/libafl_ngram_small_map/builder.Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fuzzers/libafl_ctx_large_map/builder.Dockerfile b/fuzzers/libafl_ctx_large_map/builder.Dockerfile index 744f53e34..d0d6ebc3d 100644 --- a/fuzzers/libafl_ctx_large_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_large_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true +RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ctx_mid_map/builder.Dockerfile b/fuzzers/libafl_ctx_mid_map/builder.Dockerfile index 2ee5a83f9..13df1591a 100644 --- a/fuzzers/libafl_ctx_mid_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_mid_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true +RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ctx_small_map/builder.Dockerfile b/fuzzers/libafl_ctx_small_map/builder.Dockerfile index 9fd57700a..c8a326445 100644 --- a/fuzzers/libafl_ctx_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ctx_small_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true +RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ngram_large_map/builder.Dockerfile b/fuzzers/libafl_ngram_large_map/builder.Dockerfile index ff5ceaf06..afefeb112 100644 --- a/fuzzers/libafl_ngram_large_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_large_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true +RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ngram_mid_map/builder.Dockerfile b/fuzzers/libafl_ngram_mid_map/builder.Dockerfile index 17dbe3323..fda9d1f1a 100644 --- a/fuzzers/libafl_ngram_mid_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_mid_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true +RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. diff --git a/fuzzers/libafl_ngram_small_map/builder.Dockerfile b/fuzzers/libafl_ngram_small_map/builder.Dockerfile index cc1ae4baa..0921146e8 100644 --- a/fuzzers/libafl_ngram_small_map/builder.Dockerfile +++ b/fuzzers/libafl_ngram_small_map/builder.Dockerfile @@ -45,7 +45,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout 2ea1930dfd109b08e37904d7e99a2f6b39c73927 || true +RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. From d8576eb835594e8fbdb287c96d8d6327e6f1382b Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 22 Feb 2024 19:56:28 +0100 Subject: [PATCH 12/24] make linter pass --- fuzzers/libafl_ctx_large_map/fuzzer.py | 2 +- fuzzers/libafl_ctx_mid_map/fuzzer.py | 2 +- fuzzers/libafl_ctx_small_map/fuzzer.py | 2 +- fuzzers/libafl_ngram_large_map/fuzzer.py | 2 +- fuzzers/libafl_ngram_mid_map/fuzzer.py | 2 +- fuzzers/libafl_ngram_small_map/fuzzer.py | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fuzzers/libafl_ctx_large_map/fuzzer.py b/fuzzers/libafl_ctx_large_map/fuzzer.py index 12246e007..19b64b9d7 100755 --- a/fuzzers/libafl_ctx_large_map/fuzzer.py +++ b/fuzzers/libafl_ctx_large_map/fuzzer.py @@ -49,7 +49,7 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] - cxxflags = ['--libafl', '--std=c++14'] + cxxflags = ["--libafl", "--std=c++14"] utils.append_flags("CFLAGS", cflags) utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) diff --git a/fuzzers/libafl_ctx_mid_map/fuzzer.py b/fuzzers/libafl_ctx_mid_map/fuzzer.py index 12246e007..19b64b9d7 100755 --- a/fuzzers/libafl_ctx_mid_map/fuzzer.py +++ b/fuzzers/libafl_ctx_mid_map/fuzzer.py @@ -49,7 +49,7 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] - cxxflags = ['--libafl', '--std=c++14'] + cxxflags = ["--libafl", "--std=c++14"] utils.append_flags("CFLAGS", cflags) utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) diff --git a/fuzzers/libafl_ctx_small_map/fuzzer.py b/fuzzers/libafl_ctx_small_map/fuzzer.py index 12246e007..19b64b9d7 100755 --- a/fuzzers/libafl_ctx_small_map/fuzzer.py +++ b/fuzzers/libafl_ctx_small_map/fuzzer.py @@ -49,7 +49,7 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] - cxxflags = ['--libafl', '--std=c++14'] + cxxflags = ["--libafl", "--std=c++14"] utils.append_flags("CFLAGS", cflags) utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) diff --git a/fuzzers/libafl_ngram_large_map/fuzzer.py b/fuzzers/libafl_ngram_large_map/fuzzer.py index 55496f41e..7498be883 100755 --- a/fuzzers/libafl_ngram_large_map/fuzzer.py +++ b/fuzzers/libafl_ngram_large_map/fuzzer.py @@ -49,7 +49,7 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] - cxxflags = ['--libafl', '--std=c++14'] + cxxflags = ["--libafl", "--std=c++14"] utils.append_flags("CFLAGS", cflags) utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) diff --git a/fuzzers/libafl_ngram_mid_map/fuzzer.py b/fuzzers/libafl_ngram_mid_map/fuzzer.py index 55496f41e..7498be883 100755 --- a/fuzzers/libafl_ngram_mid_map/fuzzer.py +++ b/fuzzers/libafl_ngram_mid_map/fuzzer.py @@ -49,7 +49,7 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] - cxxflags = ['--libafl', '--std=c++14'] + cxxflags = ["--libafl", "--std=c++14"] utils.append_flags("CFLAGS", cflags) utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) diff --git a/fuzzers/libafl_ngram_small_map/fuzzer.py b/fuzzers/libafl_ngram_small_map/fuzzer.py index 55496f41e..7498be883 100755 --- a/fuzzers/libafl_ngram_small_map/fuzzer.py +++ b/fuzzers/libafl_ngram_small_map/fuzzer.py @@ -49,7 +49,7 @@ def build(): # pylint: disable=too-many-branches,too-many-statements os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" cflags = ["--libafl"] - cxxflags = ['--libafl', '--std=c++14'] + cxxflags = ["--libafl", "--std=c++14"] utils.append_flags("CFLAGS", cflags) utils.append_flags("CXXFLAGS", cxxflags) utils.append_flags("LDFLAGS", cflags) From d5a81aa9d9ba19749c16c2bc8303a7b1c5784c63 Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Wed, 28 Feb 2024 16:30:14 +0100 Subject: [PATCH 13/24] dummy comment --- service/gcbrun_experiment.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/gcbrun_experiment.py b/service/gcbrun_experiment.py index f19ab493d..07d4a0239 100644 --- a/service/gcbrun_experiment.py +++ b/service/gcbrun_experiment.py @@ -28,7 +28,7 @@ TRIGGER_COMMAND = '/gcbrun' RUN_EXPERIMENT_COMMAND_STR = f'{TRIGGER_COMMAND} run_experiment.py ' SKIP_COMMAND_STR = f'{TRIGGER_COMMAND} skip' -# A DUMMY COMMENT +# A DUMMY DUMMY COMMENT def get_comments(pull_request_number): From a3b3a2a8d0c6c3a9cae3b547a22e29a0d587a240 Mon Sep 17 00:00:00 2001 From: toka Date: Wed, 28 Feb 2024 16:32:51 +0100 Subject: [PATCH 14/24] add latest libafl --- fuzzers/libafl_280224/builder.Dockerfile | 61 +++++++++++++++++++++ fuzzers/libafl_280224/description.md | 11 ++++ fuzzers/libafl_280224/fuzzer.py | 67 ++++++++++++++++++++++++ fuzzers/libafl_280224/runner.Dockerfile | 23 ++++++++ 4 files changed, 162 insertions(+) create mode 100644 fuzzers/libafl_280224/builder.Dockerfile create mode 100644 fuzzers/libafl_280224/description.md create mode 100755 fuzzers/libafl_280224/fuzzer.py create mode 100644 fuzzers/libafl_280224/runner.Dockerfile diff --git a/fuzzers/libafl_280224/builder.Dockerfile b/fuzzers/libafl_280224/builder.Dockerfile new file mode 100644 index 000000000..a345dfc78 --- /dev/null +++ b/fuzzers/libafl_280224/builder.Dockerfile @@ -0,0 +1,61 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + lsb-release wget software-properties-common