Ejemplo n.º 1
0
def build():
    """Build an AFL version and SymCC version of the benchmark"""
    print("Step 1: Building with AFL and SymCC")
    build_directory = os.environ['OUT']

    # First build with AFL.
    src = os.getenv('SRC')
    work = os.getenv('WORK')
    with utils.restore_directory(src), utils.restore_directory(work):
        # Restore SRC to its initial state so we can build again without any
        # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run
        # twice in the same directory without this.
        aflplusplus_fuzzer.build("tracepc", "symcc")

    print("Step 2: Completed AFL build")
    # Copy over AFL artifacts needed by SymCC.
    shutil.copy("/afl/afl-fuzz", build_directory)
    shutil.copy("/afl/afl-showmap", build_directory)

    # Copy over symcc artifacts and symbolic libc++.
    print("Step 3: Copying SymCC files")
    symcc_build_dir = get_symcc_build_dir(os.environ['OUT'])
    shutil.copy(
        "/symcc/build//SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so",
        symcc_build_dir)
    shutil.copy("/usr/lib/libz3.so", os.path.join(symcc_build_dir, "libz3.so"))
    shutil.copy("/libcxx_native_build/lib/libc++.so.1", symcc_build_dir)
    shutil.copy("/libcxx_native_build/lib/libc++abi.so.1", symcc_build_dir)
    shutil.copy("/rust/bin/symcc_fuzzing_helper", symcc_build_dir)
Ejemplo n.º 2
0
def build():
    """Build benchmark."""

    # Backup the environment.
    orig_env = os.environ.copy()
    #src = os.getenv('SRC')
    #work = os.getenv('WORK')
    build_directory = os.getenv('OUT')
    fuzz_target = os.getenv('FUZZ_TARGET')

    # First, build an uninstrumented binary for Eclipser.
    aflplusplus_fuzzer.build("qemu", "eclipser")
    eclipser_dir = get_uninstrumented_outdir(build_directory)
    os.mkdir(eclipser_dir)
    fuzz_binary = build_directory + '/' + fuzz_target
    shutil.copy(fuzz_binary, eclipser_dir)
    if os.path.isdir(build_directory + '/seeds'):
        shutil.rmtree(build_directory + '/seeds')

    # Second, build an instrumented binary for AFL++.
    os.environ = orig_env
    aflplusplus_fuzzer.build("tracepc")
    print('[build] Copying afl-fuzz to $OUT directory')

    # Copy afl-fuzz
    shutil.copy('/afl/afl-fuzz', build_directory)
Ejemplo n.º 3
0
def build():
    """Build an AFL version and SymCC version of the benchmark"""
    print("Step 1: Building with AFL")
    build_directory = os.environ['OUT']

    # Save the environment for use in SymCC
    new_env = os.environ.copy()

    # First build with AFL.
    src = os.getenv('SRC')
    work = os.getenv('WORK')
    with utils.restore_directory(src), utils.restore_directory(work):
        # Restore SRC to its initial state so we can build again without any
        # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run
        # twice in the same directory without this.
        aflplusplus_fuzzer.build()

    print("Step 2: Completed AFL build")
    # Copy over AFL artifacts needed by SymCC.
    shutil.copy("/afl/afl-fuzz", build_directory)
    shutil.copy("/afl/afl-showmap", build_directory)

    # Build the SymCC-instrumented target.
    print("Step 3: Building the benchmark with SymCC")
    symcc_build_dir = get_symcc_build_dir(os.environ['OUT'])
    os.mkdir(symcc_build_dir)

    # Set flags to ensure compilation with SymCC.
    new_env['CC'] = "/symcc/build/symcc"
    new_env['CXX'] = "/symcc/build/sym++"
    new_env['CXXFLAGS'] = new_env['CXXFLAGS'].replace("-stlib=libc++", "")
    new_env['FUZZER_LIB'] = '/libfuzzer-harness.o'
    new_env['OUT'] = symcc_build_dir

    new_env['CXXFLAGS'] += " -fno-sanitize=all "
    new_env['CFLAGS'] += " -fno-sanitize=all "

    # Setting this environment variable instructs SymCC to use the
    # libcxx library compiled with SymCC instrumentation.
    new_env['SYMCC_LIBCXX_PATH'] = "/libcxx_native_build"

    # Instructs SymCC to consider no symbolic inputs at runtime. This is needed
    # if, for example, some tests are run during compilation of the benchmark.
    new_env['SYMCC_NO_SYMBOLIC_INPUT'] = "1"

