Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update LibAFL #1902

Merged
merged 15 commits into from
Oct 13, 2023
6 changes: 3 additions & 3 deletions fuzzers/aflrustrust/builder.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ RUN apt-get update && \
# Uninstall old Rust & Install the latest one.
RUN if which rustup; then rustup self uninstall -y; fi && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \
sh /rustup.sh --default-toolchain nightly -y && \
sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \
rm /rustup.sh

# Download afl++.
Expand All @@ -46,11 +46,11 @@ RUN cd /afl && \
RUN git clone https://github.com/AFLplusplus/LibAFL /libafl

# Checkout a current commit
RUN cd /libafl && git checkout 8bffd28b4c357b315acb9cecd92cbf2b734a625a
RUN cd /libafl && git checkout c103444396697af102dce2b936a00e93017057ba

# Compile libafl.
RUN cd /libafl && \
unset CFLAGS CXXFLAGS && \
cd ./fuzzers/fuzzbench_forkserver && \
PATH="/root/.cargo/bin/:$PATH" cargo build --release
PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench

2 changes: 1 addition & 1 deletion fuzzers/aflrustrust/fuzzer.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ def build():
# Copy to fuzzer to OUT
build_directory = os.environ['OUT']
fuzzer = '/libafl/fuzzers/fuzzbench_forkserver/' \
'target/release/fuzzbench_forkserver'
'target/release-fuzzbench/fuzzbench_forkserver'
shutil.copy(fuzzer, build_directory)


Expand Down
6 changes: 3 additions & 3 deletions fuzzers/libafl/builder.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ FROM $parent_image
# Uninstall old Rust & Install the latest one.
RUN if which rustup; then rustup self uninstall -y; fi && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \
sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \
sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \
rm /rustup.sh

# Install dependencies.
Expand All @@ -38,15 +38,15 @@ RUN apt-get update && \
RUN git clone https://github.com/AFLplusplus/LibAFL /libafl

# Checkout a current commit
RUN cd /libafl && git checkout 8ff8ae41f1ed2956bb1e906c5c7bd0505ca110c0 || true
RUN cd /libafl && git pull && git checkout b20fda2a4ada2a6462718dc661e139e6c7a29807 || true
# Note that due a nightly bug it is currently fixed to a known version on top!

# Compile libafl.
RUN cd /libafl && \
unset CFLAGS CXXFLAGS && \
export LIBAFL_EDGES_MAP_SIZE=2621440 && \
cd ./fuzzers/fuzzbench && \
PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main
PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main

# Auxiliary weak references.
RUN cd /libafl/fuzzers/fuzzbench && \
Expand Down
10 changes: 7 additions & 3 deletions fuzzers/libafl/fuzzer.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,10 @@ def prepare_fuzz_environment(input_corpus):

def build(): # pylint: disable=too-many-branches,too-many-statements
"""Build benchmark."""
os.environ['CC'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cc'
os.environ['CXX'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cxx'
os.environ[
'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc'
os.environ[
'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx'

os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1'
os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0'
Expand All @@ -63,5 +65,7 @@ def fuzz(input_corpus, output_corpus, target_binary):
if dictionary_path:
command += (['-x', dictionary_path])
command += (['-o', output_corpus, '-i', input_corpus])
fuzzer_env = os.environ.copy()
fuzzer_env['LD_PRELOAD'] = '/usr/lib/x86_64-linux-gnu/libjemalloc.so.2'
print(command)
subprocess.check_call(command, cwd=os.environ['OUT'])
subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env)
2 changes: 2 additions & 0 deletions fuzzers/libafl/runner.Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@

FROM gcr.io/fuzzbench/base-image

RUN apt install libjemalloc2

# This makes interactive docker runs painless:
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out"
#ENV AFL_MAP_SIZE=2621440
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,42 +15,40 @@
ARG parent_image
FROM $parent_image

# Install dependencies.
RUN apt-get update && \
apt-get install -y build-essential libstdc++5 libtool-bin automake flex \
bison libglib2.0-dev python3-setuptools unzip python3-dev joe curl \
cmake git apt-utils apt-transport-https ca-certificates libdbus-1-dev

# Uninstall old Rust & Install the latest one.
RUN if which rustup; then rustup self uninstall -y; fi && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \
sh /rustup.sh --default-toolchain nightly -y && \
sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \
rm /rustup.sh

