From 53543f9a509c8098ce8b3d652315fe4fbd97b448 Mon Sep 17 00:00:00 2001 From: Addison Crump Date: Mon, 12 Aug 2024 07:06:55 +0200 Subject: [PATCH 1/5] update libafl-based fuzzers --- fuzzers/aflrustrust/builder.Dockerfile | 4 ++-- fuzzers/aflrustrust/fuzzer.py | 2 +- fuzzers/libafl/builder.Dockerfile | 6 +++--- fuzzers/libafl/fuzzer.py | 8 ++++---- fuzzers/libafl_libfuzzer/builder.Dockerfile | 2 +- fuzzers/libafl_text/builder.Dockerfile | 4 ++-- fuzzers/libafl_text/fuzzer.py | 5 +++-- 7 files changed, 16 insertions(+), 15 deletions(-) diff --git a/fuzzers/aflrustrust/builder.Dockerfile b/fuzzers/aflrustrust/builder.Dockerfile index ccc7afc4f..1a3ce479f 100644 --- a/fuzzers/aflrustrust/builder.Dockerfile +++ b/fuzzers/aflrustrust/builder.Dockerfile @@ -46,11 +46,11 @@ RUN cd /afl && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git checkout c103444396697af102dce2b936a00e93017057ba +RUN cd /libafl && git checkout 799c634fef047d3e98355fe1ad17c5226c901a57 # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ - cd ./fuzzers/fuzzbench_forkserver && \ + cd ./fuzzers/fuzzbench/fuzzbench_forkserver && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench diff --git a/fuzzers/aflrustrust/fuzzer.py b/fuzzers/aflrustrust/fuzzer.py index 81cc4b2f2..4cd927102 100755 --- a/fuzzers/aflrustrust/fuzzer.py +++ b/fuzzers/aflrustrust/fuzzer.py @@ -29,7 +29,7 @@ def build(): # Copy to fuzzer to OUT build_directory = os.environ['OUT'] - fuzzer = '/libafl/fuzzers/fuzzbench_forkserver/' \ + fuzzer = '/libafl/fuzzers/fuzzbench/fuzzbench_forkserver/' \ 'target/release-fuzzbench/fuzzbench_forkserver' shutil.copy(fuzzer, build_directory) diff --git a/fuzzers/libafl/builder.Dockerfile b/fuzzers/libafl/builder.Dockerfile index 3f726cfec..b88b760ff 100644 --- a/fuzzers/libafl/builder.Dockerfile +++ b/fuzzers/libafl/builder.Dockerfile @@ -44,17 +44,17 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && git checkout b4efb6151550a37f61a869acf2957a1b07894a93 || true +RUN cd /libafl && git pull && git checkout 799c634fef047d3e98355fe1ad17c5226c901a57 || true # Note that due a nightly bug it is currently fixed to a known version on top! # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./fuzzers/fuzzbench && \ + cd ./fuzzers/fuzzbench/fuzzbench && \ PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench --features no_link_main # Auxiliary weak references. -RUN cd /libafl/fuzzers/fuzzbench && \ +RUN cd /libafl/fuzzers/fuzzbench/fuzzbench && \ clang -c stub_rt.c && \ ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl/fuzzer.py b/fuzzers/libafl/fuzzer.py index 0f191a744..b7f28d5af 100755 --- a/fuzzers/libafl/fuzzer.py +++ b/fuzzers/libafl/fuzzer.py @@ -40,10 +40,10 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ[ - 'CC'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cc' - os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench/target/release-fuzzbench/libafl_cxx' + os.environ['CC'] = ('/libafl/fuzzers/fuzzbench/fuzzbench' + '/target/release-fuzzbench/libafl_cc') + os.environ['CXX'] = ('/libafl/fuzzers/fuzzbench/fuzzbench' + '/target/release-fuzzbench/libafl_cxx') os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' diff --git a/fuzzers/libafl_libfuzzer/builder.Dockerfile b/fuzzers/libafl_libfuzzer/builder.Dockerfile index 24dbb83c0..814858263 100644 --- a/fuzzers/libafl_libfuzzer/builder.Dockerfile +++ b/fuzzers/libafl_libfuzzer/builder.Dockerfile @@ -34,7 +34,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ # Download libafl. RUN git clone https://github.com/AFLplusplus/libafl /libafl && \ cd /libafl && \ - git checkout defe9084aed5a80ac32fe9a1f3ff00baf97738c6 && \ + git checkout 799c634fef047d3e98355fe1ad17c5226c901a57 && \ unset CFLAGS CXXFLAGS && \ export LIBAFL_EDGES_MAP_SIZE=2621440 && \ cd ./libafl_libfuzzer/libafl_libfuzzer_runtime && \ diff --git a/fuzzers/libafl_text/builder.Dockerfile b/fuzzers/libafl_text/builder.Dockerfile index 37d1456d5..b9e33c12a 100644 --- a/fuzzers/libafl_text/builder.Dockerfile +++ b/fuzzers/libafl_text/builder.Dockerfile @@ -39,14 +39,14 @@ RUN git clone \ --branch vhtokens \ https://github.com/AFLplusplus/libafl /libafl && \ cd /libafl && \ - git checkout 6c7f6566b0c8b3b82352c052a0672f46a2f7d1e9 || \ + git checkout 799c634fef047d3e98355fe1ad17c5226c901a57 || \ true # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./fuzzers/fuzzbench_text && \ + cd ./fuzzers/fuzzbench/fuzzbench_text && \ PATH="/root/.cargo/bin/:$PATH" cargo build --release # Auxiliary weak references. diff --git a/fuzzers/libafl_text/fuzzer.py b/fuzzers/libafl_text/fuzzer.py index 79b52a7c4..a97d62621 100755 --- a/fuzzers/libafl_text/fuzzer.py +++ b/fuzzers/libafl_text/fuzzer.py @@ -40,9 +40,10 @@ def prepare_fuzz_environment(input_corpus): def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" - os.environ['CC'] = '/libafl/fuzzers/fuzzbench_text/target/release/libafl_cc' os.environ[ - 'CXX'] = '/libafl/fuzzers/fuzzbench_text/target/release/libafl_cxx' + 'CC'] = '/libafl/fuzzers/fuzzbench/fuzzbench_text/target/release/libafl_cc' + os.environ[ + 'CXX'] = '/libafl/fuzzers/fuzzbench/fuzzbench_text/target/release/libafl_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' From 8adba6f55b189e5cc433c29aca91be318555a842 Mon Sep 17 00:00:00 2001 From: Addison Crump Date: Mon, 12 Aug 2024 08:00:03 +0200 Subject: [PATCH 2/5] update rust versions --- fuzzers/aflrustrust/builder.Dockerfile | 2 +- fuzzers/libafl/builder.Dockerfile | 8 +------- fuzzers/libafl_libfuzzer/builder.Dockerfile | 2 +- fuzzers/libafl_text/builder.Dockerfile | 2 +- 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/fuzzers/aflrustrust/builder.Dockerfile b/fuzzers/aflrustrust/builder.Dockerfile index 1a3ce479f..23ddce289 100644 --- a/fuzzers/aflrustrust/builder.Dockerfile +++ b/fuzzers/aflrustrust/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-08-12 -y && \ rm /rustup.sh # Download afl++. diff --git a/fuzzers/libafl/builder.Dockerfile b/fuzzers/libafl/builder.Dockerfile index b88b760ff..fbe856b7d 100644 --- a/fuzzers/libafl/builder.Dockerfile +++ b/fuzzers/libafl/builder.Dockerfile @@ -18,7 +18,7 @@ FROM $parent_image # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-09-21 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-08-12 -y && \ rm /rustup.sh # Install dependencies. @@ -34,12 +34,6 @@ RUN apt-get update && \ RUN wget https://gist.githubusercontent.com/tokatoka/26f4ba95991c6e33139999976332aa8e/raw/698ac2087d58ce5c7a6ad59adce58dbfdc32bd46/createAliases.sh && chmod u+x ./createAliases.sh && ./createAliases.sh -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-03-12 -y && \ - rm /rustup.sh - # Download libafl. RUN git clone https://github.com/AFLplusplus/LibAFL /libafl diff --git a/fuzzers/libafl_libfuzzer/builder.Dockerfile b/fuzzers/libafl_libfuzzer/builder.Dockerfile index 814858263..d3ddef3bf 100644 --- a/fuzzers/libafl_libfuzzer/builder.Dockerfile +++ b/fuzzers/libafl_libfuzzer/builder.Dockerfile @@ -28,7 +28,7 @@ RUN apt-get update && \ # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2023-08-23 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-08-12 -y && \ rm /rustup.sh # Download libafl. diff --git a/fuzzers/libafl_text/builder.Dockerfile b/fuzzers/libafl_text/builder.Dockerfile index b9e33c12a..55561a28e 100644 --- a/fuzzers/libafl_text/builder.Dockerfile +++ b/fuzzers/libafl_text/builder.Dockerfile @@ -18,7 +18,7 @@ FROM $parent_image # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly -y && \ + sh /rustup.sh --default-toolchain nightly-2024-08-12 -y && \ rm /rustup.sh # Install dependencies. From a1ada7f1d752ddbd58e4eca9109d77d5e8e1eb50 Mon Sep 17 00:00:00 2001 From: Addison Crump Date: Mon, 12 Aug 2024 08:28:40 +0200 Subject: [PATCH 3/5] update the aflrustrust compiler version --- fuzzers/aflrustrust/builder.Dockerfile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/fuzzers/aflrustrust/builder.Dockerfile b/fuzzers/aflrustrust/builder.Dockerfile index 23ddce289..275e51002 100644 --- a/fuzzers/aflrustrust/builder.Dockerfile +++ b/fuzzers/aflrustrust/builder.Dockerfile @@ -28,10 +28,7 @@ RUN if which rustup; then rustup self uninstall -y; fi && \ rm /rustup.sh # Download afl++. -RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl - -# Checkout a current commit -RUN cd /afl && git checkout 8cdc48f73a17ddd557897f2098937a8ba3bfe184 +RUN git clone --branch stable https://github.com/AFLplusplus/AFLplusplus /afl # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. From 482e614528668df3518091082999edd61de7939d Mon Sep 17 00:00:00 2001 From: Addison Crump Date: Mon, 12 Aug 2024 08:44:27 +0200 Subject: [PATCH 4/5] fixup + test libafl_libfuzzer --- fuzzers/libafl_libfuzzer/builder.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fuzzers/libafl_libfuzzer/builder.Dockerfile b/fuzzers/libafl_libfuzzer/builder.Dockerfile index d3ddef3bf..3477a14a3 100644 --- a/fuzzers/libafl_libfuzzer/builder.Dockerfile +++ b/fuzzers/libafl_libfuzzer/builder.Dockerfile @@ -37,6 +37,6 @@ RUN git clone https://github.com/AFLplusplus/libafl /libafl && \ git checkout 799c634fef047d3e98355fe1ad17c5226c901a57 && \ unset CFLAGS CXXFLAGS && \ export LIBAFL_EDGES_MAP_SIZE=2621440 && \ - cd ./libafl_libfuzzer/libafl_libfuzzer_runtime && \ + cd ./libafl_libfuzzer_runtime && \ env -i CXX=$CXX CC=$CC PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench && \ cp ./target/release-fuzzbench/libafl_libfuzzer_runtime.a /usr/lib/libFuzzer.a From 72330dddacfc0cdde0854fc686fadec05f589f80 Mon Sep 17 00:00:00 2001 From: Addison Crump Date: Mon, 12 Aug 2024 13:58:39 +0200 Subject: [PATCH 5/5] drop support for prototype aflrustrust --- fuzzers/aflrustrust/builder.Dockerfile | 53 -------------------- fuzzers/aflrustrust/description.md | 13 ----- fuzzers/aflrustrust/fuzzer.py | 67 -------------------------- fuzzers/aflrustrust/runner.Dockerfile | 23 --------- 4 files changed, 156 deletions(-) delete mode 100644 fuzzers/aflrustrust/builder.Dockerfile delete mode 100644 fuzzers/aflrustrust/description.md delete mode 100755 fuzzers/aflrustrust/fuzzer.py delete mode 100644 fuzzers/aflrustrust/runner.Dockerfile diff --git a/fuzzers/aflrustrust/builder.Dockerfile b/fuzzers/aflrustrust/builder.Dockerfile deleted file mode 100644 index 275e51002..000000000 --- a/fuzzers/aflrustrust/builder.Dockerfile +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG parent_image -FROM $parent_image - -# Install dependencies. -RUN apt-get update && \ - apt-get install -y build-essential libstdc++5 libtool-bin automake flex \ - bison libglib2.0-dev python3-setuptools unzip python3-dev joe curl \ - cmake git apt-utils apt-transport-https ca-certificates libdbus-1-dev - -# Uninstall old Rust & Install the latest one. -RUN if which rustup; then rustup self uninstall -y; fi && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-08-12 -y && \ - rm /rustup.sh - -# Download afl++. -RUN git clone --branch stable https://github.com/AFLplusplus/AFLplusplus /afl - -# Build without Python support as we don't need it. -# Set AFL_NO_X86 to skip flaky tests. -RUN cd /afl && \ - unset CFLAGS CXXFLAGS && \ - export CC=clang