SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CI after Rust 1.80, update to Ubuntu 24.04 (#2449)

Browse Source 
* 0.13.2 (for real this time)

* More 0.13.2

* Make sure this never bites us

* Update ahash

* Fix CI after rust 1.80

* Does 18 work?

* Trying to fix this?

* lol regex

* noble

* works?

* fix llvm-config

* fmt

* Windows?

* more fix?

* more fix

* remove pip

* Add find_python3_version support to libafl_cc

* llvm-config

* more curl

* windows has no apt lol

* more
This commit is contained in:
Dominik Maier 2024-07-29 15:31:41 +02:00 committed by GitHub
parent bab50f23c5
commit 75af67f1e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
15 changed files with 165 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
.github/workflows/build_and_test.yml vendored
View File

@ -10,7 +10,7 @@ on:
env: env:
CARGO_TERM_COLOR: always CARGO_TERM_COLOR: always
CARGO_NET_GIT_FETCH_WITH_CLI: true CARGO_NET_GIT_FETCH_WITH_CLI: true
MAIN_LLVM_VERSION: 19 MAIN_LLVM_VERSION: 18
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
@ -20,12 +20,9 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [ ubuntu-latest, windows-latest, macOS-latest ] os: [ ubuntu-24.04, windows-latest, macOS-latest ]
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v4
- if: runner.os == 'Linux'
uses: ./.github/workflows/ubuntu-prepare
- name: Install mimetype - name: Install mimetype
if: runner.os == 'Linux' if: runner.os == 'Linux'
run: sudo apt-get install -y libfile-mimeinfo-perl run: sudo apt-get install -y libfile-mimeinfo-perl
@ -41,6 +38,9 @@ jobs:
# => https://github.com/Michael-F-Bryan/mdbook-linkcheck/pull/82#issuecomment-2241058491 # => https://github.com/Michael-F-Bryan/mdbook-linkcheck/pull/82#issuecomment-2241058491
git: https://github.com/Michael-F-Bryan/mdbook-linkcheck.git git: https://github.com/Michael-F-Bryan/mdbook-linkcheck.git
rev: 8c783c5d754d83bcd50c28fb4174854b04ece990 rev: 8c783c5d754d83bcd50c28fb4174854b04ece990
- uses: actions/checkout@v4
- if: runner.os == 'Linux'
uses: ./.github/workflows/ubuntu-prepare
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v2
with: { shared-key: "ubuntu" } with: { shared-key: "ubuntu" }
if: runner.os == 'Linux' if: runner.os == 'Linux'
@ -67,7 +67,7 @@ jobs:
run: cd libafl_targets && cargo test --no-default-features run: cd libafl_targets && cargo test --no-default-features
llvm-tester: llvm-tester:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
continue-on-error: true continue-on-error: true
strategy: strategy:
matrix: matrix:
@ -75,19 +75,21 @@ jobs:
steps: steps:
- name: Remove Dotnet & Haskell - name: Remove Dotnet & Haskell
run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc
- name: Install curl
run: sudo apt-get install clang
- uses: dtolnay/rust-toolchain@stable - uses: dtolnay/rust-toolchain@stable
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
with: { shared-key: "llvm-tester" }
- name: Install LLVM and Clang - name: Install LLVM and Clang
uses: KyleMayes/install-llvm-action@v2 uses: KyleMayes/install-llvm-action@v2
with: with:
version: "${{matrix.llvm-version}}" version: "${{matrix.llvm-version}}"
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
with: { shared-key: "llvm-tester" }
- name: Build and test with llvm-${{ matrix.llvm-version }} - name: Build and test with llvm-${{ matrix.llvm-version }}
run: pwd && ls & cd libafl_cc && cargo build --release run: pwd && ls & cd libafl_cc && cargo build --release
ubuntu-doc-build: ubuntu-doc-build:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: ./.github/workflows/ubuntu-prepare - uses: ./.github/workflows/ubuntu-prepare
@ -97,7 +99,7 @@ jobs:
run: RUSTFLAGS="--cfg docsrs" cargo +nightly doc --all-features --no-deps run: RUSTFLAGS="--cfg docsrs" cargo +nightly doc --all-features --no-deps
ubuntu-doc-test: ubuntu-doc-test:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: ./.github/workflows/ubuntu-prepare - uses: ./.github/workflows/ubuntu-prepare
@ -107,7 +109,7 @@ jobs:
run: RUSTFLAGS="--cfg docsrs" cargo +nightly test --doc --all-features run: RUSTFLAGS="--cfg docsrs" cargo +nightly test --doc --all-features
ubuntu-miri: ubuntu-miri:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
needs: ubuntu needs: ubuntu
