From cb471a92827d27e6bb7ec50f2b40bdd386f677fb Mon Sep 17 00:00:00 2001 From: Romain Malmain Date: Thu, 13 Feb 2025 12:42:38 +0100 Subject: [PATCH] Move to just (binary_only / full_system) (#2949) * just port for binary only / systemmode fuzzers * introduce just libraries, with pre-initialized variables and common recipes --------- Co-authored-by: Dongjia "toka" Zhang --- .devcontainer/devcontainer.json | 2 +- .github/workflows/build_and_test.yml | 23 +- .../fuzzer-tester-prepare/action.yml | 4 - .../qemu-fuzzer-tester-prepare/action.yml | 4 - .../windows-tester-prepare/action.yml | 3 - README.md | 8 +- .../frida_executable_libpng/Justfile | 50 +++ .../frida_executable_libpng/Makefile.toml | 120 ----- fuzzers/binary_only/frida_libpng/Justfile | 67 +++ .../binary_only/frida_libpng/Makefile.toml | 160 ------- .../frida_windows_gdiplus/Justfile | 49 ++ .../frida_windows_gdiplus/Makefile.toml | 99 ---- .../binary_only/fuzzbench_fork_qemu/Justfile | 44 ++ .../fuzzbench_fork_qemu/Makefile.toml | 115 ----- fuzzers/binary_only/fuzzbench_qemu/Justfile | 42 ++ .../binary_only/fuzzbench_qemu/Makefile.toml | 101 ----- .../intel_pt_baby_fuzzer/Makefile.toml | 26 -- .../intel_pt_command_executor/Justfile | 31 ++ .../intel_pt_command_executor/Makefile.toml | 39 -- fuzzers/binary_only/qemu_cmin/Justfile | 45 ++ fuzzers/binary_only/qemu_cmin/Makefile.toml | 320 ------------- fuzzers/binary_only/qemu_coverage/Justfile | 65 +++ .../binary_only/qemu_coverage/Makefile.toml | 350 --------------- fuzzers/binary_only/qemu_launcher/Justfile | 96 ++++ .../binary_only/qemu_launcher/Makefile.toml | 424 ------------------ fuzzers/binary_only/tinyinst_simple/Justfile | 40 ++ .../binary_only/tinyinst_simple/Makefile.toml | 95 ---- .../full_system/nyx_libxml2_parallel/Justfile | 32 ++ .../nyx_libxml2_parallel/Makefile.toml | 69 --- .../nyx_libxml2_standalone/Justfile | 32 ++ .../nyx_libxml2_standalone/Makefile.toml | 69 --- fuzzers/full_system/qemu_baremetal/Justfile | 69 +++ .../full_system/qemu_baremetal/Makefile.toml | 234 ---------- fuzzers/full_system/qemu_baremetal/README.md | 14 +- .../full_system/qemu_linux_kernel/Justfile | 69 +++ .../qemu_linux_kernel/Makefile.toml | 223 --------- .../full_system/qemu_linux_process/Cargo.toml | 4 + .../full_system/qemu_linux_process/Justfile | 74 +++ .../qemu_linux_process/Makefile.toml | 257 ----------- .../example/{harness.c => harness_lqemu.c} | 0 .../inprocess/libfuzzer_stb_image/Justfile | 2 +- .../libfuzzer_stb_image_sugar/Justfile | 2 +- just/README.md | 6 + just/envs/.env.aarch64 | 3 + just/envs/.env.arm | 3 + just/envs/.env.i386 | 3 + just/envs/.env.mips | 3 + just/envs/.env.ppc | 3 + just/envs/.env.x86_64 | 3 + just/libafl-qemu-libpng.just | 84 ++++ just/libafl-qemu.just | 3 + just/libafl.just | 41 ++ libafl_qemu/libafl_qemu_build/src/build.rs | 2 +- libafl_qemu/src/modules/drcov.rs | 27 +- scripts/test_fuzzer.sh | 4 +- utils/gdb_qemu/Justfile | 31 ++ utils/gdb_qemu/Makefile.toml | 88 ---- utils/noaslr/Justfile | 29 ++ utils/noaslr/Makefile.toml | 78 ---- 59 files changed, 1060 insertions(+), 2923 deletions(-) create mode 100644 fuzzers/binary_only/frida_executable_libpng/Justfile delete mode 100644 fuzzers/binary_only/frida_executable_libpng/Makefile.toml create mode 100644 fuzzers/binary_only/frida_libpng/Justfile delete mode 100644 fuzzers/binary_only/frida_libpng/Makefile.toml create mode 100644 fuzzers/binary_only/frida_windows_gdiplus/Justfile delete mode 100644 fuzzers/binary_only/frida_windows_gdiplus/Makefile.toml create mode 100644 fuzzers/binary_only/fuzzbench_fork_qemu/Justfile delete mode 100644 fuzzers/binary_only/fuzzbench_fork_qemu/Makefile.toml create mode 100644 fuzzers/binary_only/fuzzbench_qemu/Justfile delete mode 100644 fuzzers/binary_only/fuzzbench_qemu/Makefile.toml delete mode 100644 fuzzers/binary_only/intel_pt_baby_fuzzer/Makefile.toml create mode 100644 fuzzers/binary_only/intel_pt_command_executor/Justfile delete mode 100644 fuzzers/binary_only/intel_pt_command_executor/Makefile.toml create mode 100644 fuzzers/binary_only/qemu_cmin/Justfile delete mode 100644 fuzzers/binary_only/qemu_cmin/Makefile.toml create mode 100644 fuzzers/binary_only/qemu_coverage/Justfile delete mode 100644 fuzzers/binary_only/qemu_coverage/Makefile.toml create mode 100644 fuzzers/binary_only/qemu_launcher/Justfile delete mode 100644 fuzzers/binary_only/qemu_launcher/Makefile.toml create mode 100644 fuzzers/binary_only/tinyinst_simple/Justfile delete mode 100644 fuzzers/binary_only/tinyinst_simple/Makefile.toml create mode 100644 fuzzers/full_system/nyx_libxml2_parallel/Justfile delete mode 100644 fuzzers/full_system/nyx_libxml2_parallel/Makefile.toml create mode 100644 fuzzers/full_system/nyx_libxml2_standalone/Justfile delete mode 100644 fuzzers/full_system/nyx_libxml2_standalone/Makefile.toml create mode 100644 fuzzers/full_system/qemu_baremetal/Justfile delete mode 100644 fuzzers/full_system/qemu_baremetal/Makefile.toml create mode 100644 fuzzers/full_system/qemu_linux_kernel/Justfile delete mode 100644 fuzzers/full_system/qemu_linux_kernel/Makefile.toml create mode 100644 fuzzers/full_system/qemu_linux_process/Justfile delete mode 100644 fuzzers/full_system/qemu_linux_process/Makefile.toml rename fuzzers/full_system/qemu_linux_process/example/{harness.c => harness_lqemu.c} (100%) create mode 100644 just/README.md create mode 100644 just/envs/.env.aarch64 create mode 100644 just/envs/.env.arm create mode 100644 just/envs/.env.i386 create mode 100644 just/envs/.env.mips create mode 100644 just/envs/.env.ppc create mode 100644 just/envs/.env.x86_64 create mode 100644 just/libafl-qemu-libpng.just create mode 100644 just/libafl-qemu.just create mode 100644 just/libafl.just create mode 100644 utils/gdb_qemu/Justfile delete mode 100644 utils/gdb_qemu/Makefile.toml create mode 100644 utils/noaslr/Justfile delete mode 100644 utils/noaslr/Makefile.toml diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b501fa8655..f8077c7565 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -23,7 +23,7 @@ // "forwardPorts": [], // Uncomment the next line to run commands after the container is created - for example installing curl. // Install development components that shouldn't be in the main Dockerfile - "postCreateCommand": "rustup component add --toolchain nightly rustfmt clippy llvm-tools-preview && cargo binstall --locked cargo-make", + "postCreateCommand": "rustup component add --toolchain nightly rustfmt clippy llvm-tools-preview", // Uncomment when using a ptrace-based debugger like C++, Go, and Rust "runArgs": [ "--cap-add=SYS_PTRACE", diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 493fe1e981..bb538ba816 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -259,7 +259,7 @@ jobs: # Binary-only - ./fuzzers/binary_only/fuzzbench_fork_qemu - ./fuzzers/binary_only/frida_executable_libpng - - ./fuzzers/binary_only/frida_windows_gdiplus + # - ./fuzzers/binary_only/frida_windows_gdiplus - ./fuzzers/binary_only/frida_libpng - ./fuzzers/binary_only/fuzzbench_qemu - ./fuzzers/binary_only/intel_pt_baby_fuzzer @@ -291,7 +291,6 @@ jobs: # In-process - ./fuzzers/fuzz_anything/cargo_fuzz - # - ./fuzzers/inprocess/dynamic_analysis - ./fuzzers/inprocess/fuzzbench - ./fuzzers/inprocess/fuzzbench_text - ./fuzzers/inprocess/fuzzbench_ctx @@ -303,10 +302,10 @@ jobs: - ./fuzzers/inprocess/libfuzzer_libpng_cmin - ./fuzzers/inprocess/libfuzzer_libpng_norestart # - ./fuzzers/inprocess/libfuzzer_libpng_tcp_manager + # - ./fuzzers/inprocess/libfuzzer_windows_asan - ./fuzzers/inprocess/libfuzzer_stb_image_sugar - ./fuzzers/inprocess/libfuzzer_stb_image # - ./fuzzers/structure_aware/libfuzzer_stb_image_concolic - # - ./fuzzers/inprocess/libfuzzer_windows_asan # - ./fuzzers/inprocess/sqlite_centralized_multi_machine # Fuzz Anything @@ -429,9 +428,9 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/windows-tester-prepare - name: Build fuzzers/binary_only/frida_libpng - run: cd fuzzers/binary_only/frida_libpng/ && cargo make test + run: cd fuzzers/binary_only/frida_libpng/ && just test - windows-frida-libfuzzer-stb-image: + windows-libfuzzer-stb-image: runs-on: windows-latest needs: - common @@ -441,6 +440,16 @@ jobs: - name: Build fuzzers/inprocess/libfuzzer_stb_image run: cd fuzzers/inprocess/libfuzzer_stb_image && cargo build --release + windows-libfuzzer-asan: + runs-on: windows-latest + needs: + - common + steps: + - uses: actions/checkout@v4 + - uses: ./.github/workflows/windows-tester-prepare + - name: Build fuzzers/inprocess/libfuzzer_windows_asan + run: cd fuzzers/inprocess/libfuzzer_windows_asan && just test + windows-frida-gdiplus: runs-on: windows-latest needs: @@ -449,7 +458,7 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/windows-tester-prepare - name: Build fuzzers/binary_only/frida_windows_gdiplus - run: cd fuzzers/binary_only/frida_windows_gdiplus/ && cargo make test && cargo make test_cmplog + run: cd fuzzers/binary_only/frida_windows_gdiplus/ && just test && just test_cmplog windows-tinyinst-simple: runs-on: windows-latest @@ -461,7 +470,7 @@ jobs: - uses: actions/checkout@v4 - uses: ./.github/workflows/windows-tester-prepare - name: Build fuzzers/binary_only/tinyinst_simple - run: cd fuzzers/binary_only/tinyinst_simple/ && cargo make test + run: cd fuzzers/binary_only/tinyinst_simple/ && just test windows-clippy: runs-on: windows-latest diff --git a/.github/workflows/fuzzer-tester-prepare/action.yml b/.github/workflows/fuzzer-tester-prepare/action.yml index 8c9565bbd6..5653a8bdff 100644 --- a/.github/workflows/fuzzer-tester-prepare/action.yml +++ b/.github/workflows/fuzzer-tester-prepare/action.yml @@ -22,10 +22,6 @@ runs: - name: Add wasm target shell: bash run: rustup target add wasm32-unknown-unknown - - name: install cargo-make - uses: baptiste0928/cargo-install@v3 - with: - crate: cargo-make - name: install just uses: extractions/setup-just@v2 with: diff --git a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml index d8b7eb54da..ea01828d0d 100644 --- a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml +++ b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml @@ -10,10 +10,6 @@ runs: - name: enable mult-thread for `make` shell: bash run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)" - - name: install cargo-make - uses: baptiste0928/cargo-install@v3 - with: - crate: cargo-make - name: install just uses: extractions/setup-just@v2 with: diff --git a/.github/workflows/windows-tester-prepare/action.yml b/.github/workflows/windows-tester-prepare/action.yml index f5a6b48371..51f4e91ba1 100644 --- a/.github/workflows/windows-tester-prepare/action.yml +++ b/.github/workflows/windows-tester-prepare/action.yml @@ -15,9 +15,6 @@ runs: - name: Set LIBCLANG_PATH shell: pwsh run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV - - name: install cargo-make - shell: pwsh - run: cargo install --force cargo-make - name: install just uses: extractions/setup-just@v2 with: diff --git a/README.md b/README.md index db4538281b..4e92cec268 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,8 @@ LibAFL is fast, multi-platform, no_std compatible, and scales over cores and mac - **LLVM tools** - The LLVM tools (including clang, clang++) are needed (newer than LLVM 15.0.0 up to LLVM 18.1.3) If you are using Debian/Ubuntu, again, we highly recommmend that you install the package from [here](https://apt.llvm.org/) - (In `libafl_concolic`, we only support LLVM version newer than 18) -- Cargo-make: - - We use cargo-make to build the fuzzers in `fuzzers/` directory. You can install it with `cargo install cargo-make` +- Just: + - We use [just](https://github.com/casey/just) to build the fuzzers in `fuzzers/` directory. You can find instructions to install it in your environment [in the Just Programmer's Manual](https://just.systems/man/en/packages.html). #### Clone the LibAFL repository with ```sh @@ -52,9 +52,9 @@ cd docs && mdbook serve We collect all example fuzzers in [`./fuzzers`](./fuzzers/). Be sure to read their documentation (and source), this is *the natural way to get started!* ```sh -cargo make run +just run ``` -You can run each example fuzzer with this following command, as long as the fuzzer directory has `Makefile.toml` file. The best-tested fuzzer is [`./fuzzers/inprocess/libfuzzer_libpng`](./fuzzers/inprocess/libfuzzer_libpng), a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness. +You can run each example fuzzer with this following command, as long as the fuzzer directory has a `Justfile` file. The best-tested fuzzer is [`./fuzzers/inprocess/libfuzzer_libpng`](./fuzzers/inprocess/libfuzzer_libpng), a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness. ### Resources - [Installation guide](./docs/src/getting_started/setup.md) diff --git a/fuzzers/binary_only/frida_executable_libpng/Justfile b/fuzzers/binary_only/frida_executable_libpng/Justfile new file mode 100644 index 0000000000..da8792efe8 --- /dev/null +++ b/fuzzers/binary_only/frida_executable_libpng/Justfile @@ -0,0 +1,50 @@ +import "../../../just/libafl.just" + +FUZZER_NAME := "libfrida_executable_fuzzer" +FUZZER_LIB := FUZZER + ".so" + +[unix] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[unix] +lib: libpng + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + make -j -C libpng-1.6.37 + +[unix] +harness: lib + clang++ -O0 -c -fPIC harness.cc -o harness.o + clang++ -O0 harness.cc libpng-1.6.37/.libs/libpng16.a -lz -o libpng-harness -g + +[unix] +build: + cargo build --profile {{ PROFILE }} + +[unix] +run: build harness + LD_PRELOAD={{ FUZZER_LIB }} ./libpng-harness -i corpus -o out -H ./libpng-harness + +[unix] +test: build harness + #!