From ce2abbfd7e2b2096c7706214dc76a5f84277d017 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 8 Mar 2021 01:12:26 +0100 Subject: [PATCH] final afl++ cmplog experiment (#1106) * add to afl++ to papers * fix afl++ * final cmplog round * add new havoc change test --- .github/workflows/fuzzers.yml | 4 ++ fuzzers/aflplusplus/builder.Dockerfile | 2 +- fuzzers/aflplusplus_cmplog/builder.Dockerfile | 2 +- .../aflplusplus_cmplog_12k/builder.Dockerfile | 2 +- .../aflplusplus_cmplog_16k/builder.Dockerfile | 36 ++++++++++++++++++ fuzzers/aflplusplus_cmplog_16k/description.md | 13 +++++++ fuzzers/aflplusplus_cmplog_16k/fuzzer.py | 38 +++++++++++++++++++ .../aflplusplus_cmplog_16k/runner.Dockerfile | 23 +++++++++++ .../aflplusplus_cmplog_24k/builder.Dockerfile | 36 ++++++++++++++++++ fuzzers/aflplusplus_cmplog_24k/description.md | 13 +++++++ fuzzers/aflplusplus_cmplog_24k/fuzzer.py | 38 +++++++++++++++++++ .../aflplusplus_cmplog_24k/runner.Dockerfile | 23 +++++++++++ .../aflplusplus_cmplog_4k/builder.Dockerfile | 36 ++++++++++++++++++ fuzzers/aflplusplus_cmplog_4k/description.md | 13 +++++++ fuzzers/aflplusplus_cmplog_4k/fuzzer.py | 38 +++++++++++++++++++ .../aflplusplus_cmplog_4k/runner.Dockerfile | 23 +++++++++++ .../builder.Dockerfile | 2 +- .../builder.Dockerfile | 2 +- .../aflplusplus_dict2file/builder.Dockerfile | 2 +- .../aflplusplus_eclipser/builder.Dockerfile | 2 +- fuzzers/aflplusplus_flcnt/builder.Dockerfile | 2 +- fuzzers/aflplusplus_havoc/builder.Dockerfile | 35 +++++++++++++++++ fuzzers/aflplusplus_havoc/description.md | 13 +++++++ fuzzers/aflplusplus_havoc/fuzzer.py | 38 +++++++++++++++++++ fuzzers/aflplusplus_havoc/runner.Dockerfile | 23 +++++++++++ .../builder.Dockerfile | 2 +- .../builder.Dockerfile | 2 +- .../aflplusplus_optimal/builder.Dockerfile | 2 +- .../builder.Dockerfile | 2 +- fuzzers/aflplusplus_qemu/builder.Dockerfile | 2 +- service/experiment-requests.yaml | 26 +++++++++++++ 31 files changed, 482 insertions(+), 13 deletions(-) create mode 100644 fuzzers/aflplusplus_cmplog_16k/builder.Dockerfile create mode 100644 fuzzers/aflplusplus_cmplog_16k/description.md create mode 100755 fuzzers/aflplusplus_cmplog_16k/fuzzer.py create mode 100644 fuzzers/aflplusplus_cmplog_16k/runner.Dockerfile create mode 100644 fuzzers/aflplusplus_cmplog_24k/builder.Dockerfile create mode 100644 fuzzers/aflplusplus_cmplog_24k/description.md create mode 100755 fuzzers/aflplusplus_cmplog_24k/fuzzer.py create mode 100644 fuzzers/aflplusplus_cmplog_24k/runner.Dockerfile create mode 100644 fuzzers/aflplusplus_cmplog_4k/builder.Dockerfile create mode 100644 fuzzers/aflplusplus_cmplog_4k/description.md create mode 100755 fuzzers/aflplusplus_cmplog_4k/fuzzer.py create mode 100644 fuzzers/aflplusplus_cmplog_4k/runner.Dockerfile create mode 100644 fuzzers/aflplusplus_havoc/builder.Dockerfile create mode 100644 fuzzers/aflplusplus_havoc/description.md create mode 100755 fuzzers/aflplusplus_havoc/fuzzer.py create mode 100644 fuzzers/aflplusplus_havoc/runner.Dockerfile diff --git a/.github/workflows/fuzzers.yml b/.github/workflows/fuzzers.yml index 2caf402dd..7e8044fb4 100644 --- a/.github/workflows/fuzzers.yml +++ b/.github/workflows/fuzzers.yml @@ -45,10 +45,14 @@ jobs: - aflplusplus_dict2file - aflplusplus_cmplog - aflplusplus_cmplog_introspection + - aflplusplus_cmplog_4k - aflplusplus_cmplog_12k + - aflplusplus_cmplog_16k + - aflplusplus_cmplog_24k - aflplusplus_cmplog_fail96 - aflplusplus_flcnt - aflplusplus_optimal_flcnt + - aflplusplus_havoc benchmark_type: - oss-fuzz diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile index 3b8d8b760..4a7d02e80 100644 --- a/fuzzers/aflplusplus/builder.Dockerfile +++ b/fuzzers/aflplusplus/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_cmplog/builder.Dockerfile b/fuzzers/aflplusplus_cmplog/builder.Dockerfile index 3b8d8b760..4a7d02e80 100644 --- a/fuzzers/aflplusplus_cmplog/builder.Dockerfile +++ b/fuzzers/aflplusplus_cmplog/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_cmplog_12k/builder.Dockerfile b/fuzzers/aflplusplus_cmplog_12k/builder.Dockerfile index 24aeb5630..c85977979 100644 --- a/fuzzers/aflplusplus_cmplog_12k/builder.Dockerfile +++ b/fuzzers/aflplusplus_cmplog_12k/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da && \ + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 && \ sed -i 's|CMPLOG_POSITIONS_MAX .