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@ -120,14 +122,14 @@ jobs:
run: RUST_BACKTRACE=1 MIRIFLAGS="-Zmiri-disable-isolation" cargo +nightly miri test run: RUST_BACKTRACE=1 MIRIFLAGS="-Zmiri-disable-isolation" cargo +nightly miri test
ubuntu: ubuntu:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- name: Remove Dotnet & Haskell
run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: ./.github/workflows/ubuntu-prepare - uses: ./.github/workflows/ubuntu-prepare
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v2
with: { shared-key: "ubuntu" } with: { shared-key: "ubuntu" }
- name: Remove Dotnet & Haskell
run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc
# pcguard edges and pcguard hitcounts are not compatible and we need to build them seperately # pcguard edges and pcguard hitcounts are not compatible and we need to build them seperately
- name: Check pcguard edges - name: Check pcguard edges
run: cargo check --features=sancov_pcguard_edges run: cargo check --features=sancov_pcguard_edges
@ -140,16 +142,16 @@ jobs:
run: cargo build --examples --verbose run: cargo build --examples --verbose
ubuntu-clippy: ubuntu-clippy:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/ubuntu-prepare
- uses: Swatinem/rust-cache@v2
with: { shared-key: "ubuntu" }
- name: Remove Dotnet & Haskell - name: Remove Dotnet & Haskell
run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc
- name: Add nightly clippy - name: Add nightly clippy
run: rustup toolchain install nightly --component clippy --allow-downgrade && rustup default nightly run: rustup toolchain install nightly --component clippy --allow-downgrade && rustup default nightly
- uses: actions/checkout@v4
- uses: ./.github/workflows/ubuntu-prepare
- uses: Swatinem/rust-cache@v2
with: { shared-key: "ubuntu" }
- name: Run clippy - name: Run clippy
run: ./scripts/clippy.sh run: ./scripts/clippy.sh
# --- test embedding the libafl_libfuzzer_runtime library # --- test embedding the libafl_libfuzzer_runtime library
@ -158,7 +160,7 @@ jobs:
# run: cargo +nightly test --features=embed-runtime --manifest-path libafl_libfuzzer/Cargo.toml # run: cargo +nightly test --features=embed-runtime --manifest-path libafl_libfuzzer/Cargo.toml
ubuntu-check: ubuntu-check:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
needs: ubuntu needs: ubuntu
strategy: strategy:
matrix: matrix:
@ -176,9 +178,11 @@ jobs:
run: python3 ./scripts/parallellize_cargo_check.py ${{ matrix.instance_idx }} run: python3 ./scripts/parallellize_cargo_check.py ${{ matrix.instance_idx }}
ubuntu-concolic: ubuntu-concolic:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
needs: ubuntu needs: ubuntu
steps: steps:
- name: Install curl
run: sudo apt-get install clang
- uses: dtolnay/rust-toolchain@stable - uses: dtolnay/rust-toolchain@stable
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v2
@ -189,23 +193,23 @@ jobs:
run: ./libafl_concolic/test/smoke_test.sh run: ./libafl_concolic/test/smoke_test.sh
python-bindings: python-bindings:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
steps: steps:
- name: Install deps
run: sudo apt-get install -y lsb-release wget software-properties-common gnupg ninja-build python3-dev python3-pip python3-venv libz3-dev
- name: Install maturin
run: cargo install --locked maturin
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: ./.github/workflows/ubuntu-prepare - uses: ./.github/workflows/ubuntu-prepare
- uses: Swatinem/rust-cache@v2 - uses: Swatinem/rust-cache@v2
with: { shared-key: "ubuntu" } with: { shared-key: "ubuntu" }
- name: Install deps
run: sudo apt-get install -y lsb-release wget software-properties-common gnupg ninja-build python3-dev python3-pip python3-venv libz3-dev
- name: Install maturin
run: python3 -m pip install maturin
- name: Run a maturin build - name: Run a maturin build
run: export LLVM_CONFIG=llvm-config-16 && cd ./bindings/pylibafl && python3 -m venv .env && . .env/bin/activate && pip install --upgrade --force-reinstall . && ./test.sh run: export LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} && cd ./bindings/pylibafl && python3 -m venv .env && . .env/bin/activate && pip install --upgrade --force-reinstall . && ./test.sh
- name: Run python test - name: Run python test