/bin/bash + + rm -rf libafl_unix_shmem_server || true + LD_PRELOAD={{ FUZZER_LIB }} ./libpng-harness -i corpus -o out -H ./libpng-harness > fuzz_stdout.log & + sleep 10s && pkill libpng-harness + if grep -qa "corpus: 30" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[unix] +clean: + rm -rf ./libpng-harness + make -C libpng-1.6.37 clean + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/frida_executable_libpng/Makefile.toml b/fuzzers/binary_only/frida_executable_libpng/Makefile.toml deleted file mode 100644 index 8cc7ee95f1..0000000000 --- a/fuzzers/binary_only/frida_executable_libpng/Makefile.toml +++ /dev/null @@ -1,120 +0,0 @@ -# Variables -[env] -CARGO_TARGET_DIR = { value = "target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes -cd .. -make -C libpng-1.6.37 -''' -dependencies = ["libpng"] - -# Harness -[tasks.harness] -linux_alias = "harness_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.harness_unix] -script_runner = "@shell" -script = ''' -clang++ -O0 -c -fPIC harness.cc -o harness.o -clang++ -O0 harness.cc libpng-1.6.37/.libs/libpng16.a -lz -o libpng-harness -g -''' -dependencies = ["lib"] - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -script_runner = "@shell" -script = ''' -cargo build --profile ${PROFILE} -''' - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -LD_PRELOAD=$CARGO_TARGET_DIR/${PROFILE_DIR}/libfrida_executable_fuzzer.so ./libpng-harness -i corpus -o out -H ./libpng-harness -''' -dependencies = ["fuzzer", "harness"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -LD_PRELOAD=$CARGO_TARGET_DIR/${PROFILE_DIR}/libfrida_executable_fuzzer.so ./libpng-harness -i corpus -o out -H ./libpng-harness > fuzz_stdout.log & -sleep 10s && pkill libpng-harness -if grep -qa "corpus: 30" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer", "harness"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./libpng-harness -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/binary_only/frida_libpng/Justfile b/fuzzers/binary_only/frida_libpng/Justfile new file mode 100644 index 0000000000..132ee5c31a --- /dev/null +++ b/fuzzers/binary_only/frida_libpng/Justfile @@ -0,0 +1,67 @@ +import "../../../just/libafl.just" + +FUZZER_NAME := "frida_fuzzer" +FUZZER_NAME_WIN := "frida_fuzzer.exe" + +set windows-shell := ['cmd.exe', '/c'] +set unstable + +[unix] +libpng: + #!/bin/bash + if [ ! -f v1.6.37.tar.gz ]; then + wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + fi + tar -xvf v1.6.37.tar.gz + +[unix] +lib: libpng + cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes + make -j -C libpng-1.6.37 + +[unix] +harness: lib + clang++ -O3 -c -fPIC harness.cc -o harness.o + clang++ -O3 harness.o libpng-1.6.37/.libs/libpng16.a -shared -lz -o libpng-harness.so + +[windows] +harness: + cl /c harness_win.cpp && link harness_win.obj /dll + +[unix] +[windows] +build: + cargo build --profile {{ PROFILE }} + +[unix] +run: build harness + {{ FUZZER }} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so + +[windows] +run: build harness + {{TARGET_DIR}}\{{PROFILE}}\{{FUZZER_NAME_WIN}} -F LLVMFuzzerTestOneInput -H .\harness_win.dll -l .\harness_win.dll --cores=0 + +[unix] +test: build harness + #!/bin/bash + + rm -rf libafl_unix_shmem_server || true + timeout 30s {{ FUZZER }} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so | tee fuzz_stdout.log 2>/dev/null || true + if grep -qa "corpus: 70" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[windows] +[script("cmd.exe", "/c")] +test: build harness + start "" "{{TARGET_DIR}}\{{PROFILE}}\{{FUZZER_NAME_WIN}}" -F LLVMFuzzerTestOneInput -H .\harness_win.dll -l .\harness_win.dll --cores=0 + ping -n 10 127.0.0.1>NUL && taskkill /im frida_fuzzer.exe /F + dir /a-d corpus_discovered && (echo Files exist) || (exit /b 1337) + +[unix] +clean: + make -C libpng-1.6.37 clean + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/frida_libpng/Makefile.toml b/fuzzers/binary_only/frida_libpng/Makefile.toml deleted file mode 100644 index a4ea584847..0000000000 --- a/fuzzers/binary_only/frida_libpng/Makefile.toml +++ /dev/null @@ -1,160 +0,0 @@ -# Variables -[env] -CARGO_TARGET_DIR = { value = "target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -FUZZER_NAME = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = "frida_fuzzer", mapping = { "linux" = "frida_fuzzer", "macos" = "frida_fuzzer", "windows" = "frida_fuzzer.exe" } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# libpng -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "libpng_unix" -windows_alias = "unsupported" - -[tasks.libpng_unix] -condition = { files_not_exist = ["./libpng-1.6.37"] } -script_runner = "@shell" -script = ''' -wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz -tar -xvf v1.6.37.tar.gz -''' - -# Library -[tasks.lib] -linux_alias = "lib_unix" -mac_alias = "lib_unix" -windows_alias = "unsupported" - -[tasks.lib_unix] -script_runner = "@shell" -script = ''' -cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes --disable-dependency-tracking -cd .. -make -C libpng-1.6.37 -''' -dependencies = ["libpng"] - -# Harness -[tasks.harness] -linux_alias = "harness_unix" -mac_alias = "harness_unix" -windows_alias = "harness_windows" - -[tasks.harness_unix] -script_runner = "@shell" -script = ''' -clang++ -O3 -c -fPIC harness.cc -o harness.o -clang++ -O3 harness.o libpng-1.6.37/.libs/libpng16.a -shared -lz -o libpng-harness.so -''' -dependencies = ["lib"] - -[tasks.harness_windows] -script_runner = "@shell" -script = ''' -cl /c harness_win.cpp && link harness_win.obj /dll -''' - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "fuzzer_windows" - -[tasks.fuzzer_unix] -script_runner = "@shell" -script = ''' -cargo build --profile ${PROFILE} -cp ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME} . -''' - -[tasks.fuzzer_windows] -script_runner = "@shell" -script = ''' -cargo build --profile ${PROFILE} -cp ./target/${PROFILE_DIR}/${FUZZER_NAME} . -''' - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "run_windows" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so -''' -dependencies = ["fuzzer", "harness"] - -[tasks.run_windows] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./harness_win.dll -l ./harness_win.dll --cores=0 -''' -dependencies = ["fuzzer", "harness"] - -# Test -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_mac" -windows_alias = "test_windows" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 30s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so | tee fuzz_stdout.log 2>/dev/null || true -if grep -qa "corpus: 70" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["fuzzer", "harness"] - -# Don't grep and check the result on macOS because it's unstable -[tasks.test_mac] -script_runner = "@shell" -script = ''' -rm -rf libafl_unix_shmem_server || true -timeout 30s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so | tee fuzz_stdout.log 2>/dev/null || true -''' -dependencies = ["fuzzer", "harness"] - -[tasks.test_windows] -script_runner = "@shell" -script = ''' -start "" "frida_fuzzer.exe" -F LLVMFuzzerTestOneInput -H ./harness_win.dll -l ./harness_win.dll --cores=0 -#ping is for timeout -ping -n 10 127.0.0.1>NUL && taskkill /im frida_fuzzer.exe /F ->nul 2>nul dir /a-d "corpus_discovered\*" && (echo Files exist) || (exit /b 1337) -''' -dependencies = ["fuzzer", "harness"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -make -C libpng-1.6.37 clean -cargo clean -''' diff --git a/fuzzers/binary_only/frida_windows_gdiplus/Justfile b/fuzzers/binary_only/frida_windows_gdiplus/Justfile new file mode 100644 index 0000000000..c1d8ca971e --- /dev/null +++ b/fuzzers/binary_only/frida_windows_gdiplus/Justfile @@ -0,0 +1,49 @@ +import "../../../just/libafl.just" + +FUZZER_NAME := "frida_windows_gdiplus.exe" +set windows-shell := ['cmd.exe', '/c'] +set unstable + +[windows] +harness: + cl.exe /LD harness.cc /link /dll gdiplus.lib ole32.lib + +[windows] +harness_cmplog_test: + ml64 cmplog_test.asm /subsystem:windows /link /dll /def:cmplog_test.def /entry:dll_main /out:cmplog.dll + +[windows] +build: + cargo build --profile {{ PROFILE }} + copy {{TARGET_DIR}}\{{PROFILE}}\{{FUZZER_NAME}} . + +[windows] +run: build harness + .\{{TARGET_DIR}}\{{PROFILE}}\{{FUZZER_NAME}} -H harness.dll -i corpus -o output --libs-to-instrument gdi32.dll --libs-to-instrument gdi32full.dll --libs-to-instrument gdiplus.dll --libs-to-instrument WindowsCodecs.dll --disable-excludes + +[windows] +[script("cmd.exe", "/c")] +test_cmplog: build harness_cmplog_test + @echo off + + for %%i in (t1 t2 t3 t4 t5 t6 t7) do ( + echo Testing %%i... + rmdir /s /q output_%%i + start "" "{{FUZZER_NAME}}" -H cmplog.dll -i corpus -o output_%%i --libs-to-instrument cmplog.dll -F %%i -C + ping -n 3 127.0.0.1>NUL && taskkill /im {{ FUZZER }} /F + dir /a-d "output_%%i" && (echo Files exist) || (exit /b 1337) + ) + + echo All tests done + +[windows] +[script("cmd.exe", "/c")] +test: build harness + start "" "{{FUZZER_NAME}}" -H harness.dll -i corpus -o output --libs-to-instrument gdi32.dll --libs-to-instrument gdi32full.dll --libs-to-instrument gdiplus.dll --libs-to-instrument WindowsCodecs.dll --disable-excludes + ping -n 10 127.0.0.1>NUL && taskkill /im frida_windows_gdiplus.exe /F + dir /a-d corpus_discovered && (echo Files exist) || (exit /b 1337) + +[windows] +clean: + make -C libpng-1.6.37 clean + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/frida_windows_gdiplus/Makefile.toml b/fuzzers/binary_only/frida_windows_gdiplus/Makefile.toml deleted file mode 100644 index f8cb981ab3..0000000000 --- a/fuzzers/binary_only/frida_windows_gdiplus/Makefile.toml +++ /dev/null @@ -1,99 +0,0 @@ -# Variables -[env] -CARGO_TARGET_DIR = { value = "target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } -FUZZER_NAME = { source = "${CARGO_MAKE_RUST_TARGET_OS}", default_value = "frida_windows_gdiplus", mapping = { "linux" = "frida_windows_gdiplus", "macos" = "frida_windows_gdiplus", "windows" = "frida_windows_gdiplus.exe" } } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Harness -[tasks.harness] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "harness_windows" - - -[tasks.harness_windows] -script_runner = "@shell" -script = ''' -cl.exe /LD harness.cc /link /dll gdiplus.lib ole32.lib -''' - -[tasks.harness_windows_cmplog_test] -script_runner = "@shell" -script = ''' -ml64 cmplog_test.asm /subsystem:windows /link /dll /def:cmplog_test.def /entry:dll_main /out:cmplog.dll -''' - -# Fuzzer -[tasks.fuzzer] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "fuzzer_windows" - -[tasks.fuzzer_windows] -script_runner = "@shell" -script = ''' -cargo build --profile ${PROFILE} -cp ./target/${PROFILE_DIR}/${FUZZER_NAME} . -''' - -# Run the fuzzer -[tasks.run] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "run_windows" - -[tasks.run_windows] -script_runner = "@shell" -script = ''' -./${FUZZER_NAME} -H harness.dll -i corpus -o output --libs-to-instrument gdi32.dll --libs-to-instrument gdi32full.dll --libs-to-instrument gdiplus.dll --libs-to-instrument WindowsCodecs.dll --disable-excludes -''' -dependencies = ["fuzzer", "harness"] - -# Test -[tasks.test] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "test_windows" - -[tasks.test_cmplog] -linux_alias = "unsupported" -mac_alias = "unsupported" -windows_alias = "test_windows_cmplog" - -[tasks.test_windows_cmplog] -script_runner = "@shell" -script = ''' -@echo off - -for %%i in (t1 t2 t3 t4 t5 t6 t7) do ( - echo Testing %%i... - rmdir /s /q output_%%i - start "" "frida_windows_gdiplus.exe" -H cmplog.dll -i corpus -o output_%%i --libs-to-instrument cmplog.dll -F %%i -C - ping -n 3 127.0.0.1>NUL && taskkill /im frida_windows_gdiplus.exe /F - >nul 2>nul dir /a-d "output_%%i" && (echo Files exist) || (exit /b 1337) -) - -echo All tests done -''' -dependencies = ["fuzzer", "harness_windows_cmplog_test"] - -[tasks.test_windows] -script_runner = "@shell" -script = ''' -start "" "frida_windows_gdiplus.exe" -H harness.dll -i corpus -o output --libs-to-instrument gdi32.dll --libs-to-instrument gdi32full.dll --libs-to-instrument gdiplus.dll --libs-to-instrument WindowsCodecs.dll --disable-excludes -#ping is for timeout -ping -n 10 127.0.0.1>NUL && taskkill /im frida_windows_gdiplus.exe /F ->nul 2>nul dir /a-d "corpus_discovered\*" && (echo Files exist) || (exit /b 1337) -''' -dependencies = ["fuzzer", "harness"] diff --git a/fuzzers/binary_only/fuzzbench_fork_qemu/Justfile b/fuzzers/binary_only/fuzzbench_fork_qemu/Justfile new file mode 100644 index 0000000000..392b231fa6 --- /dev/null +++ b/fuzzers/binary_only/fuzzbench_fork_qemu/Justfile @@ -0,0 +1,44 @@ +import "../../../just/libafl.just" + +FUZZER_NAME := "fuzzbench_fork_qemu" + +[unix] +harness: + cc -c libfuzzer_main.c + cc \ + ./fuzz.c \ + ./libfuzzer_main.o \ + -o {{ BUILD_DIR }}/harness \ + -lm -lz + +[unix] +build: + cargo build --profile {{ PROFILE }} + +[unix] +run: build harness + cargo run \ + --profile {{ PROFILE }} \ + ./{{ FUZZER_NAME }} \ + -- \ + --libafl-in ./corpus \ + --libafl-out ./out \ + ./{{ FUZZER_NAME }} + + +[unix] +test: build harness + #!/bin/bash + + rm -rf out/ + timeout 15s {{ FUZZER }} {{ BUILD_DIR }}/harness -- --libafl-in ../../inprocess/libfuzzer_libpng/corpus --libafl-out out ./harness | tee fuzz_stdout.log + if grep -qa "corpus: 5" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[unix] +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/fuzzbench_fork_qemu/Makefile.toml b/fuzzers/binary_only/fuzzbench_fork_qemu/Makefile.toml deleted file mode 100644 index 3dc2494912..0000000000 --- a/fuzzers/binary_only/fuzzbench_fork_qemu/Makefile.toml +++ /dev/null @@ -1,115 +0,0 @@ -env_scripts = [''' -#!@duckscript -profile = get_env PROFILE - -if eq ${profile} "dev" - set_env PROFILE_DIR debug -else - set_env PROFILE_DIR ${profile} -end -''', ''' -#!@duckscript -runs_on_ci = get_env RUN_ON_CI - -if ${runs_on_ci} - cargo_target_dir = get_env CARGO_MAKE_CRATE_TARGET_DIRECTORY - set_env TARGET_DIR ${cargo_target_dir} -end -'''] - -# Variables -[env] -FUZZER_NAME = 'harness' -PROJECT_DIR = { script = ["pwd"] } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Qemu fuzzer not supported on windows" -''' - -# fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Harness -[tasks.harness] -linux_alias = "harness_unix" -mac_alias = "harness_unix" -windows_alias = "unsupported" - -[tasks.harness_unix] -script_runner = "@shell" -script = ''' -cc -c "${PROJECT_DIR}/libfuzzer_main.c" -cc \ - ./fuzz.c \ - ./libfuzzer_main.o \ - -o ${FUZZER_NAME} \ - -lm -lz -''' - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -command = "cargo" -args = [ - "run", - "--profile", - "${PROFILE}", - "./${FUZZER_NAME}", - "--", - "--libafl-in", - "./corpus", - "--libafl-out", - "./out", - "./${FUZZER_NAME}", -] -dependencies = ["harness"] - -# Run the fuzzer -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -# Short test -[tasks.test_unix] -script_runner = "@shell" -script = ''' -timeout 15s ${TARGET_DIR}/${PROFILE_DIR}/fuzzbench_fork_qemu ${PROJECT_DIR}/harness -- --libafl-in ${PROJECT_DIR}/../../inprocess/libfuzzer_libpng/corpus --libafl-out ${PROJECT_DIR}/out ${PROJECT_DIR}/harness | tee fuzz_stdout.log -if grep -qa "corpus: 5" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["harness", "fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -cargo clean -''' diff --git a/fuzzers/binary_only/fuzzbench_qemu/Justfile b/fuzzers/binary_only/fuzzbench_qemu/Justfile new file mode 100644 index 0000000000..b048f3da70 --- /dev/null +++ b/fuzzers/binary_only/fuzzbench_qemu/Justfile @@ -0,0 +1,42 @@ +import "../../../just/libafl.just" + +FUZZER_NAME := "fuzzbench_qemu" +HARNESS_NAME := "harness" + +[unix] +harness: + cc -c libfuzzer_main.c + cc \ + ./fuzz.c \ + ./libfuzzer_main.o \ + -o {{ HARNESS_NAME }} \ + -lm -lz + +[unix] +build: + cargo build --profile {{ PROFILE }} + +[unix] +run: build harness + {{ FUZZER }} \ + --libafl-in ./corpus \ + --libafl-out ./out \ + ./{{ HARNESS_NAME }} \ + -- \ + ./{{ HARNESS_NAME }} + + +[unix] +test: build harness + #!