From e19c1c6f4a50edf31d68251177292eb5c8d01ab5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Dec 2023 15:15:28 +0100 Subject: [PATCH 01/15] fix --- fuzzers/aflplusplus/builder.Dockerfile | 3 +- fuzzers/aflplusplus/fuzzer.py | 3 + fuzzers/aflplusplus/runner.Dockerfile | 2 + fuzzers/fishpp_new_exp/builder.Dockerfile | 106 ++++++ fuzzers/fishpp_new_exp/fuzzer.py | 319 ++++++++++++++++++ fuzzers/fishpp_new_exp/runner.Dockerfile | 44 +++ .../fishpp_new_exp_nocmp/builder.Dockerfile | 106 ++++++ fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 319 ++++++++++++++++++ .../fishpp_new_exp_nocmp/runner.Dockerfile | 44 +++ 9 files changed, 944 insertions(+), 2 deletions(-) create mode 100644 fuzzers/fishpp_new_exp/builder.Dockerfile create mode 100644 fuzzers/fishpp_new_exp/fuzzer.py create mode 100644 fuzzers/fishpp_new_exp/runner.Dockerfile create mode 100644 fuzzers/fishpp_new_exp_nocmp/builder.Dockerfile create mode 100644 fuzzers/fishpp_new_exp_nocmp/fuzzer.py create mode 100644 fuzzers/fishpp_new_exp_nocmp/runner.Dockerfile diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile index ff54ef780..570a620d6 100644 --- a/fuzzers/aflplusplus/builder.Dockerfile +++ b/fuzzers/aflplusplus/builder.Dockerfile @@ -37,7 +37,7 @@ RUN apt-get update && \ # Download afl++. RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \ cd /afl && \ - git checkout 6f4b5ae0832774389b12c5a8cd3fb95821b438e5 || \ + git checkout b2d118f821b9a98b64a955b6dce5785646a8f19e || \ true # Build without Python support as we don't need it. @@ -46,5 +46,4 @@ RUN cd /afl && \ unset CFLAGS CXXFLAGS && \ export CC=clang AFL_NO_X86=1 && \ PYTHON_INCLUDE=/ make && \ - make install && \ cp utils/aflpp_driver/libAFLDriver.a / diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py index 4aecbfc7b..11e128c6a 100755 --- a/fuzzers/aflplusplus/fuzzer.py +++ b/fuzzers/aflplusplus/fuzzer.py @@ -116,6 +116,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements # Generate an extra dictionary. if 'dict2file' in build_modes or 'native' in build_modes: os.environ['AFL_LLVM_DICT2FILE'] = build_directory + '/afl++.dict' + os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1' # Enable context sentitivity for LLVM mode (non LTO only) if 'ctx' in build_modes: os.environ['AFL_LLVM_CTX'] = '1' @@ -267,6 +268,8 @@ def fuzz(input_corpus, #os.environ['AFL_IGNORE_TIMEOUTS'] = '1' os.environ['AFL_IGNORE_UNKNOWN_ENVS'] = '1' os.environ['AFL_FAST_CAL'] = '1' + os.environ['AFL_NO_WARN_INSTABILITY'] = '1' + os.environ['AFL_IGNORE_SEED_PROBLEMS'] = '1' if not skip: os.environ['AFL_DISABLE_TRIM'] = '1' diff --git a/fuzzers/aflplusplus/runner.Dockerfile b/fuzzers/aflplusplus/runner.Dockerfile index 7aa1da8e4..67ebe8b5e 100644 --- a/fuzzers/aflplusplus/runner.Dockerfile +++ b/fuzzers/aflplusplus/runner.Dockerfile @@ -21,3 +21,5 @@ ENV PATH="$PATH:/out" ENV AFL_SKIP_CPUFREQ=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 ENV AFL_TESTCACHE_SIZE=2 + +RUN apt update -y && apt install -y unzip git gdb joe diff --git a/fuzzers/fishpp_new_exp/builder.Dockerfile b/fuzzers/fishpp_new_exp/builder.Dockerfile new file mode 100644 index 000000000..d65ffc11f --- /dev/null +++ b/fuzzers/fishpp_new_exp/builder.Dockerfile @@ -0,0 +1,106 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +ENV DEBIAN_FRONTEND=noninteractive +ENV TZ=Etc/UTC + +RUN apt-get update && \ + apt-get install -y \ + build-essential \ + python3-dev \ + python3-setuptools \ + automake \ + cmake \ + git \ + flex \ + bison \ + libglib2.0-dev \ + libpixman-1-dev \ + cargo \ + libgtk-3-dev \ + # for QEMU mode + ninja-build \ + gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \ + libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev + +RUN apt install -y git gcc g++ make cmake wget \ + libgmp-dev libmpfr-dev texinfo bison python3 + +RUN apt-get install -y libboost-all-dev libjsoncpp-dev libgraphviz-dev \ + pkg-config libglib2.0-dev findutils + +RUN apt install -y lsb-release wget software-properties-common python3-pip + +# these two packages are automatically installed, libpcap will consider libnl +# installed and try to link with libnl-genl-3-dev, which is not installed. +# Simply remove these packages +RUN apt remove libnl-3-200 libnl-3-dev -y + +RUN pip3 install networkx pydot + +# copy Fish++ earlier to patch the llvm +# COPY FishFuzz/FF_AFL++ /FishFuzz +RUN git clone https://github.com/kdsjZh/Fishpp/ /FishFuzz && \ + cd /FishFuzz && git checkout c8858efe55908ec43152750d1015a38598e07240 + +# build clang-12 with gold plugin +RUN mkdir -p /build && \ + git clone \ + https://github.com/llvm/llvm-project /llvm && \ + git clone \ + --depth 1 \ + --branch binutils-2_40-branch \ + git://sourceware.org/git/binutils-gdb.git /llvm/binutils && \ + cd /llvm/ && git checkout bf7f8d6fa6f460bf0a16ffec319cd71592216bf4 && \ + git apply /FishFuzz/fish_mode/llvm_patch/llvm-15.0/llvm-15-asan.diff && \ + cp /FishFuzz/fish_mode/llvm_patch/llvm-15.0/FishFuzzAddressSanitizer.cpp llvm/lib/Transforms/Instrumentation/ && \ + mkdir /llvm/binutils/build && cd /llvm/binutils/build && \ + CFLAGS="" CXXFLAGS="" CC=gcc CXX=g++ \ + ../configure --enable-gold --enable-plugins --disable-werror && \ + make all-gold -j$(nproc) && \ + cd /llvm/ && mkdir build && cd build &&\ + CFLAGS="" CXXFLAGS="" CC=gcc CXX=g++ \ + cmake -DCMAKE_BUILD_TYPE=Release \ + -DLLVM_BINUTILS_INCDIR=/llvm/binutils/include \ + -DLLVM_ENABLE_PROJECTS="compiler-rt;clang" \ + -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" ../llvm && \ + make -j$(nproc) && \ + cp /llvm/build/lib/LLVMgold.so //usr/lib/bfd-plugins/ && \ + cp /llvm/build/lib/libLTO.so //usr/lib/bfd-plugins/ + + +ENV LLVM_CONFIG=llvm-config + +# make sure our modified clang-12 is called before clang-15, which is in /usr/local/bin +ENV PATH="/llvm/build/bin:${PATH}" +ENV LD_LIBRARY_PATH="/llvm/build/lib/x86_64-unknown-linux-gnu/" + + +# Build without Python support as we don't need it. +# Set AFL_NO_X86 to skip flaky tests. +RUN cd /FishFuzz/ && \ + unset CFLAGS CXXFLAGS CC CXX && \ + export AFL_NO_X86=1 && \ + make clean && \ + PYTHON_INCLUDE=/ make && \ + # make -C dyncfg && \ + chmod +x fish_mode/distance/*.py && \ + make install + +RUN wget https://raw.githubusercontent.com/llvm/llvm-project/5feb80e748924606531ba28c97fe65145c65372e/compiler-rt/lib/fuzzer/afl/afl_driver.cpp -O /FishFuzz/afl_driver.cpp && \ + clang++ -stdlib=libc++ -std=c++11 -O2 -c /FishFuzz/afl_driver.cpp -o /FishFuzz/afl_driver.o && \ + ar r /libAFLDriver.a /FishFuzz/afl_driver.o /FishFuzz/afl-compiler-rt.o diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py new file mode 100644 index 000000000..2ab3506f8 --- /dev/null +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -0,0 +1,319 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for FishFuzz-AFLplusplus fuzzer.""" + +import os +import shutil + +from fuzzers.afl import fuzzer as afl_fuzzer +from fuzzers import utils + + +def get_cmplog_build_directory(target_directory): + """Return path to CmpLog target directory.""" + return os.path.join(target_directory, 'cmplog') + + +def get_uninstrumented_build_directory(target_directory): + """Return path to CmpLog target directory.""" + return os.path.join(target_directory, 'uninstrumented') + + +def prepare_tmp_files(tmp_dir): + """prepare tmp files""" + if not os.path.isdir(tmp_dir) or os.path.exists(tmp_dir): + os.mkdir(tmp_dir) + fua = tmp_dir + '/idlog' + fub = tmp_dir + '/cg' + fuc = tmp_dir + '/fid' + os.mkdir(fua) + os.mkdir(fub) + os.mkdir(fuc) + fud = 'touch ' + tmp_dir + '/idlog/fid ' + tmp_dir + '/idlog/targid' + os.system(fud) + + +def set_ff_env(): + """set FishFuzz Env before build""" + os.environ['TMP_DIR'] = os.environ['OUT'] + '/TEMP' + os.environ['FF_TMP_DIR'] = os.environ['OUT'] + '/TEMP' + prepare_tmp_files(os.environ['TMP_DIR']) + + +def build(*args): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + # BUILD_MODES is not already supported by fuzzbench, meanwhile we provide + # a default configuration. + + build_modes = list(args) + if 'BUILD_MODES' in os.environ: + build_modes = os.environ['BUILD_MODES'].split(',') + + # Placeholder comment. + build_directory = os.environ['OUT'] + + # If nothing was set this is the default: + if not build_modes: + build_modes = ['tracepc', 'cmplog', 'dict2file'] + + # For bug type benchmarks we have to instrument via native clang pcguard :( + build_flags = os.environ['CFLAGS'] + os.environ['CFLAGS'] = build_flags + os.environ['USE_FF_INST'] = '1' + + #if build_flags.find( + # 'array-bounds' + #) != -1 and 'qemu' not in build_modes and 'classic' not in build_modes: + # if 'gcc' not in build_modes: + # build_modes[0] = 'native' + + # Instrumentation coverage modes: + if 'lto' in build_modes: + os.environ['CC'] = '/FishFuzz/afl-clang-lto' + os.environ['CXX'] = '/FishFuzz/afl-clang-lto++' + edge_file = build_directory + '/aflpp_edges.txt' + os.environ['AFL_LLVM_DOCUMENT_IDS'] = edge_file + if os.path.isfile('/usr/local/bin/llvm-ranlib-13'): + os.environ['RANLIB'] = 'llvm-ranlib-13' + os.environ['AR'] = 'llvm-ar-13' + os.environ['AS'] = 'llvm-as-13' + elif os.path.isfile('/usr/local/bin/llvm-ranlib-12'): + os.environ['RANLIB'] = 'llvm-ranlib-12' + os.environ['AR'] = 'llvm-ar-12' + os.environ['AS'] = 'llvm-as-12' + else: + os.environ['RANLIB'] = 'llvm-ranlib' + os.environ['AR'] = 'llvm-ar' + os.environ['AS'] = 'llvm-as' + elif 'qemu' in build_modes: + os.environ['CC'] = 'clang' + os.environ['CXX'] = 'clang++' + elif 'gcc' in build_modes: + os.environ['CC'] = 'afl-gcc-fast' + os.environ['CXX'] = 'afl-g++-fast' + if build_flags.find('array-bounds') != -1: + os.environ['CFLAGS'] = '-fsanitize=address -O1' + os.environ['CXXFLAGS'] = '-fsanitize=address -O1' + else: + os.environ['CFLAGS'] = '' + os.environ['CXXFLAGS'] = '' + os.environ['CPPFLAGS'] = '' + else: + os.environ['CC'] = '/FishFuzz/afl-clang-fast' + os.environ['CXX'] = '/FishFuzz/afl-clang-fast++' + + print('AFL++ build: ') + print(build_modes) + + if 'qemu' in build_modes or 'symcc' in build_modes: + os.environ['CFLAGS'] = ' '.join(utils.NO_SANITIZER_COMPAT_CFLAGS) + cxxflags = [utils.LIBCPLUSPLUS_FLAG] + utils.NO_SANITIZER_COMPAT_CFLAGS + os.environ['CXXFLAGS'] = ' '.join(cxxflags) + + if 'tracepc' in build_modes or 'pcguard' in build_modes: + os.environ['AFL_LLVM_USE_TRACE_PC'] = '1' + elif 'classic' in build_modes: + os.environ['AFL_LLVM_INSTRUMENT'] = 'CLASSIC' + elif 'native' in build_modes: + os.environ['AFL_LLVM_INSTRUMENT'] = 'LLVMNATIVE' + + # Instrumentation coverage options: + # Do not use a fixed map location (LTO only) + if 'dynamic' in build_modes: + os.environ['AFL_LLVM_MAP_DYNAMIC'] = '1' + # Use a fixed map location (LTO only) + if 'fixed' in build_modes: + os.environ['AFL_LLVM_MAP_ADDR'] = '0x10000' + # Generate an extra dictionary. + if 'dict2file' in build_modes or 'native' in build_modes: + os.environ['AFL_LLVM_DICT2FILE'] = build_directory + '/afl++.dict' + os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1' + # Enable context sentitivity for LLVM mode (non LTO only) + if 'ctx' in build_modes: + os.environ['AFL_LLVM_CTX'] = '1' + # Enable N-gram coverage for LLVM mode (non LTO only) + if 'ngram2' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '2' + elif 'ngram3' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '3' + elif 'ngram4' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '4' + elif 'ngram5' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '5' + elif 'ngram6' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '6' + elif 'ngram7' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '7' + elif 'ngram8' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '8' + elif 'ngram16' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '16' + if 'ctx1' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '1' + elif 'ctx2' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '2' + elif 'ctx3' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '3' + elif 'ctx4' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '4' + + # Only one of the following OR cmplog + # enable laf-intel compare splitting + if 'laf' in build_modes: + os.environ['AFL_LLVM_LAF_SPLIT_SWITCHES'] = '1' + os.environ['AFL_LLVM_LAF_SPLIT_COMPARES'] = '1' + os.environ['AFL_LLVM_LAF_SPLIT_FLOATS'] = '1' + if 'autodict' not in build_modes: + os.environ['AFL_LLVM_LAF_TRANSFORM_COMPARES'] = '1' + + if 'eclipser' in build_modes: + os.environ['FUZZER_LIB'] = '/libStandaloneFuzzTarget.a' + else: + os.environ['FUZZER_LIB'] = '/FishFuzz/afl_driver.o' + + # Some benchmarks like lcms. (see: + # https://github.com/mm2/Little-CMS/commit/ab1093539b4287c233aca6a3cf53b234faceb792#diff-f0e6d05e72548974e852e8e55dffc4ccR212) + # fail