diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index e5cb239f44..493fe1e981 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -20,7 +20,6 @@ concurrency: jobs: common: strategy: - fail-fast: false matrix: os: [ ubuntu-24.04, windows-latest, macOS-latest ] runs-on: ${{ matrix.os }} @@ -238,7 +237,7 @@ jobs: needs: - fuzzers-preflight strategy: - fail-fast: true + fail-fast: false matrix: os: [ ubuntu-24.04 ] fuzzer: diff --git a/.github/workflows/fuzzer-tester-prepare/action.yml b/.github/workflows/fuzzer-tester-prepare/action.yml index fc598ee75f..8c9565bbd6 100644 --- a/.github/workflows/fuzzer-tester-prepare/action.yml +++ b/.github/workflows/fuzzer-tester-prepare/action.yml @@ -26,6 +26,10 @@ runs: uses: baptiste0928/cargo-install@v3 with: crate: cargo-make + - name: install just + uses: extractions/setup-just@v2 + with: + just-version: 1.39.0 - name: install wasm-pack uses: baptiste0928/cargo-install@v3 with: diff --git a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml index adbf97ad50..d8b7eb54da 100644 --- a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml +++ b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml @@ -14,6 +14,10 @@ runs: uses: baptiste0928/cargo-install@v3 with: crate: cargo-make + - name: install just + uses: extractions/setup-just@v2 + with: + just-version: 1.39.0 - uses: actions/checkout@v4 with: submodules: true diff --git a/.github/workflows/windows-tester-prepare/action.yml b/.github/workflows/windows-tester-prepare/action.yml index a76f1a89e6..f5a6b48371 100644 --- a/.github/workflows/windows-tester-prepare/action.yml +++ b/.github/workflows/windows-tester-prepare/action.yml @@ -18,3 +18,7 @@ runs: - name: install cargo-make shell: pwsh run: cargo install --force cargo-make + - name: install just + uses: extractions/setup-just@v2 + with: + just-version: 1.39.0 diff --git a/fuzzers/baby/baby_fuzzer_custom_executor/Justfile b/fuzzers/baby/baby_fuzzer_custom_executor/Justfile new file mode 100644 index 0000000000..daa7b70284 --- /dev/null +++ b/fuzzers/baby/baby_fuzzer_custom_executor/Justfile @@ -0,0 +1,34 @@ +FUZZER_NAME := 'fuzzer_custom_executor' +PROJECT_DIR := absolute_path(".") +PROFILE := 'release' +PROFILE_DIR := 'release' +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME + + +alias build := fuzzer + +fuzzer: + cargo build --profile={{PROFILE}} + +run: fuzzer + {{FUZZER}} + +[linux] +[macos] +test: fuzzer + #!/bin/bash + timeout 30s {{FUZZER}} | tee fuzz_stdout.log || true + if grep -qa "objectives: 1" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + cargo clean diff --git a/fuzzers/baby/baby_fuzzer_custom_executor/Makefile.toml b/fuzzers/baby/baby_fuzzer_custom_executor/Makefile.toml deleted file mode 100644 index 5b4eed6324..0000000000 --- a/fuzzers/baby/baby_fuzzer_custom_executor/Makefile.toml +++ /dev/null @@ -1,50 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_custom_executor' -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release" } -PROFILE_DIR = { value = "release" } -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' - -[tasks.build] -alias = "fuzzer" - -[tasks.fuzzer] -description = "Build the fuzzer" -script = "cargo build --profile=${PROFILE}" - -[tasks.run] -description = "Run the fuzzer" -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}" -dependencies = ["fuzzer"] - -[tasks.test] -description = "Run a short test" -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -timeout 30s ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME} | tee fuzz_stdout.log || true -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -cargo clean -''' diff --git a/fuzzers/baby/baby_fuzzer_swap_differential/Justfile b/fuzzers/baby/baby_fuzzer_swap_differential/Justfile new file mode 100644 index 0000000000..2fb76dd224 --- /dev/null +++ b/fuzzers/baby/baby_fuzzer_swap_differential/Justfile @@ -0,0 +1,38 @@ +FUZZER_NAME := 'fuzzer_sd' +PROJECT_DIR := absolute_path(".") +PROFILE := 'release' +PROFILE_DIR := 'release' +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" + + +alias build := fuzzer + +cc: + cargo build --profile={{PROFILE}} --bin libafl_cc + +fuzzer: cc + cargo build --profile={{PROFILE}} + +run: fuzzer + {{FUZZER}} + +[linux] +[macos] +test: fuzzer + #!/bin/bash + timeout 30s {{FUZZER}} | tee fuzz_stdout.log || true + if grep -qa "objectives: 1" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + cargo clean diff --git a/fuzzers/baby/baby_fuzzer_swap_differential/Makefile.toml b/fuzzers/baby/baby_fuzzer_swap_differential/Makefile.toml deleted file mode 100644 index 96f6e1f907..0000000000 --- a/fuzzers/baby/baby_fuzzer_swap_differential/Makefile.toml +++ /dev/null @@ -1,58 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_sd' -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release" } -PROFILE_DIR = { value = "release" } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' - -# Compilers -[tasks.cc] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--bin", "libafl_cc"] - -# Harness -[tasks.fuzzer] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--bin", "${FUZZER_NAME}"] -dependencies = ["cc"] - -[tasks.build] -alias = "fuzzer" - -# Run the fuzzer -[tasks.run] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}" -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -timeout 30s ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME} | tee fuzz_stdout.log || true -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -cargo clean -''' diff --git a/fuzzers/forkserver/forkserver_libafl_cc/Justfile b/fuzzers/forkserver/forkserver_libafl_cc/Justfile new file mode 100644 index 0000000000..aa3c5202b5 --- /dev/null +++ b/fuzzers/forkserver/forkserver_libafl_cc/Justfile @@ -0,0 +1,75 @@ +FUZZER_NAME := 'fuzzer_libafl_cc' +FORKSERVER_NAME := 'forkserver_libafl_cc' +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +FORKSERVER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FORKSERVER_NAME +PROJECT_DIR := absolute_path(".") + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: cxx + {{LIBAFL_CC}} {{PROJECT_DIR}}/src/program.c -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +run: fuzzer + #!/bin/bash + taskset -c 1 {{FORKSERVER}} ./{{FUZZER_NAME}} ./corpus/ -t 1000 + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + timeout 30s {{FORKSERVER}} ./{{FUZZER_NAME}} ./corpus/ -t 1000 | tee fuzz_stdout.log || true + if grep -qa "objectives: 1" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean diff --git a/fuzzers/forkserver/forkserver_libafl_cc/Makefile.toml b/fuzzers/forkserver/forkserver_libafl_cc/Makefile.toml deleted file mode 100644 index bb04c5338e..0000000000 --- a/fuzzers/forkserver/forkserver_libafl_cc/Makefile.toml +++ /dev/null @@ -1,141 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libafl_cc' -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.crash_cxx] -linux_alias = "crash_cxx_unix" -mac_alias = "crash_cxx_unix" -windows_alias = "unsupported" - -[tasks.crash_cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -[tasks.crash_cc] -linux_alias = "crash_cc_unix" -mac_alias = "crash_cc_unix" -windows_alias = "unsupported" - -[tasks.crash_cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" -args = ["${PROJECT_DIR}/src/program.c", "-o", "${FUZZER_NAME}", "-lm"] -dependencies = ["cxx", "cc"] - -# Crashing Harness -[tasks.fuzzer_crash] -linux_alias = "fuzzer_crash_unix" -mac_alias = "fuzzer_crash_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_crash_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" -args = ["${PROJECT_DIR}/src/program.c", "-o", "${FUZZER_NAME}_crash", "-lm"] -dependencies = ["crash_cxx", "crash_cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -taskset -c 1 ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${CARGO_MAKE_PROJECT_NAME} ./${FUZZER_NAME} ./corpus/ -t 1000 -''' -dependencies = ["fuzzer"] - - -# Run the fuzzer with a crash -[tasks.crash] -linux_alias = "crash_unix" -mac_alias = "crash_unix" -windows_alias = "unsupported" - -[tasks.crash_unix] -script_runner = "@shell" -script = ''' -taskset -c 1 ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${CARGO_MAKE_PROJECT_NAME} ./${FUZZER_NAME}_crash ./corpus/ -t 1000 -''' -dependencies = ["fuzzer_crash"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -timeout 30s ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${CARGO_MAKE_PROJECT_NAME} ./${FUZZER_NAME} ./corpus/ -t 1000 | tee fuzz_stdout.log || true -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi - -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -cargo clean -''' diff --git a/fuzzers/forkserver/libafl-fuzz/Justfile b/fuzzers/forkserver/libafl-fuzz/Justfile new file mode 100644 index 0000000000..d8cce7b03f --- /dev/null +++ b/fuzzers/forkserver/libafl-fuzz/Justfile @@ -0,0 +1,261 @@ +PROJECT_DIR := absolute_path(".") +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +FUZZER_NAME := 'libafl-fuzz' +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LLVM_CONFIG := env("LLVM_CONFIG", "llvm-config-18") +AFL_VERSION := "5777ceaf23f48ae4ceae60e4f3a79263802633c6" +AFL_DIR := PROJECT_DIR / "AFLplusplus" +AFL_CC_PATH := AFL_DIR / "afl-clang-fast" +CC := "clang" + +build_afl: + #!/bin/bash + if [ ! -d {{AFL_DIR}} ]; then + git clone https://github.com/AFLplusplus/AFLplusplus.git + cd {{AFL_DIR}} + git checkout {{AFL_VERSION}} + LLVM_CONFIG={{LLVM_CONFIG}} make + fi + +build_frida_mode: + #!/bin/bash + cd {{AFL_DIR}} + cd frida_mode + LLVM_CONFIG={{LLVM_CONFIG}} make + cd ../.. + +build_qemuafl: build_afl + #!/bin/bash + cd {{AFL_DIR}}/qemu_mode + ./build_qemu_support.sh + cd ../.. + +build_unicorn_mode: build_afl + #!/bin/bash + cd {{AFL_DIR}}/unicorn_mode + ./build_unicorn_support.sh + cd ../.. + + +test: build_afl test_instr test_cmplog test_frida test_qemu test_unicorn_mode test_instr_fuzzbench + #!/bin/bash + echo done + +build_libafl_fuzz: + #!/bin/bash + cargo build --profile {{PROFILE}} + +build_libafl_fuzz_fuzzbench: + #!/bin/bash + cargo build --profile {{PROFILE}} --features fuzzbench + +test_instr: build_afl build_libafl_fuzz + #!/bin/bash + AFL_PATH={{AFL_DIR}} {{AFL_CC_PATH}} ./test/test-instr.c -o ./test/out-instr + + export LIBAFL_DEBUG_OUTPUT=1 + export AFL_CORES=0 + export AFL_STATS_INTERVAL=1 + + timeout 5 {{FUZZER}} -i ./test/seeds -o ./test/output ./test/out-instr || true + test -n "$( ls ./test/output/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found" + exit 1 + } + test -n "$( ls ./test/output/fuzzer_main/fuzzer_stats 2>/dev/null )" || { + echo "No fuzzer_stats file found" + exit 1 + } + test -n "$( ls ./test/output/fuzzer_main/plot_data 2>/dev/null )" || { + echo "No plot_data found" + exit 1 + } + test -d "./test/output/fuzzer_main/hangs" || { + echo "No hangs directory found" + exit 1 + } + test -d "./test/output/fuzzer_main/crashes" || { + echo "No crashes directory found" + exit 1 + } + +test_instr_fuzzbench: build_afl build_libafl_fuzz_fuzzbench + #!/bin/bash + AFL_PATH={{AFL_DIR}} {{AFL_CC_PATH}} ./test/test-instr.c -o ./test/out-instr + + export LIBAFL_DEBUG_OUTPUT=1 + export AFL_CORES=0 + export AFL_STATS_INTERVAL=1 + + timeout 5 {{FUZZER}} -i ./test/seeds -o ./test/output-fuzzbench ./test/out-instr || true + test -n "$( ls ./test/output-fuzzbench/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found" + exit 1 + } + test -n "$( ls ./test/output-fuzzbench/fuzzer_main/fuzzer_stats 2>/dev/null )" || { + echo "No fuzzer_stats file found" + exit 1 + } + test -n "$( ls ./test/output-fuzzbench/fuzzer_main/plot_data 2>/dev/null )" || { + echo "No plot_data found" + exit 1 + } + test -d "./test/output-fuzzbench/fuzzer_main/hangs" || { + echo "No hangs directory found" + exit 1 + } + test -d "./test/output-fuzzbench/fuzzer_main/crashes" || { + echo "No crashes directory found" + exit 1 + } + +test_cmplog: build_afl build_libafl_fuzz + #!/bin/bash + # cmplog TODO: AFL_BENCH_UNTIL_CRASH=1 instead of timeout 15s + AFL_LLVM_CMPLOG=1 AFL_PATH={{AFL_DIR}} {{AFL_CC_PATH}} ./test/test-cmplog.c -o ./test/out-cmplog + LIBAFL_DEBUG_OUTPUT=1 AFL_CORES=0 timeout 15 {{FUZZER}} -Z -l 3 -m 0 -V30 -i ./test/seeds_cmplog -o ./test/output-cmplog -c 0 ./test/out-cmplog || true + test -n "$( ls {{PROJECT_DIR}}/test/output-cmplog/fuzzer_main/hangs/id:0000* {{PROJECT_DIR}}/test/output-cmplog/fuzzer_main/crashes/id:0000*)" || { + echo "No crashes found" + exit 1 + } + +test_frida: build_afl build_frida_mode build_libafl_fuzz + #!/bin/bash + {{CC}} -no-pie ./test/test-instr.c -o ./test/out-frida + + export AFL_PATH={{AFL_DIR}} + export AFL_CORES=0 + export AFL_STATS_INTERVAL=1 + + timeout 15 {{FUZZER}} -m 0 -O -i ./test/seeds_frida -o ./test/output-frida -- ./test/out-frida || true + test -n "$( ls ./test/output-frida/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found for FRIDA mode" + exit 1 + } + + {{CC}} ./test/test-cmpcov.c -o ./test/out-frida-cmpcov + AFL_FRIDA_VERBOSE=1 timeout 15 {{FUZZER}} -m 0 -O -c 0 -l 3 -i ./test/seeds_frida -o ./test/output-frida-cmpcov -- ./test/out-frida-cmpcov || true + test -n "$( ls ./test/output-frida-cmpcov/fuzzer_main/queue/id:000003* 2>/dev/null )" || { + echo "No new corpus entries found for FRIDA cmplog mode" + exit 1 + } + export AFL_FRIDA_PERSISTENT_ADDR=0x`nm ./test/out-frida | grep -Ei "T _main|T main" | awk '{print $1}'` + timeout 15 {{FUZZER}} -m 0 -O -i ./test/seeds_frida -o ./test/output-frida-persistent -- ./test/out-frida || true + + test -n "$( ls ./test/output-frida-persistent/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found for FRIDA persistent mode" + exit 1 + } + + RUNTIME_PERSISTENT=`grep execs_done ./test/output-frida-persistent/fuzzer_main/fuzzer_stats | awk '{print$3}'` + RUNTIME=`grep execs_done ./test/output-frida/fuzzer_main/fuzzer_stats | awk '{print$3}'` + test -n "$RUNTIME" -a -n "$RUNTIME_PERSISTENT" && { + DIFF=`expr $RUNTIME_PERSISTENT / $RUNTIME` + test "$DIFF" -gt 1 && { # must be at least twice as fast + echo "persistent frida_mode was noticeably faster than standard frida_mode" + } || { + echo "persistent frida_mode" $RUNTIME_PERSISTENT "was not noticeably faster than standard frida_mode" $RUNTIME + exit 1 + } + } || { + echo "we got no data on executions performed? weird!" + } + + unset AFL_FRIDA_PERSISTENT_ADDR + +test_qemu: build_afl build_qemuafl build_libafl_fuzz + #!/bin/bash + {{CC}} -pie -fPIE ./test/test-instr.c -o ./test/out-qemu + {{CC}} -o ./test/out-qemu-cmpcov ./test/test-cmpcov.c + + export AFL_PATH={{AFL_DIR}} + export AFL_CORES=0 + export AFL_STATS_INTERVAL=1 + + timeout 15 {{FUZZER}} -m 0 -Q -i ./test/seeds_qemu -o ./test/output-qemu -- ./test/out-qemu || true + test -n "$( ls ./test/output-qemu/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found for QEMU mode" + exit 1 + } + + export AFL_ENTRYPOINT=`printf 1 | AFL_DEBUG=1 {{AFL_DIR}}/afl-qemu-trace ./test/out-qemu 2>&1 >/dev/null | awk '/forkserver/{print $4; exit}'` + timeout 15 {{FUZZER}} -m 0 -Q -i ./test/seeds_qemu -o ./test/output-qemu-entrypoint -- ./test/out-qemu || true + test -n "$( ls ./test/output-qemu-entrypoint/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found for QEMU mode with AFL_ENTRYPOINT" + exit 1 + } + unset AFL_ENTRYPOINT + + export AFL_PRELOAD={{AFL_DIR}}/libcompcov.so + export AFL_COMPCOV_LEVEL=2 + timeout 15 {{FUZZER}} -Q -i ./test/seeds_qemu -o ./test/output-qemu-cmpcov -- ./test/out-qemu-cmpcov || true + test -n "$( ls ./test/output-qemu-cmpcov/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found for QEMU mode" + exit 1 + } + +test_unicorn_mode: build_libafl_fuzz build_afl build_unicorn_mode + #!/bin/bash + export AFL_PATH={{AFL_DIR}} + export AFL_CORES=0 + export AFL_STATS_INTERVAL=1 + + # TODO: test unicorn persistent mode once it's fixed on AFL++ + + LIBAFL_DEBUG_OUTPUT=1 AFL_DEBUG=1 AFL_DEBUG_CHILD=1 timeout 15s {{FUZZER}} -m 0 -U -i ./test/seeds_unicorn -o ./test/output-unicorn-python -- python3 {{AFL_DIR}}/unicorn_mode/samples/python_simple/simple_test_harness.py @@ || true + test -n "$( ls ./test/output-unicorn-python/fuzzer_main/queue/id:000003* 2>/dev/null )" || { + echo "No new corpus entries found for Unicorn python3 mode" + exit 1 + } + + export AFL_COMPCOV_LEVEL=2 + LIBAFL_DEBUG_OUTPUT=1 AFL_DEBUG=1 AFL_DEBUG_CHILD=1 timeout 15s {{FUZZER}} -m 0 -U -i ./test/seeds_unicorn_cmpcov -o ./test/output-unicorn-cmpcov -- python3 {{AFL_DIR}}/unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ || true + test -n "$( ls ./test/output-unicorn-cmpcov/fuzzer_main/queue/id:000002* 2>/dev/null )" || { + echo "No new corpus entries found for Unicorn cmpcov mode" + exit 1 + } + +test_nyx_mode: build_afl build_libafl_fuzz + #!/bin/bash + export AFL_PATH={{AFL_DIR}} + export AFL_CORES=0 + export AFL_STATS_INTERVAL=1 + export AFL_DEBUG=1 + export LIBAFL_DEBUG_OUTPUT=1 + AFL_PATH={{AFL_DIR}} {{AFL_CC_PATH}} ./test/test-instr.c -o ./test/out-instr + rm -rf ./test/nyx-test + cd ../../../libafl_nyx + rm -rf packer + git clone https://github.com/nyx-fuzz/packer.git + python3 packer/packer/nyx_packer.py \ + ../fuzzers/forkserver/libafl-fuzz/test/out-instr \ + ../fuzzers/forkserver/libafl-fuzz/test/out-nyx \ + afl \ + instrumentation \ + --fast_reload_mode \ + --purge + python3 packer/packer/nyx_config_gen.py ../fuzzers/forkserver/libafl-fuzz/test/out-nyx Kernel + cd ../fuzzers/forkserver/libafl-fuzz/ + timeout 15s {{FUZZER}} -i ./test/seeds_nyx -o ./test/output-nyx -X -- ./test/out-nyx + test -n "$( ls ./test/output-nyx/fuzzer_main/queue/id:000003* 2>/dev/null )" || { + echo "No new corpus entries found for Nyx mode!" + exit 1 + } + +# since we cannot test nyx mode on CI, let's build it +build_nyx_mode: + #!/bin/bash + cargo build --profile {{PROFILE}} --features nyx + +clean: + #!