/bin/bash + timeout 15s {{ FUZZER }} ./harness -- --libafl-in ../../inprocess/libfuzzer_libpng/corpus --libafl-out out ./harness | tee fuzz_stdout.log + if grep -qa "objectives: 5" fuzz_stdout.log; then + echo "Fuzzer is working" + else + echo "Fuzzer does not generate any testcases or any crashes" + exit 1 + fi + +[unix] +clean: + cargo clean diff --git a/fuzzers/binary_only/fuzzbench_qemu/Makefile.toml b/fuzzers/binary_only/fuzzbench_qemu/Makefile.toml deleted file mode 100644 index 73b978b586..0000000000 --- a/fuzzers/binary_only/fuzzbench_qemu/Makefile.toml +++ /dev/null @@ -1,101 +0,0 @@ -# Variables -[env] -FUZZER_NAME = 'harness' -PROJECT_DIR = { script = ["pwd"] } -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Qemu fuzzer not supported on windows" -''' - -# fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_unix" -mac_alias = "fuzzer_unix" -windows_alias = "unsupported" - -[tasks.fuzzer_unix] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Harness -[tasks.harness] -linux_alias = "harness_unix" -mac_alias = "harness_unix" -windows_alias = "unsupported" - -[tasks.harness_unix] -script_runner = "@shell" -script = ''' -cc -c "${PROJECT_DIR}/libfuzzer_main.c" -cc \ - ./fuzz.c \ - ./libfuzzer_main.o \ - -o ${FUZZER_NAME} \ - -lm -lz -''' - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "run_unix" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -cargo build \ - --profile \ - ${PROFILE} - -${TARGET_DIR}/${PROFILE_DIR}/fuzzbench_qemu \ - --libafl-in \ - ../../inprocess/libfuzzer_libpng/corpus \ - --libafl-out \ - ./out \ - ./${FUZZER_NAME} \ - -- \ - ./${FUZZER_NAME} -''' -dependencies = ["harness"] - -# Run the fuzzer -[tasks.test] -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -# Short test -[tasks.test_unix] -script_runner = "@shell" -script = ''' -timeout 15s ${TARGET_DIR}/${PROFILE_DIR}/fuzzbench_qemu ${PROJECT_DIR}/harness -- --libafl-in ${PROJECT_DIR}/../../inprocess/libfuzzer_libpng/corpus --libafl-out ${PROJECT_DIR}/out ${PROJECT_DIR}/harness | tee fuzz_stdout.log -if grep -qa "objectives: 1" fuzz_stdout.log; then - echo "Fuzzer is working" -else - echo "Fuzzer does not generate any testcases or any crashes" - exit 1 -fi -''' -dependencies = ["harness", "fuzzer"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -f ./${FUZZER_NAME} -cargo clean -''' diff --git a/fuzzers/binary_only/intel_pt_baby_fuzzer/Makefile.toml b/fuzzers/binary_only/intel_pt_baby_fuzzer/Makefile.toml deleted file mode 100644 index f3aba8ebe4..0000000000 --- a/fuzzers/binary_only/intel_pt_baby_fuzzer/Makefile.toml +++ /dev/null @@ -1,26 +0,0 @@ -[env] -RUST_BACKTRACE = "0" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" - -[env.development] -PROFILE_DIR = "debug" -CARGO_BUILD_ARG = "" - -[env.release] -PROFILE_DIR = "release" -CARGO_BUILD_ARG = "--release" - -[tasks.build] -command = "cargo" -args = ["build", "--profile", "${CARGO_MAKE_CARGO_PROFILE}"] - -[tasks.setcap] -script = "sudo setcap cap_ipc_lock,cap_sys_ptrace,cap_sys_admin,cap_syslog=ep ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${PROFILE_DIR}/${CARGO_MAKE_CRATE_NAME}" -dependencies = ["build"] - -[tasks.run] -command = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${PROFILE_DIR}/${CARGO_MAKE_CRATE_NAME}" -dependencies = ["build", "setcap"] - -[tasks.default] -alias = "run" diff --git a/fuzzers/binary_only/intel_pt_command_executor/Justfile b/fuzzers/binary_only/intel_pt_command_executor/Justfile new file mode 100644 index 0000000000..bd5f645410 --- /dev/null +++ b/fuzzers/binary_only/intel_pt_command_executor/Justfile @@ -0,0 +1,31 @@ +import "../../../just/libafl.just" + +FUZZER_NAME := "intel_pt_command_executor" + +[unix] +target_dir: + mkdir -p {{ TARGET_DIR }} + +[unix] +build_target: target_dir + rustc src/target_program.rs --out-dir {{ TARGET_DIR }} -O + +[unix] +build: + cargo build --profile {{ PROFILE }} + +[unix] +setcap: + sudo setcap cap_ipc_lock,cap_sys_ptrace,cap_sys_admin,cap_syslog=ep {{ FUZZER }} + +[unix] +run: build build_target setcap + {{ FUZZER }} + +[unix] +test: build + echo "Build is successful." + +[unix] +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/intel_pt_command_executor/Makefile.toml b/fuzzers/binary_only/intel_pt_command_executor/Makefile.toml deleted file mode 100644 index aca771cbca..0000000000 --- a/fuzzers/binary_only/intel_pt_command_executor/Makefile.toml +++ /dev/null @@ -1,39 +0,0 @@ -[env] -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" - -[env.development] -PROFILE_DIR = "debug" - -[env.release] -PROFILE_DIR = "release" - -[tasks.target_dir] -condition = { files_not_exist = ["${TARGET_DIR}"] } -script_runner = "@shell" -script = ''' -mkdir -p ${TARGET_DIR} -''' - -[tasks.build_target] -dependencies = ["target_dir"] -command = "rustc" -args = ["src/target_program.rs", "--out-dir", "${TARGET_DIR}", "-O"] - -[tasks.build_fuzzer] -command = "cargo" -args = ["build", "--profile", "${CARGO_MAKE_CARGO_PROFILE}"] - -[tasks.build] -dependencies = ["build_fuzzer", "build_target"] - -[tasks.setcap] -script = "sudo setcap cap_ipc_lock,cap_sys_ptrace,cap_sys_admin,cap_syslog=ep ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${PROFILE_DIR}/${CARGO_MAKE_CRATE_NAME}" -dependencies = ["build_fuzzer"] - -[tasks.run] -command = "cargo" -args = ["run", "--profile", "${CARGO_MAKE_CARGO_PROFILE}"] -dependencies = ["build", "setcap"] - -[tasks.default] -alias = "run" diff --git a/fuzzers/binary_only/qemu_cmin/Justfile b/fuzzers/binary_only/qemu_cmin/Justfile new file mode 100644 index 0000000000..e71005362c --- /dev/null +++ b/fuzzers/binary_only/qemu_cmin/Justfile @@ -0,0 +1,45 @@ +import "../../../just/libafl-qemu-libpng.just" + +FUZZER_NAME := "qemu_cmin" +HARNESS := TARGET_DIR / ("libpng-harness-" + PROFILE) + +[unix] +build: + cargo build \ + --profile {{ PROFILE }} \ + --features {{ ARCH }} \ + --target-dir {{ TARGET_DIR }} + +[unix] +harness: libpng + #!/bin/bash + + source {{ DOTENV }} + + $CROSS_CXX \ + ./harness.cc \ + $CROSS_CFLAGS \ + "{{TARGET_DIR}}/build-png/.libs/libpng16.a" \ + "{{TARGET_DIR}}/build-zlib/libz.a" \ + -I"{{TARGET_DIR}}/build-png" \ + -I"{{TARGET_DIR}}/build-zlib/zlib/lib" \ + -L"{{TARGET_DIR}}/build-zlib/zlib/lib" \ + -o"{{ HARNESS }}" \ + -lm -static + +[unix] +run: harness build + {{ FUZZER }} \ + --output ./output \ + --input ./corpus \ + --verbose \ + -- {{ HARNESS }} + +[unix] +test: + ARCH=x86_64 just run + ARCH=arm just run + +[unix] +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/qemu_cmin/Makefile.toml b/fuzzers/binary_only/qemu_cmin/Makefile.toml deleted file mode 100644 index 2b292c0505..0000000000 --- a/fuzzers/binary_only/qemu_cmin/Makefile.toml +++ /dev/null @@ -1,320 +0,0 @@ -[env] -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/x86_64" -LIBPNG_ARCH = "x86_64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "x86_64" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" -#LIBAFL_DEBUG_OUTPUT = "1" -#CUSTOM_QEMU_DIR= "~/qemu-libafl-bridge" - -[env.arm] -CROSS_CC = "arm-linux-gnueabi-gcc" -CROSS_CXX = "arm-linux-gnueabi-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/arm" -LIBPNG_ARCH = "arm" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "arm" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.aarch64] -CROSS_CC = "aarch64-linux-gnu-gcc" -CROSS_CXX = "aarch64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/aarch64" -LIBPNG_ARCH = "aarch64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "aarch64" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.x86_64] -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/x86_64" -LIBPNG_ARCH = "x86_64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "x86_64" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.i386] -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "-m32" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/i386" -LIBPNG_ARCH = "i386" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "i386" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.mips] -CROSS_CC = "mipsel-linux-gnu-gcc" -CROSS_CXX = "mipsel-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/mips" -LIBPNG_ARCH = "mips" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "mips" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.ppc] -CROSS_CC = "powerpc-linux-gnu-gcc" -CROSS_CXX = "powerpc-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/ppc" -LIBPNG_ARCH = "ppc" -LIBPNG_OPTIMIZATIONS = "no" -FEATURE = "ppc" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Qemu fuzzer not supported on windows/mac" -''' - - -[tasks.target_dir] -condition = { files_not_exist = ["${CARGO_MAKE_CRATE_TARGET_DIRECTORY}"] } -script_runner = "@shell" -script = ''' -mkdir ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -''' - -[tasks.deps_dir] -dependencies = ["target_dir"] -condition = { files_not_exist = ["${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/"] } -script_runner = "@shell" -script = ''' -mkdir ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.arch_target_dir] -dependencies = ["target_dir"] -condition = { files_not_exist = ["${TARGET_DIR}"] } -script_runner = "@shell" -script = ''' -mkdir ${TARGET_DIR} -''' - -[tasks.zlib] -linux_alias = "zlib_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.zlib_unix_wget] -dependencies = ["deps_dir"] -condition = { files_not_exist = [ - "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13", -] } -script_runner = "@shell" -# NOTE: There's no specific reason we're using an old version of zlib, -# but newer versions get moved to fossils/ after a while. -script = ''' -wget \ - -O "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13.tar.gz" \ - https://zlib.net/fossils/zlib-1.2.13.tar.gz - -tar \ - zxvf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13.tar.gz \ - -C ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.zlib_unix] -dependencies = ["arch_target_dir", "zlib_unix_wget"] -condition = { files_not_exist = ["${TARGET_DIR}/build-zlib/libz.a"] } -script_runner = "@shell" -script = ''' -rm -rf ${TARGET_DIR}/build-zlib/ - -mkdir ${TARGET_DIR}/build-zlib/ - -cd ${TARGET_DIR}/build-zlib/ && \ - CC=$CROSS_CC \ - CFLAGS=${CROSS_CFLAGS} \ - ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13/configure \ - --prefix=./zlib - -make install -''' - -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.libpng_unix_wget] -dependencies = ["deps_dir"] -condition = { files_not_exist = [ - "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37", -] } -script_runner = "@shell" -script = ''' -wget \ - -O "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/v1.6.37.tar.gz" \ - https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz - -tar \ - -xvf "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/v1.6.37.tar.gz" \ - -C ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.libpng_unix] -dependencies = ["arch_target_dir", "zlib", "libpng_unix_wget"] -condition = { files_not_exist = ["${TARGET_DIR}/build-png/.libs/libpng16.a"] } -script_runner = "@shell" -script = ''' -rm -rf ${TARGET_DIR}/build-png/ - -mkdir ${TARGET_DIR}/build-png/ - -cd ${TARGET_DIR}/build-png/ && \ - CC=$CROSS_CC \ - CFLAGS="${CROSS_CFLAGS} -I"${TARGET_DIR}/build-zlib/zlib/lib"" \ - LDFLAGS=-L"${TARGET_DIR}/build-zlib/zlib/lib" \ - ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37/configure \ - --enable-shared=no \ - --with-pic=yes \ - --enable-hardware-optimizations=${LIBPNG_OPTIMIZATIONS} \ - --host=${LIBPNG_ARCH} \ - -make -''' - -[tasks.build] -linux_alias = "build_unix" -mac_alias = "build_unix" -windows_alias = "unsupported" - -[tasks.build_unix] -command = "cargo" -args = [ - "build", - "--profile", - "${PROFILE}", - "--features", - "${FEATURE}", - "--target-dir", - "${TARGET_DIR}", -] - -[tasks.fuzzer] -dependencies = ["build"] -script_runner = "@shell" -script = ''' -rm -f ${TARGET_DIR}/${PROFILE_DIR}/qemu_cmin-${CARGO_MAKE_PROFILE} -mv ${TARGET_DIR}/${PROFILE_DIR}/qemu_cmin ${TARGET_DIR}/${PROFILE_DIR}/qemu_cmin-${CARGO_MAKE_PROFILE} -''' - -[tasks.harness] -linux_alias = "harness_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.harness_unix] -script_runner = "@shell" -script = ''' -${CROSS_CXX} \ - ./harness.cc \ - $CROSS_CFLAGS \ - "${TARGET_DIR}/build-png/.libs/libpng16.a" \ - "${TARGET_DIR}/build-zlib/libz.a" \ - -I"${TARGET_DIR}/build-png" \ - -I"${TARGET_DIR}/build-zlib/zlib/lib" \ - -L"${TARGET_DIR}/build-zlib/zlib/lib" \ - -o"${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}" \ - -lm \ - -static -''' -dependencies = ["libpng"] - -[tasks.run] -linux_alias = "run_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.run_unix] -command = "${TARGET_DIR}/${PROFILE_DIR}/qemu_cmin-${CARGO_MAKE_PROFILE}" -args = [ - "--output", - "./output", - "--input", - "./corpus", - "--verbose", - "--", - "${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}", -] -dependencies = ["harness", "fuzzer"] - -[tasks.test] -linux_alias = "test_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix] -dependencies = ["lightweight"] -# Tidy up after we've run our tests so we don't hog all the disk space -command = "cargo" -args = ["make", "clean"] - -[tasks.test_full] -linux_alias = "test_unix_full" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix_full] -dependencies = ["all"] -# Tidy up after we've run our tests so we don't hog all the disk space -command = "cargo" -args = ["make", "clean"] - -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -rf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -cargo clean -''' - -[tasks.arm] -command = "cargo" -args = ["make", "-p", "arm", "run"] - -[tasks.aarch64] -command = "cargo" -args = ["make", "-p", "aarch64", "run"] - -[tasks.x86_64] -command = "cargo" -args = ["make", "-p", "x86_64", "run"] - -[tasks.i386] -command = "cargo" -args = ["make", "-p", "i386", "run"] - -[tasks.mips] -command = "cargo" -args = ["make", "-p", "mips", "run"] - -[tasks.ppc] -command = "cargo" -args = ["make", "-p", "ppc", "run"] - -[tasks.all] -dependencies = ["arm", "aarch64", "x86_64", "i386", "mips", "ppc"] - -[tasks.lightweight] -dependencies = ["arm", "x86_64"] diff --git a/fuzzers/binary_only/qemu_coverage/Justfile b/fuzzers/binary_only/qemu_coverage/Justfile new file mode 100644 index 0000000000..7fd4b01b19 --- /dev/null +++ b/fuzzers/binary_only/qemu_coverage/Justfile @@ -0,0 +1,65 @@ +import "../../../just/libafl-qemu-libpng.just" + +FUZZER_NAME := "qemu_coverage" +HARNESS := TARGET_DIR / ("libpng-harness-" + PROFILE) + +[unix] +build: + cargo build \ + --profile {{ PROFILE }} \ + --features {{ ARCH }} \ + --target-dir {{ TARGET_DIR }} + +[unix] +harness: libpng + #!