From fe4d7b1899143d22e6b42a2cb22a00674f3e71fb Mon Sep 17 00:00:00 2001 From: toka Date: Tue, 24 Oct 2023 15:58:49 +0200 Subject: [PATCH] more --- .../builder.Dockerfile | 52 +++++++ .../libafl_fuzzbench_composition_3/fuzzer.py | 143 ++++++++++++++++++ .../runner.Dockerfile | 24 +++ 3 files changed, 219 insertions(+) create mode 100644 fuzzers/libafl_fuzzbench_composition_3/builder.Dockerfile create mode 100755 fuzzers/libafl_fuzzbench_composition_3/fuzzer.py create mode 100644 fuzzers/libafl_fuzzbench_composition_3/runner.Dockerfile diff --git a/fuzzers/libafl_fuzzbench_composition_3/builder.Dockerfile b/fuzzers/libafl_fuzzbench_composition_3/builder.Dockerfile new file mode 100644 index 000000000..b18db6a1d --- /dev/null +++ b/fuzzers/libafl_fuzzbench_composition_3/builder.Dockerfile @@ -0,0 +1,52 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Uninstall old Rust & Install the latest one. +RUN if which rustup; then rustup self uninstall -y; fi && \ + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ + sh /rustup.sh --default-toolchain nightly-2023-03-29 -y && \ + rm /rustup.sh + +# Install dependencies. +RUN apt-get update && \ + apt-get remove -y llvm-10 && \ + apt-get install -y \ + build-essential \ + llvm-11 \ + clang-12 && \ + apt-get install -y wget libstdc++5 libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates joe curl \ + python3-dev gzip && \ + PATH="/root/.cargo/bin/:$PATH" cargo install cargo-make + +# Download libafl +RUN git clone https://github.com/tokatoka/libafl_fuzzbench /libafl_fuzzbench && \ + cd /libafl_fuzzbench && \ + git checkout 6c7db870cda249ebd106a274c40fa1bfe20aadf0 && \ + git submodule update --init + +# We'll build the fuzzer in fuzzer.py +# RUN cd /libafl_fuzzbench/ && unset CFLAGS && unset CXXFLAGS && \ +# export CC=clang && export CXX=clang++ && \ +# export LIBAFL_EDGES_MAP_SIZE=2621440 && \ +# PATH="/root/.cargo/bin/:$PATH" cargo build --release --features no_link_main + +# Auxiliary weak references. +RUN cd /libafl_fuzzbench && \ + clang -c stub_rt.c && \ + ar r /stub_rt.a stub_rt.o diff --git a/fuzzers/libafl_fuzzbench_composition_3/fuzzer.py b/fuzzers/libafl_fuzzbench_composition_3/fuzzer.py new file mode 100755 index 000000000..3a1ceb3d4 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_composition_3/fuzzer.py @@ -0,0 +1,143 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for a LibAFL-based fuzzer.""" + +import os +import subprocess + +from fuzzers import utils + + +def prepare_fuzz_environment(input_corpus): + """Prepare to fuzz with a LibAFL-based fuzzer.""" + os.environ['ASAN_OPTIONS'] = 'abort_on_error=1:detect_leaks=0:'\ + 'malloc_context_size=0:symbolize=0:'\ + 'allocator_may_return_null=1:'\ + 'detect_odr_violation=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_abort=0:'\ + 'handle_sigfpe=0:handle_sigill=0' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=1:'\ + 'allocator_release_to_os_interval_ms=500:'\ + 'handle_abort=0:handle_segv=0:'\ + 'handle_sigbus=0:handle_sigfpe=0:'\ + 'handle_sigill=0:print_stacktrace=0:'\ + 'symbolize=0:symbolize_inline_frames=0' + # Create at least one non-empty seed to start. + utils.create_seed_file_for_empty_corpus(input_corpus) + + +def build_libafl(): + os.environ['CC'] = 'clang' + os.environ['CXX'] = 'clang++' + os.environ['LIBAFL_EDGES_MAP_SIZE'] = "2621440" + os.environ['PATH'] = "/root/.cargo/bin/:" + os.environ['PATH'] + + benchmark_name = os.environ['BENCHMARK'] + prediction = True + if prediction: + if benchmark_name == "assimp_assimp_fuzzer": + feature_flags = ["fast", "cmplog"] + elif benchmark_name == "astc-encoder_fuzz_astc_physical_to_symbolic": + feature_flags = ["cov_accounting", "ngram8", "cmplog"] + elif benchmark_name == "brotli_decode_fuzzer": + feature_flags = ["fast", "value_profile"] + elif benchmark_name == "double-conversion_string_to_double_fuzzer": + feature_flags = ["cov_accounting", "ngram8", "mopt"] + elif benchmark_name == "draco_draco_pc_decoder_fuzzer": + feature_flags = ["fast", "cmplog"] + elif benchmark_name == "fmt_chrono-duration-fuzzer": + feature_flags = ["explore", "value_profile"] + elif benchmark_name == "icu_unicode_string_codepage_create_fuzzer": + feature_flags = ["rand_scheduler", "mopt"] + elif benchmark_name == "guetzli_guetzli_fuzzer": + feature_flags = ["weighted", "value_profile"] + elif benchmark_name == "libaom_av1_dec_fuzzer": + feature_flags = ["explore", "value_profile", "mopt"] + elif benchmark_name == "libcoap_pdu_parse_fuzzer": + feature_flags = ["cov_accounting", "ngram8", "cmplog"] + elif benchmark_name == "libhevc_hevc_dec_fuzzer": + feature_flags = ["explore", "value_profile", "cmplog"] + else: + print("Unavailable benchmark") + exit(1) + else: + if benchmark_name == "assimp_assimp_fuzzer": + feature_flags = ["fast", "value_profile", "cmplog"] + elif benchmark_name == "astc-encoder_fuzz_astc_physical_to_symbolic": + feature_flags = ["weighted", "value_profile", "mopt"] + elif benchmark_name == "brotli_decode_fuzzer": + feature_flags = ["weighted", "mopt"] + elif benchmark_name == "double-conversion_string_to_double_fuzzer": + feature_flags = ["cov_accounting", "value_profile", "cmplog"] + elif benchmark_name == "draco_draco_pc_decoder_fuzzer": + feature_flags = ["fast", "value_profile", "cmplog"] + elif benchmark_name == "fmt_chrono-duration-fuzzer": + feature_flags = ["rand_scheduler", "value_profile"] + elif benchmark_name == "icu_unicode_string_codepage_create_fuzzer": + feature_flags = ["weighted"] + elif benchmark_name == "guetzli_guetzli_fuzzer": + feature_flags = ["weighted", "value_profile", "mopt"] + elif benchmark_name == "libaom_av1_dec_fuzzer": + feature_flags = ["weighted", "value_profile", "mopt"] + elif benchmark_name == "libcoap_pdu_parse_fuzzer": + feature_flags = ["ngram8", "cmplog"] + elif benchmark_name == "libhevc_hevc_dec_fuzzer": + feature_flags = ["explore", "ngram4"] + else: + print("Unavailable benchmark") + exit(1) + + command = [ + "cargo", "build", "--release", "--package", "composition_v2", "--features" + ] + feature_flags = ["no_link_main"] + feature_flags + feature_flags = ",".join(feature_flags) + command += [feature_flags] + + subprocess.check_call(command, cwd='/libafl_fuzzbench') + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + + build_libafl() + + os.environ['CC'] = '/libafl_fuzzbench/target/release/composition_v2_cc' + os.environ['CXX'] = '/libafl_fuzzbench/target/release/composition_v2_cxx' + + os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' + os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' + + cflags = ['--libafl'] + utils.append_flags('CFLAGS', cflags) + utils.append_flags('CXXFLAGS', cflags) + utils.append_flags('LDFLAGS', cflags) + + os.environ['FUZZER_LIB'] = '/stub_rt.a' + utils.build_benchmark() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + prepare_fuzz_environment(input_corpus) + dictionary_path = utils.get_dictionary_path(target_binary) + command = [target_binary] + if dictionary_path: + command += (['-x', dictionary_path]) + command += (['-o', output_corpus, '-i', input_corpus]) + print(command) + fuzzer_env = os.environ.copy() + fuzzer_env['LD_PRELOAD']='/usr/lib/x86_64-linux-gnu/libjemalloc.so.2' + subprocess.check_call(command, cwd=os.environ['OUT'], env=fuzzer_env) diff --git a/fuzzers/libafl_fuzzbench_composition_3/runner.Dockerfile b/fuzzers/libafl_fuzzbench_composition_3/runner.Dockerfile new file mode 100644 index 000000000..dd726d759 --- /dev/null +++ b/fuzzers/libafl_fuzzbench_composition_3/runner.Dockerfile @@ -0,0 +1,24 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image +RUN apt install libjemalloc2 + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +#ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2