/bin/bash + rm -rf AFLplusplus + rm -rf ./test/output + rm -rf ./test/cmplog-output + rm -rf ./test/output-frida* + rm -rf ./test/output-cmplog + rm -rf ./test/output-qemu* + rm -rf ./test/output-unicorn* + rm ./test/out-* diff --git a/fuzzers/forkserver/libafl-fuzz/Makefile.toml b/fuzzers/forkserver/libafl-fuzz/Makefile.toml deleted file mode 100644 index 23b74925b7..0000000000 --- a/fuzzers/forkserver/libafl-fuzz/Makefile.toml +++ /dev/null @@ -1,322 +0,0 @@ -[env] -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -FUZZER_NAME = 'libafl-fuzz' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -LLVM_CONFIG = { value = "llvm-config-18", condition = { env_not_set = [ - "LLVM_CONFIG", -] } } -AFL_VERSION = "5777ceaf23f48ae4ceae60e4f3a79263802633c6" -AFL_DIR = { value = "${PROJECT_DIR}/AFLplusplus" } -AFL_CC_PATH = { value = "${AFL_DIR}/afl-clang-fast" } -CC = { value = "clang" } - -[tasks.build_afl] -script_runner = "@shell" -script = ''' -if [ ! -d "$AFL_DIR" ]; then - git clone https://github.com/AFLplusplus/AFLplusplus.git - cd ${AFL_DIR} - git checkout ${AFL_VERSION} - LLVM_CONFIG=${LLVM_CONFIG} make -fi -''' -[tasks.build_frida_mode] -script_runner = '@shell' -script = ''' - cd ${AFL_DIR} - cd frida_mode - LLVM_CONFIG=${LLVM_CONFIG} make - cd ../.. -''' -[tasks.build_qemuafl] -script_runner = "@shell" -script = ''' -cd ${AFL_DIR}/qemu_mode -./build_qemu_support.sh -cd ../.. -''' -dependencies = ["build_afl"] - -[tasks.build_unicorn_mode] -script_runner = "@shell" -script = ''' -cd ${AFL_DIR}/unicorn_mode -./build_unicorn_support.sh -cd ../.. -''' -dependencies = ["build_afl"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = "echo done" -dependencies = [ - "build_afl", - "test_instr", - "test_cmplog", - "test_frida", - "test_qemu", - "test_unicorn_mode", - # nyx - # since we cannot test nyx mode on CI, let's build it - # "build_nyx_mode", - # fuzzbench - "test_instr_fuzzbench", -] - -[tasks.build_libafl_fuzz] -script_runner = "@shell" -script = "cargo build --profile ${PROFILE}" - -[tasks.build_libafl_fuzz_fuzzbench] -script_runner = "@shell" -script = "cargo build --profile ${PROFILE} --features fuzzbench" - -[tasks.test_instr] -script_runner = "@shell" -script = ''' -AFL_PATH=${AFL_DIR} ${AFL_CC_PATH} ./test/test-instr.c -o ./test/out-instr - -export LIBAFL_DEBUG_OUTPUT=1 -export AFL_CORES=0 -export AFL_STATS_INTERVAL=1 - -timeout 5 ${FUZZER} -i ./test/seeds -o ./test/output ./test/out-instr || true -test -n "$( ls ./test/output/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found" - exit 1 -} -test -n "$( ls ./test/output/fuzzer_main/fuzzer_stats 2>/dev/null )" || { - echo "No fuzzer_stats file found" - exit 1 -} -test -n "$( ls ./test/output/fuzzer_main/plot_data 2>/dev/null )" || { - echo "No plot_data found" - exit 1 -} -test -d "./test/output/fuzzer_main/hangs" || { - echo "No hangs directory found" - exit 1 -} -test -d "./test/output/fuzzer_main/crashes" || { - echo "No crashes directory found" - exit 1 -} -''' -dependencies = ["build_afl", "build_libafl_fuzz"] - -[tasks.test_instr_fuzzbench] -script_runner = "@shell" -script = ''' -AFL_PATH=${AFL_DIR} ${AFL_CC_PATH} ./test/test-instr.c -o ./test/out-instr - -export LIBAFL_DEBUG_OUTPUT=1 -export AFL_CORES=0 -export AFL_STATS_INTERVAL=1 - -timeout 5 ${FUZZER} -i ./test/seeds -o ./test/output-fuzzbench ./test/out-instr || true -test -n "$( ls ./test/output-fuzzbench/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found" - exit 1 -} -test -n "$( ls ./test/output-fuzzbench/fuzzer_main/fuzzer_stats 2>/dev/null )" || { - echo "No fuzzer_stats file found" - exit 1 -} -test -n "$( ls ./test/output-fuzzbench/fuzzer_main/plot_data 2>/dev/null )" || { - echo "No plot_data found" - exit 1 -} -test -d "./test/output-fuzzbench/fuzzer_main/hangs" || { - echo "No hangs directory found" - exit 1 -} -test -d "./test/output-fuzzbench/fuzzer_main/crashes" || { - echo "No crashes directory found" - exit 1 -} -''' -dependencies = ["build_afl", "build_libafl_fuzz_fuzzbench"] - -[tasks.test_cmplog] -script_runner = "@shell" -script = ''' -# cmplog TODO: AFL_BENCH_UNTIL_CRASH=1 instead of timeout 15s -AFL_LLVM_CMPLOG=1 AFL_PATH=${AFL_DIR} ${AFL_CC_PATH} ./test/test-cmplog.c -o ./test/out-cmplog -LIBAFL_DEBUG_OUTPUT=1 AFL_CORES=0 timeout 15 ${FUZZER} -Z -l 3 -m 0 -V30 -i ./test/seeds_cmplog -o ./test/output-cmplog -c 0 ./test/out-cmplog || true -test -n "$( ls ${PROJECT_DIR}/test/output-cmplog/fuzzer_main/hangs/id:0000* ${PROJECT_DIR}/test/output-cmplog/fuzzer_main/crashes/id:0000*)" || { - echo "No crashes found" - exit 1 -} -''' -dependencies = ["build_afl", "build_libafl_fuzz"] - -[tasks.test_frida] -script_runner = "@shell" -script = ''' -${CC} -no-pie ./test/test-instr.c -o ./test/out-frida - -export AFL_PATH=${AFL_DIR} -export AFL_CORES=0 -export AFL_STATS_INTERVAL=1 - -timeout 15 ${FUZZER} -m 0 -O -i ./test/seeds_frida -o ./test/output-frida -- ./test/out-frida || true -test -n "$( ls ./test/output-frida/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found for FRIDA mode" - exit 1 -} - -${CC} ./test/test-cmpcov.c -o ./test/out-frida-cmpcov -AFL_FRIDA_VERBOSE=1 timeout 15 ${FUZZER} -m 0 -O -c 0 -l 3 -i ./test/seeds_frida -o ./test/output-frida-cmpcov -- ./test/out-frida-cmpcov || true -test -n "$( ls ./test/output-frida-cmpcov/fuzzer_main/queue/id:000003* 2>/dev/null )" || { - echo "No new corpus entries found for FRIDA cmplog mode" - exit 1 -} -export AFL_FRIDA_PERSISTENT_ADDR=0x`nm ./test/out-frida | grep -Ei "T _main|T main" | awk '{print $1}'` -timeout 15 ${FUZZER} -m 0 -O -i ./test/seeds_frida -o ./test/output-frida-persistent -- ./test/out-frida || true - -test -n "$( ls ./test/output-frida-persistent/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found for FRIDA persistent mode" - exit 1 -} - -RUNTIME_PERSISTENT=`grep execs_done ./test/output-frida-persistent/fuzzer_main/fuzzer_stats | awk '{print$3}'` -RUNTIME=`grep execs_done ./test/output-frida/fuzzer_main/fuzzer_stats | awk '{print$3}'` -test -n "$RUNTIME" -a -n "$RUNTIME_PERSISTENT" && { - DIFF=`expr $RUNTIME_PERSISTENT / $RUNTIME` - test "$DIFF" -gt 1 && { # must be at least twice as fast - echo "persistent frida_mode was noticeably faster than standard frida_mode" - } || { - echo "persistent frida_mode" $RUNTIME_PERSISTENT "was not noticeably faster than standard frida_mode" $RUNTIME - exit 1 - } -} || { - echo "we got no data on executions performed? weird!" -} - -unset AFL_FRIDA_PERSISTENT_ADDR -''' -dependencies = ["build_afl", "build_frida_mode", "build_libafl_fuzz"] - -[tasks.test_qemu] -script_runner = "@shell" -script = ''' -${CC} -pie -fPIE ./test/test-instr.c -o ./test/out-qemu -${CC} -o ./test/out-qemu-cmpcov ./test/test-cmpcov.c - -export AFL_PATH=${AFL_DIR} -export AFL_CORES=0 -export AFL_STATS_INTERVAL=1 - -timeout 15 ${FUZZER} -m 0 -Q -i ./test/seeds_qemu -o ./test/output-qemu -- ./test/out-qemu || true -test -n "$( ls ./test/output-qemu/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found for QEMU mode" - exit 1 -} - -export AFL_ENTRYPOINT=`printf 1 | AFL_DEBUG=1 ${AFL_DIR}/afl-qemu-trace ./test/out-qemu 2>&1 >/dev/null | awk '/forkserver/{print $4; exit}'` -timeout 15 ${FUZZER} -m 0 -Q -i ./test/seeds_qemu -o ./test/output-qemu-entrypoint -- ./test/out-qemu || true -test -n "$( ls ./test/output-qemu-entrypoint/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found for QEMU mode with AFL_ENTRYPOINT" - exit 1 -} -unset AFL_ENTRYPOINT - -export AFL_PRELOAD=${AFL_DIR}/libcompcov.so -export AFL_COMPCOV_LEVEL=2 -timeout 15 ${FUZZER} -Q -i ./test/seeds_qemu -o ./test/output-qemu-cmpcov -- ./test/out-qemu-cmpcov || true -test -n "$( ls ./test/output-qemu-cmpcov/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found for QEMU mode" - exit 1 -} -''' -dependencies = ["build_afl", "build_qemuafl", "build_libafl_fuzz"] - -[tasks.test_unicorn_mode] -script_runner = "@shell" -script = ''' -export AFL_PATH=${AFL_DIR} -export AFL_CORES=0 -export AFL_STATS_INTERVAL=1 - -# TODO: test unicorn persistent mode once it's fixed on AFL++ - -LIBAFL_DEBUG_OUTPUT=1 AFL_DEBUG=1 AFL_DEBUG_CHILD=1 timeout 15s ${FUZZER} -m 0 -U -i ./test/seeds_unicorn -o ./test/output-unicorn-python -- python3 ${AFL_DIR}/unicorn_mode/samples/python_simple/simple_test_harness.py @@ || true -test -n "$( ls ./test/output-unicorn-python/fuzzer_main/queue/id:000003* 2>/dev/null )" || { - echo "No new corpus entries found for Unicorn python3 mode" - exit 1 -} - -export AFL_COMPCOV_LEVEL=2 -LIBAFL_DEBUG_OUTPUT=1 AFL_DEBUG=1 AFL_DEBUG_CHILD=1 timeout 15s ${FUZZER} -m 0 -U -i ./test/seeds_unicorn_cmpcov -o ./test/output-unicorn-cmpcov -- python3 ${AFL_DIR}/unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ || true -test -n "$( ls ./test/output-unicorn-cmpcov/fuzzer_main/queue/id:000002* 2>/dev/null )" || { - echo "No new corpus entries found for Unicorn cmpcov mode" - exit 1 -} -''' -dependencies = ["build_libafl_fuzz", "build_afl", "build_unicorn_mode"] - -[tasks.test_nyx_mode] -script_runner = "@shell" -script = ''' -export AFL_PATH=${AFL_DIR} -export AFL_CORES=0 -export AFL_STATS_INTERVAL=1 -export AFL_DEBUG=1 -export LIBAFL_DEBUG_OUTPUT=1 -AFL_PATH=${AFL_DIR} ${AFL_CC_PATH} ./test/test-instr.c -o ./test/out-instr -rm -rf ./test/nyx-test -cd ../../../libafl_nyx -rm -rf packer -git clone https://github.com/nyx-fuzz/packer.git -python3 packer/packer/nyx_packer.py \ - ../fuzzers/forkserver/libafl-fuzz/test/out-instr \ - ../fuzzers/forkserver/libafl-fuzz/test/out-nyx \ - afl \ - instrumentation \ - --fast_reload_mode \ - --purge -python3 packer/packer/nyx_config_gen.py ../fuzzers/forkserver/libafl-fuzz/test/out-nyx Kernel -cd ../fuzzers/forkserver/libafl-fuzz/ -timeout 15s ${FUZZER} -i ./test/seeds_nyx -o ./test/output-nyx -X -- ./test/out-nyx -test -n "$( ls ./test/output-nyx/fuzzer_main/queue/id:000003* 2>/dev/null )" || { - echo "No new corpus entries found for Nyx mode!" - exit 1 -} -''' -dependencies = ["build_afl", "build_libafl_fuzz"] - -# since we cannot test nyx mode on CI, let's build it -[tasks.build_nyx_mode] -script_runner = "@shell" -script = "cargo build --profile ${PROFILE} --features nyx" - -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -script_runner = "@shell" -script = ''' -rm -rf AFLplusplus -rm -rf ./test/output -rm -rf ./test/cmplog-output -rm -rf ./test/output-frida* -rm -rf ./test/output-cmplog -rm -rf ./test/output-qemu* -rm -rf ./test/output-unicorn* -rm ./test/out-* -''' diff --git a/fuzzers/fuzz_anything/baby_fuzzer_wasm/Justfile b/fuzzers/fuzz_anything/baby_fuzzer_wasm/Justfile new file mode 100644 index 0000000000..4c10dcab15 --- /dev/null +++ b/fuzzers/fuzz_anything/baby_fuzzer_wasm/Justfile @@ -0,0 +1,22 @@ +FUZZER_NAME := 'fuzzer_wasm' +PROJECT_DIR := absolute_path(".") +PROFILE := 'release' +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" + +build: + cargo build --target web + +[linux] +[macos] +test: + wasm-pack test --chrome --headless + +[windows] +test: + echo "Unsupported on this platform" + +clean: + cargo clean diff --git a/fuzzers/fuzz_anything/baby_fuzzer_wasm/Makefile.toml b/fuzzers/fuzz_anything/baby_fuzzer_wasm/Makefile.toml deleted file mode 100644 index d57074798b..0000000000 --- a/fuzzers/fuzz_anything/baby_fuzzer_wasm/Makefile.toml +++ /dev/null @@ -1,29 +0,0 @@ -[env] -FUZZER_NAME = "fuzzer" -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Fuzzer -[tasks.build] -command = "wasm-pack" -args = ["build", "--target", "web"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -command = "wasm-pack" -args = ["test", "--chrome", "--headless"] - -# Clean -[tasks.clean] -command = "cargo" -args = ["clean"] diff --git a/fuzzers/fuzz_anything/baby_no_std/Justfile b/fuzzers/fuzz_anything/baby_no_std/Justfile new file mode 100644 index 0000000000..3a49e8f575 --- /dev/null +++ b/fuzzers/fuzz_anything/baby_no_std/Justfile @@ -0,0 +1,26 @@ +FUZZER_NAME := 'fuzzer_no_std' +PROJECT_DIR := absolute_path(".") +PROFILE := 'release' +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" + +build: + cargo build --profile={{PROFILE}} -Zbuild-std=core,alloc --target x86_64-unknown-linux-gnu + +build_aarch: + cargo +nightly build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --profile {{PROFILE}} + +[linux] +test: build + cargo run -Zbuild-std=core,alloc --target x86_64-unknown-linux-gnu || true + +[macos] +[windows] +test: build + echo "Unsupported on this platform" + + +clean: + cargo clean diff --git a/fuzzers/fuzz_anything/baby_no_std/Makefile.toml b/fuzzers/fuzz_anything/baby_no_std/Makefile.toml deleted file mode 100644 index 2c31821d18..0000000000 --- a/fuzzers/fuzz_anything/baby_no_std/Makefile.toml +++ /dev/null @@ -1,45 +0,0 @@ -[env] -FUZZER_NAME = "fuzzer" -PROJECT_DIR = { script = ["pwd"] } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Fuzzer -[tasks.build] -command = "cargo" -args = [ - "build", - "--profile", - "${PROFILE}", - "-Zbuild-std=core,alloc", - "--target", - "x86_64-unknown-linux-gnu", -] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix] -script = ''' -cargo run -Zbuild-std=core,alloc --target x86_64-unknown-linux-gnu || true -''' -dependencies = ["build"] - -[tasks.build_aarch] -script = "cargo +nightly build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --profile ${PROFILE}" - -# Clean -[tasks.clean] -command = "cargo" -args = ["clean"] diff --git a/fuzzers/fuzz_anything/cargo_fuzz/Justfile b/fuzzers/fuzz_anything/cargo_fuzz/Justfile new file mode 100644 index 0000000000..2cfe5cddb6 --- /dev/null +++ b/fuzzers/fuzz_anything/cargo_fuzz/Justfile @@ -0,0 +1,27 @@ +install_llvm_tools: + rustup toolchain install nightly --component llvm-tools-preview + +install_cargo_fuzz: + cargo install cargo-fuzz + +build: install_cargo_fuzz install_llvm_tools + cargo +nightly fuzz build fuzz_target_1 + +[linux] +test: build + #!/bin/bash + timeout 30s cargo +nightly fuzz run fuzz_target_1 2>&1 | tee fuzz_stdout.log || true + if grep -qa "objectives: 1" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[macos] +[windows] +test: build + echo "Unsupported on this platform" + +clean: + rm -rf fuzz/target \ No newline at end of file diff --git a/fuzzers/fuzz_anything/cargo_fuzz/Makefile.toml b/fuzzers/fuzz_anything/cargo_fuzz/Makefile.toml deleted file mode 100644 index 31bf5e7221..0000000000 --- a/fuzzers/fuzz_anything/cargo_fuzz/Makefile.toml +++ /dev/null @@ -1,44 +0,0 @@ -[env] - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -[tasks.install_llvm_tools] -command = "rustup" -args = ["toolchain", "install", "nightly", "--component", "llvm-tools-preview"] - - -[tasks.install_cargo_fuzz] -command = "cargo" -args = ["install", "cargo-fuzz"] - -# Fuzzer -[tasks.build] -command = "cargo" -args = ["+nightly", "fuzz", "build", "fuzz_target_1"] -dependencies = ["install_cargo_fuzz", "install_llvm_tools"] - -[tasks.test] -linux_alias = "test_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix] -script = ''' -timeout 30s cargo +nightly fuzz run fuzz_target_1 2>&1 | tee fuzz_stdout.log || true -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["build"] - -# Clean -[tasks.clean] -command = "rm " -args = ["-rf", "fuzz/target"] diff --git a/fuzzers/inprocess/dynamic_analysis/Cargo.toml b/fuzzers/inprocess/dynamic_analysis/Cargo.toml deleted file mode 100644 index 1e42c4250d..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/Cargo.toml +++ /dev/null @@ -1,51 +0,0 @@ -[package] -name = "dynamic_analysis" -version = "0.15.1" -authors = [ - "Andrea Fioraldi ", - "Dominik Maier ", -] -edition = "2021" - -[features] -default = ["std"] -std = [] -no_link_main = ["libafl_targets/libfuzzer_no_link_main"] - -[profile.release] -lto = true -codegen-units = 1 -opt-level = 3 -debug = true - -[profile.release-fuzzbench] -inherits = "release" -debug = false -strip = true - -[build-dependencies] -cc = { version = "1.1.21", features = ["parallel"] } -which = "6.0.3" - -[dependencies] -env_logger = "0.11.5" -once_cell = "1.19.0" -libafl = { path = "../../../libafl" } -libafl_bolts = { path = "../../../libafl_bolts" } -libafl_targets = { path = "../../../libafl_targets", features = [ - "sancov_pcguard_hitcounts", - "sancov_cmplog", - "libfuzzer", - "function-logging", -] } -# TODO Include it only when building cc -libafl_cc = { path = "../../../libafl_cc" } - -clap = { version = "4.5.18", features = ["default"] } -log = { version = "0.4.22", features = ["release_max_level_info"] } -nix = { version = "0.29.0", features = ["fs"] } -mimalloc = { version = "0.1.43", default-features = false } - -[lib] -name = "fuzzbench" -crate-type = ["staticlib"] diff --git a/fuzzers/inprocess/dynamic_analysis/Makefile.toml b/fuzzers/inprocess/dynamic_analysis/Makefile.toml deleted file mode 100644 index ec5d74e0e4..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/Makefile.toml +++ /dev/null @@ -1,129 +0,0 @@ -[env] -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -FUZZER_NAME = "fuzzer" -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# fuzz.o File -[tasks.fuzz_o] -linux_alias = "fuzz_o_unix" -mac_alias = "fuzz_o_unix" -windows_alias = "unsupported" - -[tasks.fuzz_o_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "--libafl-no-link", - "-O3", - "-I", - "./Little-CMS/include", - "-c", - "cms_transform_fuzzer.cc", - "-o", - "cms_transform_fuzzer.o", -] -dependencies = ["cc", "cxx"] - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "--libafl", - "cms_transform_fuzzer.o", - "./Little-CMS/src/.libs/liblcms2.a", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["cc", "cxx", "fuzz_o"] - -# Run -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -./${FUZZER_NAME} -o out -i in -''' -dependencies = ["fuzzer"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -# Allow sigterm as exit code -timeout 31s ./${FUZZER_NAME} -o out -i in | tee fuzz_stdout.log || true -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -rm -rf out || true -rm -rf in || true -''' -dependencies = ["fuzzer"] - -# Clean -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -script_runner = "@shell" -script = ''' -rm ./${FUZZER_NAME} || true -rm fuzz.o || true -''' diff --git a/fuzzers/inprocess/dynamic_analysis/README.md b/fuzzers/inprocess/dynamic_analysis/README.md deleted file mode 100644 index a3ffde7597..