*|CMPLOG_POSITIONS_MAX 12288U|' include/config.h # Build without Python support as we don't need it. diff --git a/fuzzers/aflplusplus_cmplog_16k/builder.Dockerfile b/fuzzers/aflplusplus_cmplog_16k/builder.Dockerfile new file mode 100644 index 000000000..33d23ae16 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_16k/builder.Dockerfile @@ -0,0 +1,36 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Install libstdc++ to use llvm_mode. +RUN apt-get update && \ + apt-get install -y wget libstdc++-5-dev libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates + +# Download and compile afl++. +RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ + cd /afl && \ + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 && \ + sed -i 's|CMPLOG_POSITIONS_MAX .*|CMPLOG_POSITIONS_MAX 16384U|' include/config.h + +# Build without Python support as we don't need it. +# Set AFL_NO_X86 to skip flaky tests. +RUN cd /afl && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export AFL_NO_X86=1 && \ + PYTHON_INCLUDE=/ make && make install && \ + make -C utils/aflpp_driver && \ + cp utils/aflpp_driver/libAFLDriver.a / diff --git a/fuzzers/aflplusplus_cmplog_16k/description.md b/fuzzers/aflplusplus_cmplog_16k/description.md new file mode 100644 index 000000000..445a27663 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_16k/description.md @@ -0,0 +1,13 @@ +# aflplusplus + +AFL++ fuzzer instance that has the following config active for all benchmarks: + - PCGUARD instrumentation + - cmplog feature + - "fast" power schedule + - persistent mode + shared memory test cases + +Repository: [https://github.com/AFLplusplus/AFLplusplus/](https://github.com/AFLplusplus/AFLplusplus/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/aflplusplus_cmplog_16k/fuzzer.py b/fuzzers/aflplusplus_cmplog_16k/fuzzer.py new file mode 100755 index 000000000..3a6943ad7 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_16k/fuzzer.py @@ -0,0 +1,38 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Integration code for AFLplusplus fuzzer.""" + +# This optimized afl++ variant should always be run together with +# "aflplusplus" to show the difference - a default configured afl++ vs. +# a hand-crafted optimized one. afl++ is configured not to enable the good +# stuff by default to be as close to vanilla afl as possible. +# But this means that the good stuff is hidden away in this benchmark +# otherwise. + +from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + run_options = ['-p', 'fast'] + + aflplusplus_fuzzer.fuzz(input_corpus, + output_corpus, + target_binary, + flags=(run_options)) diff --git a/fuzzers/aflplusplus_cmplog_16k/runner.Dockerfile b/fuzzers/aflplusplus_cmplog_16k/runner.Dockerfile new file mode 100644 index 000000000..9f3495cec --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_16k/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/aflplusplus_cmplog_24k/builder.Dockerfile b/fuzzers/aflplusplus_cmplog_24k/builder.Dockerfile new file mode 100644 index 000000000..614da181b --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_24k/builder.Dockerfile @@ -0,0 +1,36 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Install libstdc++ to use llvm_mode. +RUN apt-get update && \ + apt-get install -y wget libstdc++-5-dev libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates + +# Download and compile afl++. +RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ + cd /afl && \ + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 && \ + sed -i 's|CMPLOG_POSITIONS_MAX .