gnupg && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl && \ + wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 + +RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ + rm /rustup.sh && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl. +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl + +# Checkout a current commit +RUN cd /libafl && git pull && git checkout 2bfe91e4bd5a5678a3935c50b429cf33616cbca4 || true +# Note that due a nightly bug it is currently fixed to a known version on top! + +# Compile libafl. +RUN cd /libafl && \ + unset CFLAGS CXXFLAGS && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + cd ./fuzzers/fuzzbench_ctx && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl/fuzzers/fuzzbench_ctx && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_280224/description.md b/fuzzers/libafl_280224/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_280224/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_280224/fuzzer.py b/fuzzers/libafl_280224/fuzzer.py new file mode 100755 index 000000000..d00bb1dd5 --- /dev/null +++ b/fuzzers/libafl_280224/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cc' + os.environ['CXX'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) diff --git a/fuzzers/libafl_280224/runner.Dockerfile b/fuzzers/libafl_280224/runner.Dockerfile new file mode 100644 index 000000000..7aa1da8e4 --- /dev/null +++ b/fuzzers/libafl_280224/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 From c1b546090d42cee2600587604695a3add291fc77 Mon Sep 17 00:00:00 2001 From: toka Date: Wed, 28 Feb 2024 16:34:56 +0100 Subject: [PATCH 15/24] fix --- fuzzers/libafl_280224/builder.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fuzzers/libafl_280224/builder.Dockerfile b/fuzzers/libafl_280224/builder.Dockerfile index a345dfc78..068566e8c 100644 --- a/fuzzers/libafl_280224/builder.Dockerfile +++ b/fuzzers/libafl_280224/builder.Dockerfile @@ -52,10 +52,10 @@ RUN cd /libafl && git pull && git checkout 2bfe91e4bd5a5678a3935c50b429cf33616cb RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./fuzzers/fuzzbench_ctx && \ + cd ./fuzzers/fuzzbench && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main # Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ctx && \ +RUN cd /libafl/fuzzers/fuzzbench && \ clang -c stub_rt.c && \ ar r /stub_rt.a stub_rt.o From 4c253cd526e89f15eefac0aa39659d1b68ef6bce Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 4 Mar 2024 20:29:05 +0100 Subject: [PATCH 16/24] adding fuzzers --- .../libafl_fuzzbench_ctx/builder.Dockerfile | 52 ++++++++++++++ fuzzers/libafl_fuzzbench_ctx/description.md | 11 +++ fuzzers/libafl_fuzzbench_ctx/fuzzer.py | 67 +++++++++++++++++++ .../libafl_fuzzbench_ctx/runner.Dockerfile | 23 +++++++ .../builder.Dockerfile | 52 ++++++++++++++ .../libafl_fuzzbench_ngram4/description.md | 11 +++ fuzzers/libafl_fuzzbench_ngram4/fuzzer.py | 67 +++++++++++++++++++ .../libafl_fuzzbench_ngram4/runner.Dockerfile | 23 +++++++ .../builder.Dockerfile | 52 ++++++++++++++ .../libafl_fuzzbench_ngram8/description.md | 11 +++ fuzzers/libafl_fuzzbench_ngram8/fuzzer.py | 67 +++++++++++++++++++ .../libafl_fuzzbench_ngram8/runner.Dockerfile | 23 +++++++ 12 files changed, 459 insertions(+) create mode 100644 fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_ctx/description.md create mode 100755 fuzzers/libafl_fuzzbench_ctx/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_ctx/runner.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_ngram4/description.md create mode 100755 fuzzers/libafl_fuzzbench_ngram4/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_ngram4/runner.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_ngram8/description.md create mode 100755 fuzzers/libafl_fuzzbench_ngram8/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_ngram8/runner.Dockerfile diff --git a/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile new file mode 100644 index 000000000..d21166b3c --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile @@ -0,0 +1,52 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl +RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout 3dea2047aa8d59d3b3ff84059b385ec82ec0a864 && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=65536 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ctx/description.md b/fuzzers/libafl_fuzzbench_ctx/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ctx/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_ctx/fuzzer.py b/fuzzers/libafl_fuzzbench_ctx/fuzzer.py new file mode 100755 index 000000000..b8f17b8cc --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ctx/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/naive_ctx_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/naive_ctx_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ctx/runner.Dockerfile b/fuzzers/libafl_fuzzbench_ctx/runner.Dockerfile new file mode 100644 index 000000000..18611a0fb --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ctx/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile new file mode 100644 index 000000000..d21166b3c --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile @@ -0,0 +1,52 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl +RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout 3dea2047aa8d59d3b3ff84059b385ec82ec0a864 && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=65536 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram4/description.md b/fuzzers/libafl_fuzzbench_ngram4/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_ngram4/fuzzer.py b/fuzzers/libafl_fuzzbench_ngram4/fuzzer.py new file mode 100755 index 000000000..a041998c4 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/naive_ngram4_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/naive_ngram4_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) diff --git a/fuzzers/libafl_fuzzbench_ngram4/runner.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/runner.Dockerfile new file mode 100644 index 000000000..7aa1da8e4 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile new file mode 100644 index 000000000..d21166b3c --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile @@ -0,0 +1,52 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl +RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout 3dea2047aa8d59d3b3ff84059b385ec82ec0a864 && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=65536 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram8/description.md b/fuzzers/libafl_fuzzbench_ngram8/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram8/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_ngram8/fuzzer.py b/fuzzers/libafl_fuzzbench_ngram8/fuzzer.py new file mode 100755 index 000000000..cec7f1714 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram8/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/naive_ngram8_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/naive_ngram8_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) diff --git a/fuzzers/libafl_fuzzbench_ngram8/runner.Dockerfile b/fuzzers/libafl_fuzzbench_ngram8/runner.Dockerfile new file mode 100644 index 000000000..7aa1da8e4 