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# Dynamic Analysis Fuzzer - -This fuzzer is to show how you can collect runtime analysis information during fuzzing using LibAFL. We use the [Little-CMS](https://github.com/mm2/Little-CMS) project for the example. -First, this fuzzer requires `nlohmann-json3-dev` to work. - -To run the fuzzer: - -1. Compile the fuzzer with `cargo build --release` -2. `mkdir analysis` and run `build.sh`. This will compile Little-CMS to extract the analysis information and generate a json file for each module. -3. run `python3 concatenator.py analysis`. This will concatenate all the json into one single file. This json file maps a function id to its analysis information. -4. Compile the fuzzer with `cargo make fuzzer`. This will instrument the fuzzer at every function entry point. Therefore, whenever we reach the entry of any function, we can log its id and logs what functions we executed. -5. Run the fuzzer `RUST_LOG=info ./fuzzer --input ./corpus --output ./out`. You'll see a stream of analysis data \ No newline at end of file diff --git a/fuzzers/inprocess/dynamic_analysis/build.rs b/fuzzers/inprocess/dynamic_analysis/build.rs deleted file mode 100644 index f9e1b126f3..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/build.rs +++ /dev/null @@ -1,23 +0,0 @@ -use std::{env, process::Command}; - -fn main() { - let current_dir = env::current_dir().unwrap(); - let lcms_dir = current_dir.join("Little-CMS"); - if !lcms_dir.exists() { - println!("cargo:warning=Downloading Little-CMS"); - // Clone the Little-CMS repository if the directory doesn't exist - let status = Command::new("git") - .args([ - "clone", - "https://github.com/mm2/Little-CMS", - lcms_dir.to_str().unwrap(), - ]) - .status() - .expect("Failed to clone Little-CMS repository"); - - assert!(status.success(), "Failed to clone Little-CMS repository"); - } - - // Tell Cargo that if the given file changes, to rerun this build script - println!("cargo:rerun-if-changed=build.rs"); -} diff --git a/fuzzers/inprocess/dynamic_analysis/build.sh b/fuzzers/inprocess/dynamic_analysis/build.sh deleted file mode 100755 index a4ffe50bdb..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/build.sh +++ /dev/null @@ -1,14 +0,0 @@ -export CC=$(pwd)/target/release/libafl_cc -export CXX=$(pwd)/target/release/libafl_cxx -export CXXFLAGS='--libafl' -export CFLAGS='--libafl' -export LDFLAGS='--libafl' -export ANALYSIS_OUTPUT=`pwd`/analysis -cd Little-CMS -./autogen.sh -./configure - - -make -j $(nproc) - -$CXX $CXXFLAGS ../cms_transform_fuzzer.cc -I include/ src/.libs/liblcms2.a -o ../fuzzer diff --git a/fuzzers/inprocess/dynamic_analysis/clean.sh b/fuzzers/inprocess/dynamic_analysis/clean.sh deleted file mode 100755 index 34d2c16fcb..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/clean.sh +++ /dev/null @@ -1,5 +0,0 @@ -export ANALYSIS_OUTPUT=`pwd`/analysis -rm -rf analysis/* -pushd Little-CMS -make clean -popd diff --git a/fuzzers/inprocess/dynamic_analysis/cms_transform_fuzzer.cc b/fuzzers/inprocess/dynamic_analysis/cms_transform_fuzzer.cc deleted file mode 100644 index b6433267d4..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/cms_transform_fuzzer.cc +++ /dev/null @@ -1,63 +0,0 @@ -// Copyright 2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include - -#include "lcms2.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - cmsHPROFILE srcProfile = cmsOpenProfileFromMem(data, size); - if (!srcProfile) return 0; - - cmsHPROFILE dstProfile = cmsCreate_sRGBProfile(); - if (!dstProfile) { - cmsCloseProfile(srcProfile); - return 0; - } - - cmsColorSpaceSignature srcCS = cmsGetColorSpace(srcProfile); - cmsUInt32Number nSrcComponents = cmsChannelsOf(srcCS); - cmsUInt32Number srcFormat; - if (srcCS == cmsSigLabData) { - srcFormat = - COLORSPACE_SH(PT_Lab) | CHANNELS_SH(nSrcComponents) | BYTES_SH(0); - } else { - srcFormat = - COLORSPACE_SH(PT_ANY) | CHANNELS_SH(nSrcComponents) | BYTES_SH(1); - } - - cmsUInt32Number intent = 0; - cmsUInt32Number flags = 0; - cmsHTRANSFORM hTransform = cmsCreateTransform( - srcProfile, srcFormat, dstProfile, TYPE_BGR_8, intent, flags); - cmsCloseProfile(srcProfile); - cmsCloseProfile(dstProfile); - if (!hTransform) return 0; - - uint8_t output[4]; - if (T_BYTES(srcFormat) == 0) { // 0 means double - double input[nSrcComponents]; - for (uint32_t i = 0; i < nSrcComponents; i++) - input[i] = 0.5f; - cmsDoTransform(hTransform, input, output, 1); - } else { - uint8_t input[nSrcComponents]; - for (uint32_t i = 0; i < nSrcComponents; i++) - input[i] = 128; - cmsDoTransform(hTransform, input, output, 1); - } - cmsDeleteTransform(hTransform); - - return 0; -} diff --git a/fuzzers/inprocess/dynamic_analysis/concatenator.py b/fuzzers/inprocess/dynamic_analysis/concatenator.py deleted file mode 100755 index f24d06ad1e..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/concatenator.py +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/bin/python3 - -import os -import json -import sys - - -def concatenate_json_files(input_dir): - json_files = [] - for root, dirs, files in os.walk(input_dir): - for file in files: - if file.endswith(".json"): - json_files.append(os.path.join(root, file)) - - data = dict() - for json_file in json_files: - with open(json_file, "r") as file: - if os.stat(json_file).st_size == 0: - # skip empty file else json.load() fails - continue - json_data = json.load(file) - print(type(json_data), file) - data = data | json_data - - output_file = os.path.join(os.getcwd(), "concatenated.json") - with open(output_file, "w") as file: - json.dump([data], file) - - print(f"JSON files concatenated successfully! Output file: {output_file}") - - -if __name__ == "__main__": - if len(sys.argv) != 2: - print("Usage: python script.py ") - sys.exit(1) - - input_directory = sys.argv[1] - concatenate_json_files(input_directory) diff --git a/fuzzers/inprocess/dynamic_analysis/corpus/seed b/fuzzers/inprocess/dynamic_analysis/corpus/seed deleted file mode 100644 index 84618ba47a..0000000000 Binary files a/fuzzers/inprocess/dynamic_analysis/corpus/seed and /dev/null differ diff --git a/fuzzers/inprocess/dynamic_analysis/src/bin/libafl_cc.rs b/fuzzers/inprocess/dynamic_analysis/src/bin/libafl_cc.rs deleted file mode 100644 index c0b8e478de..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/src/bin/libafl_cc.rs +++ /dev/null @@ -1,47 +0,0 @@ -use std::env; - -use libafl_cc::{ClangWrapper, CompilerWrapper, LLVMPasses, ToolWrapper}; - -pub fn main() { - let mut args: Vec = env::args().collect(); - if args.len() > 1 { - let mut dir = env::current_exe().unwrap(); - let wrapper_name = dir.file_name().unwrap().to_str().unwrap(); - - let is_cpp = match wrapper_name[wrapper_name.len()-2..].to_lowercase().as_str() { - "cc" => false, - "++" | "pp" | "xx" => true, - _ => panic!("Could not figure out if c or c++ wrapper was called. Expected {dir:?} to end with c or cxx"), - }; - - dir.pop(); - - // Must be always present, even without --libafl - args.push("-fsanitize-coverage=trace-pc-guard,trace-cmp".into()); - - let mut cc = ClangWrapper::new(); - - #[cfg(any(target_os = "linux", target_vendor = "apple"))] - cc.add_pass(LLVMPasses::AutoTokens); - - if let Some(code) = cc - .cpp(is_cpp) - // silence the compiler wrapper output, needed for some configure scripts. - .silence(true) - // add arguments only if --libafl or --libafl-no-link are present - .need_libafl_arg(true) - .parse_args(&args) - .expect("Failed to parse the command line") - .link_staticlib(&dir, "fuzzbench") - .add_pass(LLVMPasses::CmpLogRtn) - .add_pass(LLVMPasses::FunctionLogging) - .add_pass(LLVMPasses::Profiling) - .run() - .expect("Failed to run the wrapped compiler") - { - std::process::exit(code); - } - } else { - panic!("LibAFL CC: No Arguments given"); - } -} diff --git a/fuzzers/inprocess/dynamic_analysis/src/bin/libafl_cxx.rs b/fuzzers/inprocess/dynamic_analysis/src/bin/libafl_cxx.rs deleted file mode 100644 index dabd22971a..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/src/bin/libafl_cxx.rs +++ /dev/null @@ -1,5 +0,0 @@ -pub mod libafl_cc; - -fn main() { - libafl_cc::main(); -} diff --git a/fuzzers/inprocess/dynamic_analysis/src/lib.rs b/fuzzers/inprocess/dynamic_analysis/src/lib.rs deleted file mode 100644 index 35bc9e0c00..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/src/lib.rs +++ /dev/null @@ -1,417 +0,0 @@ -//! A singlethreaded libfuzzer-like fuzzer that can auto-restart. -use mimalloc::MiMalloc; -#[global_allocator] -static GLOBAL: MiMalloc = MiMalloc; -use core::{cell::RefCell, time::Duration}; -#[cfg(unix)] -use std::os::unix::io::{AsRawFd, FromRawFd}; -use std::{ - env, - fs::{self, File, OpenOptions}, - io::{self, Read, Write}, - path::PathBuf, - process, -}; - -use clap::{Arg, Command}; -use libafl::{ - corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus}, - events::SimpleRestartingEventManager, - executors::{inprocess::HookableInProcessExecutor, ExitKind}, - feedback_or, - feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback}, - fuzzer::{Fuzzer, StdFuzzer}, - inputs::{BytesInput, HasTargetBytes}, - monitors::SimpleMonitor, - mutators::{ - havoc_mutations, token_mutations::I2SRandReplace, tokens_mutations, StdMOptMutator, - StdScheduledMutator, Tokens, - }, - observers::{CanTrack, HitcountsMapObserver, ProfilingObserver, TimeObserver}, - schedulers::{ - powersched::PowerSchedule, IndexesLenTimeMinimizerScheduler, StdWeightedScheduler, - }, - stages::{ - calibrate::CalibrationStage, power::StdPowerMutationalStage, StdMutationalStage, - TracingStage, - }, - state::{HasCorpus, StdState}, - Error, HasMetadata, -}; -use libafl_bolts::{ - current_time, - os::dup2, - ownedref::OwnedMutPtr, - rands::StdRand, - shmem::{ShMemProvider, StdShMemProvider}, - tuples::{tuple_list, Merge}, - AsSlice, -}; -#[cfg(any(target_os = "linux", target_vendor = "apple"))] -use libafl_targets::autotokens; -use libafl_targets::{ - libfuzzer_initialize, libfuzzer_test_one_input, std_edges_map_observer, CallHook, - CmpLogObserver, FUNCTION_LIST, -}; -#[cfg(unix)] -use nix::unistd::dup; -use once_cell::sync::Lazy; - -/// The fuzzer main (as `no_mangle` C function) -#[no_mangle] -pub extern "C" fn libafl_main() { - // Registry the metadata types used in this fuzzer - // Needed only on no_std - // unsafe { RegistryBuilder::register::(); } - env_logger::init(); - let res = match Command::new(env!("CARGO_PKG_NAME")) - .version(env!("CARGO_PKG_VERSION")) - .author("AFLplusplus team") - .about("LibAFL-based fuzzer for Fuzzbench") - .arg( - Arg::new("out") - .short('o') - .long("output") - .help("The directory to place finds in ('corpus')"), - ) - .arg( - Arg::new("in") - .short('i') - .long("input") - .help("The directory to read initial inputs from ('seeds')"), - ) - .arg( - Arg::new("tokens") - .short('x') - .long("tokens") - .help("A file to read tokens from, to be used during fuzzing"), - ) - .arg( - Arg::new("logfile") - .short('l') - .long("logfile") - .help("Duplicates all output to this file") - .default_value("libafl.log"), - ) - .arg( - Arg::new("timeout") - .short('t') - .long("timeout") - .help("Timeout for each individual execution, in milliseconds") - .default_value("1200"), - ) - .arg(Arg::new("remaining")) - .try_get_matches() - { - Ok(res) => res, - Err(err) => { - println!( - "Syntax: {}, [-x dictionary] -o corpus_dir -i seed_dir\n{:?}", - env::current_exe() - .unwrap_or_else(|_| "fuzzer".into()) - .to_string_lossy(), - err, - ); - return; - } - }; - - println!( - "Workdir: {:?}", - env::current_dir().unwrap().to_string_lossy().to_string() - ); - - if let Some(filenames) = res.get_many::("remaining") { - let filenames: Vec<&str> = filenames.map(String::as_str).collect(); - if !filenames.is_empty() { - run_testcases(&filenames); - return; - } - } - - // For fuzzbench, crashes and finds are inside the same `corpus` directory, in the "queue" and "crashes" subdir. - let mut out_dir = PathBuf::from( - res.get_one::("out") - .expect("The --output parameter is missing") - .to_string(), - ); - if fs::create_dir(&out_dir).is_err() { - println!("Out dir at {:?} already exists.", &out_dir); - if !out_dir.is_dir() { - println!("Out dir at {:?} is not a valid directory!", &out_dir); - return; - } - } - let mut crashes = out_dir.clone(); - crashes.push("crashes"); - out_dir.push("queue"); - - let in_dir = PathBuf::from( - res.get_one::("in") - .expect("The --input parameter is missing") - .to_string(), - ); - if !in_dir.is_dir() { - println!("In dir at {:?} is not a valid directory!", &in_dir); - return; - } - - let tokens = res.get_one::("tokens").map(PathBuf::from); - - let logfile = PathBuf::from(res.get_one::("logfile").unwrap().to_string()); - - let timeout = Duration::from_millis( - res.get_one::("timeout") - .unwrap() - .to_string() - .parse() - .expect("Could not parse timeout in milliseconds"), - ); - - fuzz(out_dir, crashes, &in_dir, tokens, &logfile, timeout) - .expect("An error occurred while fuzzing"); -} - -fn run_testcases(filenames: &[&str]) { - // The actual target run starts here. - // Call LLVMFUzzerInitialize() if present. - let args: Vec = env::args().collect(); - if unsafe { libfuzzer_initialize(&args) } == -1 { - println!("Warning: LLVMFuzzerInitialize failed with -1"); - } - - println!( - "You are not fuzzing, just executing {} testcases", - filenames.len() - ); - for fname in filenames { - println!("Executing {fname}"); - - let mut file = File::open(fname).expect("No file found"); - let mut buffer = vec![]; - file.read_to_end(&mut buffer).expect("Buffer overflow"); - - unsafe { - libfuzzer_test_one_input(&buffer); - } - } -} - -/// The actual fuzzer -#[expect(clippy::too_many_lines)] -fn fuzz( - corpus_dir: PathBuf, - objective_dir: PathBuf, - seed_dir: &PathBuf, - tokenfile: Option, - logfile: &PathBuf, - timeout: Duration, -) -> Result<(), Error> { - let log = RefCell::new(OpenOptions::new().append(true).create(true).open(logfile)?); - - #[cfg(unix)] - let mut stdout_cpy = unsafe { - let new_fd = dup(io::stdout().as_raw_fd())?; - File::from_raw_fd(new_fd) - }; - #[cfg(unix)] - let file_null = File::open("/dev/null")?; - - // 'While the monitor are state, they are usually used in the broker - which is likely never restarted - let monitor = SimpleMonitor::new(|s| { - #[cfg(unix)] - writeln!(&mut stdout_cpy, "{s}").unwrap(); - #[cfg(windows)] - println!("{s}"); - writeln!(log.borrow_mut(), "{:?} {s}", current_time()).unwrap(); - }); - - // We need a shared map to store our state before a crash. - // This way, we are able to continue fuzzing afterwards. - let mut shmem_provider = StdShMemProvider::new()?; - - let (state, mut mgr) = match SimpleRestartingEventManager::launch(monitor, &mut shmem_provider) - { - // The restarting state will spawn the same process again as child, then restarted it each time it crashes. - Ok(res) => res, - Err(err) => match err { - Error::ShuttingDown => { - return Ok(()); - } - _ => { - panic!("Failed to setup the restarter: {err}"); - } - }, - }; - - // Create an observation channel using the coverage map - // We don't use the hitcounts (see the Cargo.toml, we use pcguard_edges) - let edges_observer = - HitcountsMapObserver::new(unsafe { std_edges_map_observer("edges") }).track_indices(); - - // Create an observation channel to keep track of the execution time - let time_observer = TimeObserver::new("time"); - - // TODO: This will break soon, fix me! See https://github.com/AFLplusplus/LibAFL/issues/2786 - #[allow(static_mut_refs)] // only a problem in nightly - let func_list = unsafe { OwnedMutPtr::from_raw_mut(Lazy::force_mut(&mut FUNCTION_LIST)) }; - let profiling_observer = ProfilingObserver::new("concatenated.json", func_list)?; - let callhook = CallHook::new(); - - let cmplog_observer = CmpLogObserver::new("cmplog", true); - - let map_feedback = MaxMapFeedback::new(&edges_observer); - - let calibration = CalibrationStage::new(&map_feedback); - - // Feedback to rate the interestingness of an input - // This one is composed by two Feedbacks in OR - let mut feedback = feedback_or!( - // New maximization map feedback linked to the edges observer and the feedback state - map_feedback, - // Time feedback, this one does not need a feedback state - TimeFeedback::new(&time_observer) - ); - - // A feedback to choose if an input is a solution or not - let mut objective = CrashFeedback::new(); - - // If not restarting, create a State from scratch - let mut state = state.unwrap_or_else(|| { - StdState::new( - // RNG - StdRand::new(), - // Corpus that will be evolved, we keep it in memory for performance - InMemoryOnDiskCorpus::new(corpus_dir).unwrap(), - // Corpus in which we store solutions (crashes in this example), - // on disk so the user can get them after stopping the fuzzer - OnDiskCorpus::new(objective_dir).unwrap(), - // States of the feedbacks. - // The feedbacks can report the data that should persist in the State. - &mut feedback, - // Same for objective feedbacks - &mut objective, - ) - .unwrap() - }); - - println!("Let's fuzz :)"); - - // The actual target run starts here. - // Call LLVMFUzzerInitialize() if present. - let args: Vec = env::args().collect(); - if unsafe { libfuzzer_initialize(&args) } == -1 { - println!("Warning: LLVMFuzzerInitialize failed with -1"); - } - - // Setup a randomic Input2State stage - let i2s = StdMutationalStage::new(StdScheduledMutator::new(tuple_list!(I2SRandReplace::new()))); - - // Setup a MOPT mutator - let mutator = StdMOptMutator::new( - &mut state, - havoc_mutations().merge(tokens_mutations()), - 7, - 5, - )?; - - let power: StdPowerMutationalStage<_, _, BytesInput, _, _, _> = - StdPowerMutationalStage::new(mutator); - - // A minimization+queue policy to get testcasess from the corpus - let scheduler = IndexesLenTimeMinimizerScheduler::new( - &edges_observer, - StdWeightedScheduler::with_schedule( - &mut state, - &edges_observer, - Some(PowerSchedule::fast()), - ), - ); - - // A fuzzer with feedbacks and a corpus scheduler - let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); - - // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { - let target = input.target_bytes(); - let buf = target.as_slice(); - unsafe { - libfuzzer_test_one_input(buf); - } - ExitKind::Ok - }; - - let mut tracing_harness = harness; - - // Create the executor for an in-process function with one observer for edge coverage and one for the execution time - let mut executor = HookableInProcessExecutor::with_timeout_generic( - tuple_list!(callhook.clone()), - &mut harness, - tuple_list!