/bin/bash + + source {{ DOTENV }} + + $CROSS_CXX \ + ./harness.cc \ + $CROSS_CFLAGS \ + "{{TARGET_DIR}}/build-png/.libs/libpng16.a" \ + "{{TARGET_DIR}}/build-zlib/libz.a" \ + -I"{{TARGET_DIR}}/build-png" \ + -I"{{TARGET_DIR}}/build-zlib/zlib/lib" \ + -L"{{TARGET_DIR}}/build-zlib/zlib/lib" \ + -o"{{ HARNESS }}" \ + -lm -static + +[unix] +run: harness build + {{ FUZZER }} \ + --coverage-path {{ TARGET_DIR }}/cov.drcov \ + --input-dir ./corpus \ + --verbose \ + -- {{ HARNESS }} + +[unix] +test_inner: run + #!/bin/bash + + cargo run --manifest-path ../../../utils/drcov_utils/Cargo.toml --bin drcov_merge -- \ + -i {{ TARGET_DIR }}/cov-000.drcov {{ TARGET_DIR }}/cov-001.drcov {{TARGET_DIR }}/cov-002.drcov {{ TARGET_DIR }}/cov-003.drcov \ + --output {{ TARGET_DIR }}/cov-merged.drcov || exit 1 + + NB_BLOCKS=$(cargo run --manifest-path ../../../utils/drcov_utils/Cargo.toml --bin drcov_dump_addrs -- \ + -i {{ TARGET_DIR }}/cov-merged.drcov -a | wc -l || exit 1) + + echo "Nb blocks found: $NB_BLOCKS" + + if [ $NB_BLOCKS -ge 1700 ]; then + echo "Test succeeded" + else + echo "Did not find more than 1700 blocks." + exit 1 + fi + +[unix] +test: + ARCH=x86_64 just test_inner + ARCH=arm just test_inner + +[unix] +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/qemu_coverage/Makefile.toml b/fuzzers/binary_only/qemu_coverage/Makefile.toml deleted file mode 100644 index c7756a8b6d..0000000000 --- a/fuzzers/binary_only/qemu_coverage/Makefile.toml +++ /dev/null @@ -1,350 +0,0 @@ -[env] -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/x86_64" -LIBPNG_ARCH = "x86_64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "x86_64" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" -#LIBAFL_DEBUG_OUTPUT = "1" -#CUSTOM_QEMU_DIR= "~/qemu-libafl-bridge" - -[env.arm] -CROSS_CC = "arm-linux-gnueabi-gcc" -CROSS_CXX = "arm-linux-gnueabi-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/arm" -LIBPNG_ARCH = "arm" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "arm" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.aarch64] -CROSS_CC = "aarch64-linux-gnu-gcc" -CROSS_CXX = "aarch64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/aarch64" -LIBPNG_ARCH = "aarch64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "aarch64" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.x86_64] -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/x86_64" -LIBPNG_ARCH = "x86_64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "x86_64" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.i386] -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "-m32" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/i386" -LIBPNG_ARCH = "i386" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "i386" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.mips] -CROSS_CC = "mipsel-linux-gnu-gcc" -CROSS_CXX = "mipsel-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/mips" -LIBPNG_ARCH = "mips" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "mips" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[env.ppc] -CROSS_CC = "powerpc-linux-gnu-gcc" -CROSS_CXX = "powerpc-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/ppc" -LIBPNG_ARCH = "ppc" -LIBPNG_OPTIMIZATIONS = "no" -FEATURE = "ppc" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Qemu fuzzer not supported on windows/mac" -''' - - -[tasks.target_dir] -condition = { files_not_exist = ["${CARGO_MAKE_CRATE_TARGET_DIRECTORY}"] } -script_runner = "@shell" -script = ''' -mkdir ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -''' - -[tasks.deps_dir] -dependencies = ["target_dir"] -condition = { files_not_exist = ["${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/"] } -script_runner = "@shell" -script = ''' -mkdir ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.arch_target_dir] -dependencies = ["target_dir"] -condition = { files_not_exist = ["${TARGET_DIR}"] } -script_runner = "@shell" -script = ''' -mkdir ${TARGET_DIR} -''' - -[tasks.zlib] -linux_alias = "zlib_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.zlib_unix_wget] -dependencies = ["deps_dir"] -condition = { files_not_exist = [ - "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13", -] } -script_runner = "@shell" -# NOTE: There's no specific reason we're using an old version of zlib, -# but newer versions get moved to fossils/ after a while. -script = ''' -wget \ - -O "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13.tar.gz" \ - https://zlib.net/fossils/zlib-1.2.13.tar.gz - -tar \ - zxvf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13.tar.gz \ - -C ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.zlib_unix] -dependencies = ["arch_target_dir", "zlib_unix_wget"] -condition = { files_not_exist = ["${TARGET_DIR}/build-zlib/libz.a"] } -script_runner = "@shell" -script = ''' -rm -rf ${TARGET_DIR}/build-zlib/ - -mkdir ${TARGET_DIR}/build-zlib/ - -cd ${TARGET_DIR}/build-zlib/ && \ - CC=$CROSS_CC \ - CFLAGS=${CROSS_CFLAGS} \ - ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13/configure \ - --prefix=./zlib - -make install -''' - -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.libpng_unix_wget] -dependencies = ["deps_dir"] -condition = { files_not_exist = [ - "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37", -] } -script_runner = "@shell" -script = ''' -wget \ - -O "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/v1.6.37.tar.gz" \ - https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz - -tar \ - -xvf "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/v1.6.37.tar.gz" \ - -C ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.libpng_unix] -dependencies = ["arch_target_dir", "zlib", "libpng_unix_wget"] -condition = { files_not_exist = ["${TARGET_DIR}/build-png/.libs/libpng16.a"] } -script_runner = "@shell" -script = ''' -rm -rf ${TARGET_DIR}/build-png/ - -mkdir ${TARGET_DIR}/build-png/ - -cd ${TARGET_DIR}/build-png/ && \ - CC=$CROSS_CC \ - CFLAGS="${CROSS_CFLAGS} -I"${TARGET_DIR}/build-zlib/zlib/lib"" \ - LDFLAGS=-L"${TARGET_DIR}/build-zlib/zlib/lib" \ - ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37/configure \ - --enable-shared=no \ - --with-pic=yes \ - --enable-hardware-optimizations=${LIBPNG_OPTIMIZATIONS} \ - --host=${LIBPNG_ARCH} \ - -make -''' - -[tasks.build] -linux_alias = "build_unix" -mac_alias = "build_unix" -windows_alias = "unsupported" - -[tasks.build_unix] -command = "cargo" -args = [ - "build", - "--profile", - "${PROFILE}", - "--features", - "${FEATURE}", - "--target-dir", - "${TARGET_DIR}", -] - -[tasks.fuzzer] -dependencies = ["build"] -script_runner = "@shell" -script = ''' -rm -f ${TARGET_DIR}/${PROFILE_DIR}/qemu_coverage-${CARGO_MAKE_PROFILE} -mv ${TARGET_DIR}/${PROFILE_DIR}/qemu_coverage ${TARGET_DIR}/${PROFILE_DIR}/qemu_coverage-${CARGO_MAKE_PROFILE} -''' - -[tasks.harness] -linux_alias = "harness_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.harness_unix] -script_runner = "@shell" -script = ''' -${CROSS_CXX} \ - ./harness.cc \ - $CROSS_CFLAGS \ - "${TARGET_DIR}/build-png/.libs/libpng16.a" \ - "${TARGET_DIR}/build-zlib/libz.a" \ - -I"${TARGET_DIR}/build-png" \ - -I"${TARGET_DIR}/build-zlib/zlib/lib" \ - -L"${TARGET_DIR}/build-zlib/zlib/lib" \ - -o"${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}" \ - -lm \ - -static -''' -dependencies = ["libpng"] - -[tasks.run] -linux_alias = "run_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -${TARGET_DIR}/${PROFILE_DIR}/qemu_coverage-${CARGO_MAKE_PROFILE} \ - --coverage-path \ - ${TARGET_DIR}/cov.drcov \ - --input-dir \ - ./corpus \ - -- \ - ${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE} -''' -dependencies = ["harness", "fuzzer"] - -[tasks.test] -linux_alias = "test_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix] -dependencies = ["lightweight"] -# Tidy up after we've run our tests so we don't hog all the disk space -command = "cargo" -args = ["make", "clean"] - -[tasks.test_full] -linux_alias = "test_unix_full" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix_full] -dependencies = ["all"] -# Tidy up after we've run our tests so we don't hog all the disk space -command = "cargo" -args = ["make", "clean"] - -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -rf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -cargo clean -''' - -[tasks.test_inner] -script_runner = "@shell" -script = ''' -cargo make ${FEATURE} || exit 1 - -cargo run --manifest-path ../../../utils/drcov_utils/Cargo.toml --bin drcov_merge -- \ - -i ${TARGET_DIR}/cov-000.drcov ${TARGET_DIR}/cov-001.drcov ${TARGET_DIR}/cov-002.drcov ${TARGET_DIR}/cov-003.drcov \ - --output ${TARGET_DIR}/cov-merged.drcov || exit 1 - -NB_BLOCKS=$(cargo run --manifest-path ../../../utils/drcov_utils/Cargo.toml --bin drcov_dump_addrs -- \ - -i ${TARGET_DIR}/cov-merged.drcov -a | wc -l || exit 1) - -echo "Nb blocks found: $NB_BLOCKS" - -if [ $NB_BLOCKS -ge 1700 ]; then - echo "Test succeeded" -else - echo "Did not find more than 1700 blocks." - exit 1 -fi -''' - -[tasks.arm] -command = "cargo" -args = ["make", "-p", "arm", "run"] - -[tasks.test_arm] -command = "cargo" -args = ["make", "-p", "arm", "test_inner"] - -[tasks.aarch64] -command = "cargo" -args = ["make", "-p", "aarch64", "run"] - -[tasks.x86_64] -command = "cargo" -args = ["make", "-p", "x86_64", "run"] - -[tasks.test_x86_64] -command = "cargo" -args = ["make", "-p", "x86_64", "test_inner"] - -[tasks.i386] -command = "cargo" -args = ["make", "-p", "i386", "run"] - -[tasks.mips] -command = "cargo" -args = ["make", "-p", "mips", "run"] - -[tasks.ppc] -command = "cargo" -args = ["make", "-p", "ppc", "run"] - -[tasks.all] -dependencies = ["arm", "aarch64", "x86_64", "i386", "mips", "ppc"] - -[tasks.lightweight] -dependencies = ["test_x86_64", "test_arm"] diff --git a/fuzzers/binary_only/qemu_launcher/Justfile b/fuzzers/binary_only/qemu_launcher/Justfile new file mode 100644 index 0000000000..36288989d0 --- /dev/null +++ b/fuzzers/binary_only/qemu_launcher/Justfile @@ -0,0 +1,96 @@ +import "../../../just/libafl-qemu-libpng.just" + +FUZZER_NAME := "qemu_launcher" + +HARNESS := TARGET_DIR / ("libpng-harness-" + PROFILE) + +[unix] +build: + cargo build \ + --profile {{ PROFILE }} \ + --features {{ ARCH }} \ + --target-dir {{ TARGET_DIR }} + +[unix] +harness: libpng + #!/bin/bash + + source {{ DOTENV }} + + $CROSS_CXX \ + ./harness.cc \ + $CROSS_CFLAGS \ + "{{ TARGET_DIR }}/build-png/.libs/libpng16.a" \ + "{{ TARGET_DIR }}/build-zlib/libz.a" \ + -I"{{ TARGET_DIR }}/build-png" \ + -I"{{ DEPS_DIR }}/libpng-1.6.37" \ + -I"{{ TARGET_DIR }}/build-zlib/zlib/lib" \ + -L"{{ TARGET_DIR }}/build-zlib/zlib/lib" \ + -o"{{ HARNESS }}" \ + -lm + +[unix] +run: harness build + {{ FUZZER }} \ + --input ./corpus \ + --output {{ TARGET_DIR }}/output/ \ + --log {{TARGET_DIR}}/output/log.txt \ + --cores 0-7 \ + --asan-cores 0-3 \ + --cmplog-cores 2-5 \ + --iterations 1000000 \ + --tui \ + -- \ + {{ HARNESS }} + + +[unix] +test_inner: harness build + #!/bin/bash + + source {{ DOTENV }} + + export QEMU_LAUNCHER={{ FUZZER }} + + ./tests/injection/test.sh || exit 1 + + # complie again with simple mgr + cargo build --profile={{PROFILE}} --features="simplemgr,{{ARCH}}" --target-dir={{ TARGET_DIR }} + ./tests/qasan/test.sh || exit 1 + +[unix] +test: + ARCH=x86_64 just test_inner + +single: harness build + {{ FUZZER }} \ + --input ./corpus \ + --output {{ TARGET_DIR }}/output/ \ + --log {{ TARGET_DIR }}/output/log.txt \ + --cores 0 \ + -- \ + {{ HARNESS }} + +asan: harness build + {{ FUZZER }} \ + --input ./corpus \ + --output {{ TARGET_DIR }}/output/ \ + --log {{ TARGET_DIR }}/output/log.txt \ + --cores 0 \ + --asan-cores 0 \ + -- \ + {{ HARNESS }} + +asan_guest: harness build + {{ FUZZER }} \ + --input ./corpus \ + --output {{ TARGET_DIR }}/output/ \ + --log {{ TARGET_DIR }}/output/log.txt \ + --cores 0 \ + --asan-guest-cores 0 \ + -- \ + {{ HARNESS }} + +[unix] +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/binary_only/qemu_launcher/Makefile.toml b/fuzzers/binary_only/qemu_launcher/Makefile.toml deleted file mode 100644 index 1f008f561b..0000000000 --- a/fuzzers/binary_only/qemu_launcher/Makefile.toml +++ /dev/null @@ -1,424 +0,0 @@ -env_scripts = [''' -#!