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram8/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 From 097ecdedfcbf7fff94d1c3fd77cfd0cf9cd8a059 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 4 Mar 2024 20:29:32 +0100 Subject: [PATCH 17/24] delete --- fuzzers/libafl_280224/builder.Dockerfile | 61 ---------------- fuzzers/libafl_280224/description.md | 11 --- fuzzers/libafl_280224/fuzzer.py | 67 ----------------- fuzzers/libafl_280224/runner.Dockerfile | 23 ------ .../libafl_ctx_large_map/builder.Dockerfile | 61 ---------------- fuzzers/libafl_ctx_large_map/description.md | 11 --- fuzzers/libafl_ctx_large_map/fuzzer.py | 72 ------------------- .../libafl_ctx_large_map/runner.Dockerfile | 25 ------- fuzzers/libafl_ctx_mid_map/builder.Dockerfile | 61 ---------------- fuzzers/libafl_ctx_mid_map/description.md | 11 --- fuzzers/libafl_ctx_mid_map/fuzzer.py | 72 ------------------- fuzzers/libafl_ctx_mid_map/runner.Dockerfile | 25 ------- .../libafl_ctx_small_map/builder.Dockerfile | 61 ---------------- fuzzers/libafl_ctx_small_map/description.md | 11 --- fuzzers/libafl_ctx_small_map/fuzzer.py | 72 ------------------- .../libafl_ctx_small_map/runner.Dockerfile | 25 ------- .../libafl_ngram_large_map/builder.Dockerfile | 61 ---------------- fuzzers/libafl_ngram_large_map/description.md | 11 --- fuzzers/libafl_ngram_large_map/fuzzer.py | 72 ------------------- .../libafl_ngram_large_map/runner.Dockerfile | 25 ------- .../libafl_ngram_mid_map/builder.Dockerfile | 61 ---------------- fuzzers/libafl_ngram_mid_map/description.md | 11 --- fuzzers/libafl_ngram_mid_map/fuzzer.py | 72 ------------------- .../libafl_ngram_mid_map/runner.Dockerfile | 25 ------- .../libafl_ngram_small_map/builder.Dockerfile | 61 ---------------- fuzzers/libafl_ngram_small_map/description.md | 11 --- fuzzers/libafl_ngram_small_map/fuzzer.py | 72 ------------------- .../libafl_ngram_small_map/runner.Dockerfile | 25 ------- 28 files changed, 1176 deletions(-) delete mode 100644 fuzzers/libafl_280224/builder.Dockerfile delete mode 100644 fuzzers/libafl_280224/description.md delete mode 100755 fuzzers/libafl_280224/fuzzer.py delete mode 100644 fuzzers/libafl_280224/runner.Dockerfile delete mode 100644 fuzzers/libafl_ctx_large_map/builder.Dockerfile delete mode 100644 fuzzers/libafl_ctx_large_map/description.md delete mode 100755 fuzzers/libafl_ctx_large_map/fuzzer.py delete mode 100644 fuzzers/libafl_ctx_large_map/runner.Dockerfile delete mode 100644 fuzzers/libafl_ctx_mid_map/builder.Dockerfile delete mode 100644 fuzzers/libafl_ctx_mid_map/description.md delete mode 100755 fuzzers/libafl_ctx_mid_map/fuzzer.py delete mode 100644 fuzzers/libafl_ctx_mid_map/runner.Dockerfile delete mode 100644 fuzzers/libafl_ctx_small_map/builder.Dockerfile delete mode 100644 fuzzers/libafl_ctx_small_map/description.md delete mode 100755 fuzzers/libafl_ctx_small_map/fuzzer.py delete mode 100644 fuzzers/libafl_ctx_small_map/runner.Dockerfile delete mode 100644 fuzzers/libafl_ngram_large_map/builder.Dockerfile delete mode 100644 fuzzers/libafl_ngram_large_map/description.md delete mode 100755 fuzzers/libafl_ngram_large_map/fuzzer.py delete mode 100644 fuzzers/libafl_ngram_large_map/runner.Dockerfile delete mode 100644 fuzzers/libafl_ngram_mid_map/builder.Dockerfile delete mode 100644 fuzzers/libafl_ngram_mid_map/description.md delete mode 100755 fuzzers/libafl_ngram_mid_map/fuzzer.py delete mode 100644 fuzzers/libafl_ngram_mid_map/runner.Dockerfile delete mode 100644 fuzzers/libafl_ngram_small_map/builder.Dockerfile delete mode 100644 fuzzers/libafl_ngram_small_map/description.md delete mode 100755 fuzzers/libafl_ngram_small_map/fuzzer.py delete mode 100644 fuzzers/libafl_ngram_small_map/runner.Dockerfile diff --git a/fuzzers/libafl_280224/builder.Dockerfile b/fuzzers/libafl_280224/builder.Dockerfile deleted file mode 100644 index 068566e8c..000000000 --- a/fuzzers/libafl_280224/builder.Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - lsb-release wget software-properties-common gnupg && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl && \ - wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 - -RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git pull && git checkout 2bfe91e4bd5a5678a3935c50b429cf33616cbca4 || true -# Note that due a nightly bug it is currently fixed to a known version on top! - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./fuzzers/fuzzbench && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_280224/description.md b/fuzzers/libafl_280224/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_280224/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_280224/fuzzer.py b/fuzzers/libafl_280224/fuzzer.py deleted file mode 100755 index d00bb1dd5..000000000 --- a/fuzzers/libafl_280224/fuzzer.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ['CC'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cc' - os.environ['CXX'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cxx' - - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' - - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) - - os.environ['FUZZER_LIB'] = '/stub_rt.a' - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) - print(command) - subprocess.check_call(command, cwd=os.environ['OUT']) diff --git a/fuzzers/libafl_280224/runner.Dockerfile b/fuzzers/libafl_280224/runner.Dockerfile deleted file mode 100644 index 7aa1da8e4..000000000 --- a/fuzzers/libafl_280224/runner.Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ctx_large_map/builder.Dockerfile b/fuzzers/libafl_ctx_large_map/builder.Dockerfile deleted file mode 100644 index d0d6ebc3d..000000000 --- a/fuzzers/libafl_ctx_large_map/builder.Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - lsb-release wget software-properties-common gnupg && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl && \ - wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 - -RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true -# Note that due a nightly bug it is currently fixed to a known version on top! - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./fuzzers/fuzzbench_ctx && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ctx && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_large_map/description.md b/fuzzers/libafl_ctx_large_map/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_ctx_large_map/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ctx_large_map/fuzzer.py b/fuzzers/libafl_ctx_large_map/fuzzer.py deleted file mode 100755 index 19b64b9d7..000000000 --- a/fuzzers/libafl_ctx_large_map/fuzzer.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0") - os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0") - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx") - - os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" - os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - - cflags = ["--libafl"] - cxxflags = ["--libafl", "--std=c++14"] - utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cxxflags) - utils.append_flags("LDFLAGS", cflags) - - os.environ["FUZZER_LIB"] = "/stub_rt.a" - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += ["-x", dictionary_path] - command += ["-o", output_corpus, "-i", input_corpus] - fuzzer_env = os.environ.copy() - fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" - print(command) - subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_large_map/runner.Dockerfile b/fuzzers/libafl_ctx_large_map/runner.Dockerfile deleted file mode 100644 index f0c5eb6cc..000000000 --- a/fuzzers/libafl_ctx_large_map/runner.Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -RUN apt install libjemalloc2 - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ctx_mid_map/builder.Dockerfile b/fuzzers/libafl_ctx_mid_map/builder.Dockerfile deleted file mode 100644 index 13df1591a..000000000 --- a/fuzzers/libafl_ctx_mid_map/builder.Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - lsb-release wget software-properties-common gnupg && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl && \ - wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 - -RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true -# Note that due a nightly bug it is currently fixed to a known version on top! - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=262144 && \ - cd ./fuzzers/fuzzbench_ctx && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ctx && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_mid_map/description.md b/fuzzers/libafl_ctx_mid_map/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_ctx_mid_map/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ctx_mid_map/fuzzer.py b/fuzzers/libafl_ctx_mid_map/fuzzer.py deleted file mode 100755 index 19b64b9d7..000000000 --- a/fuzzers/libafl_ctx_mid_map/fuzzer.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0") - os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0") - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx") - - os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" - os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - - cflags = ["--libafl"] - cxxflags = ["--libafl", "--std=c++14"] - utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cxxflags) - utils.append_flags("LDFLAGS", cflags) - - os.environ["FUZZER_LIB"] = "/stub_rt.a" - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += ["-x", dictionary_path] - command += ["-o", output_corpus, "-i", input_corpus] - fuzzer_env = os.environ.copy() - fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" - print(command) - subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_mid_map/runner.Dockerfile b/fuzzers/libafl_ctx_mid_map/runner.Dockerfile deleted file mode 100644 index f0c5eb6cc..000000000 --- a/fuzzers/libafl_ctx_mid_map/runner.Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -RUN apt install libjemalloc2 - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ctx_small_map/builder.Dockerfile b/fuzzers/libafl_ctx_small_map/builder.Dockerfile deleted file mode 100644 index c8a326445..000000000 --- a/fuzzers/libafl_ctx_small_map/builder.Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - lsb-release wget software-properties-common gnupg && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl && \ - wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 - -RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true -# Note that due a nightly bug it is currently fixed to a known version on top! - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=131072 && \ - cd ./fuzzers/fuzzbench_ctx && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ctx && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ctx_small_map/description.md b/fuzzers/libafl_ctx_small_map/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_ctx_small_map/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ctx_small_map/fuzzer.py b/fuzzers/libafl_ctx_small_map/fuzzer.py deleted file mode 100755 index 19b64b9d7..000000000 --- a/fuzzers/libafl_ctx_small_map/fuzzer.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0") - os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0") - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ctx/target/release-fuzzbench/libafl_cxx") - - os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" - os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - - cflags = ["--libafl"] - cxxflags = ["--libafl", "--std=c++14"] - utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cxxflags) - utils.append_flags("LDFLAGS", cflags) - - os.environ["FUZZER_LIB"] = "/stub_rt.a" - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += ["-x", dictionary_path] - command += ["-o", output_corpus, "-i", input_corpus] - fuzzer_env = os.environ.copy() - fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" - print(command) - subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ctx_small_map/runner.Dockerfile b/fuzzers/libafl_ctx_small_map/runner.Dockerfile deleted file mode 100644 index f0c5eb6cc..000000000 --- a/fuzzers/libafl_ctx_small_map/runner.Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -RUN apt install libjemalloc2 - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ngram_large_map/builder.Dockerfile b/fuzzers/libafl_ngram_large_map/builder.Dockerfile deleted file mode 100644 index afefeb112..000000000 --- a/fuzzers/libafl_ngram_large_map/builder.Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - lsb-release wget software-properties-common gnupg && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl && \ - wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 - -RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true -# Note that due a nightly bug it is currently fixed to a known version on top! - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./fuzzers/fuzzbench_ngram && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ngram && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_large_map/description.md b/fuzzers/libafl_ngram_large_map/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_ngram_large_map/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ngram_large_map/fuzzer.py b/fuzzers/libafl_ngram_large_map/fuzzer.py deleted file mode 100755 index 7498be883..000000000 --- a/fuzzers/libafl_ngram_large_map/fuzzer.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0") - os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0") - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx") - - os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" - os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - - cflags = ["--libafl"] - cxxflags = ["--libafl", "--std=c++14"] - utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cxxflags) - utils.append_flags("LDFLAGS", cflags) - - os.environ["FUZZER_LIB"] = "/stub_rt.a" - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += ["-x", dictionary_path] - command += ["-o", output_corpus, "-i", input_corpus] - fuzzer_env = os.environ.copy() - fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" - print(command) - subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_large_map/runner.Dockerfile b/fuzzers/libafl_ngram_large_map/runner.Dockerfile deleted file mode 100644 index f0c5eb6cc..000000000 --- a/fuzzers/libafl_ngram_large_map/runner.Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -RUN apt install libjemalloc2 - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ngram_mid_map/builder.Dockerfile b/fuzzers/libafl_ngram_mid_map/builder.Dockerfile deleted file mode 100644 index fda9d1f1a..000000000 --- a/fuzzers/libafl_ngram_mid_map/builder.Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - lsb-release wget software-properties-common gnupg && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl && \ - wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 - -RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true -# Note that due a nightly bug it is currently fixed to a known version on top! - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=262144 && \ - cd ./fuzzers/fuzzbench_ngram && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ngram && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_mid_map/description.md b/fuzzers/libafl_ngram_mid_map/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_ngram_mid_map/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ngram_mid_map/fuzzer.py b/fuzzers/libafl_ngram_mid_map/fuzzer.py deleted file mode 100755 index 7498be883..000000000 --- a/fuzzers/libafl_ngram_mid_map/fuzzer.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0") - os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0") - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx") - - os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" - os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - - cflags = ["--libafl"] - cxxflags = ["--libafl", "--std=c++14"] - utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cxxflags) - utils.append_flags("LDFLAGS", cflags) - - os.environ["FUZZER_LIB"] = "/stub_rt.a" - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += ["-x", dictionary_path] - command += ["-o", output_corpus, "-i", input_corpus] - fuzzer_env = os.environ.copy() - fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" - print(command) - subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_mid_map/runner.Dockerfile b/fuzzers/libafl_ngram_mid_map/runner.Dockerfile deleted file mode 100644 index f0c5eb6cc..000000000 --- a/fuzzers/libafl_ngram_mid_map/runner.Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -RUN apt install libjemalloc2 - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/libafl_ngram_small_map/builder.Dockerfile b/fuzzers/libafl_ngram_small_map/builder.Dockerfile deleted file mode 100644 index 0921146e8..000000000 --- a/fuzzers/libafl_ngram_small_map/builder.Dockerfile +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - lsb-release wget software-properties-common gnupg && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl && \ - wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 16 - -RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-02-14 -y && \ - rm /rustup.sh && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git pull && git checkout a5f2daf6e70c0b57b6781c1e8cd9a5b309a6c1de || true -# Note that due a nightly bug it is currently fixed to a known version on top! - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - export LIBAFL_EDGES_MAP_SIZE=131072 && \ - cd ./fuzzers/fuzzbench_ngram && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench_ngram && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_ngram_small_map/description.md b/fuzzers/libafl_ngram_small_map/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_ngram_small_map/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_ngram_small_map/fuzzer.py b/fuzzers/libafl_ngram_small_map/fuzzer.py deleted file mode 100755 index 7498be883..000000000 --- a/fuzzers/libafl_ngram_small_map/fuzzer.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ["ASAN_OPTIONS"] = ("abort_on_error=1:detect_leaks=0:" - "malloc_context_size=0:symbolize=0:" - "allocator_may_return_null=1:" - "detect_odr_violation=0:handle_segv=0:" - "handle_sigbus=0:handle_abort=0:" - "handle_sigfpe=0:handle_sigill=0") - os.environ["UBSAN_OPTIONS"] = ("abort_on_error=1:" - "allocator_release_to_os_interval_ms=500:" - "handle_abort=0:handle_segv=0:" - "handle_sigbus=0:handle_sigfpe=0:" - "handle_sigill=0:print_stacktrace=0:" - "symbolize=0:symbolize_inline_frames=0") - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ["CC"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cc") - os.environ["CXX"] = ( - "/libafl/fuzzers/fuzzbench_ngram/target/release-fuzzbench/libafl_cxx") - - os.environ["ASAN_OPTIONS"] = "abort_on_error=0:allocator_may_return_null=1" - os.environ["UBSAN_OPTIONS"] = "abort_on_error=0" - - cflags = ["--libafl"] - cxxflags = ["--libafl", "--std=c++14"] - utils.append_flags("CFLAGS", cflags) - utils.append_flags("CXXFLAGS", cxxflags) - utils.append_flags("LDFLAGS", cflags) - - os.environ["FUZZER_LIB"] = "/stub_rt.a" - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += ["-x", dictionary_path] - command += ["-o", output_corpus, "-i", input_corpus] - fuzzer_env = os.environ.copy() - fuzzer_env["LD_PRELOAD"] = "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" - print(command) - subprocess.check_call(command, cwd=os.environ["OUT"], env=fuzzer_env) diff --git a/fuzzers/libafl_ngram_small_map/runner.Dockerfile b/fuzzers/libafl_ngram_small_map/runner.Dockerfile deleted file mode 100644 index f0c5eb6cc..000000000 --- a/fuzzers/libafl_ngram_small_map/runner.Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -RUN apt install libjemalloc2 - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 From d80b8dffc59e2bb2ea6127e2798ceefc1e2f38d0 Mon Sep 17 00:00:00 2001 From: toka Date: Tue, 5 Mar 2024 18:08:13 +0100 Subject: [PATCH 18/24] upd --- fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile | 5 ++--- fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile | 5 ++--- fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile | 5 ++--- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile index d21166b3c..2f2cec200 100644 --- a/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile @@ -31,13 +31,12 @@ RUN apt-get update && \ apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ apt-utils apt-transport-https ca-certificates joe curl \ - python3-dev gzip && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + python3-dev gzip # Download libafl RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ cd /libafl_fuzzbench && \ - git checkout 3dea2047aa8d59d3b3ff84059b385ec82ec0a864 && \ + git checkout 5e5eb3fdaddf8769c367841699884946660e45a7 && \ git submodule update --init # Compile libafl diff --git a/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile index d21166b3c..2f2cec200 100644 --- a/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile @@ -31,13 +31,12 @@ RUN apt-get update && \ apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ apt-utils apt-transport-https ca-certificates joe curl \ - python3-dev gzip && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + python3-dev gzip # Download libafl RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ cd /libafl_fuzzbench && \ - git checkout 3dea2047aa8d59d3b3ff84059b385ec82ec0a864 && \ + git checkout 5e5eb3fdaddf8769c367841699884946660e45a7 && \ git submodule update --init # Compile