# Download afl++.
RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl

# Checkout a current commit
RUN cd /afl && git checkout 8cdc48f73a17ddd557897f2098937a8ba3bfe184

# Build without Python support as we don't need it.
# Set AFL_NO_X86 to skip flaky tests.
RUN cd /afl && \
unset CFLAGS CXXFLAGS && \
export CC=clang AFL_NO_X86=1 && \
PYTHON_INCLUDE=/ make && \
make install && \
cp utils/aflpp_driver/libAFLDriver.a /
# Install dependencies.
RUN apt-get update && \
apt-get remove -y llvm-10 && \
apt-get install -y \
build-essential \
llvm-11 \
clang-12 \
cargo && \
apt-get install -y wget libstdc++5 libtool-bin automake flex bison \
libglib2.0-dev libpixman-1-dev python3-setuptools unzip \
apt-utils apt-transport-https ca-certificates joe curl && \
PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make

# Download libafl.
RUN git clone https://github.com/AFLplusplus/LibAFL /libafl

# Checkout a current commit
RUN cd /libafl && git checkout 664e87809e6005f1814df1b55a345e7b2247f15b
RUN cd /libafl && git checkout 3ce0c102affeace754072368013422e97b9dce9c || true
# Note that due a nightly bug it is currently fixed to a known version on top!

# Compile libafl.
RUN cd /libafl && \
unset CFLAGS CXXFLAGS && \
cd ./fuzzers/fuzzbench_forkserver && \
PATH="/root/.cargo/bin/:$PATH" cargo build --release

export LIBAFL_EDGES_MAP_SIZE=2621440 && \
cd ./fuzzers/fuzzbench && \
PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main

# Auxiliary weak references.
RUN cd /libafl/fuzzers/fuzzbench && \
clang -c stub_rt.c && \
ar r /stub_rt.a stub_rt.o
11 changes: 11 additions & 0 deletions fuzzers/libafl_27042023/description.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# libafl

libafl fuzzer instance
- cmplog feature
- persistent mode

Repository: [https://github.com/AFLplusplus/libafl/](https://github.com/AFLplusplus/libafl/)

[builder.Dockerfile](builder.Dockerfile)
[fuzzer.py](fuzzer.py)
[runner.Dockerfile](runner.Dockerfile)
67 changes: 67 additions & 0 deletions fuzzers/libafl_27042023/fuzzer.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
"""Integration code for a LibAFL-based fuzzer."""

import os
import subprocess

from fuzzers import utils


def prepare_fuzz_environment(input_corpus):
"""Prepare to fuzz with a LibAFL-based fuzzer."""
os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\
'malloc_context_size=0:symbolize=0:'\
'allocator_may_return_null=1:'\
'detect_odr_violation=0:handle_segv=0:'\
'handle_sigbus=0:handle_abort=0:'\
'handle_sigfpe=0:handle_sigill=0'
os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\
'allocator_release_to_os_interval_ms=500:'\
'handle_abort=0:handle_segv=0:'\
'handle_sigbus=0:handle_sigfpe=0:'\
'handle_sigill=0:print_stacktrace=0:'\
'symbolize=0:symbolize_inline_frames=0'
# Create at least one non-empty seed to start.
utils.create_seed_file_for_empty_corpus(input_corpus)


def build(): # pylint: disable=too-many-branches,too-many-statements
"""Build benchmark."""
os.environ['CC'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cc'
os.environ['CXX'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cxx'

os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1'
os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0'

cflags = ['--libafl']
utils.append_flags('CFLAGS', cflags)
utils.append_flags('CXXFLAGS', cflags)
utils.append_flags('LDFLAGS', cflags)

os.environ['FUZZER_LIB'] = '/stub_rt.a'
utils.build_benchmark()


def fuzz(input_corpus, output_corpus, target_binary):
"""Run fuzzer."""
prepare_fuzz_environment(input_corpus)
dictionary_path = utils.get_dictionary_path(target_binary)
command = [target_binary]
if dictionary_path:
command += (['-x', dictionary_path])
command += (['-o', output_corpus, '-i', input_corpus])
print(command)
subprocess.check_call(command, cwd=os.environ['OUT'])
13 changes: 0 additions & 13 deletions fuzzers/libafl_forkserver/description.md

This file was deleted.

67 changes: 0 additions & 67 deletions fuzzers/libafl_forkserver/fuzzer.py

This file was deleted.

1 change: 1 addition & 0 deletions service/gcbrun_experiment.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
TRIGGER_COMMAND = '/gcbrun'
RUN_EXPERIMENT_COMMAND_STR = f'{TRIGGER_COMMAND} run_experiment.py '
SKIP_COMMAND_STR = f'{TRIGGER_COMMAND} skip'
# A DUMMY COMMENT


def get_comments(pull_request_number):
Expand Down