*|CMPLOG_POSITIONS_MAX 24576U|' include/config.h + +# Build without Python support as we don't need it. +# Set AFL_NO_X86 to skip flaky tests. +RUN cd /afl && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export AFL_NO_X86=1 && \ + PYTHON_INCLUDE=/ make && make install && \ + make -C utils/aflpp_driver && \ + cp utils/aflpp_driver/libAFLDriver.a / diff --git a/fuzzers/aflplusplus_cmplog_24k/description.md b/fuzzers/aflplusplus_cmplog_24k/description.md new file mode 100644 index 000000000..445a27663 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_24k/description.md @@ -0,0 +1,13 @@ +# aflplusplus + +AFL++ fuzzer instance that has the following config active for all benchmarks: + - PCGUARD instrumentation + - cmplog feature + - "fast" power schedule + - persistent mode + shared memory test cases + +Repository: [https://github.com/AFLplusplus/AFLplusplus/](https://github.com/AFLplusplus/AFLplusplus/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/aflplusplus_cmplog_24k/fuzzer.py b/fuzzers/aflplusplus_cmplog_24k/fuzzer.py new file mode 100755 index 000000000..3a6943ad7 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_24k/fuzzer.py @@ -0,0 +1,38 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Integration code for AFLplusplus fuzzer.""" + +# This optimized afl++ variant should always be run together with +# "aflplusplus" to show the difference - a default configured afl++ vs. +# a hand-crafted optimized one. afl++ is configured not to enable the good +# stuff by default to be as close to vanilla afl as possible. +# But this means that the good stuff is hidden away in this benchmark +# otherwise. + +from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + run_options = ['-p', 'fast'] + + aflplusplus_fuzzer.fuzz(input_corpus, + output_corpus, + target_binary, + flags=(run_options)) diff --git a/fuzzers/aflplusplus_cmplog_24k/runner.Dockerfile b/fuzzers/aflplusplus_cmplog_24k/runner.Dockerfile new file mode 100644 index 000000000..9f3495cec --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_24k/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/aflplusplus_cmplog_4k/builder.Dockerfile b/fuzzers/aflplusplus_cmplog_4k/builder.Dockerfile new file mode 100644 index 000000000..8d4eba201 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_4k/builder.Dockerfile @@ -0,0 +1,36 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Install libstdc++ to use llvm_mode. +RUN apt-get update && \ + apt-get install -y wget libstdc++-5-dev libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates + +# Download and compile afl++. +RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ + cd /afl && \ + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 && \ + sed -i 's|CMPLOG_POSITIONS_MAX .*|CMPLOG_POSITIONS_MAX 4096U|' include/config.h + +# Build without Python support as we don't need it. +# Set AFL_NO_X86 to skip flaky tests. +RUN cd /afl && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export AFL_NO_X86=1 && \ + PYTHON_INCLUDE=/ make && make install && \ + make -C utils/aflpp_driver && \ + cp utils/aflpp_driver/libAFLDriver.a / diff --git a/fuzzers/aflplusplus_cmplog_4k/description.md b/fuzzers/aflplusplus_cmplog_4k/description.md new file mode 100644 index 000000000..445a27663 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_4k/description.md @@ -0,0 +1,13 @@ +# aflplusplus + +AFL++ fuzzer instance that has the following config active for all benchmarks: + - PCGUARD instrumentation + - cmplog feature + - "fast" power schedule + - persistent mode + shared memory test cases + +Repository: [https://github.com/AFLplusplus/AFLplusplus/](https://github.com/AFLplusplus/AFLplusplus/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/aflplusplus_cmplog_4k/fuzzer.py b/fuzzers/aflplusplus_cmplog_4k/fuzzer.py new file mode 100755 index 000000000..3a6943ad7 --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_4k/fuzzer.py @@ -0,0 +1,38 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Integration code for AFLplusplus fuzzer.""" + +# This optimized afl++ variant should always be run together with +# "aflplusplus" to show the difference - a default configured afl++ vs. +# a hand-crafted optimized one. afl++ is configured not to enable the good +# stuff by default to be as close to vanilla afl as possible. +# But this means that the good stuff is hidden away in this benchmark +# otherwise. + +from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + run_options = ['-p', 'fast'] + + aflplusplus_fuzzer.fuzz(input_corpus, + output_corpus, + target_binary, + flags=(run_options)) diff --git a/fuzzers/aflplusplus_cmplog_4k/runner.Dockerfile b/fuzzers/aflplusplus_cmplog_4k/runner.Dockerfile new file mode 100644 index 000000000..9f3495cec --- /dev/null +++ b/fuzzers/aflplusplus_cmplog_4k/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/aflplusplus_cmplog_fail96/builder.Dockerfile b/fuzzers/aflplusplus_cmplog_fail96/builder.Dockerfile index 2dfd8992e..486cdccac 100644 --- a/fuzzers/aflplusplus_cmplog_fail96/builder.Dockerfile +++ b/fuzzers/aflplusplus_cmplog_fail96/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da && \ + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 && \ sed -i 's|CMPLOG_FAIL_MAX .