    # Build benchmark.
    utils.build_benchmark(env=new_env)

    # Copy over symcc artifacts and symbolic libc++.
    shutil.copy(
        "/symcc/build//SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so",
        symcc_build_dir)
    shutil.copy("/usr/lib/libz3.so", os.path.join(symcc_build_dir, "libz3.so"))
    shutil.copy("/libcxx_native_build/lib/libc++.so.1", symcc_build_dir)
    shutil.copy("/libcxx_native_build/lib/libc++abi.so.1", symcc_build_dir)
    shutil.copy("/rust/bin/symcc_fuzzing_helper", symcc_build_dir)
Ejemplo n.º 4
0
def build():
    """Build benchmark."""
    build_directory = os.getenv('OUT')
    fuzz_target = os.getenv('FUZZ_TARGET')

    # First, build an uninstrumented binary.
    aflplusplus_fuzzer.build("qemu", "eclipser")
    qemu_dir = get_uninstrumented_outdir(build_directory)
    os.mkdir(qemu_dir)
    fuzz_binary = build_directory + '/' + fuzz_target
    shutil.copy(fuzz_binary, qemu_dir)
    if os.path.isdir(build_directory + '/seeds'):
        shutil.rmtree(build_directory + '/seeds')

    aflplusplus_fuzzer.build("tracepc")
    shutil.copy('/afl/afl-fuzz', build_directory)
    if os.path.exists('/afl/afl-qemu-trace'):
        shutil.copy('/afl/afl-qemu-trace', build_directory)
    if os.path.exists('/aflpp_qemu_driver_hook.so'):
        shutil.copy('/aflpp_qemu_driver_hook.so', build_directory)
Ejemplo n.º 5
0
def build():
    """Build an AFL version and SymCC version of the benchmark"""

    # Backup the environment.
    orig_env = os.environ.copy()
    #src = os.getenv('SRC')
    #work = os.getenv('WORK')
    build_directory = os.getenv('OUT')
    fuzz_target = os.getenv('FUZZ_TARGET')

    # First, build an uninstrumented binary for Eclipser.
    aflplusplus_fuzzer.build("qemu", "eclipser")
    eclipser_dir = get_symcc_build_dir(build_directory)
    os.mkdir(eclipser_dir)
    fuzz_binary = build_directory + '/' + fuzz_target
    shutil.copy(fuzz_binary, eclipser_dir)
    if os.path.isdir(build_directory + '/seeds'):
        shutil.rmtree(build_directory + '/seeds')

    # Second, build an instrumented binary for AFL++.
    os.environ = orig_env
    aflplusplus_fuzzer.build("tracepc")
    print('[build] Copying afl-fuzz to $OUT directory')

    # Copy afl-fuzz
    shutil.copy('/afl/afl-fuzz', build_directory)
    shutil.copy("/afl/afl-showmap", build_directory)
    shutil.copy("/rust/bin/symcc_fuzzing_helper", eclipser_dir)

    symcc_build_dir = get_symcc_build_dir(os.environ['OUT'])

    # Copy over symcc artifacts and symbolic libc++.
    shutil.copy(
        "/symcc/build//SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so",
        symcc_build_dir)
    shutil.copy("/usr/lib/libz3.so", os.path.join(symcc_build_dir, "libz3.so"))
    shutil.copy("/rust/bin/symcc_fuzzing_helper", symcc_build_dir)
    shutil.copy("/symqemu/build/x86_64-linux-user/symqemu-x86_64",
                symcc_build_dir)
Ejemplo n.º 6
0
def build():
    """Build fuzzer."""
    aflplusplus_fuzzer.build()
Ejemplo n.º 7
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    aflplusplus_fuzzer.build()
Ejemplo n.º 8
0
def build():
    """Build benchmark."""

    aflplusplus_fuzzer.build('classic', 'ctx', 'laf', 'nozero')
Ejemplo n.º 9
0
def build():
    """Build benchmark."""

    aflplusplus_fuzzer.build('classic', 'ngram6', 'laf')
Ejemplo n.º 10
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    benchmark_name = os.environ['BENCHMARK']