@duckscript -profile = get_env PROFILE - -if eq ${profile} "dev" - set_env PROFILE_DIR debug -else - set_env PROFILE_DIR ${profile} -end -'''] - -[env] -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/x86_64" -LIBPNG_ARCH = "x86_64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "x86_64" -#LIBAFL_DEBUG_OUTPUT = "1" -#CUSTOM_QEMU_DIR= "~/qemu-libafl-bridge" - -[env.arm] -CROSS_CC = "arm-linux-gnueabi-gcc" -CROSS_CXX = "arm-linux-gnueabi-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/arm" -LIBPNG_ARCH = "arm" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "arm" - -[env.aarch64] -CROSS_CC = "aarch64-linux-gnu-gcc" -CROSS_CXX = "aarch64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/aarch64" -LIBPNG_ARCH = "aarch64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "aarch64" - -[env.x86_64] -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/x86_64" -LIBPNG_ARCH = "x86_64" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "x86_64" - -[env.i386] -CROSS_CC = "x86_64-linux-gnu-gcc" -CROSS_CXX = "x86_64-linux-gnu-g++" -CROSS_CFLAGS = "-m32" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/i386" -LIBPNG_ARCH = "i386" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "i386" - -[env.mips] -CROSS_CC = "mipsel-linux-gnu-gcc" -CROSS_CXX = "mipsel-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/mips" -LIBPNG_ARCH = "mips" -LIBPNG_OPTIMIZATIONS = "yes" -FEATURE = "mips" - -[env.ppc] -CROSS_CC = "powerpc-linux-gnu-gcc" -CROSS_CXX = "powerpc-linux-gnu-g++" -CROSS_CFLAGS = "" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/ppc" -LIBPNG_ARCH = "ppc" -LIBPNG_OPTIMIZATIONS = "no" -FEATURE = "ppc" - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Qemu fuzzer not supported on windows/mac" -''' - -[tasks.target_dir] -condition = { files_not_exist = ["${CARGO_MAKE_CRATE_TARGET_DIRECTORY}"] } -script_runner = "@shell" -script = ''' -mkdir ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -''' - -[tasks.deps_dir] -dependencies = ["target_dir"] -condition = { files_not_exist = ["${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/"] } -script_runner = "@shell" -script = ''' -mkdir ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.arch_target_dir] -dependencies = ["target_dir"] -condition = { files_not_exist = ["${TARGET_DIR}"] } -script_runner = "@shell" -script = ''' -mkdir ${TARGET_DIR} -''' - -[tasks.zlib] -linux_alias = "zlib_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.zlib_unix_wget] -dependencies = ["deps_dir"] -condition = { files_not_exist = [ - "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13", -] } -script_runner = "@shell" -# NOTE: There's no specific reason we're using an old version of zlib, -# but newer versions get moved to fossils/ after a while. -script = ''' -wget \ - -O "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13.tar.gz" \ - https://zlib.net/fossils/zlib-1.2.13.tar.gz - -tar \ - zxvf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13.tar.gz \ - -C ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.zlib_unix] -dependencies = ["arch_target_dir", "zlib_unix_wget"] -condition = { files_not_exist = ["${TARGET_DIR}/build-zlib/libz.a"] } -script_runner = "@shell" -script = ''' -rm -rf ${TARGET_DIR}/build-zlib/ - -mkdir ${TARGET_DIR}/build-zlib/ - -cd ${TARGET_DIR}/build-zlib/ && \ - CC=$CROSS_CC \ - CFLAGS=${CROSS_CFLAGS} \ - ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/zlib-1.2.13/configure \ - --prefix=./zlib - -make install -''' - -[tasks.libpng] -linux_alias = "libpng_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.libpng_unix_wget] -dependencies = ["deps_dir"] -condition = { files_not_exist = [ - "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37", -] } -script_runner = "@shell" -script = ''' -wget \ - -O "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/v1.6.37.tar.gz" \ - https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz - -tar \ - -xvf "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/v1.6.37.tar.gz" \ - -C ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/ -''' - -[tasks.libpng_unix] -dependencies = ["arch_target_dir", "zlib", "libpng_unix_wget"] -condition = { files_not_exist = ["${TARGET_DIR}/build-png/.libs/libpng16.a"] } -script_runner = "@shell" -script = ''' -rm -rf ${TARGET_DIR}/build-png/ - -mkdir ${TARGET_DIR}/build-png/ - -cd ${TARGET_DIR}/build-png/ && \ - CC=$CROSS_CC \ - CFLAGS="${CROSS_CFLAGS}" \ - CPPFLAGS="-I${TARGET_DIR}/build-zlib/zlib/include" \ - LDFLAGS=-L"${TARGET_DIR}/build-zlib/zlib/lib" \ - ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37/configure \ - --enable-shared=no \ - --with-pic=yes \ - --enable-hardware-optimizations=${LIBPNG_OPTIMIZATIONS} \ - --host=${LIBPNG_ARCH} \ - -make -''' - -[tasks.build] -linux_alias = "build_unix" -mac_alias = "build_unix" -windows_alias = "unsupported" - -[tasks.build_unix] -command = "cargo" -args = [ - "build", - "--profile", - "${PROFILE}", - "--features", - "${FEATURE}", - "--target-dir", - "${TARGET_DIR}", -] - -[tasks.fuzzer] -dependencies = ["build"] -script_runner = "@shell" -script = ''' -rm -f ${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher-${CARGO_MAKE_PROFILE} -mv ${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher ${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher-${CARGO_MAKE_PROFILE} -''' - -[tasks.harness] -linux_alias = "harness_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.harness_unix] -script_runner = "@shell" -script = ''' -${CROSS_CXX} \ - ./harness.cc \ - $CROSS_CFLAGS \ - "${TARGET_DIR}/build-png/.libs/libpng16.a" \ - "${TARGET_DIR}/build-zlib/libz.a" \ - -I"${TARGET_DIR}/build-png" \ - -I"${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37" \ - -I"${TARGET_DIR}/build-zlib/zlib/include" \ - -L"${TARGET_DIR}/build-zlib/zlib/lib" \ - -o"${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}" \ - -lm -''' -dependencies = ["libpng"] - -[tasks.debug] -linux_alias = "debug_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.debug_unix] -command = "${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher-${CARGO_MAKE_PROFILE}" -args = [ - "--input", - "./corpus", - "--output", - "${TARGET_DIR}/output/", - "--log", - "${TARGET_DIR}/output/log.txt", - "--cores", - "0-7", - "--asan-cores", - "0-3", - "--cmplog-cores", - "2-5", - "--iterations", - "100000", - "--verbose", - "--", - "${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}", -] -dependencies = ["harness", "fuzzer"] - -[tasks.run] -linux_alias = "run_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.run_unix] -command = "${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher-${CARGO_MAKE_PROFILE}" -args = [ - "--input", - "./corpus", - "--output", - "${TARGET_DIR}/output/", - "--log", - "${TARGET_DIR}/output/log.txt", - "--cores", - "0-7", - "--asan-cores", - "0-3", - "--cmplog-cores", - "2-5", - "--iterations", - "1000000", - "--tui", - "--", - "${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}", -] -dependencies = ["harness", "fuzzer"] - -[tasks.single] -linux_alias = "single_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.single_unix] -command = "${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher-${CARGO_MAKE_PROFILE}" -args = [ - "--input", - "./corpus", - "--output", - "${TARGET_DIR}/output/", - "--log", - "${TARGET_DIR}/output/log.txt", - "--cores", - "0", - "--", - "${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}", -] -dependencies = ["harness", "fuzzer"] - -[tasks.asan] -linux_alias = "asan_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.asan_unix] -command = "${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher-${CARGO_MAKE_PROFILE}" -args = [ - "--input", - "./corpus", - "--output", - "${TARGET_DIR}/output/", - "--log", - "${TARGET_DIR}/output/log.txt", - "--cores", - "0", - "--asan-cores", - "0", - "--", - "${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}", -] -dependencies = ["harness", "fuzzer"] - -[tasks.asan_guest] -linux_alias = "asan_guest_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.asan_guest_unix] -command = "${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher-${CARGO_MAKE_PROFILE}" -args = [ - "--input", - "./corpus", - "--output", - "${TARGET_DIR}/output/", - "--log", - "${TARGET_DIR}/output/log.txt", - "--cores", - "0", - "--asan-guest-cores", - "0", - "--", - "${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}", -] -dependencies = ["harness", "fuzzer"] - -[tasks.test] -linux_alias = "test_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -echo "Profile: ${PROFILE}" - -export QEMU_LAUNCHER=${TARGET_DIR}/${PROFILE_DIR}/qemu_launcher - -./tests/injection/test.sh || exit 1 - -# complie again with simple mgr -cargo build --profile=${PROFILE} --features="simplemgr" --target-dir=${TARGET_DIR} -./tests/qasan/test.sh || exit 1 -''' -dependencies = ["build_unix"] - -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "clean_unix" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -rm -rf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -cargo clean -''' - -[tasks.arm] -command = "cargo" -args = ["make", "-p", "arm", "run"] - -[tasks.aarch64] -command = "cargo" -args = ["make", "-p", "aarch64", "run"] - -[tasks.x86_64] -command = "cargo" -args = ["make", "-p", "x86_64", "run"] - -[tasks.i386] -command = "cargo" -args = ["make", "-p", "i386", "run"] - -[tasks.mips] -command = "cargo" -args = ["make", "-p", "mips", "run"] - -[tasks.ppc] -command = "cargo" -args = ["make", "-p", "ppc", "run"] - -[tasks.all] -dependencies = ["arm", "aarch64", "x86_64", "i386", "mips", "ppc"] diff --git a/fuzzers/binary_only/tinyinst_simple/Justfile b/fuzzers/binary_only/tinyinst_simple/Justfile new file mode 100644 index 0000000000..679b20d9df --- /dev/null +++ b/fuzzers/binary_only/tinyinst_simple/Justfile @@ -0,0 +1,40 @@ +import "../../../just/libafl.just" +FUZZER_NAME := "tinyinst_simple" + +set windows-shell := ["cmd.exe", "/c"] +set unstable + +[linux] +harness: + clang test/test.cpp -o test.exe + +[windows] +harness: + cl test\test.cpp -o test.exe + + +fuzzer: + cargo build --profile {{PROFILE}} + +run: harness fuzzer + cargo run --profile {{PROFILE}} + +[linux] +test: harness fuzzer + #!/bin/bash + cp {{TARGET_DIR}}/{{PROFILE_DIR}}/tinyinst_simple . + echo "Running tests" + timeout 5s ./tinyinst_simple || true + # corpus_discovered folder exists and is not empty + if [ -d "corpus_discovered" ] && [ -n "$(ls -A corpus_discovered)" ]; then + echo "Fuzzer works!" + else + exit 1 + fi + +[windows] +test: harness fuzzer + copy .\target\{{PROFILE_DIR}}\tinyinst_simple.exe . + start .\tinyinst_simple.exe + ping -n 10 127.0.0.1>NUL && taskkill /im tinyinst_simple.exe /F + dir /a-d corpus_discovered && (echo Files exist) || (exit /b 1337) \ No newline at end of file diff --git a/fuzzers/binary_only/tinyinst_simple/Makefile.toml b/fuzzers/binary_only/tinyinst_simple/Makefile.toml deleted file mode 100644 index 68fa085a01..0000000000 --- a/fuzzers/binary_only/tinyinst_simple/Makefile.toml +++ /dev/null @@ -1,95 +0,0 @@ -[env] -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -PROFILE_DIR = { source = "${PROFILE}", default_value = "release", mapping = { "release" = "release", "dev" = "debug" }, condition = { env_not_set = [ - "PROFILE_DIR", -] } } -CARGO_TARGET_DIR = { value = "target", condition = { env_not_set = [ - "CARGO_TARGET_DIR", -] } } - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this" -''' - -# Harness -[tasks.harness] -linux_alias = "harness_linux" -mac_alias = "unsupported" -windows_alias = "harness_windows" - -[tasks.harness_linux] -script = ''' -clang test/test.cpp -o test.exe -''' - -[tasks.harness_windows] -script = ''' -cl test\test.cpp -o test.exe -''' - -# Fuzzer -[tasks.fuzzer] -linux_alias = "fuzzer_linux" -mac_alias = "unsupported" -windows_alias = "fuzzer_windows" - -[tasks.fuzzer_linux] -dependencies = ["harness"] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -[tasks.fuzzer_windows] -dependencies = ["harness"] -command = "cargo" -args = ["build", "--profile", "${PROFILE}"] - -# Run the fuzzer -[tasks.run] -linux_alias = "run_linux" -mac_alias = "unsupported" -windows_alias = "run_windows" - -[tasks.run_linux] -dependencies = ["harness", "fuzzer"] -command = "cargo" -args = ["run", "--profile", "${PROFILE}"] - -[tasks.run_windows] -dependencies = ["harness", "fuzzer"] -command = "cargo" -args = ["run", "--profile", "${PROFILE}"] - - -# Run the fuzzer -[tasks.test] -linux_alias = "test_linux" -mac_alias = "unsupported" -windows_alias = "test_windows" - -[tasks.test_linux] -script_runner = "@shell" -script = ''' -cp ${CARGO_TARGET_DIR}/${PROFILE_DIR}/tinyinst_simple . -echo running tests -timeout 5s ./tinyinst_simple || true -# corpus_discovered folder exists and is not empty -if [ -d "corpus_discovered" ] && [ -n "$(ls -A corpus_discovered)" ]; then - echo "Fuzzer works!" -else - exit 1 -fi -''' -dependencies = ["harness", "fuzzer"] - -[tasks.test_windows] -script_runner = "@shell" -script = ''' -copy .\target\${PROFILE_DIR}\tinyinst_simple.exe . -start "" "tinyinst_simple.exe" -#ping is for timeout -ping -n 10 127.0.0.1>NUL && taskkill /im tinyinst_simple.exe /F ->nul 2>nul dir /a-d "corpus_discovered\*" && (echo Files exist) || (exit /b 1337) -''' -dependencies = ["harness", "fuzzer"] diff --git a/fuzzers/full_system/nyx_libxml2_parallel/Justfile b/fuzzers/full_system/nyx_libxml2_parallel/Justfile new file mode 100644 index 0000000000..4f289e4bed --- /dev/null +++ b/fuzzers/full_system/nyx_libxml2_parallel/Justfile @@ -0,0 +1,32 @@ +import "../../../just/libafl.just" +FUZZER_NAME := "nyx_libxml2_parallel" + +[unix] +libxml2: + ./setup_libxml2.sh + +[unix] +enable_kvm_vmware_hypercall: + #!/bin/bash + if [ ! -e /sys/module/kvm/parameters/enable_vmware_backdoor ] || + ! grep -qF Y /sys/module/kvm/parameters/enable_vmware_backdoor; then + sudo modprobe -r kvm-intel # or kvm-amd for AMD + sudo modprobe -r kvm + sudo modprobe kvm enable_vmware_backdoor=y + sudo modprobe kvm-intel + fi; + +[unix] +build: libxml2 + +[unix] +run: libxml2 enable_kvm_vmware_hypercall + cargo run + +[unix] +test: build + +[unix] +clean: + make -C libxml2 clean + cargo clean \ No newline at end of file diff --git a/fuzzers/full_system/nyx_libxml2_parallel/Makefile.toml b/fuzzers/full_system/nyx_libxml2_parallel/Makefile.toml deleted file mode 100644 index f3283a2767..0000000000 --- a/fuzzers/full_system/nyx_libxml2_parallel/Makefile.toml +++ /dev/null @@ -1,69 +0,0 @@ - -# Variables -[env] -FUZZER_NAME = 'nyx_libxml2_parallel' -PROJECT_DIR = { script = ["pwd"] } - -[config] -skip_core_tasks = true # skip `cargo test` to avoid error - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -[tasks.build] -dependencies = ["libxml2"] - -[tasks.libxml2] -linux_alias = "libxml2_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.libxml2_unix] -# condition = { files_not_exist = ["./libxml2"]} -script_runner = "@shell" -script = ''' -./setup_libxml2.sh -''' - -[tasks.enable_kvm_vmware_hypercall] -script_runner = "@shell" -script = ''' -if [ ! -e /sys/module/kvm/parameters/enable_vmware_backdoor ] || - ! grep -qF Y /sys/module/kvm/parameters/enable_vmware_backdoor; then - sudo modprobe -r kvm-intel # or kvm-amd for AMD - sudo modprobe -r kvm - sudo modprobe kvm enable_vmware_backdoor=y - sudo modprobe kvm-intel -fi; -''' - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -cargo run -''' -dependencies = ["libxml2", "enable_kvm_vmware_hypercall"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -make -C ./libxml2 clean -cargo clean -''' diff --git a/fuzzers/full_system/nyx_libxml2_standalone/Justfile b/fuzzers/full_system/nyx_libxml2_standalone/Justfile new file mode 100644 index 0000000000..4f289e4bed --- /dev/null +++ b/fuzzers/full_system/nyx_libxml2_standalone/Justfile @@ -0,0 +1,32 @@ +import "../../../just/libafl.just" +FUZZER_NAME := "nyx_libxml2_parallel" + +[unix] +libxml2: + ./setup_libxml2.sh + +[unix] +enable_kvm_vmware_hypercall: + #!