def build(): """Build an AFL version and SymCC version of the benchmark""" print("Step 1: Building with AFL and SymCC") build_directory = os.environ['OUT'] # First build with AFL. src = os.getenv('SRC') work = os.getenv('WORK') with utils.restore_directory(src), utils.restore_directory(work): # Restore SRC to its initial state so we can build again without any # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run # twice in the same directory without this. aflplusplus_fuzzer.build("tracepc", "symcc") print("Step 2: Completed AFL build") # Copy over AFL artifacts needed by SymCC. shutil.copy("/afl/afl-fuzz", build_directory) shutil.copy("/afl/afl-showmap", build_directory) # Copy over symcc artifacts and symbolic libc++. print("Step 3: Copying SymCC files") symcc_build_dir = get_symcc_build_dir(os.environ['OUT']) shutil.copy( "/symcc/build//SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so", symcc_build_dir) shutil.copy("/usr/lib/libz3.so", os.path.join(symcc_build_dir, "libz3.so")) shutil.copy("/libcxx_native_build/lib/libc++.so.1", symcc_build_dir) shutil.copy("/libcxx_native_build/lib/libc++abi.so.1", symcc_build_dir) shutil.copy("/rust/bin/symcc_fuzzing_helper", symcc_build_dir)
def build(): """Build benchmark.""" # Backup the environment. orig_env = os.environ.copy() #src = os.getenv('SRC') #work = os.getenv('WORK') build_directory = os.getenv('OUT') fuzz_target = os.getenv('FUZZ_TARGET') # First, build an uninstrumented binary for Eclipser. aflplusplus_fuzzer.build("qemu", "eclipser") eclipser_dir = get_uninstrumented_outdir(build_directory) os.mkdir(eclipser_dir) fuzz_binary = build_directory + '/' + fuzz_target shutil.copy(fuzz_binary, eclipser_dir) if os.path.isdir(build_directory + '/seeds'): shutil.rmtree(build_directory + '/seeds') # Second, build an instrumented binary for AFL++. os.environ = orig_env aflplusplus_fuzzer.build("tracepc") print('[build] Copying afl-fuzz to $OUT directory') # Copy afl-fuzz shutil.copy('/afl/afl-fuzz', build_directory)
def build(): """Build an AFL version and SymCC version of the benchmark""" print("Step 1: Building with AFL") build_directory = os.environ['OUT'] # Save the environment for use in SymCC new_env = os.environ.copy() # First build with AFL. src = os.getenv('SRC') work = os.getenv('WORK') with utils.restore_directory(src), utils.restore_directory(work): # Restore SRC to its initial state so we can build again without any # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run # twice in the same directory without this. aflplusplus_fuzzer.build() print("Step 2: Completed AFL build") # Copy over AFL artifacts needed by SymCC. shutil.copy("/afl/afl-fuzz", build_directory) shutil.copy("/afl/afl-showmap", build_directory) # Build the SymCC-instrumented target. print("Step 3: Building the benchmark with SymCC") symcc_build_dir = get_symcc_build_dir(os.environ['OUT']) os.mkdir(symcc_build_dir) # Set flags to ensure compilation with SymCC. new_env['CC'] = "/symcc/build/symcc" new_env['CXX'] = "/symcc/build/sym++" new_env['CXXFLAGS'] = new_env['CXXFLAGS'].replace("-stlib=libc++", "") new_env['FUZZER_LIB'] = '/libfuzzer-harness.o' new_env['OUT'] = symcc_build_dir new_env['CXXFLAGS'] += " -fno-sanitize=all " new_env['CFLAGS'] += " -fno-sanitize=all " # Setting this environment variable instructs SymCC to use the # libcxx library compiled with SymCC instrumentation. new_env['SYMCC_LIBCXX_PATH'] = "/libcxx_native_build" # Instructs SymCC to consider no symbolic inputs at runtime. This is needed # if, for example, some tests are run during compilation of the benchmark. new_env['SYMCC_NO_SYMBOLIC_INPUT'] = "1" # Build benchmark. utils.build_benchmark(env=new_env) # Copy over symcc artifacts and symbolic libc++. shutil.copy( "/symcc/build//SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so", symcc_build_dir) shutil.copy("/usr/lib/libz3.so", os.path.join(symcc_build_dir, "libz3.so")) shutil.copy("/libcxx_native_build/lib/libc++.so.1", symcc_build_dir) shutil.copy("/libcxx_native_build/lib/libc++abi.so.1", symcc_build_dir) shutil.copy("/rust/bin/symcc_fuzzing_helper", symcc_build_dir)