    if benchmark_name == 'bloaty_fuzz_target':
        aflplusplus_fuzzer.build("lto")
    elif benchmark_name == 'curl_curl_fuzzer_http':
        aflplusplus_fuzzer.build("lto")
    elif benchmark_name == 'freetype2-2017':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'harfbuzz-1.3.2':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'jsoncpp_jsoncpp_fuzzer':
        aflplusplus_fuzzer.build("lto", "laf")
    elif benchmark_name == 'lcms-2017-03-21':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'libjpeg-turbo-07-2017':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'libxslt_xpath':
        aflplusplus_fuzzer.build("lto", "cmplog")
    elif benchmark_name == 'openh264_decoder_fuzzer':
        aflplusplus_fuzzer.build("lto", "cmplog")
    elif benchmark_name == 'openssl_x509':
        aflplusplus_fuzzer.build("tracepc", "dict2file")
    elif benchmark_name == 'php_php-fuzz-parser':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'proj4-2017-08-14':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'sqlite3_ossfuzz':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'stb_stbi_read_fuzzer':
        aflplusplus_fuzzer.build("lto", "cmplog")
    elif benchmark_name == 'systemd_fuzz-link-parser':
        aflplusplus_fuzzer.build("tracepc", "dict2file")
    elif benchmark_name == 'vorbis-2017-12-11':
        aflplusplus_fuzzer.build("lto", "laf")
    elif benchmark_name == 'zlib_zlib_uncompress_fuzzer':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    else:
        build_flags = os.environ['CFLAGS']
        if build_flags.find('array-bounds') != -1:
            aflplusplus_fuzzer.build("tracepc", "dict2file")
        else:
            aflplusplus_fuzzer.build("lto", "cmplog")

    for copy_file in glob.glob("/afl/libc*"):
        shutil.copy(copy_file, os.environ['OUT'])
Ejemplo n.º 11
0
def build():
    """Build benchmark."""

    aflplusplus_fuzzer.build('classic', 'ctx', 'laf', 'skipsingle')
Ejemplo n.º 12
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build("tracepc", "nozero")
Ejemplo n.º 13
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    benchmark_name = os.environ['BENCHMARK']

    if benchmark_name == 'bloaty_fuzz_target':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    elif benchmark_name == 'curl_curl_fuzzer_http':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    elif benchmark_name == 'libjpeg-turbo-07-2017':
        aflplusplus_fuzzer.build("lto", "fixed")
    elif benchmark_name == 'libpng-1.2.56':
        aflplusplus_fuzzer.build("lto", "laf", "fixed")
    elif benchmark_name == 'libxml2-v2.9.2':
        aflplusplus_fuzzer.build("lto", "fixed")
    elif benchmark_name == 'mbedtls_fuzz_dtlsclient':
        aflplusplus_fuzzer.build("tracepc")
    elif benchmark_name == 'openssl_x509':
        aflplusplus_fuzzer.build("tracepc")
    elif benchmark_name == 'php_php-fuzz-parser':
        aflplusplus_fuzzer.build("classic", "ctx", "cmplog")
    elif benchmark_name == 'proj4-2017-08-14':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    elif benchmark_name == 'sqlite3_ossfuzz':
        aflplusplus_fuzzer.build("lto", "fixed")
    elif benchmark_name == 'systemd_fuzz-link-parser':
        aflplusplus_fuzzer.build("lto", "cmplog")
    elif benchmark_name == 'vorbis-2017-12-11':
        aflplusplus_fuzzer.build("tracepc", "laf")
    elif benchmark_name == 'woff2-2016-05-06':
        aflplusplus_fuzzer.build("lto", "fixed")
    elif benchmark_name == 'zlib_zlib_uncompress_fuzzer':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    else:
        aflplusplus_fuzzer.build("lto", "cmplog", "fixed")

    for copy_file in glob.glob("/afl/libc*"):
        shutil.copy(copy_file, os.environ['OUT'])
Ejemplo n.º 14
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    os.environ['LOOP_ONLY'] = '1'
    aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
Ejemplo n.º 15
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    benchmark_name = os.environ['BENCHMARK']

    if benchmark_name == 'bloaty_fuzz_target':
        aflplusplus_fuzzer.build("lto", "laf", "autodict", "dynamic")
    elif benchmark_name == 'curl_curl_fuzzer_http':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    elif benchmark_name == 'freetype2-2017':
        aflplusplus_fuzzer.build("lto", "autodict", "dynamic")
    elif benchmark_name == 'harfbuzz-1.3.2':
        aflplusplus_fuzzer.build("tracepc")
    elif benchmark_name == 'jsoncpp_jsoncpp_fuzzer':
        aflplusplus_fuzzer.build("tracepc")
    elif benchmark_name == 'lcms-2017-03-21':
        aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle",
                                 "cmplog")
    elif benchmark_name == 'libjpeg-turbo-07-2017':
        aflplusplus_fuzzer.build("tracepc", "laf")
    elif benchmark_name == 'libpcap_fuzz_both':
        aflplusplus_fuzzer.build("lto", "laf")
    elif benchmark_name == 'libpng-1.2.56':
        aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle")
    elif benchmark_name == 'mbedtls_fuzz_dtlsclient':
        aflplusplus_fuzzer.build("tracepc")
    elif benchmark_name == 'openssl_x509':
        aflplusplus_fuzzer.build("lto", "autodict", "dynamic")
    elif benchmark_name == 'openthread-2019-12-23':
        aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle")
    elif benchmark_name == 'php_php-fuzz-parser':
        aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle")
    elif benchmark_name == 'proj4-2017-08-14':
        aflplusplus_fuzzer.build("lto", "cmplog", "autodict")
    elif benchmark_name == 'systemd_fuzz-link-parser':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    elif benchmark_name == 'vorbis-2017-12-11':
        aflplusplus_fuzzer.build("tracepc", "laf")
    elif benchmark_name == 'woff2-2016-05-06':
        aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle",
                                 "laf")
    elif benchmark_name == 'zlib_zlib_uncompress_fuzzer':
        aflplusplus_fuzzer.build("classic", "ngram6", "nozero", "skipsingle",
                                 "cmplog")
    else:
        aflplusplus_fuzzer.build("lto", "autodict")