run: . ./bindings/pylibafl/.env/bin/activate # && cd ./fuzzers/qemu/python_qemu/ && python3 fuzzer.py 2>&1 | grep "Bye" run: . ./bindings/pylibafl/.env/bin/activate # && cd ./fuzzers/qemu/python_qemu/ && python3 fuzzer.py 2>&1 | grep "Bye"
cargo-fmt: cargo-fmt:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: ./.github/workflows/ubuntu-prepare - uses: ./.github/workflows/ubuntu-prepare
@ -218,7 +222,7 @@ jobs:
run: ./scripts/fmt_all.sh check run: ./scripts/fmt_all.sh check
fuzzers-preflight: fuzzers-preflight:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Fuzzer in CI Check - name: Fuzzer in CI Check
@ -232,7 +236,7 @@ jobs:
strategy: strategy:
fail-fast: true fail-fast: true
matrix: matrix:
os: [ ubuntu-latest ] os: [ ubuntu-24.04 ]
fuzzer: fuzzer:
# Baby # Baby
- ./fuzzers/baby/baby_fuzzer_with_forkexecutor - ./fuzzers/baby/baby_fuzzer_with_forkexecutor
@ -311,10 +315,10 @@ jobs:
- name: Build and run example fuzzers (Linux) - name: Build and run example fuzzers (Linux)
if: runner.os == 'Linux' if: runner.os == 'Linux'
shell: bash shell: bash
run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}
changes: changes:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
permissions: permissions:
pull-requests: read pull-requests: read
outputs: outputs:
@ -340,7 +344,7 @@ jobs:
if: ${{ needs.changes.outputs.qemu == 'true' }} if: ${{ needs.changes.outputs.qemu == 'true' }}
strategy: strategy:
matrix: matrix:
os: [ubuntu-latest] os: [ubuntu-24.04]
fuzzer: fuzzer:
- ./fuzzers/qemu/qemu_cmin - ./fuzzers/qemu/qemu_cmin
- ./fuzzers/qemu/qemu_systemmode - ./fuzzers/qemu/qemu_systemmode
@ -355,18 +359,18 @@ jobs:
- name: Build and run example QEMU fuzzers (Linux) - name: Build and run example QEMU fuzzers (Linux)
if: runner.os == 'Linux' if: runner.os == 'Linux'
shell: bash shell: bash
run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}
nostd-build: nostd-build:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
steps: steps:
- uses: dtolnay/rust-toolchain@nightly - uses: dtolnay/rust-toolchain@nightly
with: with:
components: rust-src components: rust-src
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
- name: Add targets - name: Add targets
run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
- name: Build aarch64-unknown-none - name: Build aarch64-unknown-none
run: cd ./fuzzers/baby/baby_no_std && cargo +nightly build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --release && cd ../.. run: cd ./fuzzers/baby/baby_no_std && cargo +nightly build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --release && cd ../..
- name: run x86_64 until panic! - name: run x86_64 until panic!
@ -375,15 +379,15 @@ jobs:
run: cd ./libafl && cargo test --no-default-features run: cd ./libafl && cargo test --no-default-features
nostd-clippy: nostd-clippy:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
steps: steps:
- uses: dtolnay/rust-toolchain@nightly - uses: dtolnay/rust-toolchain@nightly
with: with:
components: clippy, rust-src components: clippy, rust-src
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
- name: Add targets - name: Add targets
run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi
- uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
- name: libafl armv6m-none-eabi (32 bit no_std) clippy - name: libafl armv6m-none-eabi (32 bit no_std) clippy
run: cd ./libafl && cargo clippy --target thumbv6m-none-eabi --no-default-features run: cd ./libafl && cargo clippy --target thumbv6m-none-eabi --no-default-features
- name: Build no_std no_alloc bolts - name: Build no_std no_alloc bolts
@ -399,7 +403,7 @@ jobs:
run: taplo format --check run: taplo format --check
build-docker: build-docker:
runs-on: ubuntu-latest runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Build docker - name: Build docker
@ -493,8 +497,10 @@ jobs:
run: cargo build --target aarch64-apple-ios && cd libafl_frida && cargo build --target aarch64-apple-ios && cd .. run: cargo build --target aarch64-apple-ios && cd libafl_frida && cargo build --target aarch64-apple-ios && cd ..
android: android:
runs-on: ubuntu-22.04 runs-on: ubuntu-24.04
steps: steps:
- name: Install curl
run: sudo apt-get install clang
- uses: dtolnay/rust-toolchain@stable - uses: dtolnay/rust-toolchain@stable
- uses: nttld/setup-ndk@v1 - uses: nttld/setup-ndk@v1
with: with:

5
.github/workflows/fuzzer-tester-prepare/action.yml vendored
View File

@ -12,10 +12,7 @@ runs:
with: { shared-key: "${{ runner.os }}-shared-fuzzer-cache" } with: { shared-key: "${{ runner.os }}-shared-fuzzer-cache" }
- name: Install fuzzers deps - name: Install fuzzers deps
shell: bash shell: bash
run: sudo apt-get update && sudo apt-get install -y nasm nlohmann-json3-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu gcc-mipsel-linux-gnu g++-mipsel-linux-gnu gcc-powerpc-linux-gnu g++-powerpc-linux-gnu libc6-dev-i386-cross libc6-dev libc6-dev-i386 lib32gcc-11-dev lib32stdc++-11-dev libgtk-3-dev pax-utils run: sudo apt-get update && sudo apt-get install -y nasm nlohmann-json3-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu gcc-mipsel-linux-gnu g++-mipsel-linux-gnu gcc-powerpc-linux-gnu g++-powerpc-linux-gnu libc6-dev-i386-cross libc6-dev libc6-dev-i386 lib32gcc-11-dev lib32stdc++-11-dev libgtk-3-dev pax-utils python3-msgpack python3-jinja2
- name: pip install
shell: bash
run: python3 -m pip install msgpack jinja2 find_libpython
- name: enable mult-thread for `make` - name: enable mult-thread for `make`
shell: bash shell: bash
run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)" run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)"

19
.github/workflows/qemu-fuzzer-tester-prepare/action.yml vendored
View File

@ -3,20 +3,10 @@ description: Sets up the QEMU fuzzers environment
runs: runs:
using: composite using: composite
steps: steps:
- uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: Install QEMU deps - name: Install QEMU deps
shell: bash shell: bash
run: apt-get update && apt-get install -y qemu-utils sudo run: apt-get update && apt-get install -y qemu-utils sudo python3-msgpack python3-jinja2 curl
- uses: ./.github/workflows/ubuntu-prepare
- uses: Swatinem/rust-cache@v2
with: { shared-key: "${{ runner.os }}-shared-fuzzer-cache" }
- uses: dtolnay/rust-toolchain@stable - uses: dtolnay/rust-toolchain@stable
- name: pip install
shell: bash
run: python3 -m pip install msgpack jinja2 find_libpython
- name: enable mult-thread for `make` - name: enable mult-thread for `make`
shell: bash shell: bash
run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)" run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)"
@ -24,3 +14,10 @@ runs:
uses: baptiste0928/cargo-install@v3 uses: baptiste0928/cargo-install@v3
with: with:
crate: cargo-make crate: cargo-make
- uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- uses: ./.github/workflows/ubuntu-prepare
- uses: Swatinem/rust-cache@v2
with: { shared-key: "${{ runner.os }}-shared-fuzzer-cache" }

13
.github/workflows/ubuntu-prepare/action.yml vendored
View File

@ -28,16 +28,9 @@ runs:
- name: Add LLVM in sources list - name: Add LLVM in sources list
shell: bash shell: bash
run: | run: |
sudo tee -a /etc/apt/sources.list.d/llvm.list << EOF wget https://apt.llvm.org/llvm.sh
deb https://apt.llvm.org/jammy/ llvm-toolchain-jammy main chmod +x llvm.sh
deb-src https://apt.llvm.org/jammy/ llvm-toolchain-jammy main sudo ./llvm.sh ${{env.MAIN_LLVM_VERSION}} all
EOF
- name: Add LLVM archive signature
shell: bash
run: wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc
- name: Install LLVM and Clang (Version ${{ env.MAIN_LLVM_VERSION }})
shell: bash
run: sudo apt-get update && sudo apt-get install -y llvm llvm-dev clang libclang-cpp-dev llvm-${{ env.MAIN_LLVM_VERSION }} clang-${{ env.MAIN_LLVM_VERSION }} llvm-${{ env.MAIN_LLVM_VERSION }}-dev libclang-cpp${{ env.MAIN_LLVM_VERSION }} libclang-cpp${{ env.MAIN_LLVM_VERSION }}-dev
- name: Symlink Headers - name: Symlink Headers
shell: bash shell: bash
run: sudo ln -s /usr/include/asm-generic /usr/include/asm run: sudo ln -s /usr/include/asm-generic /usr/include/asm