(edges_observer, time_observer, profiling_observer), - &mut fuzzer, - &mut state, - &mut mgr, - timeout, - )?; - - // Setup a tracing stage in which we log comparisons - let tracing = TracingStage::new( - HookableInProcessExecutor::with_timeout_generic( - tuple_list!(callhook), - &mut tracing_harness, - tuple_list!(cmplog_observer), - &mut fuzzer, - &mut state, - &mut mgr, - timeout * 10, - )?, - // Give it more time! - ); - - // The order of the stages matter! - let mut stages = tuple_list!(calibration, tracing, i2s, power); - - // Read tokens - if state.metadata_map().get::().is_none() { - let mut toks = Tokens::default(); - if let Some(tokenfile) = tokenfile { - toks.add_from_file(tokenfile)?; - } - #[cfg(any(target_os = "linux", target_vendor = "apple"))] - { - toks += autotokens()?; - } - - if !toks.is_empty() { - state.add_metadata(toks); - } - } - - // In case the corpus is empty (on first run), reset - if state.must_load_initial_inputs() { - state - .load_initial_inputs(&mut fuzzer, &mut executor, &mut mgr, &[seed_dir.clone()]) - .unwrap_or_else(|_| { - println!("Failed to load initial corpus at {:?}", &seed_dir); - process::exit(0); - }); - println!("We imported {} inputs from disk.", state.corpus().count()); - } - - // Remove target output (logs still survive) - #[cfg(unix)] - { - let null_fd = file_null.as_raw_fd(); - dup2(null_fd, io::stdout().as_raw_fd())?; - if std::env::var("LIBAFL_FUZZBENCH_DEBUG").is_err() { - // dup2(null_fd, io::stderr().as_raw_fd())?; - } - } - // reopen file to make sure we're at the end - log.replace(OpenOptions::new().append(true).create(true).open(logfile)?); - - fuzzer.fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr)?; - - // Never reached - Ok(()) -} diff --git a/fuzzers/inprocess/dynamic_analysis/stub_rt.c b/fuzzers/inprocess/dynamic_analysis/stub_rt.c deleted file mode 100644 index 825d6780af..0000000000 --- a/fuzzers/inprocess/dynamic_analysis/stub_rt.c +++ /dev/null @@ -1,34 +0,0 @@ -#include - -__attribute__((weak)) void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, - uint32_t *stop) { -} - -__attribute__((weak)) void __sanitizer_cov_trace_pc_guard(uint32_t *guard) { -} - -__attribute__((weak)) void __cmplog_rtn_hook(uint8_t *ptr1, uint8_t *ptr2) { -} - -__attribute__((weak)) void __cmplog_rtn_gcc_stdstring_cstring( - uint8_t *stdstring, uint8_t *cstring) { -} - -__attribute__((weak)) void __cmplog_rtn_gcc_stdstring_stdstring( - uint8_t *stdstring1, uint8_t *stdstring2) { -} - -__attribute__((weak)) void __cmplog_rtn_llvm_stdstring_cstring( - uint8_t *stdstring, uint8_t *cstring) { -} - -__attribute__((weak)) void __cmplog_rtn_llvm_stdstring_stdstring( - uint8_t *stdstring1, uint8_t *stdstring2) { -} - -extern void libafl_main(void); - -int main(int argc, char **argv) { - libafl_main(); - return 0; -} diff --git a/fuzzers/inprocess/fuzzbench/Justfile b/fuzzers/inprocess/fuzzbench/Justfile new file mode 100644 index 0000000000..4892a9d85f --- /dev/null +++ b/fuzzers/inprocess/fuzzbench/Justfile @@ -0,0 +1,77 @@ +FUZZER_NAME := 'fuzzbench' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME + + +alias build := fuzzer + +alias cc := cxx + +[linux] +[macos] +cxx: + cargo build --profile={{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzz_o: cxx + {{CARGO_TARGET_DIR}}/{{PROFILE_DIR}}/libafl_cc --libafl-no-link -O3 -c fuzz.c -o fuzz.o + +[windows] +fuzz_o: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: cxx fuzz_o + {{CARGO_TARGET_DIR}}/{{PROFILE_DIR}}/libafl_cxx --libafl fuzz.o -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + + +[linux] +[macos] +run: cxx fuzz_o + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + mkdir in || true + echo a > in/a + ./{{FUZZER_NAME}} -o out -i in + +[windows] +run: + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + mkdir in || true + echo a > in/a + # Allow sigterm as exit code + timeout 31s ./{{FUZZER_NAME}} -o out -i in | tee fuzz_stdout.log || true + if grep -qa "objectives: 1" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + rm -rf out || true + rm -rf in || true + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + cargo clean diff --git a/fuzzers/inprocess/fuzzbench/Makefile.toml b/fuzzers/inprocess/fuzzbench/Makefile.toml deleted file mode 100644 index 47b59c49b0..0000000000 --- a/fuzzers/inprocess/fuzzbench/Makefile.toml +++ /dev/null @@ -1,112 +0,0 @@ -[env] -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -FUZZER_NAME = "fuzzer" -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# fuzz.o File -[tasks.fuzz_o] -linux_alias = "fuzz_o_unix" -mac_alias = "fuzz_o_unix" -windows_alias = "unsupported" - -[tasks.fuzz_o_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" -args = ["--libafl-no-link", "-O3", "-c", "fuzz.c", "-o", "fuzz.o"] -dependencies = ["cc", "cxx"] - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = ["--libafl", "fuzz.o", "-o", "${FUZZER_NAME}", "-lm", "-lz"] -dependencies = ["cc", "cxx", "fuzz_o"] - -# Run -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -./${FUZZER_NAME} -o out -i in -''' -dependencies = ["fuzzer"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -# Allow sigterm as exit code -timeout 31s ./${FUZZER_NAME} -o out -i in | tee fuzz_stdout.log || true -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -rm -rf out || true -rm -rf in || true -''' -dependencies = ["fuzzer"] - -# Clean -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -script_runner = "@shell" -script = ''' -rm ./${FUZZER_NAME} || true -rm fuzz.o || true -''' diff --git a/fuzzers/inprocess/fuzzbench_ctx/Justfile b/fuzzers/inprocess/fuzzbench_ctx/Justfile new file mode 100644 index 0000000000..aad1ca4816 --- /dev/null +++ b/fuzzers/inprocess/fuzzbench_ctx/Justfile @@ -0,0 +1,77 @@ +FUZZER_NAME := 'fuzzbench_ctx' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME + + +alias build := fuzzer + +alias cc := cxx + +[linux] +[macos] +cxx: + cargo build --profile={{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzz_o: cxx + {{CARGO_TARGET_DIR}}/{{PROFILE_DIR}}/libafl_cc --libafl-no-link -O3 -c fuzz.c -o fuzz.o + +[windows] +fuzz_o: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: cxx fuzz_o + {{CARGO_TARGET_DIR}}/{{PROFILE_DIR}}/libafl_cxx --libafl fuzz.o -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + + +[linux] +[macos] +run: cxx fuzz_o + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + mkdir in || true + echo a > in/a + ./{{FUZZER_NAME}} -o out -i in + +[windows] +run: + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + mkdir in || true + echo a > in/a + # Allow sigterm as exit code + timeout 31s ./{{FUZZER_NAME}} -o out -i in | tee fuzz_stdout.log || true + if grep -qa "objectives: 1" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + rm -rf out || true + rm -rf in || true + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + cargo clean diff --git a/fuzzers/inprocess/fuzzbench_ctx/Makefile.toml b/fuzzers/inprocess/fuzzbench_ctx/Makefile.toml deleted file mode 100644 index 47b59c49b0..0000000000 --- a/fuzzers/inprocess/fuzzbench_ctx/Makefile.toml +++ /dev/null @@ -1,112 +0,0 @@ -[env] -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -FUZZER_NAME = "fuzzer" -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# fuzz.o File -[tasks.fuzz_o] -linux_alias = "fuzz_o_unix" -mac_alias = "fuzz_o_unix" -windows_alias = "unsupported" - -[tasks.fuzz_o_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" -args = ["--libafl-no-link", "-O3", "-c", "fuzz.c", "-o", "fuzz.o"] -dependencies = ["cc", "cxx"] - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = ["--libafl", "fuzz.o", "-o", "${FUZZER_NAME}", "-lm", "-lz"] -dependencies = ["cc", "cxx", "fuzz_o"] - -# Run -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -./${FUZZER_NAME} -o out -i in -''' -dependencies = ["fuzzer"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -# Allow sigterm as exit code -timeout 31s ./${FUZZER_NAME} -o out -i in | tee fuzz_stdout.log || true -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -rm -rf out || true -rm -rf in || true -''' -dependencies = ["fuzzer"] - -# Clean -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -script_runner = "@shell" -script = ''' -rm ./${FUZZER_NAME} || true -rm fuzz.o || true -''' diff --git a/fuzzers/inprocess/fuzzbench_text/Justfile b/fuzzers/inprocess/fuzzbench_text/Justfile new file mode 100644 index 0000000000..4892a9d85f --- /dev/null +++ b/fuzzers/inprocess/fuzzbench_text/Justfile @@ -0,0 +1,77 @@ +FUZZER_NAME := 'fuzzbench' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME + + +alias build := fuzzer + +alias cc := cxx + +[linux] +[macos] +cxx: + cargo build --profile={{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzz_o: cxx + {{CARGO_TARGET_DIR}}/{{PROFILE_DIR}}/libafl_cc --libafl-no-link -O3 -c fuzz.c -o fuzz.o + +[windows] +fuzz_o: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: cxx fuzz_o + {{CARGO_TARGET_DIR}}/{{PROFILE_DIR}}/libafl_cxx --libafl fuzz.o -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + + +[linux] +[macos] +run: cxx fuzz_o + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + mkdir in || true + echo a > in/a + ./{{FUZZER_NAME}} -o out -i in + +[windows] +run: + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + mkdir in || true + echo a > in/a + # Allow sigterm as exit code + timeout 31s ./{{FUZZER_NAME}} -o out -i in | tee fuzz_stdout.log || true + if grep -qa "objectives: 1" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + rm -rf out || true + rm -rf in || true + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + cargo clean diff --git a/fuzzers/inprocess/fuzzbench_text/Makefile.toml b/fuzzers/inprocess/fuzzbench_text/Makefile.toml deleted file mode 100644 index aa9757af28..0000000000 --- a/fuzzers/inprocess/fuzzbench_text/Makefile.toml +++ /dev/null @@ -1,114 +0,0 @@ -[env] -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -FUZZER_NAME = "fuzzer" -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# fuzz.o File -[tasks.fuzz_o] -linux_alias = "fuzz_o_unix" -mac_alias = "fuzz_o_unix" -windows_alias = "unsupported" - -[tasks.fuzz_o_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" -args = ["--libafl-no-link", "-O3", "-c", "fuzz.c", "-o", "fuzz.o"] -dependencies = ["cc", "cxx"] - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = ["--libafl", "fuzz.o", "-o", "${FUZZER_NAME}", "-lm", "-lz"] -dependencies = ["cc", "cxx", "fuzz_o"] - -# Run -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -# Allow sigterm as exit code -./${FUZZER_NAME} -o out -i in -''' -dependencies = ["fuzzer"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -mkdir in || true -echo a > in/a -# Allow sigterm as exit code -timeout 31s ./${FUZZER_NAME} -o out -i in | tee fuzz_stdout.log || true -cat fuzz_stdout.log -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -rm -rf out || true -rm -rf in || true -''' -dependencies = ["fuzzer"] - -# Clean -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -script_runner = "@shell" -script = ''' -rm ./${FUZZER_NAME} || true -rm fuzz.o || true -''' diff --git a/fuzzers/inprocess/libfuzzer_libmozjpeg/Justfile b/fuzzers/inprocess/libfuzzer_libmozjpeg/Justfile new file mode 100644 index 0000000000..2a5918bcf4 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libmozjpeg/Justfile @@ -0,0 +1,92 @@ +FUZZER_NAME := 'fuzzer_mozjpeg' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +mozjpg: + #!/bin/bash + if [ ! -f v4.0.3.tar.gz ]; then + wget https://github.com/mozilla/mozjpeg/archive/v4.0.3.tar.gz + fi + tar -xzvf v4.0.3.tar.gz + +[windows] +mozjpg: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: mozjpg cxx + #!/bin/bash + cd mozjpeg-4.0.3 && cmake . -DENABLE_SHARED=false -DPNG_SUPPORTED=false -DCMAKE_C_COMPILER="{{LIBAFL_CC}}" -DCMAKE_CXX_COMPILER="{{LIBAFL_CXX}}" -G "Unix Makefiles" + cd {{PROJECT_DIR}} + make -C mozjpeg-4.0.3 + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/mozjpeg-4.0.3/libjpeg.a {{PROJECT_DIR}}/mozjpeg-4.0.3/libturbojpeg.a -I {{PROJECT_DIR}}/mozjpeg-4.0.3/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +run: fuzzer + #!/bin/bash + ./{{FUZZER_NAME}} & + sleep 0.2 + ./{{FUZZER_NAME}} + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + (timeout 31s ./{{FUZZER_NAME}} | tee fuzz_stdout.log 2>/dev/null || true) & + sleep 0.2 + timeout 30s ./{{FUZZER_NAME}} >/dev/null 2>/dev/null || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C mozjpeg-4.0.3 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libmozjpeg/Makefile.toml b/fuzzers/inprocess/libfuzzer_libmozjpeg/Makefile.toml deleted file mode 100644 index d74d288058..0000000000 --- a/fuzzers/inprocess/libfuzzer_libmozjpeg/Makefile.toml +++ /dev/null @@ -1,147 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_mozjpeg' -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -# libpng -[tasks.mozjpeg] -linux_alias = "mozjpeg_unix" -mac_alias = "mozjpeg_unix" -windows_alias = "unsupported" - -[tasks.mozjpeg_unix] -condition = { files_not_exist = ["./mozjpeg-4.0.3"] } -script_runner = "@shell" -script = ''' -wget https://github.com/mozilla/mozjpeg/archive/v4.0.3.tar.gz -tar -xzvf v4.0.3.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script = ''' -cd mozjpeg-4.0.3 && cmake . -DENABLE_SHARED=false -DPNG_SUPPORTED=false -DCMAKE_C_COMPILER="${LIBAFL_CC}" -DCMAKE_CXX_COMPILER="${LIBAFL_CXX}" -G "Unix Makefiles" -cd "${PROJECT_DIR}" -make -C mozjpeg-4.0.3 -''' -dependencies = ["mozjpeg", "cxx", "cc"] - - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/mozjpeg-4.0.3/libjpeg.a", - "${PROJECT_DIR}/mozjpeg-4.0.3/libturbojpeg.a", - "-I", - "${PROJECT_DIR}/mozjpeg-4.0.3/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cxx", "cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} & -sleep 0.2 -./${FUZZER_NAME} -''' -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "test_linux" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_linux] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -(timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log 2>/dev/null || true) & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script = ''' -echo "Skipping build on MacOS as libpng in Github is ancient, see LibAFL GH issue #254" -''' - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C mozjpeg-4.0.3 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_libpng/Justfile b/fuzzers/inprocess/libfuzzer_libpng/Justfile new file mode 100644 index 0000000000..300ebd626a --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libpng/Justfile @@ -0,0 +1,136 @@ +FUZZER_NAME := 'fuzzer_libpng' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_cxx: + cargo build --profile {{PROFILE}} --features=crash + +[windows] +crash_cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_lib: libpng crash_cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +crash_lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_fuzzer: crash_lib crash_cxx + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +crash_fuzzer: + echo "Unsupported on this platform" + + +[linux] +[macos] +run: fuzzer + #!/bin/bash + ./{{FUZZER_NAME}} & + sleep 0.2 + ./{{FUZZER_NAME}} 2>/dev/null + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +crash: crash_fuzzer + #!/bin/bash + ./{{FUZZER_NAME}} & + sleep 0.2 + ./{{FUZZER_NAME}} 2>/dev/null + +[windows] +crash: fuzzer + echo "Unsupported on this platform" + + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + (timeout 31s ./{{FUZZER_NAME}} 2>/dev/null | tee fuzz_stdout.log || true) & + sleep 0.2 + timeout 30s ./{{FUZZER_NAME}} >/dev/null 2>/dev/null || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libpng/Makefile.toml b/fuzzers/inprocess/libfuzzer_libpng/Makefile.toml deleted file mode 100644 index 7b0c8d0213..0000000000 --- a/fuzzers/inprocess/libfuzzer_libpng/Makefile.toml +++ /dev/null @@ -1,221 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libpng' -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.crash_cxx] -linux_alias = "crash_cxx_unix" -mac_alias = "crash_cxx_unix" -windows_alias = "unsupported" - -[tasks.crash_cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -[tasks.crash_cc] -linux_alias = "crash_cc_unix" -mac_alias = "crash_cc_unix" -windows_alias = "unsupported" - -[tasks.crash_cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "cxx", "cc"] - -# Library -[tasks.crash_lib] -linux_alias = "crash_lib_unix" -mac_alias = "crash_lib_unix" -windows_alias = "unsupported" - -[tasks.crash_lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "crash_cxx", "crash_cc"] - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cxx", "cc"] - -# Crashing Harness -[tasks.fuzzer_crash] -linux_alias = "fuzzer_crash_unix" -mac_alias = "fuzzer_crash_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_crash_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}_crash", - "-lm", - "-lz", -] -dependencies = ["crash_lib", "crash_cxx", "crash_cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} & -sleep 0.2 -./${FUZZER_NAME} 2>/dev/null -''' -dependencies = ["fuzzer"] - - -# Run the fuzzer with a crash -[tasks.crash] -linux_alias = "crash_unix" -mac_alias = "crash_unix" -windows_alias = "unsupported" - -[tasks.crash_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME}_crash & -sleep 0.2 -./${FUZZER_NAME}_crash 2>/dev/null -''' -dependencies = ["fuzzer_crash"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -(timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log 2>/dev/null || true) & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -(timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log 2>/dev/null || true) & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_libpng_accounting/Justfile b/fuzzers/inprocess/libfuzzer_libpng_accounting/Justfile new file mode 100644 index 0000000000..c9841d4775 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libpng_accounting/Justfile @@ -0,0 +1,87 @@ +FUZZER_NAME := 'fuzzer_libpng_accounting' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +run: fuzzer + ./{{FUZZER_NAME}} --cores 0 --input ./corpus + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + timeout 31s ./{{FUZZER_NAME}} --cores 0 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libpng_accounting/Makefile.toml b/fuzzers/inprocess/libfuzzer_libpng_accounting/Makefile.toml deleted file mode 100644 