    for copy_file in glob.glob("/afl/libc*"):
        shutil.copy(copy_file, os.environ['OUT'])
Ejemplo n.º 16
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build("cmplog", "ngram3", "nozero")
Ejemplo n.º 17
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build("instrim")
Ejemplo n.º 18
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    benchmark_name = os.environ['BENCHMARK']

    if benchmark_name == 'bloaty_fuzz_target':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'curl_curl_fuzzer_http':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    elif benchmark_name == 'lcms-2017-03-21':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'libjpeg-turbo-07-2017':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'libpcap_fuzz_both':
        aflplusplus_fuzzer.build("tracepc", "dict2file")
    elif benchmark_name == 'libpng-1.2.56':
        aflplusplus_fuzzer.build("lto", "laf")
    elif benchmark_name == 'libxml2-v2.9.2':
        aflplusplus_fuzzer.build("lto")
    elif benchmark_name == 'libxslt_xpath':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'mbedtls_fuzz_dtlsclient':
        aflplusplus_fuzzer.build("tracepc")
    elif benchmark_name == 'ndpi_fuzz_ndpi_reader':
        aflplusplus_fuzzer.build("tracepc", "dict2file")
    elif benchmark_name == 'openexr_openexr_exrenvmap_fuzzer':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'openssl_x509':
        aflplusplus_fuzzer.build("tracepc", "dict2file")
    elif benchmark_name == 'php_php-fuzz-parser':
        aflplusplus_fuzzer.build("native", "cmplog", "dict2file")
    elif benchmark_name == 'proj4-2017-08-14':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    elif benchmark_name == 're2-2014-12-09':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'sqlite3_ossfuzz':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'systemd_fuzz-link-parser':
        aflplusplus_fuzzer.build("lto", "cmplog")
    elif benchmark_name == 'vorbis-2017-12-11':
        aflplusplus_fuzzer.build("tracepc", "laf")
    elif benchmark_name == 'woff2-2016-05-06':
        aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
    elif benchmark_name == 'zlib_zlib_uncompress_fuzzer':
        aflplusplus_fuzzer.build("tracepc", "cmplog")
    else:
        build_flags = os.environ['CFLAGS']
        if build_flags.find('array-bounds') != -1:
            aflplusplus_fuzzer.build("tracepc", "laf", "dict2file")
        else:
            aflplusplus_fuzzer.build("lto", "cmplog")

    for copy_file in glob.glob("/afl/libc*"):
        shutil.copy(copy_file, os.environ['OUT'])
Ejemplo n.º 19
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build('laf', 'cmplog')
Ejemplo n.º 20
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    #os.environ['AFL_MAP_SIZE'] = '2621440'
    os.environ['DDG_INSTR'] = '1'
    aflplusplus_fuzzer.build("classic")
Ejemplo n.º 21
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    os.environ['AFL_MAP_SIZE'] = '2621440'
    aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
Ejemplo n.º 22
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build("cmplog", "instrim", "nozero")
Ejemplo n.º 23
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build('qemu')
Ejemplo n.º 24
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build('cmplog')
    shutil.copy('/afl/honggfuzz.so', os.environ['OUT'])
Ejemplo n.º 25
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build('qemu')
    shutil.copy('/afl/frida_mode/build/frida_hook.so', os.environ['OUT'])
Ejemplo n.º 26
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build("ctx")
Ejemplo n.º 27
0
def build():
    """Build benchmark."""
    aflplusplus_fuzzer.build("ngram2")
Ejemplo n.º 28
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    os.environ['AFL_LLVM_SKIP_NEVERZERO'] = '1'
    aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
Ejemplo n.º 29
0
def build():  # pylint: disable=too-many-branches,too-many-statements
    """Build benchmark."""
    aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
Ejemplo n.º 30
0
def build():
    """Build benchmark."""
    build_directory = os.getenv('OUT')
    aflplusplus_fuzzer.build("tracepc", "cmplog")
    shutil.copy('/afl/afl-fuzz', build_directory)