2
fuzzers/others/libafl-fuzz/test/test.sh
View File

@ -17,7 +17,7 @@ cargo build --release
AFL_PATH=$AFL_DIR_NAME $AFL_CC_PATH $AFL_DIR_NAME/test-instr.c -o out-instr AFL_PATH=$AFL_DIR_NAME $AFL_CC_PATH $AFL_DIR_NAME/test-instr.c -o out-instr
AFL_CORES=1 LLVM_CONFIG=llvm-config-18 AFL_STATS_INTERVAL=1 AFL_NUM_CORES=1 timeout 5 $LIBAFL_FUZZ_PATH -i ./seeds -o ./output $(pwd)/out-instr AFL_CORES=1 LLVM_CONFIG=${LLVM_CONFIG} AFL_STATS_INTERVAL=1 AFL_NUM_CORES=1 timeout 5 $LIBAFL_FUZZ_PATH -i ./seeds -o ./output $(pwd)/out-instr
test -n "$( ls output/fuzzer_main/queue/id:000002* 2>/dev/null )" || exit 1 test -n "$( ls output/fuzzer_main/queue/id:000002* 2>/dev/null )" || exit 1
test -n "$( ls output/fuzzer_main/fuzzer_stats 2>/dev/null )" || exit 1 test -n "$( ls output/fuzzer_main/fuzzer_stats 2>/dev/null )" || exit 1
test -n "$( ls output/fuzzer_main/plot_data 2>/dev/null )" || exit 1 test -n "$( ls output/fuzzer_main/plot_data 2>/dev/null )" || exit 1

13
fuzzers/others/libfuzzer_libmozjpeg/src/lib.rs
View File

@ -80,10 +80,17 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
let edges_observer = unsafe { std_edges_map_observer("edges") }; let edges_observer = unsafe { std_edges_map_observer("edges") };
// Create an observation channel using the cmp map // Create an observation channel using the cmp map
let cmps_observer = unsafe { StdMapObserver::new("cmps", &mut CMP_MAP) }; let cmps_observer =
unsafe { StdMapObserver::from_mut_ptr("cmps", CMP_MAP.as_mut_ptr(), CMP_MAP.len()) };
// Create an observation channel using the allocations map // Create an observation channel using the allocations map
let allocs_observer = unsafe { StdMapObserver::new("allocs", &mut libafl_alloc_map) }; let allocs_observer = unsafe {
StdMapObserver::from_mut_ptr(
"allocs",
libafl_alloc_map.as_mut_ptr(),
libafl_alloc_map.len(),
)
};
// Feedback to rate the interestingness of an input // Feedback to rate the interestingness of an input
let mut feedback = feedback_or!( let mut feedback = feedback_or!(
@ -152,7 +159,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
// Call LLVMFUzzerInitialize() if present. // Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect(); let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 { if libfuzzer_initialize(&args) == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1") println!("Warning: LLVMFuzzerInitialize failed with -1");
} }
// In case the corpus is empty (on first run), reset // In case the corpus is empty (on first run), reset

28
fuzzers/others/nautilus_sync/src/bin/libafl_cc.rs
View File

@ -1,25 +1,8 @@
use std::{env, process::Command, str}; use std::env;
use libafl_cc::{ClangWrapper, CompilerWrapper, ToolWrapper}; use libafl_cc::{ClangWrapper, CompilerWrapper, ToolWrapper};
fn find_libpython() -> Result<String, String> { #[allow(clippy::missing_panics_doc)]
match Command::new("python3")
.args(["-m", "find_libpython"])
.output()
{
Ok(output) => {
let shared_obj = str::from_utf8(&output.stdout).unwrap_or_default().trim();
if shared_obj.is_empty() {
return Err("Empty return from python3 -m find_libpython".to_string());
}
Ok(shared_obj.to_owned())
}
Err(err) => Err(format!(
"Could not execute python3 -m find_libpython: {err:?}"
)),
}
}
pub fn main() { pub fn main() {
let args: Vec<String> = env::args().collect(); let args: Vec<String> = env::args().collect();
if args.len() > 1 { if args.len() > 1 {
@ -34,8 +17,6 @@ pub fn main() {
dir.pop(); dir.pop();
let libpython = find_libpython().expect("Failed to find libpython");
let mut cc = ClangWrapper::new(); let mut cc = ClangWrapper::new();
if let Some(code) = cc if let Some(code) = cc
.cpp(is_cpp) .cpp(is_cpp)
@ -45,9 +26,10 @@ pub fn main() {
.expect("Failed to parse the command line") .expect("Failed to parse the command line")
.link_staticlib(&dir, "nautilus_sync") .link_staticlib(&dir, "nautilus_sync")
.add_arg("-fsanitize-coverage=trace-pc-guard") .add_arg("-fsanitize-coverage=trace-pc-guard")
// needed by Nautilus
.add_link_arg(libpython)
.add_link_arg("-lutil") .add_link_arg("-lutil")
// needed by Nautilus
.link_libpython()
.expect("Could not find libpython")
.run() .run()
.expect("Failed to run the wrapped compiler") .expect("Failed to run the wrapped compiler")
{ {

