def build(): """Build benchmark.""" # With LibFuzzer we use -fsanitize=fuzzer-no-link for build CFLAGS and then # /usr/lib/libFuzzer.a as the FUZZER_LIB for the main fuzzing binary. This # allows us to link against a version of LibFuzzer that we specify. cflags = ['-fsanitize=fuzzer-no-link'] # Can be removed once the patch https://reviews.llvm.org/D83987 # appears in gcr.io/fuzzbench/base-builder cflags += ['-fno-builtin-bcmp'] cflags += ['-fno-builtin-memcmp'] cflags += ['-fno-builtin-strncmp'] cflags += ['-fno-builtin-strcmp'] cflags += ['-fno-builtin-strncasecmp'] cflags += ['-fno-builtin-strcasecmp'] cflags += ['-fno-builtin-strstr'] cflags += ['-fno-builtin-strcasestr'] cflags += ['-fno-builtin-memmem'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/usr/lib/libFuzzer.a' utils.build_benchmark()
def prepare_build_environment(): cxxflags = ['-stdlib=libc++', '-std=c++11', '-pthread'] utils.append_flags('CXXFLAGS', cxxflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '' os.environ['USE_POSIX_TARGET'] = ''
def prepare_build_environment(): """Set environment variables used to build targets for AFL-based fuzzers.""" cflags = ['-fsanitize-coverage=trace-pc-guard'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libAFL.a'
def prepare_build_environment(): cflags = ['-fprofile-arcs', '-ftest-coverage', '-pthread'] cxxflags = ['-fprofile-arcs', '-ftest-coverage', '-std=c++11', '-pthread'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cxxflags) os.environ['CC'] = 'gcc-7' os.environ['CXX'] = 'g++-7' os.environ['FUZZER_LIB'] = '' os.environ['USE_POSIX_TARGET'] = ''
def build(): """Build benchmark.""" cflags = ['-fsanitize=fuzzer-no-link'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libEntropic.a' utils.build_benchmark()
def prepare_build_environment(): """Set environment variables used to build AFL-based fuzzers.""" utils.set_no_sanitizer_compilation_flags() cflags = ['-O3', '-fsanitize-coverage=trace-pc-guard'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libAFL.a'
def build(): """Build benchmark.""" cflags = ['-fsanitize-coverage=trace-pc-guard'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/usr/lib/libFuzzer.a' utils.build_benchmark()
def build(): """Build benchmark.""" cflags = ['-fprofile-instr-generate', '-fcoverage-mapping'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/usr/lib/libFuzzer.a' utils.build_benchmark()
def prepare_build_environment(): """Set environment variables used to build AFL-based fuzzers.""" cflags = [ '-O2', '-fno-omit-frame-pointer', '-gline-tables-only', '-fsanitize=address', '-fsanitize-coverage=trace-pc-guard' ] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libAFL.a'
def fix_fuzzer_lib(): """Fix FUZZER_LIB for certain benchmarks""" os.environ['FUZZER_LIB'] += ' -L/ -lKleeMock -lpthread' if is_benchmark('curl'): shutil.copy('/libKleeMock.so', '/usr/lib/libKleeMock.so') shutil.copy('/libAFL.a', '/usr/lib/libFuzzingEngine.a') if is_benchmark('systemd'): shutil.copy('/libAFL.a', '/usr/lib/libFuzzingEngine.a') ld_flags = ['-lpthread'] utils.append_flags('LDFLAGS', ld_flags)
def fix_fuzzer_lib(): """Fix FUZZER_LIB for certain benchmarks""" if '--warn-unresolved-symbols' not in os.environ['CFLAGS']: os.environ['FUZZER_LIB'] += ' -L/ -lAflccMock -lpthread' if is_benchmark('curl'): shutil.copy('/libAflccMock.so', '/usr/lib/libAflccMock.so') if is_benchmark('systemd'): shutil.copy('/libAFL.a', '/usr/lib/libFuzzingEngine.a') ld_flags = ['-lpthread'] utils.append_flags('LDFLAGS', ld_flags)
def prepare_build_environment(): """Set environment variables used to build targets for AFL-based fuzzers.""" cflags = ['-fsanitize-coverage=trace-pc-guard'] cxxflags = [ '-fsanitize-coverage=trace-pc-guard', '-stdlib=libc++', '-std=c++11' ] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cxxflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/home/ferry/Documents/tools/AFL/libAFL.a'