index d928de5bbc..0000000000 --- a/fuzzers/inprocess/libfuzzer_libpng_accounting/Makefile.toml +++ /dev/null @@ -1,146 +0,0 @@ -# Variables -[env] -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -FUZZER_NAME = 'fuzzer_libpng_accounting' -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "cxx", "cc"] - - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cxx", "cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} --cores 0 --input ./corpus -''' -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus | tee fuzz_stdout.log 2>/dev/null || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus | tee fuzz_stdout.log 2>/dev/null || true -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_libpng_centralized/Justfile b/fuzzers/inprocess/libfuzzer_libpng_centralized/Justfile new file mode 100644 index 0000000000..8964844244 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libpng_centralized/Justfile @@ -0,0 +1,87 @@ +FUZZER_NAME := 'fuzzer_libpng_centralized' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +run: fuzzer + ./{{FUZZER_NAME}} --cores 0-1 --input ./corpus + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + timeout 31s ./{{FUZZER_NAME}} --cores 0-1 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libpng_centralized/Makefile.toml b/fuzzers/inprocess/libfuzzer_libpng_centralized/Makefile.toml deleted file mode 100644 index 12434f52c0..0000000000 --- a/fuzzers/inprocess/libfuzzer_libpng_centralized/Makefile.toml +++ /dev/null @@ -1,146 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libpng_launcher' -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "cxx", "cc"] - - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cxx", "cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} --cores 0-1 --input ./corpus -''' -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} --cores 0-1 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_libpng_cmin/Justfile b/fuzzers/inprocess/libfuzzer_libpng_cmin/Justfile new file mode 100644 index 0000000000..c1a60eda83 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libpng_cmin/Justfile @@ -0,0 +1,136 @@ +FUZZER_NAME := 'fuzzer_libpng_cmin' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_cxx: + cargo build --profile {{PROFILE}} --features=crash + +[windows] +crash_cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_lib: libpng crash_cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +crash_lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz -lz3 + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_fuzzer: crash_lib crash_cxx + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz -lz3 + +[windows] +crash_fuzzer: + echo "Unsupported on this platform" + + +[linux] +[macos] +run: fuzzer + #!/bin/bash + ./{{FUZZER_NAME}} & + sleep 0.2 + ./{{FUZZER_NAME}} 2>/dev/null + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +crash: crash_fuzzer + #!/bin/bash + ./{{FUZZER_NAME}} & + sleep 0.2 + ./{{FUZZER_NAME}} 2>/dev/null + +[windows] +crash: fuzzer + echo "Unsupported on this platform" + + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + (timeout 31s ./{{FUZZER_NAME}} 2>/dev/null | tee fuzz_stdout.log|| true) & + sleep 0.2 + timeout 30s ./{{FUZZER_NAME}} >/dev/null 2>/dev/null || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libpng_cmin/Makefile.toml b/fuzzers/inprocess/libfuzzer_libpng_cmin/Makefile.toml deleted file mode 100644 index d1bf2aaec3..0000000000 --- a/fuzzers/inprocess/libfuzzer_libpng_cmin/Makefile.toml +++ /dev/null @@ -1,223 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libpng' -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.crash_cxx] -linux_alias = "crash_cxx_unix" -mac_alias = "crash_cxx_unix" -windows_alias = "unsupported" - -[tasks.crash_cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -[tasks.crash_cc] -linux_alias = "crash_cc_unix" -mac_alias = "crash_cc_unix" -windows_alias = "unsupported" - -[tasks.crash_cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "cxx", "cc"] - -# Library -[tasks.crash_lib] -linux_alias = "crash_lib_unix" -mac_alias = "crash_lib_unix" -windows_alias = "unsupported" - -[tasks.crash_lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "crash_cxx", "crash_cc"] - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", - "-lz3", -] -dependencies = ["lib", "cxx", "cc"] - -# Crashing Harness -[tasks.fuzzer_crash] -linux_alias = "fuzzer_crash_unix" -mac_alias = "fuzzer_crash_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_crash_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}_crash", - "-lm", - "-lz", - "-lz3", -] -dependencies = ["crash_lib", "crash_cxx", "crash_cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} & -sleep 0.2 -./${FUZZER_NAME} 2>/dev/null -''' -dependencies = ["fuzzer"] - - -# Run the fuzzer with a crash -[tasks.crash] -linux_alias = "crash_unix" -mac_alias = "crash_unix" -windows_alias = "unsupported" - -[tasks.crash_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME}_crash & -sleep 0.2 -./${FUZZER_NAME}_crash 2>/dev/null -''' -dependencies = ["fuzzer_crash"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_libpng_launcher/Justfile b/fuzzers/inprocess/libfuzzer_libpng_launcher/Justfile new file mode 100644 index 0000000000..fcea5b1df3 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libpng_launcher/Justfile @@ -0,0 +1,88 @@ +FUZZER_NAME := 'fuzzer_libpng_launcher' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" +LIBTOOL := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_libtool" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && CC={{LIBAFL_CC}} CXX={{LIBAFL_CXX}} ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" LIBTOOL="{{LIBTOOL}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +run: fuzzer + ./{{FUZZER_NAME}}.coverage --broker-port 21337 --cores 0 --input ./corpus + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + timeout 31s ./{{FUZZER_NAME}}.coverage --broker-port 21337 --cores 0 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libpng_launcher/Makefile.toml b/fuzzers/inprocess/libfuzzer_libpng_launcher/Makefile.toml deleted file mode 100644 index 3dc75f27f3..0000000000 --- a/fuzzers/inprocess/libfuzzer_libpng_launcher/Makefile.toml +++ /dev/null @@ -1,147 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libpng_launcher' -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -LIBAFL_LIBTOOL = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_libtool' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" LIBTOOL=${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_libtool -''' -dependencies = ["libpng", "cxx", "cc"] - - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cxx", "cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME}.coverage --broker-port 21337 --cores 0 --input ./corpus -''' -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME}.coverage --broker-port 21337 --cores 0 --input ./corpus | tee fuzz_stdout.log || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_libpng_norestart/Justfile b/fuzzers/inprocess/libfuzzer_libpng_norestart/Justfile new file mode 100644 index 0000000000..73712606a8 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libpng_norestart/Justfile @@ -0,0 +1,130 @@ +FUZZER_NAME := 'fuzzer_libpng_norestart' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_cxx: + cargo build --profile {{PROFILE}} --features=crash + +[windows] +crash_cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_lib: libpng crash_cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +crash_lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +crash_fuzzer: crash_lib crash_cxx + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +crash_fuzzer: + echo "Unsupported on this platform" + + +[linux] +[macos] +run: fuzzer + #!/bin/bash + ./{{FUZZER_NAME}} --cores 0 --input ./corpus + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +crash: crash_fuzzer + #!/bin/bash + ./{{FUZZER_NAME}} --cores 0 --input ./corpus + +[windows] +crash: fuzzer + echo "Unsupported on this platform" + + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + timeout 31s ./{{FUZZER_NAME}} --cores 0 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libpng_norestart/Makefile.toml b/fuzzers/inprocess/libfuzzer_libpng_norestart/Makefile.toml deleted file mode 100644 index 5769da2f63..0000000000 --- a/fuzzers/inprocess/libfuzzer_libpng_norestart/Makefile.toml +++ /dev/null @@ -1,135 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libpng_launcher' -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "cc"] - - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -rm -rf corpus/ || true -mkdir corpus/ || true -cp seeds/* corpus/ || true -./${FUZZER_NAME} --cores 0 --input ./corpus -''' -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -rm -rf corpus/ || true -mkdir corpus/ || true -cp seeds/* corpus/ || true -timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -rf corpus/ || true -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty.png b/fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty.png similarity index 100% rename from fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty.png rename to fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty.png diff --git a/fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty_alpha.png b/fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty_alpha.png similarity index 100% rename from fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty_alpha.png rename to fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty_alpha.png diff --git a/fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty_gamma.png b/fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty_gamma.png similarity index 100% rename from fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty_gamma.png rename to fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty_gamma.png diff --git a/fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty_icc.png b/fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty_icc.png similarity index 100% rename from fuzzers/inprocess/libfuzzer_libpng_norestart/seeds/not_kitty_icc.png rename to fuzzers/inprocess/libfuzzer_libpng_norestart/corpus/not_kitty_icc.png diff --git a/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/Justfile b/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/Justfile new file mode 100644 index 0000000000..fd86cd39e8 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/Justfile @@ -0,0 +1,87 @@ +FUZZER_NAME := 'fuzzer_libpng_tcp_manager' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +run: fuzzer + ./{{FUZZER_NAME}} --cores 0-1 --input ./corpus + +[windows] +run: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + timeout 31s ./{{FUZZER_NAME}} --cores 0-1 --input ./corpus 2>/dev/null | tee fuzz_stdout.log || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/Makefile.toml b/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/Makefile.toml deleted file mode 100644 index 7b0c8d0213..0000000000 --- a/fuzzers/inprocess/libfuzzer_libpng_tcp_manager/Makefile.toml +++ /dev/null @@ -1,221 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libpng' -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.crash_cxx] -linux_alias = "crash_cxx_unix" -mac_alias = "crash_cxx_unix" -windows_alias = "unsupported" - -[tasks.crash_cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -[tasks.crash_cc] -linux_alias = "crash_cc_unix" -mac_alias = "crash_cc_unix" -windows_alias = "unsupported" - -[tasks.crash_cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}", "--features=crash"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "cxx", "cc"] - -# Library -[tasks.crash_lib] -linux_alias = "crash_lib_unix" -mac_alias = "crash_lib_unix" -windows_alias = "unsupported" - -[tasks.crash_lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "crash_cxx", "crash_cc"] - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cxx", "cc"] - -# Crashing Harness -[tasks.fuzzer_crash] -linux_alias = "fuzzer_crash_unix" -mac_alias = "fuzzer_crash_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_crash_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}_crash", - "-lm", - "-lz", -] -dependencies = ["crash_lib", "crash_cxx", "crash_cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} & -sleep 0.2 -./${FUZZER_NAME} 2>/dev/null -''' -dependencies = ["fuzzer"] - - -# Run the fuzzer with a crash -[tasks.crash] -linux_alias = "crash_unix" -mac_alias = "crash_unix" -windows_alias = "unsupported" - -[tasks.crash_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME}_crash & -sleep 0.2 -./${FUZZER_NAME}_crash 2>/dev/null -''' -dependencies = ["fuzzer_crash"] - - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -(timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log 2>/dev/null || true) & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -(timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log 2>/dev/null || true) & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_stb_image/Justfile b/fuzzers/inprocess/libfuzzer_stb_image/Justfile new file mode 100644 index 0000000000..2d72d2b5ec --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_stb_image/Justfile @@ -0,0 +1,52 @@ +FUZZER_NAME := 'libfuzzer_stb_image' +PROJECT_DIR := absolute_path(".") +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } + +EXTENSION := if os() == "windows" {".exe"} else { "" } +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" + EXTENSION +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + EXTENSION + +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME + EXTENSION + +alias cc := cxx + +cxx: + cargo build --profile {{PROFILE}} + +fuzzer: cxx + #!/bin/bash + cargo build --profile {{PROFILE}} + cp {{FUZZER}} . + +[linux] +[macos] +run: fuzzer + #!/bin/bash + ./{{FUZZER}} & + sleep 0.2 + +[windows] +run: fuzzer + echo "Not integrated into cargo-make yet." + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + (timeout 31s ./{{FUZZER_NAME}} | tee fuzz_stdout.log 2>/dev/null || true) & + sleep 0.2 + timeout 30s ./{{FUZZER_NAME}} >/dev/null 2>/dev/null || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +clean: + #!/bin/bash + rm -f {{FUZZER_NAME}} + cargo clean \ No newline at end of file diff --git a/fuzzers/inprocess/libfuzzer_stb_image/Makefile.toml b/fuzzers/inprocess/libfuzzer_stb_image/Makefile.toml deleted file mode 100644 index 39a7908a60..0000000000 --- a/fuzzers/inprocess/libfuzzer_stb_image/Makefile.toml +++ /dev/null @@ -1,106 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'libfuzzer_stb_image' -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release" } -PROFILE_DIR = { value = "release" } -LIBAFL_CC = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc', mapping = { "windows" = '.\\target\\${PROFILE_DIR}\\libafl_cc.exe' } } -LIBAFL_CXX = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx', mapping = { "windows" = '.\\target\\${PROFILE_DIR}\\libafl_cxx.exe' } } -FUZZER = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libfuzzer_stb_image', mapping = { "windows" = '.\\target\\${PROFILE_DIR}\\libfuzzer_stb_image.exe' } } - -# Compilers -[tasks.cxx] -condition = { files_not_exist = ["${LIBAFL_CXX}"] } -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -condition = { files_not_exist = ["${LIBAFL_CC}"] } -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - - -# Build the fuzzer -[tasks.fuzzer] -script_runner = "@shell" -script = ''' -cargo build --profile ${PROFILE} -cp ${FUZZER} . -''' -dependencies = ["cc", "cxx"] - -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "run_windows" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} & -sleep 0.2 -./${FUZZER_NAME} -''' -dependencies = ["fuzzer"] - -[tasks.run_windows] -# Do nothing -script_runner = "@shell" -script = ''' -echo "Not integrated into cargo-make yet." -''' -dependencies = ["fuzzer"] - - -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "test_windows" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -(timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log 2>/dev/null || true) & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -(timeout 31s ./${FUZZER_NAME} | tee fuzz_stdout.log 2>/dev/null || true) & -sleep 0.2 -timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true -''' -dependencies = ["fuzzer"] - -[tasks.test_windows] -# Do nothing -script_runner = "@shell" -script = ''' -echo "Not integrated into cargo-make yet." -''' -dependencies = ["fuzzer"] - - -# Clean up -[tasks.clean] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_stb_image_sugar/Justfile b/fuzzers/inprocess/libfuzzer_stb_image_sugar/Justfile new file mode 100644 index 0000000000..0d35f536c6 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_stb_image_sugar/Justfile @@ -0,0 +1,52 @@ +FUZZER_NAME := 'libfuzzer_stb_image_sugar' +PROJECT_DIR := absolute_path(".") +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } + +EXTENSION := if os() == "windows" {".exe"} else { "" } +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" + EXTENSION +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + EXTENSION + +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME + EXTENSION + +alias cc := cxx + +cxx: + cargo build --profile {{PROFILE}} + +fuzzer: cxx + #!/bin/bash + cargo build --profile {{PROFILE}} + cp {{FUZZER}} . + +[linux] +[macos] +run: fuzzer + #!/bin/bash + ./{{FUZZER}} & + sleep 0.2 + +[windows] +run: fuzzer + echo "Not integrated into cargo-make yet." + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + (timeout 31s ./{{FUZZER_NAME}} | tee fuzz_stdout.log 2>/dev/null || true) & + sleep 0.2 + timeout 30s ./{{FUZZER_NAME}} >/dev/null 2>/dev/null || true + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +clean: + #!/bin/bash + rm -f {{FUZZER_NAME}} + cargo clean diff --git a/fuzzers/inprocess/libfuzzer_stb_image_sugar/Makefile.toml b/fuzzers/inprocess/libfuzzer_stb_image_sugar/Makefile.toml deleted file mode 100644 index e4a2111eb2..0000000000 --- a/fuzzers/inprocess/libfuzzer_stb_image_sugar/Makefile.toml +++ /dev/null @@ -1,92 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'libfuzzer_stb_image_sugar' -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release" } -PROFILE_DIR = { value = "release" } -LIBAFL_CC = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc", mapping = { "windows" = '.