def build(): """Build benchmark.""" build_directory = os.getenv('OUT') fuzz_target = os.getenv('FUZZ_TARGET') # First, build an uninstrumented binary. aflplusplus_fuzzer.build("qemu", "eclipser") qemu_dir = get_uninstrumented_outdir(build_directory) os.mkdir(qemu_dir) fuzz_binary = build_directory + '/' + fuzz_target shutil.copy(fuzz_binary, qemu_dir) if os.path.isdir(build_directory + '/seeds'): shutil.rmtree(build_directory + '/seeds') aflplusplus_fuzzer.build("tracepc") shutil.copy('/afl/afl-fuzz', build_directory) if os.path.exists('/afl/afl-qemu-trace'): shutil.copy('/afl/afl-qemu-trace', build_directory) if os.path.exists('/aflpp_qemu_driver_hook.so'): shutil.copy('/aflpp_qemu_driver_hook.so', build_directory)
def build(): """Build an AFL version and SymCC version of the benchmark""" # Backup the environment. orig_env = os.environ.copy() #src = os.getenv('SRC') #work = os.getenv('WORK') build_directory = os.getenv('OUT') fuzz_target = os.getenv('FUZZ_TARGET') # First, build an uninstrumented binary for Eclipser. aflplusplus_fuzzer.build("qemu", "eclipser") eclipser_dir = get_symcc_build_dir(build_directory) os.mkdir(eclipser_dir) fuzz_binary = build_directory + '/' + fuzz_target shutil.copy(fuzz_binary, eclipser_dir) if os.path.isdir(build_directory + '/seeds'): shutil.rmtree(build_directory + '/seeds') # Second, build an instrumented binary for AFL++. os.environ = orig_env aflplusplus_fuzzer.build("tracepc") print('[build] Copying afl-fuzz to $OUT directory') # Copy afl-fuzz shutil.copy('/afl/afl-fuzz', build_directory) shutil.copy("/afl/afl-showmap", build_directory) shutil.copy("/rust/bin/symcc_fuzzing_helper", eclipser_dir) symcc_build_dir = get_symcc_build_dir(os.environ['OUT']) # Copy over symcc artifacts and symbolic libc++. shutil.copy( "/symcc/build//SymRuntime-prefix/src/SymRuntime-build/libSymRuntime.so", symcc_build_dir) shutil.copy("/usr/lib/libz3.so", os.path.join(symcc_build_dir, "libz3.so")) shutil.copy("/rust/bin/symcc_fuzzing_helper", symcc_build_dir) shutil.copy("/symqemu/build/x86_64-linux-user/symqemu-x86_64", symcc_build_dir)
def build(): """Build fuzzer.""" aflplusplus_fuzzer.build()
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" aflplusplus_fuzzer.build()
def build(): """Build benchmark.""" aflplusplus_fuzzer.build('classic', 'ctx', 'laf', 'nozero')
def build(): """Build benchmark.""" aflplusplus_fuzzer.build('classic', 'ngram6', 'laf')
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" benchmark_name = os.environ['BENCHMARK'] if benchmark_name == 'bloaty_fuzz_target': aflplusplus_fuzzer.build("lto") elif benchmark_name == 'curl_curl_fuzzer_http': aflplusplus_fuzzer.build("lto") elif benchmark_name == 'freetype2-2017': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'harfbuzz-1.3.2': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'jsoncpp_jsoncpp_fuzzer': aflplusplus_fuzzer.build("lto", "laf") elif benchmark_name == 'lcms-2017-03-21': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'libjpeg-turbo-07-2017': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'libxslt_xpath': aflplusplus_fuzzer.build("lto", "cmplog") elif benchmark_name == 'openh264_decoder_fuzzer': aflplusplus_fuzzer.build("lto", "cmplog") elif benchmark_name == 'openssl_x509': aflplusplus_fuzzer.build("tracepc", "dict2file") elif benchmark_name == 'php_php-fuzz-parser': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'proj4-2017-08-14': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'sqlite3_ossfuzz': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'stb_stbi_read_fuzzer': aflplusplus_fuzzer.build("lto", "cmplog") elif benchmark_name == 'systemd_fuzz-link-parser': aflplusplus_fuzzer.build("tracepc", "dict2file") elif benchmark_name == 'vorbis-2017-12-11': aflplusplus_fuzzer.build("lto", "laf") elif benchmark_name == 'zlib_zlib_uncompress_fuzzer': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") else: build_flags = os.environ['CFLAGS'] if build_flags.find('array-bounds') != -1: aflplusplus_fuzzer.build("tracepc", "dict2file") else: aflplusplus_fuzzer.build("lto", "cmplog") for copy_file in glob.glob("/afl/libc*"): shutil.copy(copy_file, os.environ['OUT'])