libafl diff --git a/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile index d21166b3c..2f2cec200 100644 --- a/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile @@ -31,13 +31,12 @@ RUN apt-get update && \ apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ apt-utils apt-transport-https ca-certificates joe curl \ - python3-dev gzip && \ - PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + python3-dev gzip # Download libafl RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ cd /libafl_fuzzbench && \ - git checkout 3dea2047aa8d59d3b3ff84059b385ec82ec0a864 && \ + git checkout 5e5eb3fdaddf8769c367841699884946660e45a7 && \ git submodule update --init # Compile libafl From 0f0ead3011fd765537e1f0b1e7dccad9d85fc1f1 Mon Sep 17 00:00:00 2001 From: toka Date: Tue, 5 Mar 2024 19:14:36 +0100 Subject: [PATCH 19/24] value_profile_alternative_impl --- .../libafl_fuzzbench_ctx/builder.Dockerfile | 2 +- .../builder.Dockerfile | 2 +- .../builder.Dockerfile | 2 +- .../builder.Dockerfile | 51 ++++++++++++++ .../libafl_fuzzbench_vp_alter/description.md | 11 +++ fuzzers/libafl_fuzzbench_vp_alter/fuzzer.py | 67 +++++++++++++++++++ .../runner.Dockerfile | 23 +++++++ 7 files changed, 155 insertions(+), 3 deletions(-) create mode 100644 fuzzers/libafl_fuzzbench_vp_alter/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_vp_alter/description.md create mode 100755 fuzzers/libafl_fuzzbench_vp_alter/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_vp_alter/runner.Dockerfile diff --git a/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile index 2f2cec200..6453999e8 100644 --- a/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_ctx/builder.Dockerfile @@ -36,7 +36,7 @@ RUN apt-get update && \ # Download libafl RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ cd /libafl_fuzzbench && \ - git checkout 5e5eb3fdaddf8769c367841699884946660e45a7 && \ + git checkout 387abaa75ff5875477cef3b14eed9149db83cf4c && \ git submodule update --init # Compile libafl diff --git a/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile index 2f2cec200..6453999e8 100644 --- a/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile @@ -36,7 +36,7 @@ RUN apt-get update && \ # Download libafl RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ cd /libafl_fuzzbench && \ - git checkout 5e5eb3fdaddf8769c367841699884946660e45a7 && \ + git checkout 387abaa75ff5875477cef3b14eed9149db83cf4c && \ git submodule update --init # Compile libafl diff --git a/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile index 2f2cec200..6453999e8 100644 --- a/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_ngram8/builder.Dockerfile @@ -36,7 +36,7 @@ RUN apt-get update && \ # Download libafl RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ cd /libafl_fuzzbench && \ - git checkout 5e5eb3fdaddf8769c367841699884946660e45a7 && \ + git checkout 387abaa75ff5875477cef3b14eed9149db83cf4c && \ git submodule update --init # Compile libafl diff --git a/fuzzers/libafl_fuzzbench_vp_alter/builder.Dockerfile b/fuzzers/libafl_fuzzbench_vp_alter/builder.Dockerfile new file mode 100644 index 000000000..6453999e8 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_vp_alter/builder.Dockerfile @@ -0,0 +1,51 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip + +# Download libafl +RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout 387abaa75ff5875477cef3b14eed9149db83cf4c && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=65536 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_vp_alter/description.md b/fuzzers/libafl_fuzzbench_vp_alter/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_vp_alter/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_vp_alter/fuzzer.py b/fuzzers/libafl_fuzzbench_vp_alter/fuzzer.py new file mode 100755 index 000000000..1795f69be --- /dev/null +++ b/fuzzers/libafl_fuzzbench_vp_alter/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/value_profile_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/value_profile_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) diff --git a/fuzzers/libafl_fuzzbench_vp_alter/runner.Dockerfile b/fuzzers/libafl_fuzzbench_vp_alter/runner.Dockerfile new file mode 100644 index 000000000..7aa1da8e4 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_vp_alter/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 From 2055966d91ce43866c6ea1f9c47ff1fba9b6cb16 Mon Sep 17 00:00:00 2001 From: toka Date: Tue, 16 Apr 2024 14:34:45 +0200 Subject: [PATCH 20/24] add --- .../libafl_fuzzbench_fast/builder.Dockerfile | 51 ++++++++++++++ fuzzers/libafl_fuzzbench_fast/description.md | 11 +++ fuzzers/libafl_fuzzbench_fast/fuzzer.py | 67 +++++++++++++++++++ .../libafl_fuzzbench_fast/runner.Dockerfile | 23 +++++++ .../builder.Dockerfile | 51 ++++++++++++++ .../description.md | 11 +++ .../libafl_fuzzbench_fast_ngram4/fuzzer.py | 67 +++++++++++++++++++ .../runner.Dockerfile | 23 +++++++ .../builder.Dockerfile | 51 ++++++++++++++ .../description.md | 11 +++ .../fuzzer.py | 67 +++++++++++++++++++ .../runner.Dockerfile | 23 +++++++ .../libafl_fuzzbench_ctx/builder.Dockerfile | 51 ++++++++++++++ .../libafl_fuzzbench_ctx/description.md | 11 +++ .../libafl_fuzzbench_ctx/fuzzer.py | 67 +++++++++++++++++++ .../libafl_fuzzbench_ctx/runner.Dockerfile | 23 +++++++ .../builder.Dockerfile | 51 ++++++++++++++ .../description.md | 11 +++ .../libafl_fuzzbench_value_profile/fuzzer.py | 67 +++++++++++++++++++ .../runner.Dockerfile | 23 +++++++ 20 files changed, 760 insertions(+) create mode 100644 fuzzers/libafl_fuzzbench_fast/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_fast/description.md create mode 100755 fuzzers/libafl_fuzzbench_fast/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_fast/runner.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_fast_ngram4/description.md create mode 100755 fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_fast_ngram4/runner.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_fast_value_profile/description.md create mode 100755 fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_fast_value_profile/runner.