/bin/bash + if [ ! -e /sys/module/kvm/parameters/enable_vmware_backdoor ] || + ! grep -qF Y /sys/module/kvm/parameters/enable_vmware_backdoor; then + sudo modprobe -r kvm-intel # or kvm-amd for AMD + sudo modprobe -r kvm + sudo modprobe kvm enable_vmware_backdoor=y + sudo modprobe kvm-intel + fi; + +[unix] +build: libxml2 + +[unix] +run: libxml2 enable_kvm_vmware_hypercall + cargo run + +[unix] +test: build + +[unix] +clean: + make -C libxml2 clean + cargo clean \ No newline at end of file diff --git a/fuzzers/full_system/nyx_libxml2_standalone/Makefile.toml b/fuzzers/full_system/nyx_libxml2_standalone/Makefile.toml deleted file mode 100644 index 7fb8746b1a..0000000000 --- a/fuzzers/full_system/nyx_libxml2_standalone/Makefile.toml +++ /dev/null @@ -1,69 +0,0 @@ - -# Variables -[env] -FUZZER_NAME = 'nyx_libxml2_standalone' -PROJECT_DIR = { script = ["pwd"] } - -[config] -skip_core_tasks = true # skip `cargo test` to avoid error - -[tasks.unsupported] -script_runner = "@shell" -script = ''' -echo "Cargo-make not integrated yet on this platform" -''' - -[tasks.build] -dependencies = ["libxml2"] - -[tasks.libxml2] -linux_alias = "libxml2_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.libxml2_unix] -# condition = { files_not_exist = ["./libxml2"]} -script_runner = "@shell" -script = ''' -./setup_libxml2.sh -''' - -[tasks.enable_kvm_vmware_hypercall] -script_runner = "@shell" -script = ''' -if [ ! -e /sys/module/kvm/parameters/enable_vmware_backdoor ] || - ! grep -qF Y /sys/module/kvm/parameters/enable_vmware_backdoor; then - sudo modprobe -r kvm-intel # or kvm-amd for AMD - sudo modprobe -r kvm - sudo modprobe kvm enable_vmware_backdoor=y - sudo modprobe kvm-intel -fi; -''' - -# Run the fuzzer -[tasks.run] -linux_alias = "run_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.run_unix] -script_runner = "@shell" -script = ''' -cargo run -''' -dependencies = ["libxml2", "enable_kvm_vmware_hypercall"] - -# Clean up -[tasks.clean] -linux_alias = "clean_unix" -mac_alias = "unsupported" -windows_alias = "unsupported" - -[tasks.clean_unix] -# Disable default `clean` definition -clear = true -script_runner = "@shell" -script = ''' -make -C ./libxml2 clean -cargo clean -''' diff --git a/fuzzers/full_system/qemu_baremetal/Justfile b/fuzzers/full_system/qemu_baremetal/Justfile new file mode 100644 index 0000000000..c5349aa586 --- /dev/null +++ b/fuzzers/full_system/qemu_baremetal/Justfile @@ -0,0 +1,69 @@ +import "../../../just/libafl-qemu.just" +FUZZER_NAME := "qemu_baremetal" + +KERNEL := TARGET_DIR / "example.elf" +DUMMY_IMG := TARGET_DIR / "dummy.qcow2" + +target_dir: + mkdir -p "{{TARGET_DIR}}" + +image: target_dir + qemu-img create -f qcow2 {{DUMMY_IMG}} 32M + +target flavor: image target_dir + arm-none-eabi-gcc -ggdb -ffreestanding -nostartfiles -lgcc \ + -T example/mps2_m3.ld \ + -mcpu=cortex-m3 \ + -D "TARGET_{{ uppercase(flavor) }}" \ + -I {{BUILD_DIR / "include"}} \ + example/main.c \ + example/startup.c \ + -o {{TARGET_DIR}}/example.elf + +build flavor="breakpoint": target_dir + cargo build \ + --profile {{PROFILE}} \ + --no-default-features \ + --features std,{{flavor}} \ + --target-dir {{TARGET_DIR}} + +run flavor="breakpoint": (target flavor) (build flavor) + {{BUILD_DIR / "qemu_baremetal"}} \ + -icount shift=auto,align=off,sleep=off \ + -machine mps2-an385 \ + -monitor null \ + -kernel {{KERNEL}} \ + -drive if=none,format=qcow2,file={{DUMMY_IMG}} \ + -serial null \ + -nographic \ + -snapshot \ + -S + +test_flavor flavor: (target flavor) (build flavor) + #!/bin/bash + export KERNEL={{ KERNEL }} + export TARGET_DIR={{ TARGET_DIR }} + + TMP_DIR=$(mktemp -d) + + timeout 20s {{ FUZZER }} \ + -icount shift=auto,align=off,sleep=off \ + -machine mps2-an385 \ + -monitor null \ + -kernel {{ KERNEL }} -serial null \ + -drive if=none,format=qcow2,file={{ DUMMY_IMG }} \ + -nographic \ + -snapshot \ + -S | tee "$TMP_DIR/fuzz.log" 2>&1 || true + + if [ -z "$(grep 'Objective' $TMP_DIR/fuzz.log)" ]; then + echo "qemu_baremetal ${FEATURE}: Fuzzer did not find the objective in $TMP_DIR/fuzz.log" + exit 1 + else + echo "qemu_baremetal ${FEATURE}: Objective found." + fi + +test: (test_flavor "low_level") (test_flavor "breakpoint") (test_flavor "sync_exit") + +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/full_system/qemu_baremetal/Makefile.toml b/fuzzers/full_system/qemu_baremetal/Makefile.toml deleted file mode 100644 index 69f71a1640..0000000000 --- a/fuzzers/full_system/qemu_baremetal/Makefile.toml +++ /dev/null @@ -1,234 +0,0 @@ -env_scripts = [''' -#!@duckscript -profile = get_env PROFILE - -if eq ${profile} "dev" - set_env PROFILE_DIR debug -else - set_env PROFILE_DIR ${profile} -end -''', ''' -#!@duckscript -runs_on_ci = get_env RUN_ON_CI - -if ${runs_on_ci} - cargo_target_dir = get_env CARGO_MAKE_CRATE_TARGET_DIRECTORY - set_env TARGET_DIR ${cargo_target_dir} - set_env KERNEL ${cargo_target_dir}/example.elf -end -'''] - -[env] -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${FEATURE}" -LIBAFL_QEMU_CLONE_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge" -KERNEL = "${TARGET_DIR}/example.elf" - -[tasks.target_dir] -condition = { files_not_exist = ["${TARGET_DIR}"] } -script_runner = "@shell" -script = ''' -mkdir -p ${TARGET_DIR} -''' - -[tasks.image] -dependencies = ["target_dir"] -condition = { files_not_exist = ["${TARGET_DIR}/dummy.qcow2"] } -script_runner = "@shell" -script = ''' -qemu-img create -f qcow2 ${TARGET_DIR}/dummy.qcow2 32M -''' - -[tasks.target] -dependencies = ["target_dir"] -condition = { env_set = ["TARGET_DEFINE"] } -command = "arm-none-eabi-gcc" -args = [ - "-ggdb", - "-ffreestanding", - "-nostartfiles", - "-lgcc", - "-T", - "${CARGO_MAKE_WORKING_DIRECTORY}/example/mps2_m3.ld", - "-mcpu=cortex-m3", - "${CARGO_MAKE_WORKING_DIRECTORY}/example/main.c", - "${CARGO_MAKE_WORKING_DIRECTORY}/example/startup.c", - "-D", - "${TARGET_DEFINE}", - "-I", - "${TARGET_DIR}/${PROFILE_DIR}/include", - "-o", - "${TARGET_DIR}/example.elf", -] - -[tasks.build_fuzzer] -condition = { env_set = ["FEATURE"] } -command = "cargo" -args = [ - "build", - "--profile", - "${PROFILE}", - "--no-default-features", - "--features", - "std,${FEATURE}", - "--target-dir", - "${TARGET_DIR}", -] -dependencies = ["image"] - -[tasks.run_fuzzer] -command = "${TARGET_DIR}/${PROFILE_DIR}/qemu_baremetal" -args = [ - "-icount", - "shift=auto,align=off,sleep=off", - "-machine", - "mps2-an385", - "-monitor", - "null", - "-kernel", - "${TARGET_DIR}/example.elf", - "-serial", - "null", - "-nographic", - "-snapshot", - "-drive", - "if=none,format=qcow2,file=${TARGET_DIR}/dummy.qcow2", - "-S", -] -dependencies = ["target"] - -[tasks.test_fuzzer] -condition = { env_set = ["FEATURE"] } -script_runner = "@shell" -script = ''' -TMP_DIR=$(mktemp -d) - -cargo make build_$FEATURE -timeout 20s ${TARGET_DIR}/${PROFILE_DIR}/qemu_baremetal -icount shift=auto,align=off,sleep=off -machine mps2-an385 -monitor null -kernel ${TARGET_DIR}/example.elf -serial null -nographic -snapshot -drive if=none,format=qcow2,file=${TARGET_DIR}/dummy.qcow2 -S | tee $TMP_DIR/fuzz.log 2>&1 || true - -if [ -z "$(grep 'Objective' $TMP_DIR/fuzz.log)" ]; then - echo "qemu_baremetal ${FEATURE}: Fuzzer did not find the objective in $TMP_DIR/fuzz.log" - exit 1 -else - echo "qemu_baremetal ${FEATURE}: Objective found." -fi -''' -dependencies = ["target"] - -[tasks.build_low_level] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=low_level", - "-e", - "TARGET_DEFINE=TARGET_CLASSIC", - "build_fuzzer", -] - -[tasks.test_low_level] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=low_level", - "-e", - "TARGET_DEFINE=TARGET_CLASSIC", - "test_fuzzer", -] - -[tasks.build_breakpoint] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=breakpoint", - "-e", - "TARGET_DEFINE=TARGET_BREAKPOINT", - "build_fuzzer", -] - -[tasks.test_breakpoint] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=breakpoint", - "-e", - "TARGET_DEFINE=TARGET_BREAKPOINT", - "test_fuzzer", -] - -[tasks.build_sync_exit] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=sync_exit", - "-e", - "TARGET_DEFINE=TARGET_SYNC_EXIT", - "build_fuzzer", -] - -[tasks.test_sync_exit] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=sync_exit", - "-e", - "TARGET_DEFINE=TARGET_SYNC_EXIT", - "test_fuzzer", -] - -[tasks.low_level] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=low_level", - "-e", - "TARGET_DEFINE=TARGET_CLASSIC", - "run_fuzzer", -] - -[tasks.breakpoint] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=breakpoint", - "-e", - "TARGET_DEFINE=TARGET_BREAKPOINT", - "run_fuzzer", -] - -[tasks.sync_exit] -command = "cargo" -args = [ - "make", - "-e", - "FEATURE=sync_exit", - "-e", - "TARGET_DEFINE=TARGET_SYNC_EXIT", - "run_fuzzer", -] - -[tasks.test] -clear = true -run_task = { name = ["test_low_level", "test_breakpoint", "test_sync_exit"] } - -[tasks.build] -clear = true -run_task = { name = ["build_low_level", "build_breakpoint", "build_sync_exit"] } - -[tasks.run] -alias = "low_level" - -[tasks.clean] -clear = true -script_runner = "@shell" -script = ''' -rm -rf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -cargo clean -''' diff --git a/fuzzers/full_system/qemu_baremetal/README.md b/fuzzers/full_system/qemu_baremetal/README.md index f151f3f0eb..d6057c4442 100644 --- a/fuzzers/full_system/qemu_baremetal/README.md +++ b/fuzzers/full_system/qemu_baremetal/README.md @@ -21,24 +21,20 @@ sudo apt -y install qemu-utils gcc-arm-none-eabi ## Build +Build one of the flavors (breakpoint by default): + ```bash -cargo make build +just build ``` ## Run -```bash -cargo make run -``` - -It is also possible to run the fuzzer with the other features: +Run one of the flavors (breakpoint by default): ```bash -cargo make +just run ``` -With feature being `low_level`, `breakpoint` or `sync_exit`. - This will build the desired fuzzer (src/fuzzer_.rs) and a small example binary based on FreeRTOS, which can run under a qemu emulation target. Since the instrumentation is based on snapshots, QEMU needs a virtual drive (even if it is unused...). Thus, the makefile creates a dummy QCOW2 image `dummy.qcow2` (can be found in the `target directory`). diff --git a/fuzzers/full_system/qemu_linux_kernel/Justfile b/fuzzers/full_system/qemu_linux_kernel/Justfile new file mode 100644 index 0000000000..78009bfe55 --- /dev/null +++ b/fuzzers/full_system/qemu_linux_kernel/Justfile @@ -0,0 +1,69 @@ +import "../../../just/libafl-qemu.just" +FUZZER_NAME := "qemu_linux_kernel" + +LINUX_BUILDER_URL := "git@github.com:AFLplusplus/linux-qemu-image-builder.git" +LINUX_BUILDER_DIR := TARGET_DIR / "linux_builder" +LINUX_BUILDER_OUT := LINUX_BUILDER_DIR / "output" + +target_dir: + mkdir -p "{{TARGET_DIR}}"/runtime + mkdir -p "{{TARGET_DIR}}"/setup + +linux_builder_dir: target_dir + #!/bin/bash + + if [ ! -d {{ LINUX_BUILDER_DIR }} ]; then + git clone {{ LINUX_BUILDER_URL }} {{ LINUX_BUILDER_DIR }} + else + git -C {{ LINUX_BUILDER_DIR }} pull + fi + +update_files api="": target_dir linux_builder_dir (build api) + cp -r setup/* "{{ LINUX_BUILDER_DIR }}/setup/" + cp -r runtime/* "{{ LINUX_BUILDER_DIR }}/runtime/" + + cp {{ BUILD_DIR }}/include/* "{{ LINUX_BUILDER_DIR }}/setup/" + +target api="": linux_builder_dir update_files + {{LINUX_BUILDER_DIR}}/build.sh + +build api="": + cargo build \ + --profile {{ PROFILE }} \ + --target-dir {{ TARGET_DIR }} \ + --features "{{ api }}" + +run api="": (build api) + #!/bin/bash + + rm -rf corpus_gen + + # Find the bios dir of LibAFL QEMU + if [ ! -z "${LIBAFL_QEMU_DIR}" ]; then + LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu + else + LIBAFL_QEMU_BIOS_DIR={{ LIBAFL_QEMU_DIR_DEFAULT }}/build/qemu-bundle/usr/local/share/qemu + fi + + qemu-img create -f qcow2 -o backing_file={{ LINUX_BUILDER_OUT }}/OVMF_CODE.4m.fd -F raw {{ LINUX_BUILDER_OUT }}/OVMF_CODE.4m.qcow2 + qemu-img create -f qcow2 -o backing_file={{ LINUX_BUILDER_OUT }}/OVMF_VARS.4m.fd -F raw {{ LINUX_BUILDER_OUT }}/OVMF_VARS.4m.qcow2 + qemu-img create -f qcow2 -o backing_file={{ LINUX_BUILDER_OUT }}/linux.qcow2 -F qcow2 {{ LINUX_BUILDER_OUT }}/linux.tmp.qcow2 + + {{FUZZER}} \ + -accel tcg \ + -m 4G \ + -drive if=pflash,format=qcow2,file="{{ LINUX_BUILDER_OUT }}/OVMF_CODE.4m.qcow2" `# OVMF code pflash` \ + -drive if=pflash,format=qcow2,file="{{ LINUX_BUILDER_OUT }}/OVMF_VARS.4m.qcow2" `# OVMF vars pflash` \ + -device ahci,id=ahci,bus=pci.0,addr=4 \ + -device ide-hd,bus=ahci.0,drive=disk,bootindex=1 \ + -blockdev driver=file,filename="{{ LINUX_BUILDER_OUT }}/linux.tmp.qcow2",node-name=storage `# Backend file of "disk"` \ + -blockdev driver=qcow2,file=storage,node-name=disk `# QCOW2 "disk"` \ + -L "${LIBAFL_QEMU_BIOS_DIR}" \ + -nographic \ + -monitor null \ + -serial null + +test: build (build "nyx") + +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/full_system/qemu_linux_kernel/Makefile.toml b/fuzzers/full_system/qemu_linux_kernel/Makefile.toml deleted file mode 100644 index b451537467..0000000000 --- a/fuzzers/full_system/qemu_linux_kernel/Makefile.toml +++ /dev/null @@ -1,223 +0,0 @@ -env_scripts = [''' -#!@duckscript -profile = get_env PROFILE -harness_api = get_env HARNESS_API - -if eq ${profile} "dev" - set_env PROFILE_DIR debug -else - set_env PROFILE_DIR ${profile} -end - -if eq ${harness_api} "nyx" - set_env FEATURE nyx -elseif eq ${harness_api} "lqemu" - set_env FEATURE "" -else - echo "Unknown harness API: ${harness_api}" - exit 1 -end -''', ''' -#!