3
fuzzers/others/nautilus_sync/src/lib.rs
View File

@ -98,6 +98,7 @@ struct Opt {
/// The main fn, `no_mangle` as it is a C symbol /// The main fn, `no_mangle` as it is a C symbol
#[no_mangle] #[no_mangle]
#[allow(clippy::missing_panics_doc, clippy::too_many_lines)]
pub extern "C" fn libafl_main() { pub extern "C" fn libafl_main() {
// Registry the metadata types used in this fuzzer // Registry the metadata types used in this fuzzer
// Needed only on no_std // Needed only on no_std
@ -202,7 +203,7 @@ pub extern "C" fn libafl_main() {
// Call LLVMFUzzerInitialize() if present. // Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect(); let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 { if libfuzzer_initialize(&args) == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1") println!("Warning: LLVMFuzzerInitialize failed with -1");
} }
let mut generator = NautilusGenerator::new(&context); let mut generator = NautilusGenerator::new(&context);

41
libafl/src/executors/hooks/inprocess.rs
View File

@ -238,26 +238,33 @@ where
E::State: HasExecutions + HasSolutions + HasCorpus, E::State: HasExecutions + HasSolutions + HasCorpus,
Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor, Z: HasObjective<Objective = OF, State = E::State> + HasScheduler + ExecutionProcessor,
{ {
#[cfg_attr(miri, allow(unused_variables))] // # Safety
// We get a pointer to `GLOBAL_STATE` that will be initialized at this point in time.
// This unsafe is needed in stable but not in nightly. Remove in the future(?)
#[allow(unused_unsafe)]
let data = unsafe { addr_of_mut!(GLOBAL_STATE) };
#[cfg(feature = "std")]
unix_signal_handler::setup_panic_hook::<E, EM, OF, Z>();
// # Safety
// Setting up the signal handlers with a pointer to the `GLOBAL_STATE` which should not be NULL at this point.
// We are the sole users of `GLOBAL_STATE` right now, and only dereference it in case of Segfault/Panic.
// In that case we get the mutable borrow. Otherwise we don't use it.
#[cfg(all(not(miri), unix, feature = "std"))]
unsafe { unsafe {
let data = addr_of_mut!(GLOBAL_STATE);
#[cfg(feature = "std")]
unix_signal_handler::setup_panic_hook::<E, EM, OF, Z>();
#[cfg(all(not(miri), unix, feature = "std"))]
setup_signal_handler(data)?; setup_signal_handler(data)?;
compiler_fence(Ordering::SeqCst);
Ok(Self {
#[cfg(feature = "std")]
crash_handler: unix_signal_handler::inproc_crash_handler::<E, EM, OF, Z>
as *const c_void,
#[cfg(feature = "std")]
timeout_handler: unix_signal_handler::inproc_timeout_handler::<E, EM, OF, Z>
as *const _,
#[cfg(feature = "std")]
timer: TimerStruct::new(exec_tmout),
phantom: PhantomData,
})
} }
compiler_fence(Ordering::SeqCst);
Ok(Self {
#[cfg(feature = "std")]
crash_handler: unix_signal_handler::inproc_crash_handler::<E, EM, OF, Z>
as *const c_void,
#[cfg(feature = "std")]
timeout_handler: unix_signal_handler::inproc_timeout_handler::<E, EM, OF, Z>
as *const _,
#[cfg(feature = "std")]
timer: TimerStruct::new(exec_tmout),
phantom: PhantomData,
})
} }
/// Create new [`InProcessHooks`]. /// Create new [`InProcessHooks`].