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md create mode 100755 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_value_profile/builder.Dockerfile create mode 100644 fuzzers/libafl_fuzzbench_value_profile/description.md create mode 100755 fuzzers/libafl_fuzzbench_value_profile/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_value_profile/runner.Dockerfile diff --git a/fuzzers/libafl_fuzzbench_fast/builder.Dockerfile b/fuzzers/libafl_fuzzbench_fast/builder.Dockerfile new file mode 100644 index 000000000..74ce54876 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast/builder.Dockerfile @@ -0,0 +1,51 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip + +# Download libafl +RUN git clone https://github.com/AFLplusplus/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout f59797ea5d2ff56489925a9fa1c6d0c7ef3b8fed && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast/description.md b/fuzzers/libafl_fuzzbench_fast/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_fast/fuzzer.py b/fuzzers/libafl_fuzzbench_fast/fuzzer.py new file mode 100755 index 000000000..40e7ccc80 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/fast_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/fast_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast/runner.Dockerfile b/fuzzers/libafl_fuzzbench_fast/runner.Dockerfile new file mode 100644 index 000000000..18611a0fb --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile b/fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile new file mode 100644 index 000000000..74ce54876 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile @@ -0,0 +1,51 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip + +# Download libafl +RUN git clone https://github.com/AFLplusplus/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout f59797ea5d2ff56489925a9fa1c6d0c7ef3b8fed && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast_ngram4/description.md b/fuzzers/libafl_fuzzbench_fast_ngram4/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_ngram4/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py b/fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py new file mode 100755 index 000000000..869920487 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/fast_ngram4_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/fast_ngram4_cc' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast_ngram4/runner.Dockerfile b/fuzzers/libafl_fuzzbench_fast_ngram4/runner.Dockerfile new file mode 100644 index 000000000..18611a0fb --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_ngram4/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile b/fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile new file mode 100644 index 000000000..74ce54876 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile @@ -0,0 +1,51 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip + +# Download libafl +RUN git clone https://github.com/AFLplusplus/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout f59797ea5d2ff56489925a9fa1c6d0c7ef3b8fed && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast_value_profile/description.md b/fuzzers/libafl_fuzzbench_fast_value_profile/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_value_profile/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py b/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py new file mode 100755 index 000000000..cb8c769ba --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/fast_value_profile_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/fast_value_profile_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_fast_value_profile/runner.Dockerfile b/fuzzers/libafl_fuzzbench_fast_value_profile/runner.Dockerfile new file mode 100644 index 000000000..18611a0fb --- /dev/null +++ b/fuzzers/libafl_fuzzbench_fast_value_profile/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile new file mode 100644 index 000000000..74ce54876 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile @@ -0,0 +1,51 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip + +# Download libafl +RUN git clone https://github.com/AFLplusplus/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout f59797ea5d2ff56489925a9fa1c6d0c7ef3b8fed && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py new file mode 100755 index 000000000..44e712e51 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/ngram4_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/ngram4_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile new file mode 100644 index 000000000..18611a0fb --- /dev/null +++ b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_value_profile/builder.Dockerfile b/fuzzers/libafl_fuzzbench_value_profile/builder.Dockerfile new file mode 100644 index 000000000..74ce54876 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_value_profile/builder.Dockerfile @@ -0,0 +1,51 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip + +# Download libafl +RUN git clone https://github.com/AFLplusplus/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout f59797ea5d2ff56489925a9fa1c6d0c7ef3b8fed && \ + git submodule update --init + +# Compile libafl +RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export CXX=clang++ && \ + export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_value_profile/description.md b/fuzzers/libafl_fuzzbench_value_profile/description.md new file mode 100644 index 000000000..ea9b947d6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_value_profile/description.md @@ -0,0 +1,11 @@ +# libafl + +libafl fuzzer instance + - cmplog feature + - persistent mode + +Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_value_profile/fuzzer.py b/fuzzers/libafl_fuzzbench_value_profile/fuzzer.py new file mode 100755 index 000000000..1bb2c97e6 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_value_profile/fuzzer.py @@ -0,0 +1,67 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + os.environ['CC'] = '/libafl_fuzzbench/target/release/value_profile_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/value_profile_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_value_profile/runner.Dockerfile b/fuzzers/libafl_fuzzbench_value_profile/runner.Dockerfile new file mode 100644 index 000000000..18611a0fb --- /dev/null +++ b/fuzzers/libafl_fuzzbench_value_profile/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 \ No newline at end of file From 4eb332a7b4b9c4f695ac3511a72bde0b32a17169 Mon Sep 17 00:00:00 2001 From: toka Date: Wed, 17 Apr 2024 14:03:11 +0200 Subject: [PATCH 21/24] cx --- fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py | 4 ++-- fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py b/fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py index 869920487..99f5c7f1e 100755 --- a/fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py +++ b/fuzzers/libafl_fuzzbench_fast_ngram4/fuzzer.py @@ -41,7 +41,7 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ['CC'] = '/libafl_fuzzbench/target/release/fast_ngram4_cc' - os.environ['CXX'] = '/libafl_fuzzbench/target/release/fast_ngram4_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/fast_ngram4_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' @@ -64,4 +64,4 @@ def fuzz(input_corpus, output_corpus, target_binary): command += (['-x', dictionary_path]) command += (['-o', output_corpus, '-i', input_corpus]) print(command) - subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file + subprocess.check_call(command, cwd=os.environ['OUT']) diff --git a/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py b/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py index cb8c769ba..599c62d75 100755 --- a/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py +++ b/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py @@ -64,4 +64,4 @@ def fuzz(input_corpus, output_corpus, target_binary): command += (['-x', dictionary_path]) command += (['-o', output_corpus, '-i', input_corpus]) print(command) - subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file + subprocess.check_call(command, cwd=os.environ['OUT']) From 853e0471d000c7050a3e404a07bc1618f77b1fac Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 19 