SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

moved libfuzzer to build.rs

Browse Source
This commit is contained in:
Dominik Maier 2020-12-31 14:48:08 +01:00
parent d7f59f3536
commit 3cfcec2f0f
9 changed files with 48 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fuzzers/libfuzzer/Cargo.toml
View File

@ -3,6 +3,7 @@ name = "libfuzzer"
version = "0.1.0" version = "0.1.0"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"] authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>"]
edition = "2018" edition = "2018"
build = "build.rs"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@ -16,9 +17,16 @@ codegen-units = 1
opt-level = 3 opt-level = 3
debug = true debug = true
[build-dependencies]
cc = "1.0"
num_cpus = "1.0"
[dependencies] [dependencies]
clap = "2.32.0" clap = "2.32.0"
afl = { path = "../../afl/" } afl = { path = "../../afl/" }
[lib] [[bin]]
crate-type = ["staticlib", "cdylib"] name = "libfuzzer"
path = "./src/mod.rs"
test = false
bench = false

30
fuzzers/libfuzzer/build.rs Normal file
View File

@ -0,0 +1,30 @@
// build.rs
use std::env;
use std::path::Path;
fn main() {
let out_dir = env::var_os("OUT_DIR").unwrap();
let _cwd = env::current_dir().unwrap().to_string_lossy().to_string();
let out_dir = out_dir.to_string_lossy().to_string();
let _out_dir_path = Path::new(&out_dir);
println!("cargo:rerun-if-changed=./runtime/rt.c",);
println!("cargo:rerun-if-changed=./test/test.c");
// We need clang for pc-guard support
std::env::set_var("CC", "clang");
cc::Build::new()
.file("./runtime/rt.c")
.compile("libfuzzer-sys-rt");
cc::Build::new()
.file("./test/test.c")
.flag("-fsanitize-coverage=trace-pc-guard,trace-cmp")
.compile("libfuzzer-sys-target");
println!("cargo:rustc-link-search=native={}", &out_dir);
println!("cargo:rerun-if-changed=build.rs");
}

88
fuzzers/libfuzzer/compiler
View File

@ -1,88 +0,0 @@
#!/usr/bin/env python3
import subprocess
import sys
import os
script_dir = os.path.dirname(os.path.realpath(os.path.abspath(__file__)))
is_cxx = "++" in sys.argv[0]
def cc_exec(args):
if os.getenv("AFL_CC"):
cc_name = os.environ["AFL_CC"]
else:
cc_name = "clang"
if is_cxx:
if os.getenv("AFL_CXX"):
cc_name = os.environ["AFL_CXX"]
else:
cc_name = "clang++"
argv = [cc_name] + args
#print(" ".join(argv))
return subprocess.run(argv)
def common_opts():
return [
"-g",
]
def cc_mode():
args = common_opts()
args += sys.argv[1:]
args += ["-fsanitize-coverage=trace-pc-guard,trace-cmp"]
if os.getenv("AFL_USE_ASAN"):
args += ["-fsanitize=address"]
if os.getenv("AFL_USE_MSAN"):
args += ["-fsanitize=memory"]
if os.getenv("AFL_USE_UBSAN"):
args += [
"-fsanitize=undefined",
"-fsanitize-undefined-trap-on-error",
"-fno-sanitize-recover=all",
]
return cc_exec(args)
def ld_mode():
args = common_opts()
args += sys.argv[1:]
args += [
os.path.join(script_dir, "runtime", "rt.o"),
os.path.join(script_dir, "target", "release", "liblibfuzzer.a"),
]
args += ["-fsanitize-coverage=trace-pc-guard,trace-cmp"]
if os.getenv("AFL_USE_ASAN"):
args += ["-fsanitize=address"]
if os.getenv("AFL_USE_MSAN"):
args += ["-fsanitize=memory"]
if os.getenv("AFL_USE_UBSAN"):
args += [
"-fsanitize=undefined",
"-fsanitize-undefined-trap-on-error",
"-fno-sanitize-recover=all",
]
args += ["-pthread", "-ldl"] # for Rust
return cc_exec(args)
def is_ld_mode():
return not ("--version" in sys.argv or "--target-help" in sys.argv or
"-c" in sys.argv or "-E" in sys.argv or "-S" in sys.argv or
"-shared" in sys.argv)
#print("\x1b[0;36m" + os.path.basename(sys.argv[0]) + " 1.0a\x1b[0m by <andreafioraldi@gmail.com>")
if len(sys.argv) <= 1:
cc_exec(sys.argv[1:])
elif is_ld_mode():
ld_mode()
else:
cc_mode()

1
fuzzers/libfuzzer/in1/a Normal file
View File

@ -0,0 +1 @@
a

10
fuzzers/libfuzzer/runtime/Makefile
View File

@ -1,10 +0,0 @@
CC ?= clang
all: rt.o
rt.o: rt.c
$(CC) -c rt.c
clean:
rm -f rt.o

7
fuzzers/libfuzzer/runtime/rt.c
View File

@ -144,10 +144,3 @@ int afl_libfuzzer_init() {
return 0; return 0;
} }
int main(int argc, char** argv) {
afl_libfuzzer_main();
return 0;
}

3
fuzzers/libfuzzer/src/lib.rs → fuzzers/libfuzzer/src/mod.rs
View File

@ -47,8 +47,7 @@ fn harness<I>(_executor: &dyn Executor<I>, buf: &[u8]) -> ExitKind {
const NAME_COV_MAP: &str = "cov_map"; const NAME_COV_MAP: &str = "cov_map";
#[no_mangle] pub fn main() {
pub extern "C" fn afl_libfuzzer_main() {
let matches = App::new("libAFLrs fuzzer harness") let matches = App::new("libAFLrs fuzzer harness")
.about("libAFLrs fuzzer harness help options.") .about("libAFLrs fuzzer harness help options.")
.arg( .arg(

14
fuzzers/libfuzzer/test.sh
View File

@ -1,21 +1,17 @@
#!/bin/sh #!/bin/sh
cargo build --release || exit 1 cargo build --release || exit 1
make -C runtime || exit 1 cp ./target/release/libfuzzer ./.libfuzzer_test.elf
rm -f test_fuzz.elf test_fuzz.o RUST_BACKTRACE=1 ./.libfuzzer_test.elf &
./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1
./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1
RUST_BACKTRACE=1 ./test_fuzz.elf &
test "$!" -gt 0 && { test "$!" -gt 0 && {
usleep 250 usleep 250
RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 in1 in2 & RUST_BACKTRACE=1 ./.libfuzzer_test.elf -x a -x b -T5 in1 in2 &
} }
sleep 10 sleep 10
killall test_fuzz.elf killall .libfuzzer_test.elf
rm -rf ./.libfuzzer_test.elf

2
fuzzers/libfuzzer_stats/build.rs
View File

@ -12,7 +12,7 @@ fn main() {
let out_dir = out_dir.to_string_lossy().to_string(); let out_dir = out_dir.to_string_lossy().to_string();
let out_dir_path = Path::new(&out_dir); let out_dir_path = Path::new(&out_dir);
println!("cargo:rerun-if-changed=./r&untime/rt.c",); println!("cargo:rerun-if-changed=./runtime/rt.c",);
println!("cargo:rerun-if-changed=harness.cc"); println!("cargo:rerun-if-changed=harness.cc");
cc::Build::new() cc::Build::new()