2
libafl/src/executors/hooks/inprocess_fork.rs
View File

@ -60,7 +60,7 @@ impl<S> InChildProcessHooks<S> {
where where
E: HasObservers, E: HasObservers,
{ {
#[cfg_attr(miri, allow(unused_variables))] #[cfg_attr(miri, allow(unused_variables, unused_unsafe))]
unsafe { unsafe {
let data = addr_of_mut!(FORK_EXECUTOR_GLOBAL_DATA); let data = addr_of_mut!(FORK_EXECUTOR_GLOBAL_DATA);
// child_signal_handlers::setup_child_panic_hook::<E, I, OT, S>(); // child_signal_handlers::setup_child_panic_hook::<E, I, OT, S>();

31
libafl_cc/src/lib.rs
View File

@ -56,6 +56,7 @@
) )
)] )]
use core::str;
use std::{path::Path, process::Command}; use std::{path::Path, process::Command};
pub mod ar; pub mod ar;
@ -339,4 +340,34 @@ pub trait CompilerWrapper: ToolWrapper {
fn link_staticlib<S>(&mut self, dir: &Path, name: S) -> &'_ mut Self fn link_staticlib<S>(&mut self, dir: &Path, name: S) -> &'_ mut Self
where where
S: AsRef<str>; S: AsRef<str>;
/// Finds the current `python3` version and adds `-lpython3.<version>` as linker argument.
/// Useful for fuzzers that need libpython, such as `nautilus`-based fuzzers.
fn link_libpython(&mut self) -> Result<&'_ mut Self, String> {
Ok(self.add_link_arg(format!("-l{}", find_python3_version()?)))
}
}
/// Helper function to find the current python3 version, if you need this information at link time.
/// Example output: `python3.11`
/// Example use: `.add_link_arg(format!("-l{}", find_python3_version()?))`
/// Hint: you can use `link_libpython()` directly.
fn find_python3_version() -> Result<String, String> {
match Command::new("python3").arg("--version").output() {
Ok(output) => {
let python_version = str::from_utf8(&output.stdout).unwrap_or_default().trim();
if python_version.is_empty() {
return Err("Empty return from python3 --version".to_string());
}
let version = python_version.split("Python 3.").nth(1).ok_or_else(|| {
format!("Could not find Python 3 in version string: {python_version}")
})?;
let mut version = version.split('.');
let version = version.next().ok_or_else(|| {
format!("Could not split python3 version string {python_version}")
})?;
Ok(format!("python3.{version}"))
}
Err(err) => Err(format!("Could not execute python3 --version: {err:?}")),
}
} }

6
libafl_qemu/libqasan/string.c
View File

@ -135,7 +135,8 @@ unsigned char __libqasan_tolower(unsigned char c) {
int __libqasan_strcasecmp(const char *str1, const char *str2) { int __libqasan_strcasecmp(const char *str1, const char *str2) {
while (1) { while (1) {
const unsigned char c1 = __libqasan_tolower(*str1), c2 = __libqasan_tolower(*str2); const unsigned char c1 = __libqasan_tolower(*str1),
c2 = __libqasan_tolower(*str2);
if (c1 != c2) { return c1 - c2; } if (c1 != c2) { return c1 - c2; }
if (!c1) { return 0; } if (!c1) { return 0; }
@ -148,7 +149,8 @@ int __libqasan_strcasecmp(const char *str1, const char *str2) {
int __libqasan_strncasecmp(const char *str1, const char *str2, size_t len) { int __libqasan_strncasecmp(const char *str1, const char *str2, size_t len) {
while (len--) { while (len--) {
const unsigned char c1 = __libqasan_tolower(*str1), c2 = __libqasan_tolower(*str2); const unsigned char c1 = __libqasan_tolower(*str1),
c2 = __libqasan_tolower(*str2);
if (c1 != c2) { return c1 - c2; } if (c1 != c2) { return c1 - c2; }
if (!c1) { return 0; } if (!c1) { return 0; }