def build(): """Build benchmark.""" aflplusplus_fuzzer.build('classic', 'ctx', 'laf', 'skipsingle')
def build(): """Build benchmark.""" aflplusplus_fuzzer.build("tracepc", "nozero")
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" benchmark_name = os.environ['BENCHMARK'] if benchmark_name == 'bloaty_fuzz_target': aflplusplus_fuzzer.build("tracepc", "cmplog") elif benchmark_name == 'curl_curl_fuzzer_http': aflplusplus_fuzzer.build("tracepc", "cmplog") elif benchmark_name == 'libjpeg-turbo-07-2017': aflplusplus_fuzzer.build("lto", "fixed") elif benchmark_name == 'libpng-1.2.56': aflplusplus_fuzzer.build("lto", "laf", "fixed") elif benchmark_name == 'libxml2-v2.9.2': aflplusplus_fuzzer.build("lto", "fixed") elif benchmark_name == 'mbedtls_fuzz_dtlsclient': aflplusplus_fuzzer.build("tracepc") elif benchmark_name == 'openssl_x509': aflplusplus_fuzzer.build("tracepc") elif benchmark_name == 'php_php-fuzz-parser': aflplusplus_fuzzer.build("classic", "ctx", "cmplog") elif benchmark_name == 'proj4-2017-08-14': aflplusplus_fuzzer.build("tracepc", "cmplog") elif benchmark_name == 'sqlite3_ossfuzz': aflplusplus_fuzzer.build("lto", "fixed") elif benchmark_name == 'systemd_fuzz-link-parser': aflplusplus_fuzzer.build("lto", "cmplog") elif benchmark_name == 'vorbis-2017-12-11': aflplusplus_fuzzer.build("tracepc", "laf") elif benchmark_name == 'woff2-2016-05-06': aflplusplus_fuzzer.build("lto", "fixed") elif benchmark_name == 'zlib_zlib_uncompress_fuzzer': aflplusplus_fuzzer.build("tracepc", "cmplog") else: aflplusplus_fuzzer.build("lto", "cmplog", "fixed") for copy_file in glob.glob("/afl/libc*"): shutil.copy(copy_file, os.environ['OUT'])
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ['LOOP_ONLY'] = '1' aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" benchmark_name = os.environ['BENCHMARK'] if benchmark_name == 'bloaty_fuzz_target': aflplusplus_fuzzer.build("lto", "laf", "autodict", "dynamic") elif benchmark_name == 'curl_curl_fuzzer_http': aflplusplus_fuzzer.build("tracepc", "cmplog") elif benchmark_name == 'freetype2-2017': aflplusplus_fuzzer.build("lto", "autodict", "dynamic") elif benchmark_name == 'harfbuzz-1.3.2': aflplusplus_fuzzer.build("tracepc") elif benchmark_name == 'jsoncpp_jsoncpp_fuzzer': aflplusplus_fuzzer.build("tracepc") elif benchmark_name == 'lcms-2017-03-21': aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle", "cmplog") elif benchmark_name == 'libjpeg-turbo-07-2017': aflplusplus_fuzzer.build("tracepc", "laf") elif benchmark_name == 'libpcap_fuzz_both': aflplusplus_fuzzer.build("lto", "laf") elif benchmark_name == 'libpng-1.2.56': aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle") elif benchmark_name == 'mbedtls_fuzz_dtlsclient': aflplusplus_fuzzer.build("tracepc") elif benchmark_name == 'openssl_x509': aflplusplus_fuzzer.build("lto", "autodict", "dynamic") elif benchmark_name == 'openthread-2019-12-23': aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle") elif benchmark_name == 'php_php-fuzz-parser': aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle") elif benchmark_name == 'proj4-2017-08-14': aflplusplus_fuzzer.build("lto", "cmplog", "autodict") elif benchmark_name == 'systemd_fuzz-link-parser': aflplusplus_fuzzer.build("tracepc", "cmplog") elif benchmark_name == 'vorbis-2017-12-11': aflplusplus_fuzzer.build("tracepc", "laf") elif benchmark_name == 'woff2-2016-05-06': aflplusplus_fuzzer.build("classic", "ctx", "nozero", "skipsingle", "laf") elif benchmark_name == 'zlib_zlib_uncompress_fuzzer': aflplusplus_fuzzer.build("classic", "ngram6", "nozero", "skipsingle", "cmplog") else: aflplusplus_fuzzer.build("lto", "autodict") for copy_file in glob.glob("/afl/libc*"): shutil.copy(copy_file, os.environ['OUT'])
