new afl++ token/libafl experiment (#1608)

hopefully fuzzbench is not throwing up again :)

.github/workflows/fuzzers.yml

@@ -56,6 +56,7 @@ jobs:
           # - afl_2_52_b
           - aflplusplus_cmplog
           - aflplusplus_tokens
+          - aflplusplus_tokens_only
           # - afl_random_favored
           # - entropic_execute_final
           # - libfuzzer_exeute_final

fuzzers/aflplusplus/builder.Dockerfile

@@ -38,7 +38,7 @@ RUN apt-get update && \
 RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl
 
 # Checkout a current commit
-RUN cd /afl && git checkout 35f09e11a4373b0fb42c690d23127c144f72f73c
+RUN cd /afl && git checkout e4ff0ebd56d8076abd2413ebfaeb7b5e6c07bc3a
 
 # Build without Python support as we don't need it.
 # Set AFL_NO_X86 to skip flaky tests.

fuzzers/aflplusplus_tokens/builder.Dockerfile

@@ -38,7 +38,7 @@ RUN apt-get update && \
 RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl
 
 # Checkout a current commit
-RUN cd /afl && git checkout 35f09e11a4373b0fb42c690d23127c144f72f73c
+RUN cd /afl && git checkout e4ff0ebd56d8076abd2413ebfaeb7b5e6c07bc3a
 
 # Build without Python support as we don't need it.
 # Set AFL_NO_X86 to skip flaky tests.

fuzzers/aflplusplus_tokens_only/builder.Dockerfile

@@ -0,0 +1,70 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG parent_image
+FROM $parent_image
+
+RUN apt-get update && \
+    apt-get install -y \
+        build-essential \
+        python3-dev \
+        python3-setuptools \
+        automake \
+        cmake \
+        git \
+        flex \
+        bison \
+        libglib2.0-dev \
+        libpixman-1-dev \
+        cargo \
+        libgtk-3-dev \
+        # for QEMU mode
+        ninja-build \
+        gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \
+        libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev
+
+# Download afl++.
+RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl
+
+# Checkout a current commit
+RUN cd /afl && git checkout e4ff0ebd56d8076abd2413ebfaeb7b5e6c07bc3a
+
+# Build without Python support as we don't need it.
+# Set AFL_NO_X86 to skip flaky tests.
+RUN cd /afl && \
+    unset CFLAGS CXXFLAGS && \
+    export CC=clang AFL_NO_X86=1 && \
+    PYTHON_INCLUDE=/ make && \
+    make install && \
+    cp utils/aflpp_driver/libAFLDriver.a /
+
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \
+    sh /rustup.sh -y
+
+RUN apt-get remove -y llvm-10 && \
+    apt-get install -y \
+        build-essential \
+        llvm-11 \
+        clang-12 \
+        cargo && \
+    apt-get install -y wget libstdc++5 libtool-bin automake flex bison \
+        libglib2.0-dev libpixman-1-dev python3-setuptools unzip \
+        apt-utils apt-transport-https ca-certificates joe curl && \
+    PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make
+
+RUN cd /afl/custom_mutators/libafl_base && \
+    unset CFLAGS CXXFLAGS && \
+    export PATH="/root/.cargo/bin/:$PATH" && \
+    make && \
+    cp -f libafl_base.so /

fuzzers/aflplusplus_tokens_only/description.md

@@ -0,0 +1,13 @@
+# aflplusplus
+
+AFL++ fuzzer instance that has the following config active for all benchmarks:
+  - PCGUARD instrumentation 
+  - cmplog feature
+  - "fast" power schedule
+  - persistent mode + shared memory test cases
+
+Repository: [https://github.com/AFLplusplus/AFLplusplus/](https://github.com/AFLplusplus/AFLplusplus/)
+
+[builder.Dockerfile](builder.Dockerfile)
+[fuzzer.py](fuzzer.py)
+[runner.Dockerfile](runner.Dockerfile)

fuzzers/aflplusplus_tokens_only/fuzzer.py

@@ -0,0 +1,45 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Integration code for AFLplusplus fuzzer."""
+
+# This optimized afl++ variant should always be run together with
+# "aflplusplus" to show the difference - a default configured afl++ vs.
+# a hand-crafted optimized one. afl++ is configured not to enable the good
+# stuff by default to be as close to vanilla afl as possible.
+# But this means that the good stuff is hidden away in this benchmark
+# otherwise.
+
+import os
+import shutil
+
+from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer
+
+
+def build():  # pylint: disable=too-many-branches,too-many-statements
+    """Build benchmark."""
+    aflplusplus_fuzzer.build('tracepc', 'cmplog')
+    shutil.copy('/libafl_base.so', os.environ['OUT'])
+
+
+def fuzz(input_corpus, output_corpus, target_binary):
+    """Run fuzzer."""
+    run_options = ['-l', '2']
+    libpath = os.environ['OUT'] + '/libafl_base.so'
+    os.environ['AFL_CUSTOM_MUTATOR_LIBRARY'] = libpath
+    os.environ['AFL_CUSTOM_MUTATOR_ONLY'] = '1'
+
+    aflplusplus_fuzzer.fuzz(input_corpus,
+                            output_corpus,
+                            target_binary,
+                            flags=(run_options))

fuzzers/aflplusplus_tokens_only/runner.Dockerfile

@@ -0,0 +1,23 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/fuzzbench/base-image
+
+# This makes interactive docker runs painless:
+ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out"
+#ENV AFL_MAP_SIZE=2621440
+ENV PATH="$PATH:/out"
+ENV AFL_SKIP_CPUFREQ=1
+ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
+ENV AFL_TESTCACHE_SIZE=2

service/experiment-requests.yaml

@@ -20,6 +20,13 @@
 # Please add new experiment requests towards the top of this file.
 #
 
+- experiment: 2023-01-12-aflpp
+  description: "afl++ tokens + libafl test."
+  fuzzers:
+    - aflplusplus_tokens_only
+    - aflplusplus_tokens
+    - aflplusplus
+
 - experiment: 2023-01-05-libafl
   description: "Test the LibAFL forkserver"
   type: bug