Apr 2024 13:16:28 +0200 Subject: [PATCH 22/24] FMT --- fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py b/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py index 599c62d75..a24e2842d 100755 --- a/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py +++ b/fuzzers/libafl_fuzzbench_fast_value_profile/fuzzer.py @@ -41,7 +41,8 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ['CC'] = '/libafl_fuzzbench/target/release/fast_value_profile_cc' - os.environ['CXX'] = '/libafl_fuzzbench/target/release/fast_value_profile_cxx' + os.environ[ + 'CXX'] = '/libafl_fuzzbench/target/release/fast_value_profile_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' From f37a18d7297b9f2dcf024470e80265b652eb2c0e Mon Sep 17 00:00:00 2001 From: toka Date: Wed, 24 Apr 2024 14:13:15 +0200 Subject: [PATCH 23/24] fix map size --- fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile | 4 ++-- .../libafl_fuzzbench_fast_value_profile/builder.Dockerfile | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile b/fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile index 74ce54876..dcf25430c 100644 --- a/fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_fast_ngram4/builder.Dockerfile @@ -42,10 +42,10 @@ RUN git clone https://github.com/AFLplusplus/libafl_fuzzbench /libafl_fuzzbench # Compile libafl RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ export CC=clang && export CXX=clang++ && \ - export LIBAFL_EDGES_MAP_SIZE=2621440 && \ + export LIBAFL_EDGES_MAP_SIZE=65536 && \ PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main # Auxiliary weak references. RUN cd /libafl_fuzzbench && \ clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o \ No newline at end of file + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile b/fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile index 74ce54876..f768cd360 100644 --- a/fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_fast_value_profile/builder.Dockerfile @@ -48,4 +48,4 @@ RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ # Auxiliary weak references. RUN cd /libafl_fuzzbench && \ clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o \ No newline at end of file + ar r /stub_rt.a stub_rt.o From 62052cda037f82f6b113182fa086717cb0febf5b Mon Sep 17 00:00:00 2001 From: toka Date: Wed, 24 Apr 2024 14:30:13 +0200 Subject: [PATCH 24/24] fix --- .../builder.Dockerfile | 2 +- .../libafl_fuzzbench_ctx/builder.Dockerfile | 51 -------------- .../libafl_fuzzbench_ctx/description.md | 11 --- .../libafl_fuzzbench_ctx/fuzzer.py | 67 ------------------- .../libafl_fuzzbench_ctx/runner.Dockerfile | 23 ------- 5 files changed, 1 insertion(+), 153 deletions(-) delete mode 100644 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile delete mode 100644 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md delete mode 100755 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py delete mode 100644 fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile diff --git a/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile index 6453999e8..c20130aec 100644 --- a/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile +++ b/fuzzers/libafl_fuzzbench_ngram4/builder.Dockerfile @@ -48,4 +48,4 @@ RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ # Auxiliary weak references. RUN cd /libafl_fuzzbench && \ clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o \ No newline at end of file + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile deleted file mode 100644 index 74ce54876..000000000 --- a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/builder.Dockerfile +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ - rm /rustup.sh - -# Install dependencies. -RUN apt-get update && \ - apt-get remove -y llvm-10 && \ - apt-get install -y \ - build-essential \ - llvm-11 \ - clang-12 && \ - apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ - libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ - apt-utils apt-transport-https ca-certificates joe curl \ - python3-dev gzip - -# Download libafl -RUN git clone https://github.com/AFLplusplus/libafl_fuzzbench /libafl_fuzzbench && \ - cd /libafl_fuzzbench && \ - git checkout f59797ea5d2ff56489925a9fa1c6d0c7ef3b8fed && \ - git submodule update --init - -# Compile libafl -RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ - export CC=clang && export CXX=clang++ && \ - export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main - -# Auxiliary weak references. -RUN cd /libafl_fuzzbench && \ - clang -c stub_rt.c && \ - ar r /stub_rt.a stub_rt.o \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md deleted file mode 100644 index ea9b947d6..000000000 --- a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/description.md +++ /dev/null @@ -1,11 +0,0 @@ -# libafl - -libafl fuzzer instance - - cmplog feature - - persistent mode - -Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py deleted file mode 100755 index 44e712e51..000000000 --- a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/fuzzer.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -"""Integration code for a LibAFL-based fuzzer.""" - -import os -import subprocess - -from fuzzers import utils - - -def prepare_fuzz_environment(input_corpus): - """Prepare to fuzz with a LibAFL-based fuzzer.""" - os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ - 'malloc_context_size=0:symbolize=0:'\ - 'allocator_may_return_null=1:'\ - 'detect_odr_violation=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_abort=0:'\ - 'handle_sigfpe=0:handle_sigill=0' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ - 'allocator_release_to_os_interval_ms=500:'\ - 'handle_abort=0:handle_segv=0:'\ - 'handle_sigbus=0:handle_sigfpe=0:'\ - 'handle_sigill=0:print_stacktrace=0:'\ - 'symbolize=0:symbolize_inline_frames=0' - # Create at least one non-empty seed to start. - utils.create_seed_file_for_empty_corpus(input_corpus) - - -def build(): # pylint: disable=too-many-branches,too-many-statements - """Build benchmark.""" - os.environ['CC'] = '/libafl_fuzzbench/target/release/ngram4_cc' - os.environ['CXX'] = '/libafl_fuzzbench/target/release/ngram4_cxx' - - os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' - os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' - - cflags = ['--libafl'] - utils.append_flags('CFLAGS', cflags) - utils.append_flags('CXXFLAGS', cflags) - utils.append_flags('LDFLAGS', cflags) - - os.environ['FUZZER_LIB'] = '/stub_rt.a' - utils.build_benchmark() - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - prepare_fuzz_environment(input_corpus) - dictionary_path = utils.get_dictionary_path(target_binary) - command = [target_binary] - if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus]) - print(command) - subprocess.check_call(command, cwd=os.environ['OUT']) \ No newline at end of file diff --git a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile b/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile deleted file mode 100644 index 18611a0fb..000000000 --- a/fuzzers/libafl_fuzzbench_ngram4/libafl_fuzzbench_ctx/runner.Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2 \ No newline at end of file