def build(): # pylint: disable=too-many-branches,too-many-statements """Build benchmark.""" os.environ['CC'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cc' os.environ['CXX'] = '/libafl/fuzzers/fuzzbench/target/release/libafl_cxx' os.environ['ASAN_OPTIONS'] = 'abort_on_error=0:allocator_may_return_null=1' os.environ['UBSAN_OPTIONS'] = 'abort_on_error=0' cflags = ['--libafl'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['FUZZER_LIB'] = '/emptylib.a' utils.build_benchmark()
def build(): """Build benchmark.""" # With LibFuzzer we use -fsanitize=fuzzer-no-link for build CFLAGS and then # /usr/lib/libFuzzer.a as the FUZZER_LIB for the main fuzzing binary. This # allows us to link against a version of LibFuzzer that we specify. cflags = [ '-fsanitize=fuzzer-no-link'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = '/clangwrapper' os.environ['CXX'] = '/clang++wrapper' os.environ['FUZZER_LIB'] = '/usr/lib/libFuzzer.a' utils.build_benchmark()
def build(): """Build benchmark.""" # QEMU does not work with sanitizers, so skip -fsanitize=. See # https://github.com/SoftSec-KAIST/Eclipser/issues/5 utils.set_no_sanitizer_compilation_flags() cflags = ['-O3'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libStandaloneFuzzTarget.a' utils.build_benchmark()
def build(): """Build benchmark.""" cflags = ['-fsanitize=fuzzer-no-link'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/fuzzer.a' utils.build_benchmark() output_directory = os.environ['OUT'] print('[post_build] Copy config.') shutil.copy('/fuzzer.yml', output_directory)
def build(): """Build benchmark.""" # With LibFuzzer we use -fsanitize=fuzzer-no-link for build CFLAGS and then # /usr/lib/libFuzzer.a as the FUZZER_LIB for the main fuzzing binary. This # allows us to link against a version of LibFuzzer that we specify. cflags = ['-fsanitize-coverage=trace-pc-guard'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libaflfuzzer.a' os.environ['AFL_LLVM_LAF_ALL'] = '1' utils.build_benchmark()
def build(): """Build fuzzer.""" cflags = [ '-O2', '-fno-omit-frame-pointer', '-gline-tables-only', '-fsanitize=address,fuzzer-no-link', ] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libEntropic.a' utils.build_benchmark()
def build(): """Build benchmark.""" utils.set_no_sanitizer_compilation_flags() cflags = ['-O3'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) # honggfuzz doesn't need additional libraries when code is compiled # with hfuzz-clang(++) os.environ['CC'] = '/honggfuzz/hfuzz_cc/hfuzz-clang' os.environ['CXX'] = '/honggfuzz/hfuzz_cc/hfuzz-clang++' os.environ['FUZZER_LIB'] = '/honggfuzz/empty_lib.o' utils.build_benchmark() print('[post_build] Copying honggfuzz to $OUT directory') # Copy over honggfuzz's main fuzzing binary. shutil.copy('/honggfuzz/honggfuzz', os.environ['OUT'])
def build(): """Build benchmark.""" os.environ['AFL_MAP_SIZE'] = '65536' os.environ['AFL_LLVM_MAP_ADDR'] = '0x1000000' os.environ['ZAFL_FIXED_MAP_ADDR'] = '0x1000000' os.environ['CC'] = '/cc.sh' os.environ['CXX'] = '/cxx.sh' if 'LD_LIBRARY_PATH' in os.environ: os.environ['LD_LIBRARY_PATH'] = os.environ['LD_LIBRARY_PATH'] + ":/out" else: os.environ['LD_LIBRARY_PATH'] = "/out" utils.append_flags('CFLAGS', ['-fPIC', '-lpthread']) utils.append_flags('CXXFLAGS', ['-fPIC', '-lpthread']) os.environ['FUZZER_LIB'] = '/out/fakeLibrary.a' utils.build_benchmark() res = os.system('bash -x /zafl_bins.sh') if res != 0: os.system('rm -rf /out')
def build(): """Build fuzzer.""" afl_fuzzer.prepare_build_environment() # Override AFL's FUZZER_LIB with QSYM's. os.environ['FUZZER_LIB'] = '/libQSYM.a' src = os.getenv('SRC') work = os.getenv('WORK') with utils.restore_directory(src), utils.restore_directory(work): # Restore SRC to its initial state so we can build again without any # trouble. For some OSS-Fuzz projects, build_benchmark cannot be run # twice in the same directory without this. utils.build_benchmark() # QSYM requires an uninstrumented build as well. new_env = os.environ.copy() utils.set_no_sanitizer_compilation_flags(new_env) cflags = ['-O2', '-fno-omit-frame-pointer', '-gline-tables-only'] utils.append_flags('CFLAGS', cflags, new_env) utils.append_flags('CXXFLAGS', cflags, new_env) # For uninstrumented build, set the OUT and FUZZ_TARGET environment # variable to point to the new uninstrumented build directory. build_directory = os.environ['OUT'] uninstrumented_build_directory = get_uninstrumented_build_directory( build_directory) os.mkdir(uninstrumented_build_directory) new_env['OUT'] = uninstrumented_build_directory fuzz_target = os.getenv('FUZZ_TARGET') if fuzz_target: new_env['FUZZ_TARGET'] = os.path.join(uninstrumented_build_directory, os.path.basename(fuzz_target)) print('Re-building benchmark for uninstrumented fuzzing target') utils.build_benchmark(env=new_env) print('[post_build] Copying afl-fuzz to $OUT directory') # Copy out the afl-fuzz binary as a build artifact. shutil.copy('/afl/afl-fuzz', build_directory) # QSYM also requires afl-showmap. print('[post_build] Copying afl-showmap to $OUT directory') shutil.copy('/afl/afl-showmap', build_directory)
def build(): """Build fuzzer.""" # With LibFuzzer we use -fsanitize=fuzzer-no-link for build CFLAGS and then # /usr/lib/libFuzzer.a as the FUZZER_LIB for the main fuzzing binary. This # allows us to link against a version of LibFuzzer that we specify. cflags = [ '-O2', '-fno-omit-frame-pointer', '-gline-tables-only', '-fsanitize=address,fuzzer-no-link', ] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/usr/lib/libFuzzer.a' utils.build_benchmark()
def build(): """Build fuzzer.""" cflags = ['-O3'] utils.set_no_sanitizer_compilation_flags() utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = '/afl/afl-clang-fast' os.environ['CXX'] = '/afl/afl-clang-fast++' os.environ['FUZZER_LIB'] = '/libAFLDriver.a' # Some benchmarks like lcms # (see: https://github.com/mm2/Little-CMS/commit/ab1093539b4287c233aca6a3cf53b234faceb792#diff-f0e6d05e72548974e852e8e55dffc4ccR212) # fail to compile if the compiler outputs things to stderr in unexpected # cases. Prevent these failures by using AFL_QUIET to stop afl-clang-fast # from writing AFL specific messages to stderr. os.environ['AFL_QUIET'] = '1' utils.build_benchmark() shutil.copy('/afl/afl-fuzz', os.environ['OUT'])
def build(): """Build fuzzer.""" cflags = [ '-O2', '-fno-omit-frame-pointer', '-gline-tables-only', '-fsanitize=address', ] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = '/honggfuzz/hfuzz_cc/hfuzz-clang' os.environ['CXX'] = '/honggfuzz/hfuzz_cc/hfuzz-clang++' os.environ['FUZZER_LIB'] = '/honggfuzz/libhfuzz/persistent.o' utils.build_benchmark() print('[post_build] Copying honggfuzz to $OUT directory') # Copy over honggfuzz's main fuzzing binary. shutil.copy('/honggfuzz/honggfuzz', os.environ['OUT'])
def prepare_build_environment(): """Set environment variables used to build benchmark.""" # Update compiler flags for clang-3.8. cflags = ['-fPIC'] cppflags = cflags + [ '-I/usr/local/include/c++/v1/', '-stdlib=libc++', '-std=c++11' ] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cppflags) # Add flags for various benchmarks. add_compilation_cflags() # Setup aflcc compiler. os.environ['LLVM_CONFIG'] = 'llvm-config-3.8' os.environ['CC'] = '/afl/aflc-gclang' os.environ['CXX'] = '/afl/aflc-gclang++' os.environ['FUZZER_LIB'] = '/libAFL.a' # Fix FUZZER_LIB for various benchmarks. fix_fuzzer_lib()
def build(): """Build fuzzer.""" cflags = [ '-O2', '-fno-omit-frame-pointer', '-gline-tables-only', '-fsanitize=address', ] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) # honggfuzz doesn't need additional libraries when code is compiled # with hfuzz-clang(++) os.environ['CC'] = '/honggfuzz/hfuzz_cc/hfuzz-clang' os.environ['CXX'] = '/honggfuzz/hfuzz_cc/hfuzz-clang++' os.environ['FUZZER_LIB'] = '/honggfuzz/empty_lib.o' utils.build_benchmark() print('[post_build] Copying honggfuzz to $OUT directory') # Copy over honggfuzz's main fuzzing binary. shutil.copy('/honggfuzz/honggfuzz', os.environ['OUT'])