to compile if the compiler outputs things to stderr in unexpected + # cases. Prevent these failures by using AFL_QUIET to stop afl-clang-fast + # from writing AFL specific messages to stderr. + os.environ['AFL_QUIET'] = '1' + os.environ['AFL_MAP_SIZE'] = '2621440' + + src = os.getenv('SRC') + work = os.getenv('WORK') + set_ff_env() + + with utils.restore_directory(src), utils.restore_directory(work): + # Restore SRC to its initial state so we can build again without any + # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run + # twice in the same directory without this. + utils.build_benchmark() + + if 'cmplog' in build_modes and 'qemu' not in build_modes: + + # CmpLog requires an build with different instrumentation. + new_env = os.environ.copy() + new_env['AFL_LLVM_CMPLOG'] = '1' + if 'USE_FF_INST' in new_env: + del new_env['USE_FF_INST'] + + # For CmpLog build, set the OUT and FUZZ_TARGET environment + # variable to point to the new CmpLog build directory. + cmplog_build_directory = get_cmplog_build_directory(build_directory) + os.mkdir(cmplog_build_directory) + new_env['OUT'] = cmplog_build_directory + fuzz_target = os.getenv('FUZZ_TARGET') + if fuzz_target: + new_env['FUZZ_TARGET'] = os.path.join(cmplog_build_directory, + os.path.basename(fuzz_target)) + + print('Re-building benchmark for CmpLog fuzzing target') + utils.build_benchmark(env=new_env) + + if 'symcc' in build_modes: + + symcc_build_directory = get_uninstrumented_build_directory( + build_directory) + os.mkdir(symcc_build_directory) + + # symcc requires an build with different instrumentation. + new_env = os.environ.copy() + new_env['CC'] = '/symcc/build/symcc' + new_env['CXX'] = '/symcc/build/sym++' + new_env['SYMCC_OUTPUT_DIR'] = '/tmp' + new_env['CXXFLAGS'] = new_env['CXXFLAGS'].replace('-stlib=libc++', '') + new_env['FUZZER_LIB'] = '/libfuzzer-harness.o' + new_env['OUT'] = symcc_build_directory + new_env['SYMCC_LIBCXX_PATH'] = '/libcxx_native_build' + new_env['SYMCC_NO_SYMBOLIC_INPUT'] = '1' + new_env['SYMCC_SILENT'] = '1' + + # For symcc build, set the OUT and FUZZ_TARGET environment + # variable to point to the new symcc build directory. + new_env['OUT'] = symcc_build_directory + fuzz_target = os.getenv('FUZZ_TARGET') + if fuzz_target: + new_env['FUZZ_TARGET'] = os.path.join(symcc_build_directory, + os.path.basename(fuzz_target)) + + print('Re-building benchmark for symcc fuzzing target') + utils.build_benchmark(env=new_env) + + shutil.copy('/FishFuzz/afl-fuzz', build_directory) + if os.path.exists('/FishFuzz/afl-qemu-trace'): + shutil.copy('/FishFuzz/afl-qemu-trace', build_directory) + if os.path.exists('/aflpp_qemu_driver_hook.so'): + shutil.copy('/aflpp_qemu_driver_hook.so', build_directory) + if os.path.exists('/get_frida_entry.sh'): + shutil.copy('/FishFuzz/afl-frida-trace.so', build_directory) + shutil.copy('/get_frida_entry.sh', build_directory) + + tmp_dst = os.environ['OUT'] + '/TEMP' + print('[post_build] generating distance files') + xxa = 'python3 /FishFuzz/distance/match_function.py -i ' + tmp_dst + os.system(xxa) + xxb = 'python3 /FishFuzz/distance/calculate_all_distance.py -i ' + tmp_dst + os.system(xxb) + + +# pylint: disable=too-many-arguments +def fuzz(input_corpus, + output_corpus, + target_binary, + flags=tuple(), + skip=False, + no_cmplog=False): # pylint: disable=too-many-arguments + """Run fuzzer.""" + # Calculate CmpLog binary path from the instrumented target binary. + target_binary_directory = os.path.dirname(target_binary) + cmplog_target_binary_directory = ( + get_cmplog_build_directory(target_binary_directory)) + target_binary_name = os.path.basename(target_binary) + cmplog_target_binary = os.path.join(cmplog_target_binary_directory, + target_binary_name) + + afl_fuzzer.prepare_fuzz_environment(input_corpus) + # decomment this to enable libdislocator. + # os.environ['AFL_ALIGNED_ALLOC'] = '1' # align malloc to max_align_t + # os.environ['AFL_PRELOAD'] = '/FishFuzz/libdislocator.so' + + flags = list(flags) + + if os.path.exists('./afl++.dict'): + flags += ['-x', './afl++.dict'] + + flags += ['-p', 'explore'] + + # Move the following to skip for upcoming _double tests: + if os.path.exists(cmplog_target_binary) and no_cmplog is False: + flags += ['-c', cmplog_target_binary] + + #os.environ['AFL_IGNORE_TIMEOUTS'] = '1' + os.environ['AFL_IGNORE_UNKNOWN_ENVS'] = '1' + os.environ['AFL_FAST_CAL'] = '1' + os.environ['AFL_NO_WARN_INSTABILITY'] = '1' + + if not skip: + os.environ['AFL_DISABLE_TRIM'] = '1' + os.environ['AFL_CMPLOG_ONLY_NEW'] = '1' + if 'ADDITIONAL_ARGS' in os.environ: + flags += os.environ['ADDITIONAL_ARGS'].split(' ') + + os.environ['TMP_DIR'] = os.environ['OUT'] + '/TEMP' + + afl_fuzzer.run_afl_fuzz(input_corpus, + output_corpus, + target_binary, + additional_flags=flags) diff --git a/fuzzers/fishpp_new_exp/runner.Dockerfile b/fuzzers/fishpp_new_exp/runner.Dockerfile new file mode 100644 index 000000000..1be76e230 --- /dev/null +++ b/fuzzers/fishpp_new_exp/runner.Dockerfile @@ -0,0 +1,44 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +ENV DEBIAN_FRONTEND=noninteractive +ENV TZ=Etc/UTC + +RUN apt update && apt install -y git gcc g++ make cmake wget \ + libgmp-dev libmpfr-dev texinfo bison python3 + +# for runtime library, we just need libc++-12-dev libc++abi-12-dev +RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|apt-key add - && \ + printf "deb http://apt.llvm.org/focal/ llvm-toolchain-focal main\n" \ + "deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal main\n" \ + "deb http://apt.llvm.org/focal/ llvm-toolchain-focal-12 main\n" \ + "deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal-12 main\n" \ + >> /etc/apt/sources.list && \ + apt update && \ + apt install libc++-12-dev libc++abi-12-dev -y + +# for FF runtime +RUN apt-get install -y libboost-all-dev libjsoncpp-dev libgraphviz-dev \ + pkg-config libglib2.0-dev # libunwind-17 + +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 + + + diff --git a/fuzzers/fishpp_new_exp_nocmp/builder.Dockerfile b/fuzzers/fishpp_new_exp_nocmp/builder.Dockerfile new file mode 100644 index 000000000..d65ffc11f --- /dev/null +++ b/fuzzers/fishpp_new_exp_nocmp/builder.Dockerfile @@ -0,0 +1,106 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +ENV DEBIAN_FRONTEND=noninteractive +ENV TZ=Etc/UTC + +RUN apt-get