Add tests for trace-pc-guard instrumentation (aflnet#26)

Also fix copied test and remove trailing whitespace.

Author: jonathanmetzman

.travis.yml

@@ -2,7 +2,7 @@ language: c
 
 env:
   - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_STOP_MANUALLY=1
-  - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_EXIT_WHEN_DONE=1 
+  - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_EXIT_WHEN_DONE=1
  # TODO: test AFL_BENCH_UNTIL_CRASH once we have a target that crashes
   - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_BENCH_JUST_ONE=1
 
@@ -11,43 +11,50 @@ before_install:
   - sudo apt install -y libtool libtool-bin automake bison libglib2.0
 
 # TODO: Look into splitting off some builds using a build matrix.
+# TODO: Move this all into a bash script so we don't need to write bash in yaml.
 script:
   - make
   - ./afl-gcc ./test-instr.c -o test-instr-gcc
   - mkdir seeds
   - echo "" > seeds/nil_seed
-  - if [ -z "$AFL_STOP_MANUALLY" ]; 
-    then ./afl-fuzz -i seeds -o out/ -- ./test-instr-gcc; 
+  - if [ -z "$AFL_STOP_MANUALLY" ];
+    then ./afl-fuzz -i seeds -o out/ -- ./test-instr-gcc;
     else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-gcc;
     fi
   - .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 3
   - rm -r out/*
   - ./afl-clang ./test-instr.c -o test-instr-clang
-  - if [ -z "$AFL_STOP_MANUALLY" ]; 
-    then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang; 
+  - if [ -z "$AFL_STOP_MANUALLY" ];
+    then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang;
     else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang;
     fi
   - .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 2
   - make clean
   - CC=clang CXX=clang++ make
   - cd llvm_mode
-# TODO: Build with different versions of clang/LLVM since LLVM passes don't have
-# a stable API.
+  # TODO: Build with different versions of clang/LLVM since LLVM passes don't
+  # have a stable API.
   - CC=clang CXX=clang++ LLVM_CONFIG=llvm-config make
   - cd ..
   - rm -r out/*
   - ./afl-clang-fast ./test-instr.c -o test-instr-clang-fast
-  - if [ -z "$AFL_STOP_MANUALLY" ]; 
-    then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang; 
+  - if [ -z "$AFL_STOP_MANUALLY" ];
+    then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang-fast;
     else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang-fast;
     fi
   - .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 3
+  # Test fuzzing libFuzzer targets and trace-pc-guard instrumentation.
+  - clang -g -fsanitize-coverage=trace-pc-guard ./test-libfuzzer-target.c -c
+  - clang -c -w llvm_mode/afl-llvm-rt.o.c
+  - wget https://raw.githubusercontent.com/llvm/llvm-project/master/compiler-rt/lib/fuzzer/afl/afl_driver.cpp
+  - clang++ afl_driver.cpp afl-llvm-rt.o.o test-libfuzzer-target.o -o test-libfuzzer-target
+  - timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-libfuzzer-target
   - cd qemu_mode
   - ./build_qemu_support.sh
   - cd ..
   - gcc ./test-instr.c -o test-no-instr
-  - if [ -z "$AFL_STOP_MANUALLY" ]; 
-    then ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr; 
+  - if [ -z "$AFL_STOP_MANUALLY" ];
+    then ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr;
     else timeout --preserve-status 5s ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr;
     fi
   - .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 12 -p 9

test-libfuzzer-target.c

@@ -0,0 +1,41 @@
+/*
+  Copyright 2019 Google LLC All rights reserved.
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at:
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+
+/*
+   american fuzzy lop - a trivial program to test libFuzzer target fuzzing.
+   ------------------------------------------------------------------------
+
+   Initially written and maintained by Michal Zalewski.
+*/
+
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+
+// TODO(metzman): Create a test/ directory to store this and other similar
+// files.
+int LLVMFuzzerTestOneInput(uint8_t* buf, size_t size) {
+  if (size < 2)
+    return 0;
+
+  if (buf[0] == '0')
+    printf("Looks like a zero to me!\n");
+  else
+    printf("A non-zero value? How quaint!\n");
+
+  return 0;
+}