*|CMPLOG_FAIL_MAX 96|' include/config.h # Build without Python support as we don't need it. diff --git a/fuzzers/aflplusplus_cmplog_introspection/builder.Dockerfile b/fuzzers/aflplusplus_cmplog_introspection/builder.Dockerfile index d46ff7bc9..c909d45c5 100644 --- a/fuzzers/aflplusplus_cmplog_introspection/builder.Dockerfile +++ b/fuzzers/aflplusplus_cmplog_introspection/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a5e9272e1ea187341d3a776d0bab934175a0d463 + git checkout aebb5f37c01407fbf9033be5e14887a32634dc94 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_dict2file/builder.Dockerfile b/fuzzers/aflplusplus_dict2file/builder.Dockerfile index 3b8d8b760..4a7d02e80 100644 --- a/fuzzers/aflplusplus_dict2file/builder.Dockerfile +++ b/fuzzers/aflplusplus_dict2file/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_eclipser/builder.Dockerfile b/fuzzers/aflplusplus_eclipser/builder.Dockerfile index 38ef12a42..3fdfc4b3d 100644 --- a/fuzzers/aflplusplus_eclipser/builder.Dockerfile +++ b/fuzzers/aflplusplus_eclipser/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_flcnt/builder.Dockerfile b/fuzzers/aflplusplus_flcnt/builder.Dockerfile index 89c78b0c9..f0bf3e74f 100644 --- a/fuzzers/aflplusplus_flcnt/builder.Dockerfile +++ b/fuzzers/aflplusplus_flcnt/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout d246d08190e03ec0d3a51f4ffd1c3c19d75c17ca + git checkout 6c7eeeca5e7deae81027cc59a78ed292d4d0d64d # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_havoc/builder.Dockerfile b/fuzzers/aflplusplus_havoc/builder.Dockerfile new file mode 100644 index 000000000..b0d1fece3 --- /dev/null +++ b/fuzzers/aflplusplus_havoc/builder.Dockerfile @@ -0,0 +1,35 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +# Install libstdc++ to use llvm_mode. +RUN apt-get update && \ + apt-get install -y wget libstdc++-5-dev libtool-bin automake flex bison \ + libglib2.0-dev libpixman-1-dev python3-setuptools unzip \ + apt-utils apt-transport-https ca-certificates + +# Download and compile afl++. +RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ + cd /afl && \ + git checkout fa4b3e55e6b153639f81fd17ecb84c2fe75c2469 + +# Build without Python support as we don't need it. +# Set AFL_NO_X86 to skip flaky tests. +RUN cd /afl && unset CFLAGS && unset CXXFLAGS && \ + export CC=clang && export AFL_NO_X86=1 && \ + PYTHON_INCLUDE=/ make && make install && \ + make -C utils/aflpp_driver && \ + cp utils/aflpp_driver/libAFLDriver.a / diff --git a/fuzzers/aflplusplus_havoc/description.md b/fuzzers/aflplusplus_havoc/description.md new file mode 100644 index 000000000..445a27663 --- /dev/null +++ b/fuzzers/aflplusplus_havoc/description.md @@ -0,0 +1,13 @@ +# aflplusplus + +AFL++ fuzzer instance that has the following config active for all benchmarks: + - PCGUARD instrumentation + - cmplog feature + - "fast" power schedule + - persistent mode + shared memory test cases + +Repository: [https://github.com/AFLplusplus/AFLplusplus/](https://github.com/AFLplusplus/AFLplusplus/) + +[builder.Dockerfile](builder.Dockerfile) +[fuzzer.py](fuzzer.py) +[runner.Dockerfile](runner.Dockerfile) diff --git a/fuzzers/aflplusplus_havoc/fuzzer.py b/fuzzers/aflplusplus_havoc/fuzzer.py new file mode 100755 index 000000000..3a6943ad7 --- /dev/null +++ b/fuzzers/aflplusplus_havoc/fuzzer.py @@ -0,0 +1,38 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Integration code for AFLplusplus fuzzer.""" + +# This optimized afl++ variant should always be run together with +# "aflplusplus" to show the difference - a default configured afl++ vs. +# a hand-crafted optimized one. afl++ is configured not to enable the good +# stuff by default to be as close to vanilla afl as