update && \ + apt-get install -y \ + build-essential \ + python3-dev \ + python3-setuptools \ + automake \ + cmake \ + git \ + flex \ + bison \ + libglib2.0-dev \ + libpixman-1-dev \ + cargo \ + libgtk-3-dev \ + # for QEMU mode + ninja-build \ + gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev \ + libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev + +RUN apt install -y git gcc g++ make cmake wget \ + libgmp-dev libmpfr-dev texinfo bison python3 + +RUN apt-get install -y libboost-all-dev libjsoncpp-dev libgraphviz-dev \ + pkg-config libglib2.0-dev findutils + +RUN apt install -y lsb-release wget software-properties-common python3-pip + +# these two packages are automatically installed, libpcap will consider libnl +# installed and try to link with libnl-genl-3-dev, which is not installed. +# Simply remove these packages +RUN apt remove libnl-3-200 libnl-3-dev -y + +RUN pip3 install networkx pydot + +# copy Fish++ earlier to patch the llvm +# COPY FishFuzz/FF_AFL++ /FishFuzz +RUN git clone https://github.com/kdsjZh/Fishpp/ /FishFuzz && \ + cd /FishFuzz && git checkout c8858efe55908ec43152750d1015a38598e07240 + +# build clang-12 with gold plugin +RUN mkdir -p /build && \ + git clone \ + https://github.com/llvm/llvm-project /llvm && \ + git clone \ + --depth 1 \ + --branch binutils-2_40-branch \ + git://sourceware.org/git/binutils-gdb.git /llvm/binutils && \ + cd /llvm/ && git checkout bf7f8d6fa6f460bf0a16ffec319cd71592216bf4 && \ + git apply /FishFuzz/fish_mode/llvm_patch/llvm-15.0/llvm-15-asan.diff && \ + cp /FishFuzz/fish_mode/llvm_patch/llvm-15.0/FishFuzzAddressSanitizer.cpp llvm/lib/Transforms/Instrumentation/ && \ + mkdir /llvm/binutils/build && cd /llvm/binutils/build && \ + CFLAGS="" CXXFLAGS="" CC=gcc CXX=g++ \ + ../configure --enable-gold --enable-plugins --disable-werror && \ + make all-gold -j$(nproc) && \ + cd /llvm/ && mkdir build && cd build &&\ + CFLAGS="" CXXFLAGS="" CC=gcc CXX=g++ \ + cmake -DCMAKE_BUILD_TYPE=Release \ + -DLLVM_BINUTILS_INCDIR=/llvm/binutils/include \ + -DLLVM_ENABLE_PROJECTS="compiler-rt;clang" \ + -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi" ../llvm && \ + make -j$(nproc) && \ + cp /llvm/build/lib/LLVMgold.so //usr/lib/bfd-plugins/ && \ + cp /llvm/build/lib/libLTO.so //usr/lib/bfd-plugins/ + + +ENV LLVM_CONFIG=llvm-config + +# make sure our modified clang-12 is called before clang-15, which is in /usr/local/bin +ENV PATH="/llvm/build/bin:${PATH}" +ENV LD_LIBRARY_PATH="/llvm/build/lib/x86_64-unknown-linux-gnu/" + + +# Build without Python support as we don't need it. +# Set AFL_NO_X86 to skip flaky tests. +RUN cd /FishFuzz/ && \ + unset CFLAGS CXXFLAGS CC CXX && \ + export AFL_NO_X86=1 && \ + make clean && \ + PYTHON_INCLUDE=/ make && \ + # make -C dyncfg && \ + chmod +x fish_mode/distance/*.py && \ + make install + +RUN wget https://raw.githubusercontent.com/llvm/llvm-project/5feb80e748924606531ba28c97fe65145c65372e/compiler-rt/lib/fuzzer/afl/afl_driver.cpp -O /FishFuzz/afl_driver.cpp && \ + clang++ -stdlib=libc++ -std=c++11 -O2 -c /FishFuzz/afl_driver.cpp -o /FishFuzz/afl_driver.o && \ + ar r /libAFLDriver.a /FishFuzz/afl_driver.o /FishFuzz/afl-compiler-rt.o diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py new file mode 100644 index 000000000..f128df455 --- /dev/null +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -0,0 +1,319 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""Integration code for FishFuzz-AFLplusplus fuzzer.""" + +import os +import shutil + +from fuzzers.afl import fuzzer as afl_fuzzer +from fuzzers import utils + + +def get_cmplog_build_directory(target_directory): + """Return path to CmpLog target directory.""" + return os.path.join(target_directory, 'cmplog') + + +def get_uninstrumented_build_directory(target_directory): + """Return path to CmpLog target directory.""" + return os.path.join(target_directory, 'uninstrumented') + + +def prepare_tmp_files(tmp_dir): + """prepare tmp files""" + if not os.path.isdir(tmp_dir) or os.path.exists(tmp_dir): + os.mkdir(tmp_dir) + fua = tmp_dir + '/idlog' + fub = tmp_dir + '/cg' + fuc = tmp_dir + '/fid' + os.mkdir(fua) + os.mkdir(fub) + os.mkdir(fuc) + fud = 'touch ' + tmp_dir + '/idlog/fid ' + tmp_dir + '/idlog/targid' + os.system(fud) + + +def set_ff_env(): + """set FishFuzz Env before build""" + os.environ['TMP_DIR'] = os.environ['OUT'] + '/TEMP' + os.environ['FF_TMP_DIR'] = os.environ['OUT'] + '/TEMP' + prepare_tmp_files(os.environ['TMP_DIR']) + + +def build(*args): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + # BUILD_MODES is not already supported by fuzzbench, meanwhile we provide + # a default configuration. + + build_modes = list(args) + if 'BUILD_MODES' in os.environ: + build_modes = os.environ['BUILD_MODES'].split(',') + + # Placeholder comment. + build_directory = os.environ['OUT'] + + # If nothing was set this is the default: + if not build_modes: + build_modes = ['tracepc', 'dict2file'] + + # For bug type benchmarks we have to instrument via native clang pcguard :( + build_flags = os.environ['CFLAGS'] + os.environ['CFLAGS'] = build_flags + os.environ['USE_FF_INST'] = '1' + + #if build_flags.find( + # 'array-bounds' + #) != -1 and 'qemu' not in build_modes and 'classic' not in build_modes: + # if 'gcc' not in build_modes: + # build_modes[0] = 'native' + + # Instrumentation coverage modes: + if 'lto' in build_modes: + os.environ['CC'] = '/FishFuzz/afl-clang-lto' + os.environ['CXX'] = '/FishFuzz/afl-clang-lto++' + edge_file = build_directory + '/aflpp_edges.txt' + os.environ['AFL_LLVM_DOCUMENT_IDS'] = edge_file + if os.path.isfile('/usr/local/bin/llvm-ranlib-13'): + os.environ['RANLIB'] = 'llvm-ranlib-13' + os.environ['AR'] = 'llvm-ar-13' + os.environ['AS'] = 'llvm-as-13' + elif os.path.isfile('/usr/local/bin/llvm-ranlib-12'): + os.environ['RANLIB'] = 'llvm-ranlib-12' + os.environ['AR'] = 'llvm-ar-12' + os.environ['AS'] = 'llvm-as-12' + else: + os.environ['RANLIB'] = 'llvm-ranlib' + os.environ['AR'] = 'llvm-ar' + os.environ['AS'] = 'llvm-as' + elif 'qemu' in build_modes: + os.environ['CC'] = 'clang' + os.environ['CXX'] = 'clang++' + elif 'gcc' in build_modes: + os.environ['CC'] = 'afl-gcc-fast' + os.environ['CXX'] = 'afl-g++-fast' + if build_flags.find('array-bounds') != -1: + os.environ['CFLAGS'] = '-fsanitize=address -O1' + os.environ['CXXFLAGS'] = '-fsanitize=address -O1' + else: + os.environ['CFLAGS'] = '' + os.environ['CXXFLAGS'] = '' + os.environ['CPPFLAGS'] = '' + else: + os.environ['CC'] = '/FishFuzz/afl-clang-fast' + os.environ['CXX'] = '/FishFuzz/afl-clang-fast++' + + print('AFL++ build: ') + print(build_modes) + + if 'qemu' in build_modes or 'symcc' in build_modes: + os.environ['CFLAGS'] = ' '.join(utils.NO_SANITIZER_COMPAT_CFLAGS) + cxxflags = [utils.LIBCPLUSPLUS_FLAG] + utils.NO_SANITIZER_COMPAT_CFLAGS + os.environ['CXXFLAGS'] = ' '.join(cxxflags) + + if 'tracepc' in build_modes or 'pcguard' in build_modes: + os.environ['AFL_LLVM_USE_TRACE_PC'] = '1' + elif 'classic' in build_modes: + os.environ['AFL_LLVM_INSTRUMENT'] = 'CLASSIC' + elif 'native' in build_modes: + os.environ['AFL_LLVM_INSTRUMENT'] = 'LLVMNATIVE' + + # Instrumentation coverage options: + # Do not use a fixed map location (LTO only) + if 'dynamic' in build_modes: + os.environ['AFL_LLVM_MAP_DYNAMIC'] = '1' + # Use a fixed map location (LTO only) + if 'fixed' in build_modes: + os.environ['AFL_LLVM_MAP_ADDR'] = '0x10000' + # Generate an extra dictionary. + if 'dict2file' in build_modes or 'native' in build_modes: + os.environ['AFL_LLVM_DICT2FILE'] = build_directory + '/afl++.dict' + os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1' + # Enable context sentitivity for LLVM mode (non LTO only) + if 'ctx' in build_modes: + os.environ['AFL_LLVM_CTX'] = '1' + # Enable N-gram coverage for LLVM mode (non LTO only) + if 'ngram2' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '2' + elif 'ngram3' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '3' + elif 'ngram4' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '4' + elif 'ngram5' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '5' + elif 'ngram6' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '6' + elif 'ngram7' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '7' + elif 'ngram8' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '8' + elif 'ngram16' in build_modes: + os.environ['AFL_LLVM_NGRAM_SIZE'] = '16' + if 'ctx1' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '1' + elif 'ctx2' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '2' + elif 'ctx3' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '3' + elif 'ctx4' in build_modes: + os.environ['AFL_LLVM_CTX_K'] = '4' + + # Only one of the following OR cmplog + # enable laf-intel compare splitting + if 'laf' in build_modes: + os.environ['AFL_LLVM_LAF_SPLIT_SWITCHES'] = '1' + os.environ['AFL_LLVM_LAF_SPLIT_COMPARES'] = '1' + os.environ['AFL_LLVM_LAF_SPLIT_FLOATS'] = '1' + if 'autodict' not in build_modes: + os.environ['AFL_LLVM_LAF_TRANSFORM_COMPARES'] = '1' + + if 'eclipser' in build_modes: + os.environ['FUZZER_LIB'] = '/libStandaloneFuzzTarget.a' + else: + os.environ['FUZZER_LIB'] = '/FishFuzz/afl_driver.o' + + # Some benchmarks like lcms. (see: + # https://github.com/mm2/Little-CMS/commit/ab1093539b4287c233aca6a3cf53b234faceb792#diff-f0e6d05e72548974e852e8e55dffc4ccR212) + # fail to compile if the compiler outputs things to stderr in unexpected + # cases. Prevent these failures by using AFL_QUIET to stop afl-clang-fast + # from writing AFL specific messages to stderr. + os.environ['AFL_QUIET'] = '1' + os.environ['AFL_MAP_SIZE'] = '2621440' + + src = os.getenv('SRC') + work = os.getenv('WORK') + set_ff_env() + + with utils.restore_directory(src), utils.restore_directory(work): + # Restore SRC to its initial state so we can build again without any + # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run + # twice in the same directory without this. + utils.build_benchmark() + + if 'cmplog' in build_modes and 'qemu' not in build_modes: + + # CmpLog requires an build with different instrumentation. + new_env = os.environ.copy() + new_env['AFL_LLVM_CMPLOG'] = '1' + if 'USE_FF_INST' in new_env: + del new_env['USE_FF_INST'] + + # For CmpLog build, set the OUT and FUZZ_TARGET environment + # variable to point to the new CmpLog build directory. + cmplog_build_directory = get_cmplog_build_directory(build_directory) + os.mkdir(cmplog_build_directory) + new_env['OUT'] = cmplog_build_directory + fuzz_target = os.getenv('FUZZ_TARGET') + if fuzz_target: + new_env['FUZZ_TARGET'] = os.path.join(cmplog_build_directory, + os.path.basename(fuzz_target)) + + print('Re-building benchmark for CmpLog fuzzing target') + utils.build_benchmark(env=new_env) + + if 'symcc' in build_modes: + + symcc_build_directory = get_uninstrumented_build_directory( + build_directory) + os.mkdir(symcc_build_directory) + + # symcc requires an build with different instrumentation. + new_env = os.environ.copy() + new_env['CC'] = '/symcc/build/symcc' + new_env['CXX'] = '/symcc/build/sym++' + new_env['SYMCC_OUTPUT_DIR'] = '/tmp' + new_env['CXXFLAGS'] = new_env['CXXFLAGS'].replace('-stlib=libc++', '') + new_env['FUZZER_LIB'] = '/libfuzzer-harness.o' + new_env['OUT'] = symcc_build_directory + new_env['SYMCC_LIBCXX_PATH'] = '/libcxx_native_build' + new_env['SYMCC_NO_SYMBOLIC_INPUT'] = '1' + new_env['SYMCC_SILENT'] = '1' + + # For symcc build, set the OUT and FUZZ_TARGET environment + # variable to point to the new symcc build directory. + new_env['OUT'] = symcc_build_directory + fuzz_target = os.getenv('FUZZ_TARGET') + if fuzz_target: + new_env['FUZZ_TARGET'] = os.path.join(symcc_build_directory, + os.path.basename(fuzz_target)) + + print('Re-building benchmark for symcc fuzzing target') + utils.build_benchmark(env=new_env) + + shutil.copy('/FishFuzz/afl-fuzz', build_directory) + if os.path.exists('/FishFuzz/afl-qemu-trace'): + shutil.copy('/FishFuzz/afl-qemu-trace', build_directory) + if os.path.exists('/aflpp_qemu_driver_hook.so'): + shutil.copy('/aflpp_qemu_driver_hook.so', build_directory) + if os.path.exists('/get_frida_entry.sh'): + shutil.copy('/FishFuzz/afl-frida-trace.so', build_directory) + shutil.copy('/get_frida_entry.sh', build_directory) + + tmp_dst = os.environ['OUT'] + '/TEMP' + print('[post_build] generating distance files') + xxa = 'python3 /FishFuzz/distance/match_function.py -i ' + tmp_dst + os.system(xxa) + xxb = 'python3 /FishFuzz/distance/calculate_all_distance.py -i ' + tmp_dst + os.system(xxb) + + +# pylint: disable=too-many-arguments +def fuzz(input_corpus, + output_corpus, + target_binary, + flags=tuple(), + skip=False, + no_cmplog=False): # pylint: disable=too-many-arguments + """Run fuzzer.""" + # Calculate CmpLog binary path from the instrumented target binary. + target_binary_directory = os.path.dirname(target_binary) + cmplog_target_binary_directory = ( + get_cmplog_build_directory(target_binary_directory)) + target_binary_name = os.path.basename(target_binary) + cmplog_target_binary = os.path.join(cmplog_target_binary_directory, + target_binary_name) + + afl_fuzzer.prepare_fuzz_environment(input_corpus) + # decomment this to enable libdislocator. + # os.environ['AFL_ALIGNED_ALLOC'] = '1' # align malloc to max_align_t + # os.environ['AFL_PRELOAD'] = '/FishFuzz/libdislocator.so' + + flags = list(flags) + + if os.path.exists('./afl++.dict'): + flags += ['-x', './afl++.dict'] + + flags += ['-p', 'explore'] + + # Move the following to skip for upcoming _double tests: + if os.path.exists(cmplog_target_binary) and no_cmplog is False: + flags += ['-c', cmplog_target_binary] + + #os.environ['AFL_IGNORE_TIMEOUTS'] = '1' + os.environ['AFL_IGNORE_UNKNOWN_ENVS'] = '1' + os.environ['AFL_FAST_CAL'] = '1' + os.environ['AFL_NO_WARN_INSTABILITY'] = '1' + + if not skip: + os.environ['AFL_DISABLE_TRIM'] = '1' + os.environ['AFL_CMPLOG_ONLY_NEW'] = '1' + if 'ADDITIONAL_ARGS' in os.environ: + flags += os.environ['ADDITIONAL_ARGS'].split(' ') + + os.environ['TMP_DIR'] = os.environ['OUT'] + '/TEMP' + + afl_fuzzer.run_afl_fuzz(input_corpus, + output_corpus, + target_binary, + additional_flags=flags) diff --git a/fuzzers/fishpp_new_exp_nocmp/runner.Dockerfile b/fuzzers/fishpp_new_exp_nocmp/runner.Dockerfile new file mode 100644 index 000000000..1be76e230 --- /dev/null +++ b/fuzzers/fishpp_new_exp_nocmp/runner.Dockerfile @@ -0,0 +1,44 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +ENV DEBIAN_FRONTEND=noninteractive +ENV TZ=Etc/UTC + +RUN apt update && apt install -y git gcc g++ make cmake wget \ + libgmp-dev libmpfr-dev texinfo bison python3 + +# for runtime library, we just need libc++-12-dev libc++abi-12-dev +RUN wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key|apt-key add - && \ + printf "deb http://apt.llvm.org/focal/ llvm-toolchain-focal main\n" \ + "deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal main\n" \ + "deb http://apt.llvm.org/focal/ llvm-toolchain-focal-12 main\n" \ + "deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal-12 main\n" \ + >> /etc/apt/sources.list && \ + apt update && \ + apt install libc++-12-dev libc++abi-12-dev -y + +# for FF runtime +RUN apt-get install -y libboost-all-dev libjsoncpp-dev libgraphviz-dev \ + pkg-config libglib2.0-dev # libunwind-17 + +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 + + + From 259d3139b18ae51ca10188df81bc8f11d1b64e7d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Dec 2023 15:18:25 +0100 Subject: [PATCH 02/15] fixes --- fuzzers/aflplusplus/builder.Dockerfile | 2 +- fuzzers/aflplusplus/fuzzer.py | 1 - fuzzers/aflplusplus/runner.Dockerfile | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile index 570a620d6..044df5255 100644 --- a/fuzzers/aflplusplus/builder.Dockerfile +++ b/fuzzers/aflplusplus/builder.Dockerfile @@ -37,7 +37,7 @@ RUN apt-get update && \ # Download afl++. RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \ cd /afl && \ - git checkout b2d118f821b9a98b64a955b6dce5785646a8f19e || \ + git checkout 4a7e35b29c6711b68d3d579716685c3752ff62a8 || \ true # Build without Python support as we don't need it. diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py index 11e128c6a..7016da75e 100755 --- a/fuzzers/aflplusplus/fuzzer.py +++ b/fuzzers/aflplusplus/fuzzer.py @@ -269,7 +269,6 @@ def fuzz(input_corpus, os.environ['AFL_IGNORE_UNKNOWN_ENVS'] = '1' os.environ['AFL_FAST_CAL'] = '1' os.environ['AFL_NO_WARN_INSTABILITY'] = '1' - os.environ['AFL_IGNORE_SEED_PROBLEMS'] = '1' if not skip: os.environ['AFL_DISABLE_TRIM'] = '1' diff --git a/fuzzers/aflplusplus/runner.Dockerfile b/fuzzers/aflplusplus/runner.Dockerfile index 67ebe8b5e..418e9464c 100644 --- a/fuzzers/aflplusplus/runner.Dockerfile +++ b/fuzzers/aflplusplus/runner.Dockerfile @@ -22,4 +22,4 @@ ENV AFL_SKIP_CPUFREQ=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 ENV AFL_TESTCACHE_SIZE=2 -RUN apt update -y && apt install -y unzip git gdb joe +RUN apt install -y unzip git gdb joe From edb1cbac36effbba9ab4cce56ca996f5c9a5574e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Dec 2023 15:19:08 +0100 Subject: [PATCH 03/15] fixes --- fuzzers/aflplusplus/runner.Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/fuzzers/aflplusplus/runner.Dockerfile b/fuzzers/aflplusplus/runner.Dockerfile index 418e9464c..1a10f861c 100644 --- a/fuzzers/aflplusplus/runner.Dockerfile +++ b/fuzzers/aflplusplus/runner.Dockerfile @@ -21,5 +21,4 @@ ENV PATH="$PATH:/out" ENV AFL_SKIP_CPUFREQ=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 ENV AFL_TESTCACHE_SIZE=2 - RUN apt install -y unzip git gdb joe From f5b697bc14a5c528ae207d0c878565df8ae3b8ac Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Dec 2023 15:20:28 +0100 Subject: [PATCH 04/15] update afl++ --- fuzzers/aflplusplus/builder.Dockerfile | 2 +- fuzzers/aflplusplus/fuzzer.py | 1 + fuzzers/aflplusplus/runner.Dockerfile | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile index 044df5255..94da6a27d 100644 --- a/fuzzers/aflplusplus/builder.Dockerfile +++ b/fuzzers/aflplusplus/builder.Dockerfile @@ -37,7 +37,7 @@ RUN apt-get update && \ # Download afl++. RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \ cd /afl && \ - git checkout 4a7e35b29c6711b68d3d579716685c3752ff62a8 || \ + git checkout 353ae3682a02634abae0b6590dfb47b762cf6bfa || \ true # Build without Python support as we don't need it. diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py index 7016da75e..11e128c6a 100755 --- a/fuzzers/aflplusplus/fuzzer.py +++ b/fuzzers/aflplusplus/fuzzer.py @@ -269,6 +269,7 @@ def fuzz(input_corpus, os.environ['AFL_IGNORE_UNKNOWN_ENVS'] = '1' os.environ['AFL_FAST_CAL'] = '1' os.environ['AFL_NO_WARN_INSTABILITY'] = '1' + os.environ['AFL_IGNORE_SEED_PROBLEMS'] = '1' if not skip: os.environ['AFL_DISABLE_TRIM'] = '1' diff --git a/fuzzers/aflplusplus/runner.Dockerfile b/fuzzers/aflplusplus/runner.Dockerfile index 1a10f861c..67ebe8b5e 100644 --- a/fuzzers/aflplusplus/runner.Dockerfile +++ b/fuzzers/aflplusplus/runner.Dockerfile @@ -21,4 +21,5 @@ ENV PATH="$PATH:/out" ENV