def build(): """Build benchmark.""" aflplusplus_fuzzer.build("cmplog", "ngram3", "nozero")
def build(): """Build benchmark.""" aflplusplus_fuzzer.build("instrim")
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" benchmark_name = os.environ['BENCHMARK'] if benchmark_name == 'bloaty_fuzz_target': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'curl_curl_fuzzer_http': aflplusplus_fuzzer.build("tracepc", "cmplog") elif benchmark_name == 'lcms-2017-03-21': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'libjpeg-turbo-07-2017': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'libpcap_fuzz_both': aflplusplus_fuzzer.build("tracepc", "dict2file") elif benchmark_name == 'libpng-1.2.56': aflplusplus_fuzzer.build("lto", "laf") elif benchmark_name == 'libxml2-v2.9.2': aflplusplus_fuzzer.build("lto") elif benchmark_name == 'libxslt_xpath': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'mbedtls_fuzz_dtlsclient': aflplusplus_fuzzer.build("tracepc") elif benchmark_name == 'ndpi_fuzz_ndpi_reader': aflplusplus_fuzzer.build("tracepc", "dict2file") elif benchmark_name == 'openexr_openexr_exrenvmap_fuzzer': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'openssl_x509': aflplusplus_fuzzer.build("tracepc", "dict2file") elif benchmark_name == 'php_php-fuzz-parser': aflplusplus_fuzzer.build("native", "cmplog", "dict2file") elif benchmark_name == 'proj4-2017-08-14': aflplusplus_fuzzer.build("tracepc", "cmplog") elif benchmark_name == 're2-2014-12-09': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'sqlite3_ossfuzz': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'systemd_fuzz-link-parser': aflplusplus_fuzzer.build("lto", "cmplog") elif benchmark_name == 'vorbis-2017-12-11': aflplusplus_fuzzer.build("tracepc", "laf") elif benchmark_name == 'woff2-2016-05-06': aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file") elif benchmark_name == 'zlib_zlib_uncompress_fuzzer': aflplusplus_fuzzer.build("tracepc", "cmplog") else: build_flags = os.environ['CFLAGS'] if build_flags.find('array-bounds') != -1: aflplusplus_fuzzer.build("tracepc", "laf", "dict2file") else: aflplusplus_fuzzer.build("lto", "cmplog") for copy_file in glob.glob("/afl/libc*"): shutil.copy(copy_file, os.environ['OUT'])
def build(): """Build benchmark.""" aflplusplus_fuzzer.build('laf', 'cmplog')
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" #os.environ['AFL_MAP_SIZE'] = '2621440' os.environ['DDG_INSTR'] = '1' aflplusplus_fuzzer.build("classic")
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ['AFL_MAP_SIZE'] = '2621440' aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
def build(): """Build benchmark.""" aflplusplus_fuzzer.build("cmplog", "instrim", "nozero")
def build(): """Build benchmark.""" aflplusplus_fuzzer.build('qemu')
def build(): """Build benchmark.""" aflplusplus_fuzzer.build('cmplog') shutil.copy('/afl/honggfuzz.so', os.environ['OUT'])
def build(): """Build benchmark.""" aflplusplus_fuzzer.build('qemu') shutil.copy('/afl/frida_mode/build/frida_hook.so', os.environ['OUT'])
def build(): """Build benchmark.""" aflplusplus_fuzzer.build("ctx")
def build(): """Build benchmark.""" aflplusplus_fuzzer.build("ngram2")
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ['AFL_LLVM_SKIP_NEVERZERO'] = '1' aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" aflplusplus_fuzzer.build("tracepc", "cmplog", "dict2file")
def build(): """Build benchmark.""" build_directory = os.getenv('OUT') aflplusplus_fuzzer.build("tracepc", "cmplog") shutil.copy('/afl/afl-fuzz', build_directory)