36
libafl_targets/src/cmplog.h
View File

@ -4,6 +4,15 @@
#include "common.h" #include "common.h"
#include <stddef.h> #include <stddef.h>
#ifdef _MSC_VER
#define PACKED(__Declaration__) \
__pragma(pack(push, 1)) __Declaration__ __pragma(pack(pop))
#endif
#ifndef _MSC_VER
#define PACKED(__Declaration__) __Declaration__ __attribute__((__packed__))
#endif
#ifndef CMPLOG_MAP_W #ifndef CMPLOG_MAP_W
#define CMPLOG_MAP_W 65536 #define CMPLOG_MAP_W 65536
#endif #endif
@ -28,52 +37,43 @@ typedef struct CmpLogHeader {
uint8_t kind; uint8_t kind;
} CmpLogHeader; } CmpLogHeader;
#ifndef _WIN32 typedef PACKED(struct CmpLogHeaderExtended {
typedef struct CmpLogHeaderExtended {
unsigned hits : 6; unsigned hits : 6;
unsigned shape : 5; unsigned shape : 5;
unsigned type : 1; unsigned type : 1;
unsigned attribute : 4; unsigned attribute : 4;
} __attribute__((packed)) CmpLogHeaderExtended; }) CmpLogHeaderExtended;
#else
__pragma(pack(push, 1)) typedef struct CmpLogHeaderExtended {
unsigned hits : 6;
unsigned shape : 5;
unsigned type : 1;
unsigned attribute : 4;
} CmpLogHeaderExtended;
__pragma(pack(pop))
#endif
typedef struct CmpLogInstruction { typedef struct CmpLogInstruction {
uint64_t v0; uint64_t v0;
uint64_t v1; uint64_t v1;
} CmpLogInstruction; } CmpLogInstruction;
typedef struct CmpLogInstructionExtended { typedef PACKED(struct CmpLogInstructionExtended {
uint64_t v0; uint64_t v0;
uint64_t v0_128; uint64_t v0_128;
uint64_t v0_256_0; // u256 is unsupported by any compiler for now, so future use uint64_t
v0_256_0; // u256 is unsupported by any compiler for now, so future use
uint64_t v0_256_1; uint64_t v0_256_1;
uint64_t v1; uint64_t v1;
uint64_t v1_128; uint64_t v1_128;
uint64_t v1_256_0; uint64_t v1_256_0;
uint64_t v1_256_1; uint64_t v1_256_1;
uint8_t unused[8]; uint8_t unused[8];
} __attribute__((packed)) CmpLogInstructionExtended; }) CmpLogInstructionExtended;
typedef struct CmpLogRoutine { typedef struct CmpLogRoutine {
uint8_t v0[CMPLOG_RTN_LEN]; uint8_t v0[CMPLOG_RTN_LEN];
uint8_t v1[CMPLOG_RTN_LEN]; uint8_t v1[CMPLOG_RTN_LEN];
} CmpLogRoutine; } CmpLogRoutine;
typedef struct CmpLogRoutineExtended { typedef PACKED(struct CmpLogRoutineExtended {
uint8_t v0[CMPLOG_RTN_LEN]; uint8_t v0[CMPLOG_RTN_LEN];
uint8_t v1[CMPLOG_RTN_LEN]; uint8_t v1[CMPLOG_RTN_LEN];
uint8_t v0_len; uint8_t v0_len;
uint8_t v1_len; uint8_t v1_len;
uint8_t unused[6]; uint8_t unused[6];
} __attribute__((packed)) CmpLogRoutineExtended; }) CmpLogRoutineExtended;
typedef struct CmpLogMap { typedef struct CmpLogMap {
CmpLogHeader headers[CMPLOG_MAP_W]; CmpLogHeader headers[CMPLOG_MAP_W];

4
libafl_targets/src/libfuzzer.c
View File

@ -21,7 +21,9 @@ EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t,
false); false);
EXT_FUNC_IMPL(LLVMFuzzerTestOneInput, int, (const uint8_t *Data, size_t Size), EXT_FUNC_IMPL(LLVMFuzzerTestOneInput, int, (const uint8_t *Data, size_t Size),
false) { false) {
fprintf(stderr, "Weakly defined \"LLVMFuzzerTestOneInput\" is linked. Did you add extern \"C\" to your harness?\n"); fprintf(stderr,
"Weakly defined \"LLVMFuzzerTestOneInput\" is linked. Did you add "
"extern \"C\" to your harness?\n");
abort(); abort();
return 0; return 0;
} }

7
scripts/parallellize_cargo_check.py
View File

@ -4,6 +4,8 @@ import os
import sys import sys
import math import math
LLVM_VERSION = "18"
# Current CI Runner # Current CI Runner
ci_instances = 18 ci_instances = 18
@ -12,8 +14,9 @@ if len(sys.argv) != 2:
instance_idx = int(sys.argv[1]) instance_idx = int(sys.argv[1])
# Set llvm config # Set llvm config if it's not already set
os.environ["LLVM_CONFIG"] = "llvm-config" if "LLVM_CONFIG" not in os.environ:
os.environ["LLVM_CONFIG"] = f"llvm-config-{LLVM_VERSION}"
command = ( command = (
"DOCS_RS=1 cargo hack check --workspace --each-feature --clean-per-run " "DOCS_RS=1 cargo hack check --workspace --each-feature --clean-per-run "