def prepare_build_environment(): """Set environment variables used to build benchmark.""" # In php benchmark, there is a call to __builtin_cpu_supports("ssse3") # (see https://github.com/php/php-src/blob/master/Zend/zend_cpuinfo.h). # It is not supported by clang-3.8, so we define the MACRO below # to replace any __builtin_cpu_supports() with 0, i.e., not supported cflags = ['-fPIC'] if 'php' in os.environ['BENCHMARK']: cflags += ['-D__builtin_cpu_supports\\(x\\)=0'] cppflags = cflags + ['-I/usr/local/include/c++/v1/', '-std=c++11'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cppflags) # Enable LAF-INTEL changes os.environ['LAF_SPLIT_SWITCHES'] = '1' os.environ['LAF_TRANSFORM_COMPARES'] = '1' os.environ['LAF_SPLIT_COMPARES'] = '1' os.environ['AFL_CC'] = 'clang-3.8' os.environ['AFL_CXX'] = 'clang++-3.8' os.environ['CC'] = '/afl/afl-clang-fast' os.environ['CXX'] = '/afl/afl-clang-fast++' os.environ['FUZZER_LIB'] = '/libAFL.a'
def build(): """Build benchmark.""" cflags = ['-fsanitize=fuzzer-no-link'] # Can be removed once the patch https://reviews.llvm.org/D83987 # appears in gcr.io/fuzzbench/base-builder cflags += ['-fno-builtin-bcmp'] cflags += ['-fno-builtin-memcmp'] cflags += ['-fno-builtin-strncmp'] cflags += ['-fno-builtin-strcmp'] cflags += ['-fno-builtin-strncasecmp'] cflags += ['-fno-builtin-strcasecmp'] cflags += ['-fno-builtin-strstr'] cflags += ['-fno-builtin-strcasestr'] cflags += ['-fno-builtin-memmem'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) os.environ['CC'] = 'clang' os.environ['CXX'] = 'clang++' os.environ['FUZZER_LIB'] = '/libEntropic.a' utils.build_benchmark()
def prepare_build_environment(): """Set environment variables used to build benchmark.""" if is_benchmark('sqlite3'): sqlite3_flags = [ '-DSQLITE_THREADSAFE=0', '-DSQLITE_OMIT_LOAD_EXTENSION', '-DSQLITE_DEFAULT_MEMSTATUS=0', '-DSQLITE_MAX_EXPR_DEPTH=0', '-DSQLITE_OMIT_DECLTYPE', '-DSQLITE_OMIT_DEPRECATED', '-DSQLITE_DEFAULT_PAGE_SIZE=512', '-DSQLITE_DEFAULT_CACHE_SIZE=10', '-DSQLITE_DISABLE_INTRINSIC', '-DSQLITE_DISABLE_LFS', '-DYYSTACKDEPTH=20', '-DSQLITE_OMIT_LOOKASIDE', '-DSQLITE_OMIT_WAL', '-DSQLITE_DEFAULT_LOOKASIDE=\'64,5\'', '-DSQLITE_OMIT_PROGRESS_CALLBACK', '-DSQLITE_OMIT_SHARED_CACHE' ] utils.append_flags('CFLAGS', sqlite3_flags) utils.append_flags('CXXFLAGS', sqlite3_flags) #This convinces sqlite3 ./configure script to not reenable threads os.environ['enable_threadsafe'] = 'no' # See https://klee.github.io/tutorials/testing-function/ cflags = ['-O0', '-Xclang', '-disable-O0-optnone'] utils.append_flags('CFLAGS', cflags) utils.append_flags('CXXFLAGS', cflags) # Add flags for various benchmarks. add_compilation_cflags() os.environ['LLVM_CC_NAME'] = 'clang-6.0' os.environ['LLVM_CXX_NAME'] = 'clang++-6.0' os.environ['LLVM_AR_NAME'] = 'llvm-ar-6.0' os.environ['LLVM_LINK_NAME'] = 'llvm-link-6.0' os.environ['LLVM_COMPILER'] = 'clang' os.environ['CC'] = 'wllvm' os.environ['CXX'] = 'wllvm++' os.environ['FUZZER_LIB'] = '/libAFL.a' # -L/ -lKleeMock -lpthread' # Fix FUZZER_LIB for various benchmarks. fix_fuzzer_lib()
def add_compilation_cflags(): """Add custom flags for certain benchmarks""" if is_benchmark('openthread'): openthread_flags = openthread_suppress_error_flags() utils.append_flags('CFLAGS', openthread_flags) utils.append_flags('CXXFLAGS', openthread_flags) elif is_benchmark('php'): php_flags = ['-D__builtin_cpu_supports\\(x\\)=0'] utils.append_flags('CFLAGS', php_flags) utils.append_flags('CXXFLAGS', php_flags) # For some benchmarks, we also tell the compiler # to ignore unresolved symbols. This is useful when we cannot change # the build process to add a shared library for linking # (which contains mocked functions: libAflccMock.so). # Note that some functions are only defined post-compilation # during the LLVM passes. elif is_benchmark('bloaty') or is_benchmark('openssl') or is_benchmark( 'systemd'): unresolved_flags = ['-Wl,--warn-unresolved-symbols'] utils.append_flags('CFLAGS', unresolved_flags) utils.append_flags('CXXFLAGS', unresolved_flags) elif is_benchmark('curl'): dl_flags = ['-ldl', '-lpsl'] utils.append_flags('CFLAGS', dl_flags) utils.append_flags('CXXFLAGS', dl_flags)