AFL_NO_X86=1 && \ - PYTHON_INCLUDE=/ make && \ - make install && \ - cp utils/aflpp_driver/libAFLDriver.a / - -# Download libafl. -RUN git clone https://github.com/AFLplusplus/LibAFL /libafl - -# Checkout a current commit -RUN cd /libafl && git checkout 799c634fef047d3e98355fe1ad17c5226c901a57 - -# Compile libafl. -RUN cd /libafl && \ - unset CFLAGS CXXFLAGS && \ - cd ./fuzzers/fuzzbench/fuzzbench_forkserver && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release-fuzzbench - diff --git a/fuzzers/aflrustrust/description.md b/fuzzers/aflrustrust/description.md deleted file mode 100644 index 445a27663..000000000 --- a/fuzzers/aflrustrust/description.md +++ /dev/null @@ -1,13 +0,0 @@ -# aflplusplus - -AFL++ fuzzer instance that has the following config active for all benchmarks: - - PCGUARD instrumentation - - cmplog feature - - "fast" power schedule - - persistent mode + shared memory test cases - -Repository: [https://github.com/AFLplusplus/AFLplusplus/](https://github.com/AFLplusplus/AFLplusplus/) - -[builder.Dockerfile](builder.Dockerfile) -[fuzzer.py](fuzzer.py) -[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/aflrustrust/fuzzer.py b/fuzzers/aflrustrust/fuzzer.py deleted file mode 100755 index 4cd927102..000000000 --- a/fuzzers/aflrustrust/fuzzer.py +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Integration code for a LibAFL fuzzer with an AFL++ forkserver.""" - -import os -import shutil -import subprocess - -from fuzzers import utils -from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer -from fuzzers.libafl import fuzzer as libafl_fuzzer - - -def build(): - """Build benchmark.""" - # Build the target with AFL++ - aflplusplus_fuzzer.build('tracepc', 'cmplog', 'dict2file') - - # Copy to fuzzer to OUT - build_directory = os.environ['OUT'] - fuzzer = '/libafl/fuzzers/fuzzbench/fuzzbench_forkserver/' \ - 'target/release-fuzzbench/fuzzbench_forkserver' - shutil.copy(fuzzer, build_directory) - - -def fuzz(input_corpus, output_corpus, target_binary): - """Run fuzzer.""" - # Calculate CmpLog binary path from the instrumented target binary. - target_binary_directory = os.path.dirname(target_binary) - cmplog_target_binary_directory = \ - aflplusplus_fuzzer.get_cmplog_build_directory(target_binary_directory) - target_binary_name = os.path.basename(target_binary) - cmplog_target_binary = os.path.join(cmplog_target_binary_directory, - target_binary_name) - - # Setup env vars - libafl_fuzzer.prepare_fuzz_environment(input_corpus) - - # Merge dictionaries - dictionary_path = utils.get_dictionary_path(target_binary) - if os.path.exists('./afl++.dict'): - if dictionary_path: - with open('./afl++.dict', encoding='utf-8') as dictfile: - autodict = dictfile.read() - with open(dictionary_path, 'a', encoding='utf-8') as dictfile: - dictfile.write(autodict) - else: - dictionary_path = './afl++.dict' - - # Run the fuzzer - command = ['./fuzzbench_forkserver', '-c', cmplog_target_binary] - if dictionary_path: - command += (['-x', dictionary_path]) - command += (['-o', output_corpus, '-i', input_corpus, target_binary]) - print(command) - subprocess.check_call(command) diff --git a/fuzzers/aflrustrust/runner.Dockerfile b/fuzzers/aflrustrust/runner.Dockerfile deleted file mode 100644 index 7aa1da8e4..000000000 --- a/fuzzers/aflrustrust/runner.Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2020 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM gcr.io/fuzzbench/base-image - -# This makes interactive docker runs painless: -ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" -#ENV AFL_MAP_SIZE=2621440 -ENV PATH="$PATH:/out" -ENV AFL_SKIP_CPUFREQ=1 -ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 -ENV AFL_TESTCACHE_SIZE=2