\\target\\${PROFILE_DIR}\\libafl_cc.exe' } } -LIBAFL_CXX = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx", mapping = { "windows" = '.\\target\\${PROFILE_DIR}\\libafl_cxx.exe' } } -FUZZER = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libfuzzer_stb_image_sugar", mapping = { "windows" = '.\\target\\${PROFILE_DIR}\\libfuzzer_stb_image_sugar.exe' } } - -# Compilers -[tasks.cxx] -condition = { files_not_exist = ["${LIBAFL_CXX}"] } -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -condition = { files_not_exist = ["${LIBAFL_CC}"] } -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - - -# Build the fuzzer -[tasks.fuzzer] -script_runner = "@shell" -script = ''' -cargo build --profile ${PROFILE} -cp ${FUZZER} . -''' -dependencies = ["cc", "cxx"] - -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "run_windows" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} & -''' -dependencies = ["fuzzer"] - -[tasks.run_windows] -# Do nothing -script_runner = "@shell" -script = ''' -echo "Not integrated into cargo-make yet." -''' -dependencies = ["fuzzer"] - - -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "test_windows" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} 2>/dev/null | tee fuzz_stdout.log || true -if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -else - echo "Fuzzer is working" -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_windows] -# Do nothing -script_runner = "@shell" -script = ''' -echo "Not integrated into cargo-make yet." -''' -dependencies = ["fuzzer"] - - -# Clean up -[tasks.clean] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -cargo clean -''' diff --git a/fuzzers/inprocess/libfuzzer_windows_asan/Justfile b/fuzzers/inprocess/libfuzzer_windows_asan/Justfile new file mode 100644 index 0000000000..1340cab069 --- /dev/null +++ b/fuzzers/inprocess/libfuzzer_windows_asan/Justfile @@ -0,0 +1,57 @@ +FUZZER_NAME := 'libfuzzer_windows_asan' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +LIBAFL_CXX := CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + +set shell := ["cmd.exe", "/c"] + +alias cc := cxx + +[windows] +cxx: + cargo build --profile {{PROFILE}} + +[linux] +[macos] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +fuzzer: cxx + .\target\{{PROFILE}}\libafl_cxx .\harness.cpp -o {{FUZZER_NAME}}.exe + +[linux] +[macos] +fuzzer: + echo "Unsupported on this platform" + + +[windows] +test: fuzzer + start {{FUZZER_NAME}}.exe + start {{FUZZER_NAME}}.exe + ping -n 10 127.0.0.1>NUL && taskkill /im {{FUZZER_NAME}}.exe /F + dir /a-d crashes && (echo Files exist) || (exit /b 1337) + +[linux] +[macos] +test: + echo "Unsupported on this platform" + + +[windows] +clean: + del ./{{FUZZER_NAME}} + cargo clean + +[linux] +[macos] +clean: + echo "Unsupported on this platform" \ No newline at end of file diff --git a/fuzzers/inprocess/libfuzzer_windows_asan/Makefile.toml b/fuzzers/inprocess/libfuzzer_windows_asan/Makefile.toml deleted file mode 100644 index 1c330a0bd2..0000000000 --- a/fuzzers/inprocess/libfuzzer_windows_asan/Makefile.toml +++ /dev/null @@ -1,109 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'libfuzzer_windows_asan' -CARGO_TARGET_DIR = { value = "./target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Compilers -[tasks.cxx] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "cxx_unix" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "cc_unix" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.crash_cxx] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.crash_cc] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "unsupported" - -# Library -[tasks.lib] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "lib_unix" - -[tasks.lib_unix] -dependencies = ["cxx", "cc"] - -# Harness -[tasks.fuzzer] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "fuzzer_windows" - -[tasks.fuzzer_windows] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = ["./harness.cpp", "-o", "${FUZZER_NAME}.exe"] -dependencies = ["lib", "cxx", "cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "run_windows" # TODO - -[tasks.run_windows] -script_runner = "@shell" -script = ''' -''' -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "test_windows" # TODO - -[tasks.test_windows] -script_runner = "@shell" -script = ''' -start "" "${FUZZER_NAME}.exe" -start "" "${FUZZER_NAME}.exe" -#ping is for timeout -ping -n 10 127.0.0.1>NUL && taskkill /im ${FUZZER_NAME}.exe /F ->nul 2>nul dir /a-d "crashes\*" && (echo Files exist) || (exit /b 1337) -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "clean_windows" - -[tasks.clean_windows] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -del ./${FUZZER_NAME} -cargo clean -''' diff --git a/fuzzers/structure_aware/libfuzzer_stb_image_concolic/Makefile.toml b/fuzzers/structure_aware/libfuzzer_stb_image_concolic/Makefile.toml deleted file mode 100644 index b9ea9e9d06..0000000000 --- a/fuzzers/structure_aware/libfuzzer_stb_image_concolic/Makefile.toml +++ /dev/null @@ -1,61 +0,0 @@ -# Variables -[env] -PROJECT_DIR = { script = ["pwd"] } -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release" } -PROFILE_DIR = { value = "release" } -FUZZER_NAME = 'libfuzzer_stb_image_concolic' - -# Compilers -[tasks.runtime] -linux_alias = "runtime_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.runtime_unix] -condition = { files_not_exist = ["${CARGO_TARGET_DIR}/libSymRuntime.so"] } -script_runner = "@shell" -script = ''' -cd runtime -cargo build --profile ${PROFILE} -''' - -# Build the fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -dependencies = ["runtime"] -script_runner = "@shell" -script = ''' -cd fuzzer -cargo build --profile ${PROFILE} -''' - -[tasks.test] -alias = "fuzzer" - -[tasks.unsupported] -# Do nothing -script_runner = "@shell" -script = ''' -echo "Not supported on this platform." -''' - -# Clean up -[tasks.clean] -# Disable default `clean` definition -clear = true -script = ''' -cd fuzzer -cargo clean -cd .. -cd ./runtime -cargo clean -cd .. -cargo clean -''' diff --git a/fuzzers/structure_aware/nautilus_sync/Justfile b/fuzzers/structure_aware/nautilus_sync/Justfile new file mode 100644 index 0000000000..bf2daf32a0 --- /dev/null +++ b/fuzzers/structure_aware/nautilus_sync/Justfile @@ -0,0 +1,97 @@ +FUZZER_NAME := 'fuzzer_libpng_nautilus' +PROJECT_DIR := absolute_path(".") +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "release" { "release" } else if PROFILE == "dev" { "debug" } else { "debug" } +CARGO_TARGET_DIR := env("CARGO_TARGET_DIR", "target") +FUZZER := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / FUZZER_NAME +LIBAFL_CC := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cc" +LIBAFL_CXX := PROJECT_DIR / CARGO_TARGET_DIR / PROFILE_DIR / "libafl_cxx" + + +alias cc := cxx + +[linux] +[macos] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[windows] +libpng: + echo "Unsupported on this platform" + +[linux] +[macos] +cxx: + cargo build --profile {{PROFILE}} + +[windows] +cxx: + echo "Unsupported on this platform" + +[linux] +[macos] +lib: libpng cxx + #!/bin/bash + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + cd {{PROJECT_DIR}} + make -C libpng-1.6.37 CC="{{LIBAFL_CC}}" CXX="{{LIBAFL_CXX}}" + +[windows] +lib: + echo "Unsupported on this platform" + +[linux] +[macos] +fuzzer: lib cxx + pwd + {{LIBAFL_CXX}} {{PROJECT_DIR}}/harness.cc {{PROJECT_DIR}}/libpng-1.6.37/.libs/libpng16.a -I {{PROJECT_DIR}}/libpng-1.6.37/ -o {{FUZZER_NAME}} -lm -lz + +[windows] +fuzzer: + echo "Unsupported on this platform" + +[linux] +[macos] +run: fuzzer + ./{{FUZZER_NAME}} --cores 0 + +[windows] +run: fuzzer + echo "Unsupported on this platform" + + +[linux] +[macos] +run_unix_sync: fuzzer + ./{{FUZZER_NAME}} --cores 0 -b 1337 + +[windows] +run_unix_sync: fuzzer + echo "Unsupported on this platform" + +[linux] +[macos] +test: fuzzer + #!/bin/bash + rm -rf libafl_unix_shmem_server || true + timeout 31s ./{{FUZZER_NAME}} --cores 0 2>/dev/null | tee fuzz_stdout.log || true + if grep -qa "corpus: 8" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +test: fuzzer + echo "Unsupported on this platform" + +clean: + rm -rf {{FUZZER_NAME}} + make -C libpng-1.6.37 clean || true + cargo clean + diff --git a/fuzzers/structure_aware/nautilus_sync/Makefile.toml b/fuzzers/structure_aware/nautilus_sync/Makefile.toml deleted file mode 100644 index 430268092d..0000000000 --- a/fuzzers/structure_aware/nautilus_sync/Makefile.toml +++ /dev/null @@ -1,154 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'fuzzer_libpng_nautilus' -CARGO_TARGET_DIR = { value = "${PROJECT_DIR}/target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -LIBAFL_CC = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc' -LIBAFL_CXX = '${CARGO_TARGET_DIR}/${PROFILE}/libafl_cxx' -FUZZER = '${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME}' -PROJECT_DIR = { script = ["pwd"] } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Compilers -[tasks.cxx] -linux_alias = "cxx_unix" -mac_alias = "cxx_unix" -windows_alias = "unsupported" - -[tasks.cxx_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.cc] -linux_alias = "cc_unix" -mac_alias = "cc_unix" -windows_alias = "unsupported" - -[tasks.cc_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd "${PROJECT_DIR}" -cp ../../structure_aware/baby_fuzzer_nautilus/grammar.json . -make -C libpng-1.6.37 CC="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cc" CXX="${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -''' -dependencies = ["libpng", "cxx", "cc"] - - -# Harness -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "${CARGO_TARGET_DIR}/${PROFILE_DIR}/libafl_cxx" -args = [ - "${PROJECT_DIR}/../../inprocess/libfuzzer_libpng/harness.cc", - "${PROJECT_DIR}/libpng-1.6.37/.libs/libpng16.a", - "-I", - "${PROJECT_DIR}/libpng-1.6.37/", - "-o", - "${FUZZER_NAME}", - "-lm", - "-lz", -] -dependencies = ["lib", "cxx", "cc"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} --cores 0 -''' -dependencies = ["fuzzer"] - -[tasks.run_unix_sync] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} --cores 0 -b 1337 -''' -dependencies = ["fuzzer"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} --cores 0 | tee fuzz_stdout.log 2>/dev/null || true -if grep -qa "corpus: 8" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer"] - -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 31s ./${FUZZER_NAME} --cores 0 | tee fuzz_stdout.log 2>/dev/null || true -''' -dependencies = ["fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/structure_aware/nautilus_sync/grammar.json b/fuzzers/structure_aware/nautilus_sync/grammar.json new file mode 100644 index 0000000000..f6fff6782b --- /dev/null +++ b/fuzzers/structure_aware/nautilus_sync/grammar.json @@ -0,0 +1,1184 @@ +[ + ["RUBY","a=0\nb=\"asdfasdfasdf adaf asdf asdfa sdf asdfasdfasdfa sdf\"\nc=\\{1=>1, 2=>\"foo\", \"foo\"=>nil, nil=> nil\\}\nd=[1,nil,\" sdfg\"]\nsrand(1337)\n{PROGRAM}"], + ["PROGRAM","{STATEMENT}{NEWLINE}{PROGRAM}"], + ["PROGRAM",""], + + ["STATEMENT", "def {VAR}.{IDENTIFIER}({ARGS}){NEWLINE}{PROGRAM} end"], + ["STATEMENT","{VAR} = {VAR}.{IDENTIFIER}({ARGS})\\{|{ARGS}| {PROGRAM} \\}"], + ["STATEMENT","{VAR} = {IDENTIFIER}.{IDENTIFIER}({ARGS})\\{|{ARGS}| {PROGRAM} \\}"], + ["STATEMENT","{VAR} = {VAL}"], + ["STATEMENT","return {VAR}"], + ["STATEMENT","raise {VAR}"], + ["STATEMENT","yield {VAR}"], + ["STATEMENT","continue {VAR}"], + ["STATEMENT","break {VAR}"], + ["STATEMENT","next {VAR}"], + + ["VAR","a"], + ["VAR","b"], + ["VAR","c"], + ["VAR","d"], + + ["ARGS",""], + ["ARGS","{VAR}"], + ["ARGS","{VAR},{ARGS}"], + + ["VAL","\"foo\""], + ["VAL","\"foobadsfdsfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasfd\""], + ["VAL","1"], + ["VAL","0"], + ["VAL","0.0"], + ["VAL","nil"], + ["VAL","true"], + ["VAL","false"], + ["VAL","/foo/"], + ["VAL","({VAL}..{VAL})"], + ["VAL","[]"], + ["VAL","[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,nil]"], + ["VAL","{}"], + + ["NEWLINE","\n"], + + ["IDENTIFIER","abcdef0123456789ABCDEF"], + ["IDENTIFIER","abcdefghijklmnopqrstuvwxyz"], + ["IDENTIFIER","abort"], + ["IDENTIFIER","abs"], + ["IDENTIFIER","accept"], + ["IDENTIFIER","acos"], + ["IDENTIFIER","acosh"], + ["IDENTIFIER","address"], + ["IDENTIFIER","alias"], + ["IDENTIFIER","alias_method"], + ["IDENTIFIER","allocation"], + ["IDENTIFIER","all_symbols"], + ["IDENTIFIER","ancestors"], + ["IDENTIFIER","and"], + ["IDENTIFIER","anum"], + ["IDENTIFIER","append"], + ["IDENTIFIER","append_features"], + ["IDENTIFIER","Apr"], + ["IDENTIFIER","aref_args"], + ["IDENTIFIER","arg"], + ["IDENTIFIER","arg0"], + ["IDENTIFIER","arg1"], + ["IDENTIFIER","arg2"], + ["IDENTIFIER","arg_rhs"], + ["IDENTIFIER","args"], + ["IDENTIFIER","argument"], + ["IDENTIFIER","ArgumentError"], + ["IDENTIFIER","arguments"], + ["IDENTIFIER","argv"], + ["IDENTIFIER","ARGV"], + ["IDENTIFIER","arity"], + ["IDENTIFIER","array"], + ["IDENTIFIER","Array"], + ["IDENTIFIER","ary"], + ["IDENTIFIER","__ary_cmp"], + ["IDENTIFIER","ary_concat"], + ["IDENTIFIER","__ary_eq"], + ["IDENTIFIER","ary_F"], + ["IDENTIFIER","__ary_index"], + ["IDENTIFIER","ary_replace"], + ["IDENTIFIER","ary_T"], + ["IDENTIFIER","asctime"], + ["IDENTIFIER","asin"], + ["IDENTIFIER","asinh"], + ["IDENTIFIER","__assert_fail"], + ["IDENTIFIER","assignment"], + ["IDENTIFIER","assoc"], + ["IDENTIFIER","assoc_list"], + ["IDENTIFIER","assocs"], + ["IDENTIFIER","assumed"], + ["IDENTIFIER","at"], + ["IDENTIFIER","atan"], + ["IDENTIFIER","atan2"], + ["IDENTIFIER","atanh"], + ["IDENTIFIER","__attached__"], + ["IDENTIFIER","attr"], + ["IDENTIFIER","attr_accessor"], + ["IDENTIFIER","attr_reader"], + ["IDENTIFIER","attrsym"], + ["IDENTIFIER","attr_writer"], + ["IDENTIFIER","available"], + ["IDENTIFIER","backref"], + ["IDENTIFIER","backtrace"], + ["IDENTIFIER","Backtrace"], + ["IDENTIFIER","BasicObject"], + ["IDENTIFIER","basic_symbol"], + ["IDENTIFIER","beg"], + ["IDENTIFIER","begin"], + ["IDENTIFIER","BEGIN"], + ["IDENTIFIER","big"], + ["IDENTIFIER","BIT"], + ["IDENTIFIER","blkarg_mark"], + ["IDENTIFIER","block"], + ["IDENTIFIER","block_arg"], + ["IDENTIFIER","block_call"], + ["IDENTIFIER","block_command"], + ["IDENTIFIER","block_param"], + ["IDENTIFIER","block_param_def"], + ["IDENTIFIER","BMATZ0000IREP"], + ["IDENTIFIER","body"], + ["IDENTIFIER","bodystmt"], + ["IDENTIFIER","boundary"], + ["IDENTIFIER","brace_block"], + ["IDENTIFIER","break"], + ["IDENTIFIER","bsearch"], + ["IDENTIFIER","bsearch_index"], + ["IDENTIFIER","buf"], + ["IDENTIFIER","bvar"], + ["IDENTIFIER","bv_decls"], + ["IDENTIFIER","byte"], + ["IDENTIFIER","bytes"], + ["IDENTIFIER","bytesize"], + ["IDENTIFIER","byteslice"], + ["IDENTIFIER","call"], + ["IDENTIFIER","call_args"], + ["IDENTIFIER","caller"], + ["IDENTIFIER","call_op"], + ["IDENTIFIER","call_op2"], + ["IDENTIFIER","capitalize"], + ["IDENTIFIER","case"], + ["IDENTIFIER","case_body"], + ["IDENTIFIER","casecmp"], + ["IDENTIFIER","__case_eqq"], + ["IDENTIFIER","cases"], + ["IDENTIFIER","cbrt"], + ["IDENTIFIER","cdr"], + ["IDENTIFIER","ceil"], + ["IDENTIFIER","change_gen_gc_mode"], + ["IDENTIFIER","character"], + ["IDENTIFIER","chars"], + ["IDENTIFIER","chomp"], + ["IDENTIFIER","chop"], + ["IDENTIFIER","chr"], + ["IDENTIFIER","clamp"], + ["IDENTIFIER","Class"], + ["IDENTIFIER","class_eval"], + ["IDENTIFIER","__classname__"], + ["IDENTIFIER","class_variable_get"], + ["IDENTIFIER","class_variables"], + ["IDENTIFIER","class_variable_set"], + ["IDENTIFIER","clause"], + ["IDENTIFIER","clear_all_old"], + ["IDENTIFIER","clone"], + ["IDENTIFIER","closure"], + ["IDENTIFIER","cLVAR"], + ["IDENTIFIER","cmd_brace_block"], + ["IDENTIFIER","cmp"], + ["IDENTIFIER","cname"], + ["IDENTIFIER","codegen"], + ["IDENTIFIER","codepoints"], + ["IDENTIFIER","collect"], + ["IDENTIFIER","collect_concat"], + ["IDENTIFIER","color"], + ["IDENTIFIER","column_count"], + ["IDENTIFIER","column_index"], + ["IDENTIFIER","combination"], + ["IDENTIFIER","comma"], + ["IDENTIFIER","command"], + ["IDENTIFIER","command_args"], + ["IDENTIFIER","command_asgn"], + ["IDENTIFIER","command_call"], + ["IDENTIFIER","command_rhs"], + ["IDENTIFIER","compact"], + ["IDENTIFIER","Comparable"], + ["IDENTIFIER","compile"], + ["IDENTIFIER","compstmt"], + ["IDENTIFIER","concat"], + ["IDENTIFIER","constant"], + ["IDENTIFIER","CONSTANT"], + ["IDENTIFIER","constants"], + ["IDENTIFIER","const_get"], + ["IDENTIFIER","const_missing"], + ["IDENTIFIER","const_set"], + ["IDENTIFIER","cont"], + ["IDENTIFIER","context"], + ["IDENTIFIER","copyright"], + ["IDENTIFIER","corrupted"], + ["IDENTIFIER","cos"], + ["IDENTIFIER","cosh"], + ["IDENTIFIER","count"], + ["IDENTIFIER","count_objects"], + ["IDENTIFIER","cpath"], + ["IDENTIFIER","ctime"], + ["IDENTIFIER","__ctype_b_loc"], + ["IDENTIFIER","curr"], + ["IDENTIFIER","current"], + ["IDENTIFIER","curry"], + ["IDENTIFIER","cycle"], + ["IDENTIFIER","Data"], + ["IDENTIFIER","day"], + ["IDENTIFIER","debug_info"], + ["IDENTIFIER","Dec"], + ["IDENTIFIER","deep"], + ["IDENTIFIER","def"], + ["IDENTIFIER","default"], + ["IDENTIFIER","DEFAULT"], + ["IDENTIFIER","default_proc"], + ["IDENTIFIER","defined"], + ["IDENTIFIER","define_method"], + ["IDENTIFIER","define_singleton_method"], + ["IDENTIFIER","__delete"], + ["IDENTIFIER","delete"], + ["IDENTIFIER","delete_at"], + ["IDENTIFIER","delete_if"], + ["IDENTIFIER","delete_prefix"], + ["IDENTIFIER","delete_suffix"], + ["IDENTIFIER","Deleting"], + ["IDENTIFIER","depth"], + ["IDENTIFIER","detect"], + ["IDENTIFIER","detected"], + ["IDENTIFIER","developers"], + ["IDENTIFIER","differs"], + ["IDENTIFIER","digit"], + ["IDENTIFIER","digits"], + ["IDENTIFIER","disable"], + ["IDENTIFIER","disabled"], + ["IDENTIFIER","discarding"], + ["IDENTIFIER","div"], + ["IDENTIFIER","divmod"], + ["IDENTIFIER","do"], + ["IDENTIFIER","do_block"], + ["IDENTIFIER","DomainError"], + ["IDENTIFIER","dot"], + ["IDENTIFIER","dot_or_colon"], + ["IDENTIFIER","downcase"], + ["IDENTIFIER","downto"], + ["IDENTIFIER","drop"], + ["IDENTIFIER","dropped"], + ["IDENTIFIER","dropping"], + ["IDENTIFIER","drop_while"], + ["IDENTIFIER","dump"], + ["IDENTIFIER","dup"], + ["IDENTIFIER","each"], + ["IDENTIFIER","each_byte"], + ["IDENTIFIER","each_char"], + ["IDENTIFIER","each_codepoint"], + ["IDENTIFIER","each_cons"], + ["IDENTIFIER","each_index"], + ["IDENTIFIER","each_key"], + ["IDENTIFIER","each_line"], + ["IDENTIFIER","each_object"], + ["IDENTIFIER","each_pair"], + ["IDENTIFIER","each_slice"], + ["IDENTIFIER","each_value"], + ["IDENTIFIER","each_with_index"], + ["IDENTIFIER","each_with_object"], + ["IDENTIFIER","ecall"], + ["IDENTIFIER","elem"], + ["IDENTIFIER","else"], + ["IDENTIFIER","elsif"], + ["IDENTIFIER","en"], + ["IDENTIFIER","enable"], + ["IDENTIFIER","__ENCODING__"], + ["IDENTIFIER","end"], + ["IDENTIFIER","__END__"], + ["IDENTIFIER","END"], + ["IDENTIFIER","ensure"], + ["IDENTIFIER","entries"], + ["IDENTIFIER","Enumerable"], + ["IDENTIFIER","enumerator"], + ["IDENTIFIER","Enumerator"], + ["IDENTIFIER","enumerator_block_call"], + ["IDENTIFIER","enum_for"], + ["IDENTIFIER","enums"], + ["IDENTIFIER","env"], + ["IDENTIFIER","erf"], + ["IDENTIFIER","erfc"], + ["IDENTIFIER","__errno_location"], + ["IDENTIFIER","error"], + ["IDENTIFIER","escape"], + ["IDENTIFIER","ETIR"], + ["IDENTIFIER","ETIR0004Ci"], + ["IDENTIFIER","exception"], + ["IDENTIFIER","Exception"], + ["IDENTIFIER","exc_list"], + ["IDENTIFIER","exc_var"], + ["IDENTIFIER","exhausted"], + ["IDENTIFIER","exp"], + ["IDENTIFIER","expected"], + ["IDENTIFIER","expr"], + ["IDENTIFIER","expression"], + ["IDENTIFIER","expr_value"], + ["IDENTIFIER","extend"], + ["IDENTIFIER","extended"], + ["IDENTIFIER","extend_object"], + ["IDENTIFIER","fail"], + ["IDENTIFIER","failed"], + ["IDENTIFIER","failure"], + ["IDENTIFIER","false"], + ["IDENTIFIER","FalseClass"], + ["IDENTIFIER","f_arg"], + ["IDENTIFIER","f_arg_item"], + ["IDENTIFIER","f_arglist"], + ["IDENTIFIER","f_args"], + ["IDENTIFIER","f_bad_arg"], + ["IDENTIFIER","f_block_arg"], + ["IDENTIFIER","f_block_opt"], + ["IDENTIFIER","f_block_optarg"], + ["IDENTIFIER","fclose"], + ["IDENTIFIER","Feb"], + ["IDENTIFIER","feed"], + ["IDENTIFIER","feedvalue"], + ["IDENTIFIER","feof"], + ["IDENTIFIER","fetch"], + ["IDENTIFIER","fetch_values"], + ["IDENTIFIER","fflush"], + ["IDENTIFIER","fgetc"], + ["IDENTIFIER","fib"], + ["IDENTIFIER","fiber"], + ["IDENTIFIER","Fiber"], + ["IDENTIFIER","fiber_check"], + ["IDENTIFIER","FiberError"], + ["IDENTIFIER","field"], + ["IDENTIFIER","file"], + ["IDENTIFIER","File"], + ["IDENTIFIER","__FILE__"], + ["IDENTIFIER","filename"], + ["IDENTIFIER","filenames_len"], + ["IDENTIFIER","fill"], + ["IDENTIFIER","final_marking_phase"], + ["IDENTIFIER","find"], + ["IDENTIFIER","find_all"], + ["IDENTIFIER","find_index"], + ["IDENTIFIER","first"], + ["IDENTIFIER","fish"], + ["IDENTIFIER","Fixnum"], + ["IDENTIFIER","flag"], + ["IDENTIFIER","f_larglist"], + ["IDENTIFIER","flat_map"], + ["IDENTIFIER","flatten"], + ["IDENTIFIER","Float"], + ["IDENTIFIER","FloatDomainError"], + ["IDENTIFIER","floor"], + ["IDENTIFIER","f_marg"], + ["IDENTIFIER","f_marg_list"], + ["IDENTIFIER","f_margs"], + ["IDENTIFIER","fmod"], + ["IDENTIFIER","fn"], + ["IDENTIFIER","Fn"], + ["IDENTIFIER","fname"], + ["IDENTIFIER","f_norm_arg"], + ["IDENTIFIER","fopen"], + ["IDENTIFIER","f_opt"], + ["IDENTIFIER","f_optarg"], + ["IDENTIFIER","f_opt_asgn"], + ["IDENTIFIER","for"], + ["IDENTIFIER","force"], + ["IDENTIFIER","format"], + ["IDENTIFIER","for_var"], + ["IDENTIFIER","found"], + ["IDENTIFIER","fprintf"], + ["IDENTIFIER","fputc"], + ["IDENTIFIER","fread"], + ["IDENTIFIER","free"], + ["IDENTIFIER","FREE"], + ["IDENTIFIER","freeze"], + ["IDENTIFIER","f_rest_arg"], + ["IDENTIFIER","frexp"], + ["IDENTIFIER","Fri"], + ["IDENTIFIER","FrozenError"], + ["IDENTIFIER","FsC"], + ["IDENTIFIER","fsym"], + ["IDENTIFIER","fwrite"], + ["IDENTIFIER","games"], + ["IDENTIFIER","GB"], + ["IDENTIFIER","GC"], + ["IDENTIFIER","gc_mark_children"], + ["IDENTIFIER","_gc_root_"], + ["IDENTIFIER","generational_mode"], + ["IDENTIFIER","Generator"], + ["IDENTIFIER","getbyte"], + ["IDENTIFIER","get_file"], + ["IDENTIFIER","getgm"], + ["IDENTIFIER","getlocal"], + ["IDENTIFIER","gettimeofday"], + ["IDENTIFIER","getutc"], + ["IDENTIFIER","given"], + ["IDENTIFIER","given_args"], + ["IDENTIFIER","global_variables"], + ["IDENTIFIER","__gmon_start__"], + ["IDENTIFIER","gmtime"], + ["IDENTIFIER","gmtime_r"], + ["IDENTIFIER","gn"], + ["IDENTIFIER","gnu"], + ["IDENTIFIER","GNU"], + ["IDENTIFIER","go"], + ["IDENTIFIER","grep"], + ["IDENTIFIER","group_by"], + ["IDENTIFIER","gsub"], + ["IDENTIFIER","h0"], + ["IDENTIFIER","h2"], + ["IDENTIFIER","H3"], + ["IDENTIFIER","h4"], + ["IDENTIFIER","h5"], + ["IDENTIFIER","H5"], + ["IDENTIFIER","h6"], + ["IDENTIFIER","H6"], + ["IDENTIFIER","h7"], + ["IDENTIFIER","h8"], + ["IDENTIFIER","hA"], + ["IDENTIFIER","hash"], + ["IDENTIFIER","Hash"], + ["IDENTIFIER","head"], + ["IDENTIFIER","heredoc"], + ["IDENTIFIER","heredoc_bodies"], + ["IDENTIFIER","heredoc_body"], + ["IDENTIFIER","heredoc_string_interp"], + ["IDENTIFIER","heredoc_string_rep"], + ["IDENTIFIER","heredoc_treat_nextline"], + ["IDENTIFIER","hex"], + ["IDENTIFIER","high"], + ["IDENTIFIER","hour"], + ["IDENTIFIER","hypot"], + ["IDENTIFIER","i2"], + ["IDENTIFIER","iClass"], + ["IDENTIFIER","__id__"], + ["IDENTIFIER","id2name"], + ["IDENTIFIER","identifier"], + ["IDENTIFIER","idx"], + ["IDENTIFIER","idx2"], + ["IDENTIFIER","if"], + ["IDENTIFIER","ifnone"], + ["IDENTIFIER","if_tail"], + ["IDENTIFIER","implemented"], + ["IDENTIFIER","in"], + ["IDENTIFIER","include"], + ["IDENTIFIER","included"], + ["IDENTIFIER","included_modules"], + ["IDENTIFIER","incremental_gc"], + ["IDENTIFIER","index"], + ["IDENTIFIER","IndexError"], + ["IDENTIFIER","inf"], + ["IDENTIFIER","Inf"], + ["IDENTIFIER","INF"], + ["IDENTIFIER","Infinity"], + ["IDENTIFIER","INFINITY"], + ["IDENTIFIER","inherited"], + ["IDENTIFIER","initialize"], + ["IDENTIFIER","initialize_copy"], + ["IDENTIFIER","inject"], + ["IDENTIFIER","in_lower_half"], + ["IDENTIFIER","input"], + ["IDENTIFIER","insert"], + ["IDENTIFIER","_inspect"], + ["IDENTIFIER","inspect"], + ["IDENTIFIER","instance_eval"], + ["IDENTIFIER","instance_exec"], + ["IDENTIFIER","instance_methods"], + ["IDENTIFIER","instance_variable_get"], + ["IDENTIFIER","instance_variables"], + ["IDENTIFIER","instance_variable_set"], + ["IDENTIFIER","int"], + ["IDENTIFIER","integer"], + ["IDENTIFIER","Integer"], + ["IDENTIFIER","Integral"], + ["IDENTIFIER","intern"], + ["IDENTIFIER","interval_ratio"], + ["IDENTIFIER","invert"], + ["IDENTIFIER","io"], + ["IDENTIFIER","Io"], + ["IDENTIFIER","_IO_putc"], + ["IDENTIFIER","ip"], + ["IDENTIFIER","Ip"], + ["IDENTIFIER","irep"], + ["IDENTIFIER","IREP"], + ["IDENTIFIER","isz"], + ["IDENTIFIER","iterate"], + ["IDENTIFIER","_ITM_deregisterTMCloneTable"], + ["IDENTIFIER","_ITM_registerTMCloneTable"], + ["IDENTIFIER","itself"], + ["IDENTIFIER","Jan"], + ["IDENTIFIER","join"], + ["IDENTIFIER","_Jv_RegisterClasses"], + ["IDENTIFIER","keep_if"], + ["IDENTIFIER","Kernel"], + ["IDENTIFIER","key"], + ["IDENTIFIER","KeyError"], + ["IDENTIFIER","keys"], + ["IDENTIFIER","keyword_alias"], + ["IDENTIFIER","keyword_and"], + ["IDENTIFIER","keyword_begin"], + ["IDENTIFIER","keyword_BEGIN"], + ["IDENTIFIER","keyword_break"], + ["IDENTIFIER","keyword_case"], + ["IDENTIFIER","keyword_class"], + ["IDENTIFIER","keyword_def"], + ["IDENTIFIER","keyword_do"], + ["IDENTIFIER","keyword_do_block"], + ["IDENTIFIER","keyword_do_cond"], + ["IDENTIFIER","keyword_do_LAMBDA"], + ["IDENTIFIER","keyword_else"], + ["IDENTIFIER","keyword_elsif"], + ["IDENTIFIER","keyword__ENCODING__"], + ["IDENTIFIER","keyword_end"], + ["IDENTIFIER","keyword_END"], + ["IDENTIFIER","keyword_ensure"], + ["IDENTIFIER","keyword_false"], + ["IDENTIFIER","keyword__FILE__"], + ["IDENTIFIER","keyword_for"], + ["IDENTIFIER","keyword_if"], + ["IDENTIFIER","keyword_in"], + ["IDENTIFIER","keyword__LINE__"], + ["IDENTIFIER","keyword_module"], + ["IDENTIFIER","keyword_next"], + ["IDENTIFIER","keyword_nil"], + ["IDENTIFIER","keyword_not"], + ["IDENTIFIER","keyword_or"], + ["IDENTIFIER","keyword_redo"], + ["IDENTIFIER","keyword_rescue"], + ["IDENTIFIER","keyword_retry"], + ["IDENTIFIER","keyword_return"], + ["IDENTIFIER","keyword_self"], + ["IDENTIFIER","keyword_super"], + ["IDENTIFIER","keyword_then"], + ["IDENTIFIER","keyword_true"], + ["IDENTIFIER","keyword_undef"], + ["IDENTIFIER","keyword_unless"], + ["IDENTIFIER","keyword_until"], + ["IDENTIFIER","keyword_when"], + ["IDENTIFIER","keyword_while"], + ["IDENTIFIER","keyword_yield"], + ["IDENTIFIER","kh_del_ht"], + ["IDENTIFIER","kh_del_iv"], + ["IDENTIFIER","kh_del_mt"], + ["IDENTIFIER","kh_del_n2s"], + ["IDENTIFIER","kh_del_st"], + ["IDENTIFIER","KLVAR"], + ["IDENTIFIER","lambda"], + ["IDENTIFIER","lambda_body"], + ["IDENTIFIER","last"], + ["IDENTIFIER","lazy"], + ["IDENTIFIER","Lazy"], + ["IDENTIFIER","LC"], + ["IDENTIFIER","ld"], + ["IDENTIFIER","LD"], + ["IDENTIFIER","ldexp"], + ["IDENTIFIER","left"], + ["IDENTIFIER","len"], + ["IDENTIFIER","length"], + ["IDENTIFIER","level"], + ["IDENTIFIER","lfD"], + ["IDENTIFIER","lhs"], + ["IDENTIFIER","__libc_start_main"], + ["IDENTIFIER","LII"], + ["IDENTIFIER","lIJ"], + ["IDENTIFIER","lim"], + ["IDENTIFIER","line"], + ["IDENTIFIER","__LINE__"], + ["IDENTIFIER","LINE"], + ["IDENTIFIER","lines"], + ["IDENTIFIER","literal"], + ["IDENTIFIER","literals"], + ["IDENTIFIER","live_after_mark"], + ["IDENTIFIER","ljust"], + ["IDENTIFIER","ln"], + ["IDENTIFIER","Ln"], + ["IDENTIFIER","lo"], + ["IDENTIFIER","local"], + ["IDENTIFIER","LOCAL"], + ["IDENTIFIER","LocalJumpError"], + ["IDENTIFIER","localtime"], + ["IDENTIFIER","localtime_r"], + ["IDENTIFIER","local_variables"], + ["IDENTIFIER","log"], + ["IDENTIFIER","log10"], + ["IDENTIFIER","log2"], + ["IDENTIFIER","long"], + ["IDENTIFIER","longjmp"], + ["IDENTIFIER","lookahead"], + ["IDENTIFIER","loop"], + ["IDENTIFIER","low"], + ["IDENTIFIER","lround"], + ["IDENTIFIER","LS"], + ["IDENTIFIER","lstrip"], + ["IDENTIFIER","LVAR"], + ["IDENTIFIER","machine"], + ["IDENTIFIER","main"], + ["IDENTIFIER","make_curry"], + ["IDENTIFIER","map"], + ["IDENTIFIER","match"], + ["IDENTIFIER","matched"], + ["IDENTIFIER","Math"], + ["IDENTIFIER","max"], + ["IDENTIFIER","max_by"], + ["IDENTIFIER","max_cmp"], + ["IDENTIFIER","May"], + ["IDENTIFIER","mday"], + ["IDENTIFIER","member"], + ["IDENTIFIER","__members__"], + ["IDENTIFIER","members"], + ["IDENTIFIER","memchr"], + ["IDENTIFIER","memcmp"], + ["IDENTIFIER","memcpy"], + ["IDENTIFIER","memmove"], + ["IDENTIFIER","memory"], + ["IDENTIFIER","memset"], + ["IDENTIFIER","merge"], + ["IDENTIFIER","mesg"], + ["IDENTIFIER","message"], + ["IDENTIFIER","meth"], + ["IDENTIFIER","__method__"], + ["IDENTIFIER","method"], + ["IDENTIFIER","method_call"], + ["IDENTIFIER","method_missing"], + ["IDENTIFIER","method_removed"], + ["IDENTIFIER","methods"], + ["IDENTIFIER","mid"], + ["IDENTIFIER","min"], + ["IDENTIFIER","min_by"], + ["IDENTIFIER","min_cmp"], + ["IDENTIFIER","minmax"], + ["IDENTIFIER","minmax_by"], + ["IDENTIFIER","mktime"], + ["IDENTIFIER","mlhs_basic"], + ["IDENTIFIER","mlhs_inner"], + ["IDENTIFIER","mlhs_item"], + ["IDENTIFIER","mlhs_list"], + ["IDENTIFIER","mlhs_node"], + ["IDENTIFIER","mlhs_post"], + ["IDENTIFIER","mode"], + ["IDENTIFIER","modified"], + ["IDENTIFIER","modifier_if"], + ["IDENTIFIER","modifier_rescue"], + ["IDENTIFIER","modifier_unless"], + ["IDENTIFIER","modifier_until"], + ["IDENTIFIER","modifier_while"], + ["IDENTIFIER","module"], + ["IDENTIFIER","Module"], + ["IDENTIFIER","module_eval"], + ["IDENTIFIER","module_function"], + ["IDENTIFIER","modules"], + ["IDENTIFIER","mon"], + ["IDENTIFIER","Mon"], + ["IDENTIFIER","month"], + ["IDENTIFIER","mrb_ary_delete_at"], + ["IDENTIFIER","mrb_ary_new_from_values"], + ["IDENTIFIER","mrb_ary_plus"], + ["IDENTIFIER","mrb_ary_pop"], + ["IDENTIFIER","mrb_ary_push"], + ["IDENTIFIER","mrb_ary_push_m"], + ["IDENTIFIER","mrb_ary_resize"], + ["IDENTIFIER","mrb_ary_reverse"], + ["IDENTIFIER","mrb_ary_set"], + ["IDENTIFIER","mrb_ary_shift"], + ["IDENTIFIER","mrb_ary_splice"], + ["IDENTIFIER","mrb_ary_times"], + ["IDENTIFIER","mrb_ary_unshift"], + ["IDENTIFIER","mrb_ary_unshift_m"], + ["IDENTIFIER","mrb_assoc_new"], + ["IDENTIFIER","mrb_data_init"], + ["IDENTIFIER","mrb_debug_get_line"], + ["IDENTIFIER","mrb_debug_info_alloc"], + ["IDENTIFIER","mrb_debug_info_append_file"], + ["IDENTIFIER","mrb_debug_info_free"], + ["IDENTIFIER","mrb_field_write_barrier"], + ["IDENTIFIER","mrb_gc_mark"], + ["IDENTIFIER","MRB_GC_STATE_ROOT"], + ["IDENTIFIER","MRB_GC_STATE_SWEEP"], + ["IDENTIFIER","mrb_gc_unregister"], + ["IDENTIFIER","mrb_i_mt_state"], + ["IDENTIFIER","mrb_incremental_gc"], + ["IDENTIFIER","mrb_malloc"], + ["IDENTIFIER","mrb_mod_s_nesting"], + ["IDENTIFIER","mrb_obj_value"], + ["IDENTIFIER","mrb_random_init"], + ["IDENTIFIER","mrb_random_srand"], + ["IDENTIFIER","mrb_realloc"], + ["IDENTIFIER","mrb_str_format"], + ["IDENTIFIER","MRB_TT_DATA"], + ["IDENTIFIER","MRB_TT_FIBER"], + ["IDENTIFIER","MRB_TT_FREE"], + ["IDENTIFIER","mrb_vm_const_get"], + ["IDENTIFIER","mrb_vm_exec"], + ["IDENTIFIER","mrb_write_barrier"], + ["IDENTIFIER","mrhs"], + ["IDENTIFIER","mruby"], + ["IDENTIFIER","MRUBY_COPYRIGHT"], + ["IDENTIFIER","MRUBY_DESCRIPTION"], + ["IDENTIFIER","MRUBY_RELEASE_DATE"], + ["IDENTIFIER","MRUBY_RELEASE_NO"], + ["IDENTIFIER","MRUBY_VERSION"], + ["IDENTIFIER","name"], + ["IDENTIFIER","named"], + ["IDENTIFIER","NameError"], + ["IDENTIFIER","names"], + ["IDENTIFIER","nan"], + ["IDENTIFIER","NaN"], + ["IDENTIFIER","NAN"], + ["IDENTIFIER","nesting"], + ["IDENTIFIER","new"], + ["IDENTIFIER","new_args"], + ["IDENTIFIER","new_key"], + ["IDENTIFIER","new_msym"], + ["IDENTIFIER","next"], + ["IDENTIFIER","next_values"], + ["IDENTIFIER","nil"], + ["IDENTIFIER","NilClass"], + ["IDENTIFIER","nl"], + ["IDENTIFIER","nlocals"], + ["IDENTIFIER","nLVAR"], + ["IDENTIFIER","nMATZ0000IREP"], + ["IDENTIFIER","NODE_DREGX"], + ["IDENTIFIER","NODE_DSTR"], + ["IDENTIFIER","NODE_DXSTR"], + ["IDENTIFIER","NODE_FALSE"], + ["IDENTIFIER","NODE_NEGATE"], + ["IDENTIFIER","NODE_NIL"], + ["IDENTIFIER","NODE_REDO"], + ["IDENTIFIER","NODE_RETRY"], + ["IDENTIFIER","NODE_SELF"], + ["IDENTIFIER","NODE_TRUE"], + ["IDENTIFIER","NODE_UNDEF"], + ["IDENTIFIER","NODE_ZSUPER"], + ["IDENTIFIER","NoMemoryError"], + ["IDENTIFIER","NoMethodError"], + ["IDENTIFIER","none"], + ["IDENTIFIER","NONE"], + ["IDENTIFIER","norm"], + ["IDENTIFIER","not"], + ["IDENTIFIER","NotImplementedError"], + ["IDENTIFIER","Nov"], + ["IDENTIFIER","now"], + ["IDENTIFIER","Np"], + ["IDENTIFIER","nregs"], + ["IDENTIFIER","num"], + ["IDENTIFIER","number"], + ["IDENTIFIER","numbered"], + ["IDENTIFIER","numeric"], + ["IDENTIFIER","Numeric"], + ["IDENTIFIER","obj"], + ["IDENTIFIER","object"], + ["IDENTIFIER","Object"], + ["IDENTIFIER","object_id"], + ["IDENTIFIER","ObjectSpace"], + ["IDENTIFIER","oct"], + ["IDENTIFIER","Oct"], + ["IDENTIFIER","offset"], + ["IDENTIFIER","on"], + ["IDENTIFIER","On"], + ["IDENTIFIER","only"], + ["IDENTIFIER","Oo"], + ["IDENTIFIER","op"], + ["IDENTIFIER","Op"], + ["IDENTIFIER","operation"], + ["IDENTIFIER","operation2"], + ["IDENTIFIER","operation3"], + ["IDENTIFIER","OP_NOP"], + ["IDENTIFIER","OP_STOP"], + ["IDENTIFIER","opt_block_arg"], + ["IDENTIFIER","opt_block_param"], + ["IDENTIFIER","opt_bv_decl"], + ["IDENTIFIER","opt_call_args"], + ["IDENTIFIER","opt_else"], + ["IDENTIFIER","opt_ensure"], + ["IDENTIFIER","opt_f_block_arg"], + ["IDENTIFIER","opt_nl"], + ["IDENTIFIER","opt_paren_args"], + ["IDENTIFIER","opt_rescue"], + ["IDENTIFIER","opt_terms"], + ["IDENTIFIER","or"], + ["IDENTIFIER","ord"], + ["IDENTIFIER","orig"], + ["IDENTIFIER","other"], + ["IDENTIFIER","__outer__"], + ["IDENTIFIER","P9o"], + ["IDENTIFIER","padding"], + ["IDENTIFIER","pad_repetitions"], + ["IDENTIFIER","padstr"], + ["IDENTIFIER","parameters"], + ["IDENTIFIER","paren_args"], + ["IDENTIFIER","partition"], + ["IDENTIFIER","pattern"], + ["IDENTIFIER","PC"], + ["IDENTIFIER","peek"], + ["IDENTIFIER","peek_values"], + ["IDENTIFIER","permutation"], + ["IDENTIFIER","plen"], + ["IDENTIFIER","point"], + ["IDENTIFIER","pop"], + ["IDENTIFIER","popping"], + ["IDENTIFIER","pos"], + ["IDENTIFIER","posnum"], + ["IDENTIFIER","post"], + ["IDENTIFIER","pow"], + ["IDENTIFIER","pp"], + ["IDENTIFIER","pproc"], + ["IDENTIFIER","pre"], + ["IDENTIFIER","precision"], + ["IDENTIFIER","prefix"], + ["IDENTIFIER","prepend"], + ["IDENTIFIER","prepended"], + ["IDENTIFIER","prepend_features"], + ["IDENTIFIER","primary"], + ["IDENTIFIER","primary_value"], + ["IDENTIFIER","print"], + ["IDENTIFIER","printf"], + ["IDENTIFIER","__printstr__"], + ["IDENTIFIER","private"], + ["IDENTIFIER","private_methods"], + ["IDENTIFIER","prl"], + ["IDENTIFIER","proc"], + ["IDENTIFIER","Proc"], + ["IDENTIFIER","program"], + ["IDENTIFIER","protected"], + ["IDENTIFIER","protected_methods"], + ["IDENTIFIER","ps"], + ["IDENTIFIER","public"], + ["IDENTIFIER","public_methods"], + ["IDENTIFIER","push"], + ["IDENTIFIER","putchar"], + ["IDENTIFIER","puts"], + ["IDENTIFIER","quo"], + ["IDENTIFIER","raise"], + ["IDENTIFIER","rand"], + ["IDENTIFIER","Random"], + ["IDENTIFIER","range"], + ["IDENTIFIER","Range"], + ["IDENTIFIER","RangeError"], + ["IDENTIFIER","rassoc"], + ["IDENTIFIER","rb"], + ["IDENTIFIER","RB"], + ["IDENTIFIER","rbracket"], + ["IDENTIFIER","RC"], + ["IDENTIFIER","read_debug_record"], + ["IDENTIFIER","readint_mrb_int"], + ["IDENTIFIER","read_irep_record_1"], + ["IDENTIFIER","read_lv_record"], + ["IDENTIFIER","read_section_debug"], + ["IDENTIFIER","read_section_lv"], + ["IDENTIFIER","realloc"], + ["IDENTIFIER","redo"], + ["IDENTIFIER","reduce"], + ["IDENTIFIER","reg"], + ["IDENTIFIER","regexp"], + ["IDENTIFIER","Regexp"], + ["IDENTIFIER","RegexpError"], + ["IDENTIFIER","rehash"], + ["IDENTIFIER","reject"], + ["IDENTIFIER","remove_class_variable"], + ["IDENTIFIER","remove_const"], + ["IDENTIFIER","remove_instance_variable"], + ["IDENTIFIER","remove_method"], + ["IDENTIFIER","replace"], + ["IDENTIFIER","req"], + ["IDENTIFIER","required"], + ["IDENTIFIER","res"], + ["IDENTIFIER","rescue"], + ["IDENTIFIER","resize_capa"], + ["IDENTIFIER","rest"], + ["IDENTIFIER","restarg_mark"], + ["IDENTIFIER","result"], + ["IDENTIFIER","resume"], + ["IDENTIFIER","reswords"], + ["IDENTIFIER","ret"], + ["IDENTIFIER","retry"], + ["IDENTIFIER","return"], + ["IDENTIFIER","reverse"], + ["IDENTIFIER","reverse_each"], + ["IDENTIFIER","rewind"], + ["IDENTIFIER","right"], + ["IDENTIFIER","rindex"], + ["IDENTIFIER","rjust"], + ["IDENTIFIER","rotate"], + ["IDENTIFIER","round"], + ["IDENTIFIER","row"], + ["IDENTIFIER","rparen"], + ["IDENTIFIER","rpartition"], + ["IDENTIFIER","rs_len"], + ["IDENTIFIER","rstrip"], + ["IDENTIFIER","RUBY_ENGINE"], + ["IDENTIFIER","RUBY_ENGINE_VERSION"], + ["IDENTIFIER","RUBY_VERSION"], + ["IDENTIFIER","RuntimeError"], + ["IDENTIFIER","sample"], + ["IDENTIFIER","Sat"], + ["IDENTIFIER","satisfied"], + ["IDENTIFIER","scan"], + ["IDENTIFIER","SClass"], + ["IDENTIFIER","scope"], + ["IDENTIFIER","scope_new"], + ["IDENTIFIER","script"], + ["IDENTIFIER","ScriptError"], + ["IDENTIFIER","sec"], + ["IDENTIFIER","select"], + ["IDENTIFIER","self"], + ["IDENTIFIER","self_arity"], + ["IDENTIFIER","__send__"], + ["IDENTIFIER","send"], + ["IDENTIFIER","sep"], + ["IDENTIFIER","Sep"], + ["IDENTIFIER","sequence"], + ["IDENTIFIER","set"], + ["IDENTIFIER","set_backtrace"], + ["IDENTIFIER","setbyte"], + ["IDENTIFIER","_setjmp"], + ["IDENTIFIER","shift"], + ["IDENTIFIER","shuffle"], + ["IDENTIFIER","sin"], + ["IDENTIFIER","singleton"], + ["IDENTIFIER","singleton_class"], + ["IDENTIFIER","singleton_methods"], + ["IDENTIFIER","sinh"], + ["IDENTIFIER","size"], + ["IDENTIFIER","sl"], + ["IDENTIFIER","slice"], + ["IDENTIFIER","snprintf"], + ["IDENTIFIER","so"], + ["IDENTIFIER","So"], + ["IDENTIFIER","sort"], + ["IDENTIFIER","sort_by"], + ["IDENTIFIER","__sort_sub__"], + ["IDENTIFIER","source_location"], + ["IDENTIFIER","Sp"], + ["IDENTIFIER","spaces"], + ["IDENTIFIER","specifier"], + ["IDENTIFIER","splice"], + ["IDENTIFIER","split"], + ["IDENTIFIER","sprintf"], + ["IDENTIFIER","sqrt"], + ["IDENTIFIER","srand"], + ["IDENTIFIER","__stack_chk_fail"], + ["IDENTIFIER","StandardError"], + ["IDENTIFIER","start"], + ["IDENTIFIER","state"], + ["IDENTIFIER","stderr"], + ["IDENTIFIER","stdin"], + ["IDENTIFIER","stdout"], + ["IDENTIFIER","step"], + ["IDENTIFIER","step_ratio"], + ["IDENTIFIER","stmt"], + ["IDENTIFIER","stmts"], + ["IDENTIFIER","stop_exc"], + ["IDENTIFIER","StopIteration"], + ["IDENTIFIER","store"], + ["IDENTIFIER","str"], + ["IDENTIFIER","str2"], + ["IDENTIFIER","strchr"], + ["IDENTIFIER","strcmp"], + ["IDENTIFIER","str_each"], + ["IDENTIFIER","string"], + ["IDENTIFIER","String"], + ["IDENTIFIER","string_interp"], + ["IDENTIFIER","string_rep"], + ["IDENTIFIER","strip"], + ["IDENTIFIER","strlen"], + ["IDENTIFIER","str_make_shared"], + ["IDENTIFIER","strncmp"], + ["IDENTIFIER","strncpy"], + ["IDENTIFIER","strtoul"], + ["IDENTIFIER","struct"], + ["IDENTIFIER","Struct"], + ["IDENTIFIER","sub"], + ["IDENTIFIER","__sub_replace"], + ["IDENTIFIER","succ"], + ["IDENTIFIER","Sun"], + ["IDENTIFIER","super"], + ["IDENTIFIER","superclass"], + ["IDENTIFIER","supported"], + ["IDENTIFIER","__svalue"], + ["IDENTIFIER","SVD"], + ["IDENTIFIER","swapcase"], + ["IDENTIFIER","sym"], + ["IDENTIFIER","symbol"], + ["IDENTIFIER","Symbol"], + ["IDENTIFIER","symbols"], + ["IDENTIFIER","sym_inspect"], + ["IDENTIFIER","syntax"], + ["IDENTIFIER","SyntaxError"], + ["IDENTIFIER","_sys_fail"], + ["IDENTIFIER","SystemCallError"], + ["IDENTIFIER","SystemStackError"], + ["IDENTIFIER","TA"], + ["IDENTIFIER","tail"], + ["IDENTIFIER","take"], + ["IDENTIFIER","taken"], + ["IDENTIFIER","take_while"], + ["IDENTIFIER","tAMPER"], + ["IDENTIFIER","tan"], + ["IDENTIFIER","tANDDOT"], + ["IDENTIFIER","tANDOP"], + ["IDENTIFIER","tanh"], + ["IDENTIFIER","tap"], + ["IDENTIFIER","tAREF"], + ["IDENTIFIER","T_ARRAY"], + ["IDENTIFIER","tASET"], + ["IDENTIFIER","tASSOC"], + ["IDENTIFIER","TB"], + ["IDENTIFIER","tBACK_REF"], + ["IDENTIFIER","TbG"], + ["IDENTIFIER","T_CLASS"], + ["IDENTIFIER","tCMP"], + ["IDENTIFIER","tCOLON2"], + ["IDENTIFIER","tCOLON3"], + ["IDENTIFIER","tCONSTANT"], + ["IDENTIFIER","T_CPTR"], + ["IDENTIFIER","tCVAR"], + ["IDENTIFIER","T_DATA"], + ["IDENTIFIER","tDOT2"], + ["IDENTIFIER","tDOT3"], + ["IDENTIFIER","TeD"], + ["IDENTIFIER","T_ENV"], + ["IDENTIFIER","tEQ"], + ["IDENTIFIER","tEQQ"], + ["IDENTIFIER","term"], + ["IDENTIFIER","terms"], + ["IDENTIFIER","T_EXCEPTION"], + ["IDENTIFIER","T_FALSE"], + ["IDENTIFIER","T_FIBER"], + ["IDENTIFIER","tFID"], + ["IDENTIFIER","T_FILE"], + ["IDENTIFIER","T_FIXNUM"], + ["IDENTIFIER","tFLOAT"], + ["IDENTIFIER","T_FLOAT"], + ["IDENTIFIER","T_FREE"], + ["IDENTIFIER","tGEQ"], + ["IDENTIFIER","tGVAR"], + ["IDENTIFIER","T_HASH"], + ["IDENTIFIER","tHD_LITERAL_DELIM"], + ["IDENTIFIER","tHD_STRING_MID"], + ["IDENTIFIER","tHD_STRING_PART"], + ["IDENTIFIER","then"], + ["IDENTIFIER","tHEREDOC_BEG"], + ["IDENTIFIER","tHEREDOC_END"], + ["IDENTIFIER","this"], + ["IDENTIFIER","T_ICLASS"], + ["IDENTIFIER","tIDENTIFIER"], + ["IDENTIFIER","time"], + ["IDENTIFIER","Time"], + ["IDENTIFIER","times"], + ["IDENTIFIER","tINTEGER"], + ["IDENTIFIER","tIVAR"], + ["IDENTIFIER","tLABEL"], + ["IDENTIFIER","tLABEL_END"], + ["IDENTIFIER","tLAMBDA"], + ["IDENTIFIER","tLAMBEG"], + ["IDENTIFIER","tLAST_TOKEN"], + ["IDENTIFIER","tLBRACE"], + ["IDENTIFIER","tLBRACE_ARG"], + ["IDENTIFIER","tLBRACK"], + ["IDENTIFIER","tLEQ"], + ["IDENTIFIER","tLITERAL_DELIM"], + ["IDENTIFIER","tLOWEST"], + ["IDENTIFIER","tLPAREN"], + ["IDENTIFIER","tLPAREN_ARG"], + ["IDENTIFIER","tLSHFT"], + ["IDENTIFIER","tMATCH"], + ["IDENTIFIER","T_MODULE"], + ["IDENTIFIER","tmp"], + ["IDENTIFIER","tNEQ"], + ["IDENTIFIER","tNMATCH"], + ["IDENTIFIER","tNTH_REF"], + ["IDENTIFIER","to_ary"], + ["IDENTIFIER","T_OBJECT"], + ["IDENTIFIER","to_enum"], + ["IDENTIFIER","to_h"], + ["IDENTIFIER","to_hash"], + ["IDENTIFIER","to_i"], + ["IDENTIFIER","to_int"], + ["IDENTIFIER","TOJ"], + ["IDENTIFIER","TOLERANCE"], + ["IDENTIFIER","tolower"], + ["IDENTIFIER","tOP_ASGN"], + ["IDENTIFIER","top_compstmt"], + ["IDENTIFIER","to_proc"], + ["IDENTIFIER","top_stmt"], + ["IDENTIFIER","top_stmts"], + ["IDENTIFIER","tOROP"], + ["IDENTIFIER","to_s"], + ["IDENTIFIER","to_str"], + ["IDENTIFIER","to_sym"], + ["IDENTIFIER","TOTAL"], + ["IDENTIFIER","toupper"], + ["IDENTIFIER","tPOW"], + ["IDENTIFIER","T_PROC"], + ["IDENTIFIER","trailer"], + ["IDENTIFIER","T_RANGE"], + ["IDENTIFIER","transfer"], + ["IDENTIFIER","transform_keys"], + ["IDENTIFIER","transform_values"], + ["IDENTIFIER","transpose"], + ["IDENTIFIER","tREGEXP"], + ["IDENTIFIER","tREGEXP_BEG"], + ["IDENTIFIER","tREGEXP_END"], + ["IDENTIFIER","tRPAREN"], + ["IDENTIFIER","tRSHFT"], + ["IDENTIFIER","true"], + ["IDENTIFIER","TrueClass"], + ["IDENTIFIER","truncate"], + ["IDENTIFIER","try_convert"], + ["IDENTIFIER","T_SCLASS"], + ["IDENTIFIER","tSTAR"], + ["IDENTIFIER","tSTRING"], + ["IDENTIFIER","T_STRING"], + ["IDENTIFIER","tSTRING_BEG"], + ["IDENTIFIER","tSTRING_DVAR"], + ["IDENTIFIER","tSTRING_MID"], + ["IDENTIFIER","tSTRING_PART"], + ["IDENTIFIER","tSYMBEG"], + ["IDENTIFIER","T_SYMBOL"], + ["IDENTIFIER","tSYMBOLS_BEG"], + ["IDENTIFIER","tt"], + ["IDENTIFIER","T_TRUE"], + ["IDENTIFIER","Tue"], + ["IDENTIFIER","tUMINUS"], + ["IDENTIFIER","tUMINUS_NUM"], + ["IDENTIFIER","T_UNDEF"], + ["IDENTIFIER","tUPLUS"], + ["IDENTIFIER","twice"], + ["IDENTIFIER","tWORDS_BEG"], + ["IDENTIFIER","tXSTRING"], + ["IDENTIFIER","tXSTRING_BEG"], + ["IDENTIFIER","type"], + ["IDENTIFIER","TypeError"], + ["IDENTIFIER","umrb_obj_value"], + ["IDENTIFIER","undef"], + ["IDENTIFIER","undefined"], + ["IDENTIFIER","undef_list"], + ["IDENTIFIER","undef_method"], + ["IDENTIFIER","uniq"], + ["IDENTIFIER","unless"], + ["IDENTIFIER","unshift"], + ["IDENTIFIER","until"], + ["IDENTIFIER","upcase"], + ["IDENTIFIER","__update"], + ["IDENTIFIER","update"], + ["IDENTIFIER","upto"], + ["IDENTIFIER","usec"], + ["IDENTIFIER","useless"], + ["IDENTIFIER","utc"], + ["IDENTIFIER","v0000"], + ["IDENTIFIER","val"], + ["IDENTIFIER","validated"], + ["IDENTIFIER","vals"], + ["IDENTIFIER","value"], + ["IDENTIFIER","values"], + ["IDENTIFIER","values_at"], + ["IDENTIFIER","variable"], + ["IDENTIFIER","var_lhs"], + ["IDENTIFIER","var_ref"], + ["IDENTIFIER","verbose"], + ["IDENTIFIER","version"], + ["IDENTIFIER","vm"], + ["IDENTIFIER","Vm"], + ["IDENTIFIER","warn"], + ["IDENTIFIER","wday"], + ["IDENTIFIER","Wed"], + ["IDENTIFIER","when"], + ["IDENTIFIER","while"], + ["IDENTIFIER","width"], + ["IDENTIFIER","with_index"], + ["IDENTIFIER","with_object"], + ["IDENTIFIER","words"], + ["IDENTIFIER","x86_64"], + ["IDENTIFIER","xstring"], + ["IDENTIFIER","yday"], + ["IDENTIFIER","year"], + ["IDENTIFIER","yield"], + ["IDENTIFIER","yielder"], + ["IDENTIFIER","Yielder"], + ["IDENTIFIER","yield_self"], + ["IDENTIFIER","zip"], + ["IDENTIFIER","zone"] + ] diff --git a/fuzzers/structure_aware/nautilus_sync/harness.cc b/fuzzers/structure_aware/nautilus_sync/harness.cc new file mode 100644 index 0000000000..5c36517376 --- /dev/null +++ b/fuzzers/structure_aware/nautilus_sync/harness.cc @@ -0,0 +1,191 @@ +// libpng_read_fuzzer.cc +// Copyright 2017-2018 Glenn Randers-Pehrson +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that may +// be found in the LICENSE file https://cs.chromium.org/chromium/src/LICENSE + +// Last changed in libpng 1.6.35 [July 15, 2018] + +// The modifications in 2017 by Glenn Randers-Pehrson include +// 1. addition of a PNG_CLEANUP macro, +// 2. setting the option to ignore ADLER32 checksums, +// 3. adding "#include " which is needed on some platforms +// to provide memcpy(). +// 4. adding read_end_info() and creating an end_info structure. +// 5. adding calls to png_set_*() transforms commonly used by browsers. + +#include +#include +#include + +#include + +#define PNG_INTERNAL +#include "png.h" + +#define PNG_CLEANUP \ + if (png_handler.png_ptr) { \ + if (png_handler.row_ptr) { \ + png_free(png_handler.png_ptr, png_handler.row_ptr); \ + } \ + if (png_handler.end_info_ptr) { \ + png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr, \ + &png_handler.end_info_ptr); \ + } else if (png_handler.info_ptr) { \ + png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr, \ + nullptr); \ + } else { \ + png_destroy_read_struct(&png_handler.png_ptr, nullptr, nullptr); \ + } \ + png_handler.png_ptr = nullptr; \ + png_handler.row_ptr = nullptr; \ + png_handler.info_ptr = nullptr; \ + png_handler.end_info_ptr = nullptr; \ + } + +struct BufState { + const uint8_t *data; + size_t bytes_left; +}; + +struct PngObjectHandler { + png_infop info_ptr = nullptr; + png_structp png_ptr = nullptr; + png_infop end_info_ptr = nullptr; + png_voidp row_ptr = nullptr; + BufState *buf_state = nullptr; + + ~PngObjectHandler() { + if (row_ptr) { png_free(png_ptr, row_ptr); } + if (end_info_ptr) { + png_destroy_read_struct(&png_ptr, &info_ptr, &end_info_ptr); + } else if (info_ptr) { + png_destroy_read_struct(&png_ptr, &info_ptr, nullptr); + } else { + png_destroy_read_struct(&png_ptr, nullptr, nullptr); + } + delete buf_state; + } +}; + +void user_read_data(png_structp png_ptr, png_bytep data, size_t length) { + BufState *buf_state = static_cast(png_get_io_ptr(png_ptr)); + if (length > buf_state->bytes_left) { png_error(png_ptr, "read error"); } + memcpy(data, buf_state->data, length); + buf_state->bytes_left -= length; + buf_state->data += length; +} + +static const int kPngHeaderSize = 8; + +// Entry point for LibFuzzer. +// Roughly follows the libpng book example: +// http://www.libpng.org/pub/png/book/chapter13.html +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < kPngHeaderSize) { return 0; } + + std::vector v(data, data + size); + if (png_sig_cmp(v.data(), 0, kPngHeaderSize)) { + // not a PNG. + return 0; + } + + PngObjectHandler png_handler; + png_handler.png_ptr = nullptr; + png_handler.row_ptr = nullptr; + png_handler.info_ptr = nullptr; + png_handler.end_info_ptr = nullptr; + + png_handler.png_ptr = + png_create_read_struct(PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); + if (!png_handler.png_ptr) { return 0; } + + png_handler.info_ptr = png_create_info_struct(png_handler.png_ptr); + if (!png_handler.info_ptr) { + PNG_CLEANUP + return 0; + } + + png_handler.end_info_ptr = png_create_info_struct(png_handler.png_ptr); + if (!png_handler.end_info_ptr) { + PNG_CLEANUP + return 0; + } + + png_set_crc_action(png_handler.png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE); +#ifdef PNG_IGNORE_ADLER32 + png_set_option(png_handler.png_ptr, PNG_IGNORE_ADLER32, PNG_OPTION_ON); +#endif + + // Setting up reading from buffer. + png_handler.buf_state = new BufState(); + png_handler.buf_state->data = data + kPngHeaderSize; + png_handler.buf_state->bytes_left = size - kPngHeaderSize; + png_set_read_fn(png_handler.png_ptr, png_handler.buf_state, user_read_data); + png_set_sig_bytes(png_handler.png_ptr, kPngHeaderSize); + + if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + PNG_CLEANUP + return 0; + } + + // Reading. + png_read_info(png_handler.png_ptr, png_handler.info_ptr); + + // reset error handler to put png_deleter into scope. + if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + PNG_CLEANUP + return 0; + } + + png_uint_32 width, height; + int bit_depth, color_type, interlace_type, compression_type; + int filter_type; + + if (!png_get_IHDR(png_handler.png_ptr, png_handler.info_ptr, &width, &height, + &bit_depth, &color_type, &interlace_type, &compression_type, + &filter_type)) { + PNG_CLEANUP + return 0; + } + + // This is going to be too slow. + if (width && height > 100000000 / width) { + PNG_CLEANUP +#ifdef HAS_DUMMY_CRASH + #ifdef __aarch64__ + asm volatile(".word 0xf7f0a000\n"); + #else + asm("ud2"); + #endif +#endif + return 0; + } + + // Set several transforms that browsers typically use: + png_set_gray_to_rgb(png_handler.png_ptr); + png_set_expand(png_handler.png_ptr); + png_set_packing(png_handler.png_ptr); + png_set_scale_16(png_handler.png_ptr); + png_set_tRNS_to_alpha(png_handler.png_ptr); + + int passes = png_set_interlace_handling(png_handler.png_ptr); + + png_read_update_info(png_handler.png_ptr, png_handler.info_ptr); + + png_handler.row_ptr = + png_malloc(png_handler.png_ptr, + png_get_rowbytes(png_handler.png_ptr, png_handler.info_ptr)); + + for (int pass = 0; pass < passes; ++pass) { + for (png_uint_32 y = 0; y < height; ++y) { + png_read_row(png_handler.png_ptr, + static_cast(png_handler.row_ptr), nullptr); + } + } + + png_read_end(png_handler.png_ptr, png_handler.end_info_ptr); + + PNG_CLEANUP + return 0; +} diff --git a/scripts/build_all_fuzzers.sh b/scripts/build_all_fuzzers.sh deleted file mode 100755 index 4d8d5b1fb1..0000000000 --- a/scripts/build_all_fuzzers.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" -cd "$SCRIPT_DIR/.." || exit 1 -# TODO: This should be rewritten in rust, a Makefile, or some platform-independent language - -if [[ -z "${RUN_ON_CI}" ]]; then - fuzzers=$(find ./fuzzers -mindepth 2 -maxdepth 2 -type d) - backtrace_fuzzers=$(find ./fuzzers/baby/backtrace_baby_fuzzers -mindepth 1 -maxdepth 1 -type d) -else - cargo build -p build_and_test_fuzzers - fuzzers=$(cargo run -p build_and_test_fuzzers -- "remotes/origin/main" "HEAD^") - backtrace_fuzzers="" - export PROFILE=dev - export PROFILE_DIR=debug -fi - -fuzzers=$(echo "$fuzzers" | tr ' ' '\n') -backtrace_fuzzers=$(echo "$backtrace_fuzzers" | tr ' ' '\n') - -libafl=$(pwd) - -# build with a shared target dir for all fuzzers. this should speed up -# compilation a bit, and allows for easier artifact management (caching and -# cargo clean). -export CARGO_TARGET_DIR="$libafl/target" -mkdir -p "$CARGO_TARGET_DIR" - -git submodule init && git submodule update - -# override default profile settings for speed -# export RUSTFLAGS="-C prefer-dynamic" -for profile in DEV RELEASE; # loop for all profiles -do - export CARGO_PROFILE_"$profile"_OPT_LEVEL=z # optimize for size - # runs into shared target dir bug: - # [pid 351769] openat(AT_FDCWD, "LibAFL/target/release/deps/libc-dbff77a14da5d893.libc.5deb7d4a-cgu.0.rcgu.dwo", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) - # error: failed to build archive: No such file or directory - # export CARGO_PROFILE_"$profile"_SPLIT_DEBUGINFO=unpacked # minimize debug info - # export CARGO_PROFILE_"$profile"_PANIC=abort - # export CARGO_PROFILE_"$profile"_INCREMENTAL=true -done - -# shellcheck disable=SC2116 -for fuzzer in $(echo "$fuzzers" "$backtrace_fuzzers"); -do - # skip nyx test on non-linux platforms - if [[ $fuzzer == *"nyx_"* ]]; then - continue - fi - - cd "$fuzzer" || exit 1 - # Clippy checks - echo "[*] Checking fmt for $fuzzer" - cargo +nightly fmt --all || exit 1 - - if [ -e ./Makefile.toml ]; then - echo "[*] Building $fuzzer" - cargo make build || exit 1 - echo "[+] Done building $fuzzer" - else - echo "[*] Building $fuzzer" - cargo build || exit 1 - echo "[+] Done building $fuzzer" - fi - - # no cleaning -- this is a local test, we want to cache here - cd "$libafl" || exit 1 - echo "" -done diff --git a/scripts/test_fuzzer.sh b/scripts/test_fuzzer.sh index f76b2da8cc..8abd1b894c 100755 --- a/scripts/test_fuzzer.sh +++ b/scripts/test_fuzzer.sh @@ -15,14 +15,10 @@ else export PROFILE_DIR=debug fi -libafl=$(pwd) - echo "Testing" "$fuzzer_to_test" # build with a shared target dir for all fuzzers. this should speed up # compilation a bit, and allows for easier artifact management (caching and # cargo clean). -export CARGO_TARGET_DIR="$libafl/target" -mkdir -p "$CARGO_TARGET_DIR" git submodule init && git submodule update @@ -64,22 +60,13 @@ do echo "[*] Testing $fuzzer" cargo make test || exit 1 echo "[+] Done testing $fuzzer" + elif [ -e ./Justfile ]; then + echo "[*] Testing $fuzzer" + just test || exit 1 + echo "[+] Done testing $fuzzer" else echo "[*] Building $fuzzer" cargo build || exit 1 echo "[+] Done building $fuzzer" fi - du -sh "$CARGO_TARGET_DIR" - # Save disk space - cargo clean -p "$(basename "$fuzzer")" - cargo clean --release -p "$(basename "$fuzzer")" 2> /dev/null - # Leaving these in the cache results in lots of duplicate build artifacts - # (many different feature flag combinations, ...), so let's prune them. - for clean_pkgid in libafl libafl_targets libafl_sugar; do - cargo clean -p "$clean_pkgid" 2> /dev/null - cargo clean --release -p "$clean_pkgid" 2> /dev/null - done - du -sh "$CARGO_TARGET_DIR" - cd "$libafl" || exit 1 - echo "" done