AFL_SKIP_CPUFREQ=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 ENV AFL_TESTCACHE_SIZE=2 -RUN apt install -y unzip git gdb joe + +RUN apt update -y && apt install -y unzip git gdb joe From 7fbfd3d9918b95fdbbd2ea93c8ab8df3ef0eea3a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Dec 2023 15:48:06 +0100 Subject: [PATCH 05/15] Revert "update afl++" This reverts commit f5b697bc14a5c528ae207d0c878565df8ae3b8ac. --- fuzzers/aflplusplus/builder.Dockerfile | 2 +- fuzzers/aflplusplus/fuzzer.py | 1 - fuzzers/aflplusplus/runner.Dockerfile | 3 +-- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile index 94da6a27d..044df5255 100644 --- a/fuzzers/aflplusplus/builder.Dockerfile +++ b/fuzzers/aflplusplus/builder.Dockerfile @@ -37,7 +37,7 @@ RUN apt-get update && \ # Download afl++. RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \ cd /afl && \ - git checkout 353ae3682a02634abae0b6590dfb47b762cf6bfa || \ + git checkout 4a7e35b29c6711b68d3d579716685c3752ff62a8 || \ true # Build without Python support as we don't need it. diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py index 11e128c6a..7016da75e 100755 --- a/fuzzers/aflplusplus/fuzzer.py +++ b/fuzzers/aflplusplus/fuzzer.py @@ -269,7 +269,6 @@ def fuzz(input_corpus, os.environ['AFL_IGNORE_UNKNOWN_ENVS'] = '1' os.environ['AFL_FAST_CAL'] = '1' os.environ['AFL_NO_WARN_INSTABILITY'] = '1' - os.environ['AFL_IGNORE_SEED_PROBLEMS'] = '1' if not skip: os.environ['AFL_DISABLE_TRIM'] = '1' diff --git a/fuzzers/aflplusplus/runner.Dockerfile b/fuzzers/aflplusplus/runner.Dockerfile index 67ebe8b5e..1a10f861c 100644 --- a/fuzzers/aflplusplus/runner.Dockerfile +++ b/fuzzers/aflplusplus/runner.Dockerfile @@ -21,5 +21,4 @@ ENV PATH="$PATH:/out" ENV AFL_SKIP_CPUFREQ=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 ENV AFL_TESTCACHE_SIZE=2 - -RUN apt update -y && apt install -y unzip git gdb joe +RUN apt install -y unzip git gdb joe From 734536d251fe1d928421af76b1ddc11ca1cef6ec Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Dec 2023 15:49:04 +0100 Subject: [PATCH 06/15] dummy change --- service/gcbrun_experiment.py | 1 + 1 file changed, 1 insertion(+) diff --git a/service/gcbrun_experiment.py b/service/gcbrun_experiment.py index 339972cfa..2eafac2bc 100644 --- a/service/gcbrun_experiment.py +++ b/service/gcbrun_experiment.py @@ -12,6 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# ################################################################################ """Entrypoint for gcbrun into run_experiment. This script will get the command from the last PR comment containing "/gcbrun" and pass it to run_experiment.py From 54ef761c01a382d3f68b221ffa7fc1155959f3c2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 18 Dec 2023 15:49:48 +0100 Subject: [PATCH 07/15] explore --- fuzzers/aflplusplus/fuzzer.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py index 7016da75e..5d87cb9c5 100755 --- a/fuzzers/aflplusplus/fuzzer.py +++ b/fuzzers/aflplusplus/fuzzer.py @@ -261,6 +261,8 @@ def fuzz(input_corpus, if os.path.exists('./afl++.dict'): flags += ['-x', './afl++.dict'] + flags += ['-p', 'exlore'] + # Move the following to skip for upcoming _double tests: if os.path.exists(cmplog_target_binary) and no_cmplog is False: flags += ['-c', cmplog_target_binary] From fa2e86cf653fe851a59b06bc1e1d52983d1f0488 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 11:28:01 +0100 Subject: [PATCH 08/15] fixes --- fuzzers/aflplusplus/fuzzer.py | 2 +- fuzzers/fishpp_new_exp/fuzzer.py | 4 ++-- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py index 5d87cb9c5..c04424924 100755 --- a/fuzzers/aflplusplus/fuzzer.py +++ b/fuzzers/aflplusplus/fuzzer.py @@ -261,7 +261,7 @@ def fuzz(input_corpus, if os.path.exists('./afl++.dict'): flags += ['-x', './afl++.dict'] - flags += ['-p', 'exlore'] + flags += ['-p', 'explore'] # Move the following to skip for upcoming _double tests: if os.path.exists(cmplog_target_binary) and no_cmplog is False: diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index 2ab3506f8..441091c94 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -262,9 +262,9 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements tmp_dst = os.environ['OUT'] + '/TEMP' print('[post_build] generating distance files') - xxa = 'python3 /FishFuzz/distance/match_function.py -i ' + tmp_dst + xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tmp_dst os.system(xxa) - xxb = 'python3 /FishFuzz/distance/calculate_all_distance.py -i ' + tmp_dst + xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tmp_dst os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index f128df455..287f6afcf 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -262,9 +262,9 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements tmp_dst = os.environ['OUT'] + '/TEMP' print('[post_build] generating distance files') - xxa = 'python3 /FishFuzz/distance/match_function.py -i ' + tmp_dst + xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tmp_dst os.system(xxa) - xxb = 'python3 /FishFuzz/distance/calculate_all_distance.py -i ' + tmp_dst + xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tmp_dst os.system(xxb) From 40b528d7c457566d6ed6a0e9852a1c21cb61a5f8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 11:42:50 +0100 Subject: [PATCH 09/15] try fix --- fuzzers/fishpp_new_exp/fuzzer.py | 7 ++++--- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 9 +++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index 441091c94..5c415d5f3 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -260,11 +260,12 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements shutil.copy('/FishFuzz/afl-frida-trace.so', build_directory) shutil.copy('/get_frida_entry.sh', build_directory) - tmp_dst = os.environ['OUT'] + '/TEMP' + tdst = os.environ['OUT'] + '/TEMP' print('[post_build] generating distance files') - xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tmp_dst + xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tmp_dst + xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + + tdst os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index 287f6afcf..d7a00954a 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -260,12 +260,13 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements shutil.copy('/FishFuzz/afl-frida-trace.so', build_directory) shutil.copy('/get_frida_entry.sh', build_directory) - tmp_dst = os.environ['OUT'] + '/TEMP' + tdst = os.environ['OUT'] + '/TEMP' print('[post_build] generating distance files') - xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tmp_dst + xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tmp_dst - os.system(xxb) + xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + + tdst + os.system(xxxb) # pylint: disable=too-many-arguments From db10e32a2c0cd3ed9351776004797471fe25c146 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 11:57:47 +0100 Subject: [PATCH 10/15] next fix attempt --- fuzzers/fishpp_new_exp/fuzzer.py | 3 +-- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index 5c415d5f3..63c6afd53 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -264,8 +264,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements print('[post_build] generating distance files') xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' - + tdst + xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index d7a00954a..0f8800586 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -264,8 +264,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements print('[post_build] generating distance files') xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' - + tdst + xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst os.system(xxxb) From a9401237acef7707461301d4d1f3048221425677 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 12:03:22 +0100 Subject: [PATCH 11/15] next fix attempt --- fuzzers/fishpp_new_exp/fuzzer.py | 2 +- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index 63c6afd53..70dc638fd 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -264,7 +264,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements print('[post_build] generating distance files') xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst + xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index 0f8800586..6ec6a803d 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -264,8 +264,8 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements print('[post_build] generating distance files') xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst - os.system(xxxb) + xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst + os.system(xxb) # pylint: disable=too-many-arguments From b998f104422aca1edae87f20abf2e3e27bb62e56 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 12:24:24 +0100 Subject: [PATCH 12/15] yapf is such crap --- fuzzers/fishpp_new_exp/fuzzer.py | 5 ++++- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index 70dc638fd..bdae56c8c 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -264,7 +264,10 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements print('[post_build] generating distance files') xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst + xxb = ( + "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + + tdst + ) os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index 6ec6a803d..33b27c4a1 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -264,7 +264,10 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements print('[post_build] generating distance files') xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) - xxb = 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst + xxb = ( + "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + + tdst + ) os.system(xxb) From 6b8e9be5e03bb340981f78b7fa4f533fad0f8b79 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 12:50:22 +0100 Subject: [PATCH 13/15] yapf is such crap --- fuzzers/fishpp_new_exp/fuzzer.py | 4 ++-- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index bdae56c8c..08fb97ae2 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -265,8 +265,8 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) xxb = ( - "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " - + tdst + "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + + tdst ) os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index 33b27c4a1..00bcbd1be 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -265,8 +265,8 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) xxb = ( - "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " - + tdst + "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + + tdst ) os.system(xxb) From 17ecf51c61bfe2ff5f279e81f38a4072e12f20b8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 12:56:14 +0100 Subject: [PATCH 14/15] yapf is such crap --- fuzzers/fishpp_new_exp/fuzzer.py | 3 +-- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index 08fb97ae2..1b4f29af9 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -266,8 +266,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements os.system(xxa) xxb = ( "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + - tdst - ) + tdst) os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index 00bcbd1be..ee7e4d54e 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -266,8 +266,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements os.system(xxa) xxb = ( "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + - tdst - ) + tdst) os.system(xxb) From 7cd29e4d1870f80ce30e697125332b321f127770 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Dec 2023 13:00:24 +0100 Subject: [PATCH 15/15] yapf is such crap --- fuzzers/fishpp_new_exp/fuzzer.py | 2 +- fuzzers/fishpp_new_exp_nocmp/fuzzer.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fuzzers/fishpp_new_exp/fuzzer.py b/fuzzers/fishpp_new_exp/fuzzer.py index 1b4f29af9..53b18b64a 100644 --- a/fuzzers/fishpp_new_exp/fuzzer.py +++ b/fuzzers/fishpp_new_exp/fuzzer.py @@ -265,7 +265,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) xxb = ( - "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + + 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst) os.system(xxb) diff --git a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py index ee7e4d54e..bcfed7438 100644 --- a/fuzzers/fishpp_new_exp_nocmp/fuzzer.py +++ b/fuzzers/fishpp_new_exp_nocmp/fuzzer.py @@ -265,7 +265,7 @@ def build(*args): # pylint: disable=too-many-branches,too-many-statements xxa = 'python3 /FishFuzz/fish_mode/distance/match_function.py -i ' + tdst os.system(xxa) xxb = ( - "python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i " + + 'python3 /FishFuzz/fish_mode/distance/calculate_all_distance.py -i ' + tdst) os.system(xxb)