possible. +# But this means that the good stuff is hidden away in this benchmark +# otherwise. + +from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer + + +def build(): # pylint: disable=too-many-branches,too-many-statements + """Build benchmark.""" + aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer.""" + run_options = ['-p', 'fast'] + + aflplusplus_fuzzer.fuzz(input_corpus, + output_corpus, + target_binary, + flags=(run_options)) diff --git a/fuzzers/aflplusplus_havoc/runner.Dockerfile b/fuzzers/aflplusplus_havoc/runner.Dockerfile new file mode 100644 index 000000000..9f3495cec --- /dev/null +++ b/fuzzers/aflplusplus_havoc/runner.Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/fuzzbench/base-image + +# This makes interactive docker runs painless: +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/out" +ENV AFL_MAP_SIZE=2621440 +ENV PATH="$PATH:/out" +ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 +ENV AFL_TESTCACHE_SIZE=2 diff --git a/fuzzers/aflplusplus_introspection/builder.Dockerfile b/fuzzers/aflplusplus_introspection/builder.Dockerfile index b553d71ca..d515b9610 100644 --- a/fuzzers/aflplusplus_introspection/builder.Dockerfile +++ b/fuzzers/aflplusplus_introspection/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_introspection2/builder.Dockerfile b/fuzzers/aflplusplus_introspection2/builder.Dockerfile index b553d71ca..d515b9610 100644 --- a/fuzzers/aflplusplus_introspection2/builder.Dockerfile +++ b/fuzzers/aflplusplus_introspection2/builder.Dockerfile @@ -24,7 +24,7 @@ RUN apt-get update && \ # Download and compile afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_optimal/builder.Dockerfile b/fuzzers/aflplusplus_optimal/builder.Dockerfile index 8a367363f..ae0203b6e 100644 --- a/fuzzers/aflplusplus_optimal/builder.Dockerfile +++ b/fuzzers/aflplusplus_optimal/builder.Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update && \ # Download afl++ RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_optimal_flcnt/builder.Dockerfile b/fuzzers/aflplusplus_optimal_flcnt/builder.Dockerfile index 5981a19a4..96fbea1b2 100644 --- a/fuzzers/aflplusplus_optimal_flcnt/builder.Dockerfile +++ b/fuzzers/aflplusplus_optimal_flcnt/builder.Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update && \ # Download afl++ RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ cd /afl && \ - git checkout d246d08190e03ec0d3a51f4ffd1c3c19d75c17ca + git checkout 6c7eeeca5e7deae81027cc59a78ed292d4d0d64d # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/fuzzers/aflplusplus_qemu/builder.Dockerfile b/fuzzers/aflplusplus_qemu/builder.Dockerfile index 6423e0a9b..3da7f9219 100644 --- a/fuzzers/aflplusplus_qemu/builder.Dockerfile +++ b/fuzzers/aflplusplus_qemu/builder.Dockerfile @@ -26,7 +26,7 @@ RUN cd / && wget https://github.com/ninja-build/ninja/releases/download/v1.10.1/ # Download afl++ RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \ - cd /afl && git checkout a2f40aa285faa75e78ac1ffffe8d79e2ac1a40da + cd /afl && git checkout 9b3d8c327d33191b181219ffce411b40bdbe8902 # Build afl++ without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. diff --git a/service/experiment-requests.yaml b/service/experiment-requests.yaml index a279dfc85..75a265cf0 100644 --- a/service/experiment-requests.yaml +++ b/service/experiment-requests.yaml @@ -19,6 +19,32 @@ # You can run "make presubmit" to do basic validation on this file. # Please add new experiment requests towards the top of this file. +- experiment: 2021-03-07-aflpp-bug + description: "afl++ cmplog introspection bug" + type: bug + fuzzers: + - aflplusplus_cmplog_introspection + - aflplusplus_optimal_flcnt + - aflplusplus_flcnt + - aflplusplus_optimal + - aflplusplus + - aflplusplus_havoc + +- experiment: 2021-03-07-aflpp + description: "afl++ cmplog introspection" + fuzzers: + - aflplusplus + - aflplusplus_optimal + - aflplusplus_flcnt + - aflplusplus_optimal_flcnt + - aflplusplus_cmplog_introspection + - aflplusplus_cmplog_fail96 + - aflplusplus_cmplog_4k + - aflplusplus_cmplog_12k + - aflplusplus_cmplog_16k + - aflplusplus_cmplog_24k + - aflplusplus_havoc + - experiment: 2021-03-05-aflpp-bug description: "afl++ cmplog introspection bug" type: bug