@duckscript -runs_on_ci = get_env RUN_ON_CI - -if ${runs_on_ci} - cargo_target_dir = get_env CARGO_MAKE_CRATE_TARGET_DIRECTORY - set_env TARGET_DIR ${cargo_target_dir} -end -'''] - -[env] -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -WORKING_DIR = "${CARGO_MAKE_WORKING_DIRECTORY}" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" -LIBAFL_QEMU_CLONE_DIR = { value = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge", condition = { env_not_set = [ - "LIBAFL_QEMU_DIR", -] } } -HARNESS_API = { value = "lqemu", condition = { env_not_set = ["HARNESS_API"] } } - -LINUX_BUILDER_URL = "git@github.com:AFLplusplus/linux-qemu-image-builder.git" -LINUX_BUILDER_DIR = { value = "${TARGET_DIR}/linux_builder", condition = { env_not_set = [ - "LINUX_BUILDER_DIR", -] } } -LINUX_BUILDER_OUT = "${LINUX_BUILDER_DIR}/output" - -[tasks.target_dir] -condition = { files_not_exist = [ - "${TARGET_DIR}", - "${TARGET_DIR}/runtime", - "${TARGET_DIR}/setup", -] } -script_runner = "@shell" -script = ''' -mkdir -p ${TARGET_DIR}/runtime -mkdir -p ${TARGET_DIR}/setup -''' - -[tasks.linux_builder_dir] -condition = { files_not_exist = ["${LINUX_BUILDER_DIR}"] } -script_runner = "@shell" -script = ''' -git clone ${LINUX_BUILDER_URL} ${LINUX_BUILDER_DIR} -''' - -[tasks.target] -dependencies = ["build", "linux_builder_dir"] -script_runner = "@shell" -script = ''' -git -C ${LINUX_BUILDER_DIR} pull - -# Copy setup & runtime fixed files -cp -r ${WORKING_DIR}/setup/* ${LINUX_BUILDER_DIR}/setup/ -cp -r ${WORKING_DIR}/runtime/* ${LINUX_BUILDER_DIR}/runtime/ - -# Copy generated libafl qemu header files to setup -cp ${TARGET_DIR}/${PROFILE_DIR}/include/* ${LINUX_BUILDER_DIR}/setup/ - -${LINUX_BUILDER_DIR}/build.sh -''' - -[tasks.target_update] -dependencies = ["build", "linux_builder_dir"] -script_runner = "@shell" -script = ''' -git -C ${LINUX_BUILDER_DIR} pull - -# Copy setup & runtime fixed files -cp -r ${WORKING_DIR}/setup/* ${LINUX_BUILDER_DIR}/setup/ -cp -r ${WORKING_DIR}/runtime/* ${LINUX_BUILDER_DIR}/runtime/ - -# Copy generated libafl qemu header files to setup -cp ${TARGET_DIR}/${PROFILE_DIR}/include/* ${LINUX_BUILDER_DIR}/setup/ - -${LINUX_BUILDER_DIR}/update.sh -''' - -[tasks.build] -dependencies = ["target_dir"] -command = "cargo" -args = [ - "build", - "--profile", - "${PROFILE}", - "--target-dir", - "${TARGET_DIR}", - "--features", - "${FEATURE}", -] - -[tasks.run] -dependencies = ["build"] -script_runner = "@shell" -script = ''' -rm -rf "${WORKING_DIR}/corpus_gen" - -# Find the bios dir of LibAFL QEMU -if [ ! -z "${LIBAFL_QEMU_DIR}" ]; then - LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu -else - LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_CLONE_DIR}/build/qemu-bundle/usr/local/share/qemu -fi - -qemu-img create -f qcow2 -o backing_file=${LINUX_BUILDER_OUT}/OVMF_CODE.4m.fd -F raw ${LINUX_BUILDER_OUT}/OVMF_CODE.4m.qcow2 -qemu-img create -f qcow2 -o backing_file=${LINUX_BUILDER_OUT}/OVMF_VARS.4m.fd -F raw ${LINUX_BUILDER_OUT}/OVMF_VARS.4m.qcow2 -qemu-img create -f qcow2 -o backing_file=${LINUX_BUILDER_OUT}/linux.qcow2 -F qcow2 ${LINUX_BUILDER_OUT}/linux.tmp.qcow2 - -${TARGET_DIR}/${PROFILE_DIR}/qemu_linux_kernel \ - -accel tcg \ - -m 4G \ - -drive if=pflash,format=qcow2,file="${LINUX_BUILDER_OUT}/OVMF_CODE.4m.qcow2" `# OVMF code pflash` \ - -drive if=pflash,format=qcow2,file="${LINUX_BUILDER_OUT}/OVMF_VARS.4m.qcow2" `# OVMF vars pflash` \ - -device ahci,id=ahci,bus=pci.0,addr=4 \ - -device ide-hd,bus=ahci.0,drive=disk,bootindex=1 \ - -blockdev driver=file,filename="${LINUX_BUILDER_OUT}/linux.tmp.qcow2",node-name=storage `# Backend file of "disk"` \ - -blockdev driver=qcow2,file=storage,node-name=disk `# QCOW2 "disk"` \ - -L "${LIBAFL_QEMU_BIOS_DIR}" \ - -nographic \ - -monitor null \ - -serial null -''' - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -# TODO: Run real test, not only building. - -# LibAFL QEMU API -HARNESS_API=lqemu cargo make build - -# Nyx API -HARNESS_API=nyx cargo make build -''' - -[tasks.test] -description = "Run a test" -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.debug] -dependencies = ["build"] -command = "time" -args = [ - "${TARGET_DIR}/${PROFILE_DIR}/qemu_systemmode_linux_kernel", - "-accel", - "kvm", - "-m", - "4G", - "-drive", - "if=pflash,format=raw,readonly=on,file=${LINUX_BUILDER_OUT}/OVMF_CODE.fd", - "-drive", - "if=pflash,format=raw,snapshot=off,file=${LINUX_BUILDER_OUT}/OVMF_VARS.fd", - "-blockdev", - "filename=${LINUX_BUILDER_OUT}/linux.qcow2,node-name=storage,driver=file", - "-blockdev", - "driver=qcow2,file=storage,node-name=disk", - "-device", - "virtio-scsi-pci,id=scsi0", - "-device", - "scsi-hd,bus=scsi0.0,drive=disk,id=virtio-disk0,bootindex=1", - "-L", - "${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu", - "-snapshot", -] - -[tasks.perf] -command = "perf" -args = [ - "record", - "--call-graph", - "dwarf", - "${TARGET_DIR}/${PROFILE_DIR}/qemu_systemmode_linux_kernel", - "-accel", - "tcg", - "-m", - "4G", - "-drive", - "if=pflash,format=raw,readonly=on,file=${LINUX_BUILDER_OUT}/OVMF_CODE.fd", - "-drive", - "if=pflash,format=raw,snapshot=off,file=${LINUX_BUILDER_OUT}/OVMF_VARS.fd", - "-blockdev", - "filename=${LINUX_BUILDER_OUT}/linux.qcow2,node-name=storage,driver=file", - "-blockdev", - "driver=qcow2,file=storage,node-name=disk", - "-device", - "virtio-scsi-pci,id=scsi0", - "-device", - "scsi-hd,bus=scsi0.0,drive=disk,id=virtio-disk0,bootindex=1", - "-L", - "${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu", - "-snapshot", - # "-icount", "shift=auto,align=off,sleep=off", - # "-monitor", "null", - # "-serial", "null", - # "-nographic", -] - -[tasks.clean] -clear = true -script_runner = "@shell" -script = ''' -rm -rf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -cargo clean -''' diff --git a/fuzzers/full_system/qemu_linux_process/Cargo.toml b/fuzzers/full_system/qemu_linux_process/Cargo.toml index 4210e09d27..7671366601 100644 --- a/fuzzers/full_system/qemu_linux_process/Cargo.toml +++ b/fuzzers/full_system/qemu_linux_process/Cargo.toml @@ -5,10 +5,14 @@ authors = ["Romain Malmain "] edition = "2021" [features] +default = ["lqemu"] ## Build and run the target with the Nyx API instead of the built-in LibAFL QEMU API. nyx = [] +## Build and run the target with the LibAFL QEMU API. +lqemu = [] + shared = ["libafl_qemu/shared"] [profile.release] diff --git a/fuzzers/full_system/qemu_linux_process/Justfile b/fuzzers/full_system/qemu_linux_process/Justfile new file mode 100644 index 0000000000..82d479c464 --- /dev/null +++ b/fuzzers/full_system/qemu_linux_process/Justfile @@ -0,0 +1,74 @@ +import "../../../just/libafl-qemu.just" +FUZZER_NAME := "qemu_linux_kernel" + +LINUX_BUILDER_URL := "git@github.com:AFLplusplus/linux-qemu-image-builder.git" +LINUX_BUILDER_DIR := TARGET_DIR / "linux_builder" +LINUX_BUILDER_OUT := LINUX_BUILDER_DIR / "output" + +target_dir: + mkdir -p "{{TARGET_DIR}}" + +linux_builder_dir: target_dir + #!/bin/bash + + if [ ! -d {{ LINUX_BUILDER_DIR }} ]; then + git clone {{ LINUX_BUILDER_URL }} {{ LINUX_BUILDER_DIR }} + else + git -C {{ LINUX_BUILDER_DIR }} pull + fi + +compile_target api="lqemu": (build api) + clang -O0 -static -I {{ BUILD_DIR }}/include \ + example/harness_{{ api }}.c \ + -o {{ LINUX_BUILDER_DIR }}/runtime/harness + +update_files api="lqemu": target_dir linux_builder_dir (build api) + cp -r setup/* "{{ LINUX_BUILDER_DIR }}/setup/" + cp -r runtime/* "{{ LINUX_BUILDER_DIR }}/runtime/" + + cp {{ BUILD_DIR }}/include/* "{{ LINUX_BUILDER_DIR }}/setup/" + +target api="lqemu": linux_builder_dir update_files + {{LINUX_BUILDER_DIR}}/build.sh + +build api="lqemu": + cargo build \ + --no-default-features \ + --profile {{ PROFILE }} \ + --target-dir {{ TARGET_DIR }} \ + --features "{{ api }}" + +run api="lqemu": (build api) + #!/bin/bash + + rm -rf corpus_gen + + # Find the bios dir of LibAFL QEMU + if [ ! -z "${LIBAFL_QEMU_DIR}" ]; then + LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu + else + LIBAFL_QEMU_BIOS_DIR={{ LIBAFL_QEMU_DIR_DEFAULT }}/build/qemu-bundle/usr/local/share/qemu + fi + + qemu-img create -f qcow2 -o backing_file={{ LINUX_BUILDER_OUT }}/OVMF_CODE.4m.fd -F raw {{ LINUX_BUILDER_OUT }}/OVMF_CODE.4m.qcow2 + qemu-img create -f qcow2 -o backing_file={{ LINUX_BUILDER_OUT }}/OVMF_VARS.4m.fd -F raw {{ LINUX_BUILDER_OUT }}/OVMF_VARS.4m.qcow2 + qemu-img create -f qcow2 -o backing_file={{ LINUX_BUILDER_OUT }}/linux.qcow2 -F qcow2 {{ LINUX_BUILDER_OUT }}/linux.tmp.qcow2 + + {{FUZZER}} \ + -accel tcg \ + -m 4G \ + -drive if=pflash,format=qcow2,file="{{ LINUX_BUILDER_OUT }}/OVMF_CODE.4m.qcow2" `# OVMF code pflash` \ + -drive if=pflash,format=qcow2,file="{{ LINUX_BUILDER_OUT }}/OVMF_VARS.4m.qcow2" `# OVMF vars pflash` \ + -device ahci,id=ahci,bus=pci.0,addr=4 \ + -device ide-hd,bus=ahci.0,drive=disk,bootindex=1 \ + -blockdev driver=file,filename="{{ LINUX_BUILDER_OUT }}/linux.tmp.qcow2",node-name=storage `# Backend file of "disk"` \ + -blockdev driver=qcow2,file=storage,node-name=disk `# QCOW2 "disk"` \ + -L "${LIBAFL_QEMU_BIOS_DIR}" \ + -nographic \ + -monitor null \ + -serial null + +test: build (build "nyx") + +clean: + cargo clean \ No newline at end of file diff --git a/fuzzers/full_system/qemu_linux_process/Makefile.toml b/fuzzers/full_system/qemu_linux_process/Makefile.toml deleted file mode 100644 index 9761452463..0000000000 --- a/fuzzers/full_system/qemu_linux_process/Makefile.toml +++ /dev/null @@ -1,257 +0,0 @@ -env_scripts = [''' -#!@duckscript -profile = get_env PROFILE -harness_api = get_env HARNESS_API - -if eq ${profile} "dev" - set_env PROFILE_DIR debug -else - set_env PROFILE_DIR ${profile} -end - -if eq ${harness_api} "nyx" - set_env FEATURE nyx -elseif eq ${harness_api} "lqemu" - set_env FEATURE "" -else - echo "Unknown harness API: ${harness_api}" - exit 1 -end - -''', ''' -#!@duckscript -runs_on_ci = get_env RUN_ON_CI - -if ${runs_on_ci} - cargo_target_dir = get_env CARGO_MAKE_CRATE_TARGET_DIRECTORY - set_env TARGET_DIR ${cargo_target_dir} - set_env KERNEL ${cargo_target_dir}/example.elf -end -'''] - -[env] -PROFILE = { value = "release", condition = { env_not_set = ["PROFILE"] } } -WORKING_DIR = "${CARGO_MAKE_WORKING_DIRECTORY}" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}" -LIBAFL_QEMU_CLONE_DIR = { value = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/qemu-libafl-bridge", condition = { env_not_set = [ - "LIBAFL_QEMU_DIR", -] } } -LINUX_BUILDER_URL = "git@github.com:AFLplusplus/linux-qemu-image-builder.git" -LINUX_BUILDER_DIR = { value = "${TARGET_DIR}/linux_builder", condition = { env_not_set = [ - "LINUX_BUILDER_DIR", -] } } -LINUX_BUILDER_OUT = "${LINUX_BUILDER_DIR}/output" -HARNESS_API = { value = "lqemu", condition = { env_not_set = ["HARNESS_API"] } } - -[tasks.target_dir] -condition = { files_not_exist = [ - "${TARGET_DIR}", - "${TARGET_DIR}/runtime", - "${TARGET_DIR}/setup", -] } -script_runner = "@shell" -script = ''' -mkdir -p ${TARGET_DIR}/runtime -mkdir -p ${TARGET_DIR}/setup -''' - -[tasks.linux_builder_dir] -condition = { files_not_exist = ["${LINUX_BUILDER_DIR}"] } -script_runner = "@shell" -script = ''' -git clone ${LINUX_BUILDER_URL} ${LINUX_BUILDER_DIR} -''' - -[tasks.compile_target_nyx] -condition = { env = { "HARNESS_API" = "nyx" } } -dependencies = ["target_dir", "linux_builder_dir"] -command = "clang" -args = [ - "-O0", - "-static", - "${WORKING_DIR}/example/harness_nyx.c", - "-o", - "${TARGET_DIR}/runtime/harness", - "-I", - "${TARGET_DIR}/${PROFILE_DIR}/include", -] - -[tasks.compile_target_native] -condition = { env = { "HARNESS_API" = "lqemu" } } -dependencies = ["target_dir", "linux_builder_dir"] -command = "clang" -args = [ - "-O0", - "-static", - "${WORKING_DIR}/example/harness.c", - "-o", - "${TARGET_DIR}/runtime/harness", - "-I", - "${TARGET_DIR}/${PROFILE_DIR}/include", -] - -[tasks.compile_target] -dependencies = ["compile_target_native", "compile_target_nyx"] - -[tasks.target] -dependencies = ["build", "compile_target"] -script_runner = "@shell" -script = ''' -git -C ${LINUX_BUILDER_DIR} pull - -# Copy generated harness -cp -r ${TARGET_DIR}/runtime/* ${LINUX_BUILDER_DIR}/runtime/ - -# Copy setup & runtime fixed files -cp -r ${WORKING_DIR}/setup/* ${LINUX_BUILDER_DIR}/setup/ -cp -r ${WORKING_DIR}/runtime/* ${LINUX_BUILDER_DIR}/runtime/ - -${LINUX_BUILDER_DIR}/build.sh -''' - -[tasks.target_update] -dependencies = ["build", "compile_target"] -script_runner = "@shell" -script = ''' -# Copy generated harness -cp -r ${TARGET_DIR}/runtime/* ${LINUX_BUILDER_DIR}/runtime/ - -# Copy setup & runtime fixed files -cp -r ${WORKING_DIR}/runtime/* ${LINUX_BUILDER_DIR}/runtime/ - -${LINUX_BUILDER_DIR}/update.sh -''' - -[tasks.build] -dependencies = ["target_dir"] -command = "cargo" -args = [ - "build", - "--profile", - "${PROFILE}", - "--target-dir", - "${TARGET_DIR}", - "--features", - "${FEATURE}", -] - -[tasks.test_unix] -script_runner = "@shell" -script = ''' -# TODO: Run real test, not only building. - -# LibAFL QEMU API -HARNESS_API=lqemu cargo make build - -# Nyx API -HARNESS_API=nyx cargo make build -''' - -[tasks.test] -description = "Run a test" -linux_alias = "test_unix" -mac_alias = "test_unix" -windows_alias = "unsupported" - -[tasks.run] -dependencies = ["build"] -script_runner = "@shell" -script = ''' -rm -rf "${WORKING_DIR}/corpus_gen" - -# Find the bios dir of LibAFL QEMU -if [ ! -z "${LIBAFL_QEMU_DIR}" ]; then - LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu -else - LIBAFL_QEMU_BIOS_DIR=${LIBAFL_QEMU_CLONE_DIR}/build/qemu-bundle/usr/local/share/qemu -fi - -qemu-img create -f qcow2 -o backing_file=${LINUX_BUILDER_OUT}/OVMF_CODE.4m.fd -F raw ${LINUX_BUILDER_OUT}/OVMF_CODE.4m.qcow2 -qemu-img create -f qcow2 -o backing_file=${LINUX_BUILDER_OUT}/OVMF_VARS.4m.fd -F raw ${LINUX_BUILDER_OUT}/OVMF_VARS.4m.qcow2 -qemu-img create -f qcow2 -o backing_file=${LINUX_BUILDER_OUT}/linux.qcow2 -F qcow2 ${LINUX_BUILDER_OUT}/linux.tmp.qcow2 - -${TARGET_DIR}/${PROFILE_DIR}/qemu_linux_process \ - -accel tcg \ - -m 4G \ - -drive if=pflash,format=qcow2,file="${LINUX_BUILDER_OUT}/OVMF_CODE.4m.qcow2" `# OVMF code pflash` \ - -drive if=pflash,format=qcow2,file="${LINUX_BUILDER_OUT}/OVMF_VARS.4m.qcow2" `# OVMF vars pflash` \ - -device ahci,id=ahci,bus=pci.0,addr=4 \ - -device ide-hd,bus=ahci.0,drive=disk,bootindex=1 \ - -blockdev driver=file,filename="${LINUX_BUILDER_OUT}/linux.tmp.qcow2",node-name=storage `# Backend file of "disk"` \ - -blockdev driver=qcow2,file=storage,node-name=disk `# QCOW2 "disk"` \ - -L "${LIBAFL_QEMU_BIOS_DIR}" \ - -nographic \ - -monitor null \ - -serial null - - # -snapshot - #-blockdev driver=syx-cow-cache,file=storage,node-name=storage-syx \ -# gdb --args -''' - -[tasks.debug] -dependencies = ["build"] -command = "time" -args = [ - "${TARGET_DIR}/${PROFILE_DIR}/qemu_linux_process", - "-accel", - "tcg", - "-m", - "4G", - "-drive", - "if=pflash,format=raw,file=${LINUX_BUILDER_OUT}/OVMF_CODE.fd", - "-drive", - "if=pflash,format=raw,file=${LINUX_BUILDER_OUT}/OVMF_VARS.fd", - "-blockdev", - "filename=${LINUX_BUILDER_OUT}/linux.qcow2,node-name=storage,driver=file", - "-blockdev", - "driver=qcow2,file=storage,node-name=disk", - "-device", - "virtio-scsi-pci,id=scsi0", - "-device", - "scsi-hd,bus=scsi0.0,drive=disk,id=virtio-disk0,bootindex=1", - "-L", - "${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu", - - #"-snapshot", -] - -[tasks.perf] -command = "perf" -args = [ - "record", - "--call-graph", - "dwarf", - "${TARGET_DIR}/${PROFILE_DIR}/qemu_linux_process", - "-accel", - "tcg", - "-m", - "4G", - "-drive", - "if=pflash,format=raw,readonly=on,file=${LINUX_BUILDER_OUT}/OVMF_CODE.fd", - "-drive", - "if=pflash,format=raw,snapshot=off,file=${LINUX_BUILDER_OUT}/OVMF_VARS.fd", - "-blockdev", - "filename=${LINUX_BUILDER_OUT}/linux.qcow2,node-name=storage,driver=file", - "-blockdev", - "driver=qcow2,file=storage,node-name=disk", - "-device", - "virtio-scsi-pci,id=scsi0", - "-device", - "scsi-hd,bus=scsi0.0,drive=disk,id=virtio-disk0,bootindex=1", - "-L", - "${LIBAFL_QEMU_DIR}/build/qemu-bundle/usr/local/share/qemu", - "-snapshot", - # "-icount", "shift=auto,align=off,sleep=off", - # "-monitor", "null", - # "-serial", "null", - # "-nographic", -] - -[tasks.clean] -clear = true -script_runner = "@shell" -script = ''' -rm -rf ${CARGO_MAKE_CRATE_TARGET_DIRECTORY} -cargo clean -''' diff --git a/fuzzers/full_system/qemu_linux_process/example/harness.c b/fuzzers/full_system/qemu_linux_process/example/harness_lqemu.c similarity index 100% rename from fuzzers/full_system/qemu_linux_process/example/harness.c rename to fuzzers/full_system/qemu_linux_process/example/harness_lqemu.c diff --git a/fuzzers/inprocess/libfuzzer_stb_image/Justfile b/fuzzers/inprocess/libfuzzer_stb_image/Justfile index 2d72d2b5ec..5bace85ef4 100644 --- a/fuzzers/inprocess/libfuzzer_stb_image/Justfile +++ b/fuzzers/inprocess/libfuzzer_stb_image/Justfile @@ -29,7 +29,7 @@ run: fuzzer [windows] run: fuzzer - echo "Not integrated into cargo-make yet." + echo "Not integrated into just yet." [linux] [macos] diff --git a/fuzzers/inprocess/libfuzzer_stb_image_sugar/Justfile b/fuzzers/inprocess/libfuzzer_stb_image_sugar/Justfile index 0d35f536c6..4fa6f647f9 100644 --- a/fuzzers/inprocess/libfuzzer_stb_image_sugar/Justfile +++ b/fuzzers/inprocess/libfuzzer_stb_image_sugar/Justfile @@ -29,7 +29,7 @@ run: fuzzer [windows] run: fuzzer - echo "Not integrated into cargo-make yet." + echo "Not integrated into just yet." [linux] [macos] diff --git a/just/README.md b/just/README.md new file mode 100644 index 0000000000..272f7c5085 --- /dev/null +++ b/just/README.md @@ -0,0 +1,6 @@ +# LibAFL Just Library + +Here is stored the common library used by our example fuzzers. +It mainly consists of boilerplate definitions and convenient functions. + +One of these files should always be included in final `Justfile`s. \ No newline at end of file diff --git a/just/envs/.env.aarch64 b/just/envs/.env.aarch64 new file mode 100644 index 0000000000..46d6e57160 --- /dev/null +++ b/just/envs/.env.aarch64 @@ -0,0 +1,3 @@ +CROSS_CC="aarch64-linux-gnu-gcc" +CROSS_CXX="aarch64-linux-gnu-g++" +CROSS_CFLAGS="" \ No newline at end of file diff --git a/just/envs/.env.arm b/just/envs/.env.arm new file mode 100644 index 0000000000..dd480ad816 --- /dev/null +++ b/just/envs/.env.arm @@ -0,0 +1,3 @@ +CROSS_CC="arm-linux-gnueabi-gcc" +CROSS_CXX="arm-linux-gnueabi-g++" +CROSS_CFLAGS="" \ No newline at end of file diff --git a/just/envs/.env.i386 b/just/envs/.env.i386 new file mode 100644 index 0000000000..0f06b4bce9 --- /dev/null +++ b/just/envs/.env.i386 @@ -0,0 +1,3 @@ +CROSS_CC="x86_64-linux-gnu-gcc" +CROSS_CXX="x86_64-linux-gnu-g++" +CROSS_CFLAGS="-m32" \ No newline at end of file diff --git a/just/envs/.env.mips b/just/envs/.env.mips new file mode 100644 index 0000000000..436109bd06 --- /dev/null +++ b/just/envs/.env.mips @@ -0,0 +1,3 @@ +CROSS_CC="mipsel-linux-gnu-gcc" +CROSS_CXX="mipsel-linux-gnu-g++" +CROSS_CFLAGS="" \ No newline at end of file diff --git a/just/envs/.env.ppc b/just/envs/.env.ppc new file mode 100644 index 0000000000..b6c4ea03fd --- /dev/null +++ b/just/envs/.env.ppc @@ -0,0 +1,3 @@ +CROSS_CC="powerpc-linux-gnu-gcc" +CROSS_CXX="powerpc-linux-gnu-gcc" +CROSS_CFLAGS="" \ No newline at end of file diff --git a/just/envs/.env.x86_64 b/just/envs/.env.x86_64 new file mode 100644 index 0000000000..a1eef0648e --- /dev/null +++ b/just/envs/.env.x86_64 @@ -0,0 +1,3 @@ +CROSS_CC="x86_64-linux-gnu-gcc" +CROSS_CXX="x86_64-linux-gnu-g++" +CROSS_CFLAGS="" \ No newline at end of file diff --git a/just/libafl-qemu-libpng.just b/just/libafl-qemu-libpng.just new file mode 100644 index 0000000000..6a23a5d645 --- /dev/null +++ b/just/libafl-qemu-libpng.just @@ -0,0 +1,84 @@ +import "libafl-qemu.just" + +# Useful rules to build libpng for multiple architecture. + +ARCH := env("ARCH", "x86_64") +OPTIMIZATIONS := env("OPTIMIZATIONS", "yes") + +DEPS_DIR := TARGET_DIR / "deps" + +DOTENV := source_directory() / "envs" / ".env." + ARCH + +[unix] +target_dir: + mkdir -p {{ TARGET_DIR }} + +[unix] +deps_dir: + mkdir -p {{ DEPS_DIR }} + +[unix] +arch_dir: + mkdir -p {{ ARCH }} + +[unix] +zlib_wget: deps_dir + #!/bin/bash + + wget \ + -O "{{ DEPS_DIR }}/zlib-1.2.13.tar.gz" \ + https://zlib.net/fossils/zlib-1.2.13.tar.gz + + tar \ + zxvf {{ DEPS_DIR }}/zlib-1.2.13.tar.gz \ + -C {{ DEPS_DIR }} + +[unix] +zlib: zlib_wget + #!/bin/bash + + source {{ DOTENV }} + + rm -rf {{ TARGET_DIR }}/build-zlib/ + + mkdir {{ TARGET_DIR }}/build-zlib/ + + cd {{ TARGET_DIR }}/build-zlib/ && \ + CC=$CROSS_CC \ + CFLAGS=$CROSS_CFLAGS \ + {{ DEPS_DIR }}/zlib-1.2.13/configure \ + --prefix=./zlib + + make -j install + +[unix] +libpng_wget: deps_dir + wget \ + -O "{{ DEPS_DIR }}/v1.6.37.tar.gz" \ + https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz + + tar \ + -xvf "{{ DEPS_DIR }}/v1.6.37.tar.gz" \ + -C {{ DEPS_DIR }} + +[unix] +libpng: arch_dir zlib libpng_wget + #!/bin/bash + + source {{ DOTENV }} + + rm -rf {{ TARGET_DIR }}/build-png/ + + mkdir {{TARGET_DIR}}/build-png/ + + cd {{ TARGET_DIR }}/build-png/ && \ + CC=$CROSS_CC \ + CFLAGS="$CROSS_CFLAGS -I"{{ TARGET_DIR }}/build-zlib/zlib/lib"" \ + LDFLAGS=-L"{{ TARGET_DIR }}/build-zlib/zlib/lib" \ + {{ DEPS_DIR }}/libpng-1.6.37/configure \ + --enable-shared=no \ + --with-pic=yes \ + --enable-hardware-optimizations={{ OPTIMIZATIONS }} \ + --host={{ ARCH }} \ + + make -j -C {{ TARGET_DIR }}/build-png/ \ No newline at end of file diff --git a/just/libafl-qemu.just b/just/libafl-qemu.just new file mode 100644 index 0000000000..cb299816f9 --- /dev/null +++ b/just/libafl-qemu.just @@ -0,0 +1,3 @@ +import "libafl.just" + +export LIBAFL_QEMU_DIR_DEFAULT := BUILD_DIR / "qemu-libafl-bridge" \ No newline at end of file diff --git a/just/libafl.just b/just/libafl.just new file mode 100644 index 0000000000..2bf9258c56 --- /dev/null +++ b/just/libafl.just @@ -0,0 +1,41 @@ +# Main Justfile for LibAFL +# Provides multiple useful variables. +# +# Must be set: +# - `FUZZER_NAME`: Name of the executable. +# +# Provides: +# - `PROFILE`: Profile (either `dev` or `release`). Default is `release`. +# - `PROFILE_DIR`: Profile directory (either `debug` or `release`). +# - `TARGET_DIR`: target directry. Defaults to `target`. +# - `BUILD_DIR`: Root directory in which the program is compiled. +# - `FUZZER`: Executable path. + +PROFILE := env("PROFILE", "release") +PROFILE_DIR := if PROFILE == "dev" { "debug" } else { "release" } +TARGET_DIR := absolute_path(env("TARGET_DIR", "target")) +BUILD_DIR := TARGET_DIR / PROFILE_DIR +FUZZER_EXTENSION := if os_family() == "windows" { ".exe" } else { "" } +FUZZER := BUILD_DIR / FUZZER_NAME + FUZZER_EXTENSION + +JUSTHASHES := ".justhashes" + +buildfile fpath: + #!/bin/bash + + # Init hash files if does not exit + if [ ! -f {{ JUSTHASHES }} ]; then + touch {{ JUSTHASHES }} + fi + + if [ -d {{ fpath }}] + echo "{{ fpath }} already exists as dir." + exit 1 + fi + + # Run the file recipe if it changed or was not built before + if [ ! -f {{ fpath }} ] || [ ! "$(md5sum {{ fpath }} | head -c 32)" == "$(grep " {{ fpath }}" {{ JUSTHASHES }} | head -c 32)" ]; then + just {{ fpath }} + echo "$(grep -v "{{ fpath }}" {{ JUSTHASHES }})" > {{ JUSTHASHES }} + md5sum {{ fpath }} >> {{ JUSTHASHES }} + fi diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index 62f5f2a1a5..0262d1db5e 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -11,7 +11,7 @@ use crate::cargo_add_rpath; pub const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; pub const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -pub const QEMU_REVISION: &str = "695657e4f3f408c34b146d5191b102d5eb99b74b"; +pub const QEMU_REVISION: &str = "06c738f64a4a92d5fc8184c9b5a9fe9340f4a63f"; pub struct BuildResult { pub qemu_path: PathBuf, diff --git a/libafl_qemu/src/modules/drcov.rs b/libafl_qemu/src/modules/drcov.rs index cd1ca0aa31..1b803cf3d7 100644 --- a/libafl_qemu/src/modules/drcov.rs +++ b/libafl_qemu/src/modules/drcov.rs @@ -152,23 +152,16 @@ where match DRCOV_MAP.lock().unwrap().as_mut().unwrap().entry(pc) { Entry::Occupied(entry) => { let id = *entry.get(); - if drcov_module.full_trace { - Some(id) - } else { - None - } + Some(id) } Entry::Vacant(entry) => { let id = meta.current_id; + entry.insert(id); meta.current_id = id + 1; - if drcov_module.full_trace { - // GuestAddress is u32 for 32 bit guests - #[expect(clippy::unnecessary_cast)] - Some(id as u64) - } else { - None - } + + #[expect(clippy::unnecessary_cast)] + Some(id as u64) } } } @@ -201,7 +194,7 @@ pub fn gen_block_lengths( #[allow(clippy::needless_pass_by_value)] // no longer a problem with nightly pub fn exec_trace_block( _qemu: Qemu, - emulator_modules: &mut EmulatorModules, + _emulator_modules: &mut EmulatorModules, _state: Option<&mut S>, id: u64, ) where @@ -210,9 +203,7 @@ pub fn exec_trace_block( I: Unpin, S: Unpin + HasMetadata, { - if emulator_modules.get::>().unwrap().full_trace { - DRCOV_IDS.lock().unwrap().as_mut().unwrap().push(id); - } + DRCOV_IDS.lock().unwrap().as_mut().unwrap().push(id); } impl EmulatorModule for DrCovModule @@ -395,9 +386,7 @@ impl DrCovModule { unsafe { for module in self.module_mapping.as_ref().unwrap_unchecked().iter() { let (range, (_, _)) = module; - if *pc >= range.start.try_into().unwrap() - && *pc <= range.end.try_into().unwrap() - { + if range.contains(&u64::try_from(*pc).unwrap()) { module_found = true; break; } diff --git a/scripts/test_fuzzer.sh b/scripts/test_fuzzer.sh index 8abd1b894c..fe8d6d7521 100755 --- a/scripts/test_fuzzer.sh +++ b/scripts/test_fuzzer.sh @@ -54,11 +54,11 @@ do if [ -e ./Makefile.toml ] && grep -qF "skip_core_tasks = true" Makefile.toml; then echo "[*] Building $fuzzer (running tests is not supported in this context)" - cargo make build || exit 1 + just build || exit 1 echo "[+] Done building $fuzzer" elif [ -e ./Makefile.toml ]; then echo "[*] Testing $fuzzer" - cargo make test || exit 1 + just test || exit 1 echo "[+] Done testing $fuzzer" elif [ -e ./Justfile ]; then echo "[*] Testing $fuzzer" diff --git a/utils/gdb_qemu/Justfile b/utils/gdb_qemu/Justfile new file mode 100644 index 0000000000..e9d722330a --- /dev/null +++ b/utils/gdb_qemu/Justfile @@ -0,0 +1,31 @@ +import "../../just/libafl.just" + + +DEMO_TARGET := "powerpc-unknown-linux-gnu" +HOST_TARGET := "x86_64-unknown-linux-gnu" +DEMO_DIR := {{TARGET_DIR}}/{{DEMO_TARGET}}/"debug" +TARGET_DIR := {{TARGET_DIR}}/{{HOST_TARGET}}/"debug" +FUZZER_NAME := "" + +clean: + cargo clean + +format: + cargo fmt -- --emit=files + +demo: format + cargo build -p gdb_demo --profile {{PROFILE}} --target powerpc-unknown-linux-gnu + +run_demo: demo + cargo run -p gdb_demo --target powerpc-unknown-linux-gnu + +build: format + cargo build -p gdb_qemu --profile {{PROFILE}} + +run: demo + cargo run -p gdb_qemu --profile {{PROFILE}} -- -p 1234 -L trace -- qemu-ppc -L /usr/powerpc-linux-gnu -g 1234 {{DEMO_DIR}}/gdb_demo + +gdb: + gdb-multiarch -ex "set architecture powerpc:MPC8XX" -ex "set pagination off" -ex "set confirm off" -ex "file {{DEMO_DIR}}/gdb_demo" -ex "target remote | {{TARGET_DIR}}/gdb_qemu -p 1234 -L trace qemu-ppc -- -L /usr/powerpc-linux-gnu -g 1234 {{DEMO_DIR}}/gdb_demo" + +all: demo build diff --git a/utils/gdb_qemu/Makefile.toml b/utils/gdb_qemu/Makefile.toml deleted file mode 100644 index f2a7fd5f46..0000000000 --- a/utils/gdb_qemu/Makefile.toml +++ /dev/null @@ -1,88 +0,0 @@ -[config] -default_to_workspace = false - -[env] -DEMO_TARGET = "powerpc-unknown-linux-gnu" -HOST_TARGET = "x86_64-unknown-linux-gnu" -PROFILE = "dev" -DEMO_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${DEMO_TARGET}/debug" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${HOST_TARGET}/debug" - -[env.release] -PROFILE = "release" -DEMO_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${DEMO_TARGET}/release" -TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${HOST_TARGET}/release" - -[tasks.clean] -command = "cargo" -args = ["clean"] - -[tasks.format] -install_crate = "rustfmt" -command = "cargo" -args = ["fmt", "--", "--emit=files"] - -[tasks.demo] -dependencies = ["format", "clippy"] -command = "cargo" -args = [ - "build", - "-p", - "gdb_demo", - "--profile", - "${PROFILE}", - "--target", - "powerpc-unknown-linux-gnu", -] - -[tasks.run_demo] -dependencies = ["demo"] -command = "cargo" -args = ["run", "-p", "gdb_demo", "--target", "powerpc-unknown-linux-gnu"] - -[tasks.build] -dependencies = ["format", "clippy"] -command = "cargo" -args = ["build", "-p", "gdb_qemu", "--profile", "${PROFILE}"] - -[tasks.run] -command = "cargo" -dependencies = ["demo"] -args = [ - "run", - "-p", - "gdb_qemu", - "--profile", - "${PROFILE}", - "--", - "-p", - "1234", - "-L", - "trace", - "--", - "qemu-ppc", - "-L", - "/usr/powerpc-linux-gnu", - "-g", - "1234", - "${DEMO_DIR}/gdb_demo", -] - -[tasks.gdb] -command = "gdb-multiarch" -dependencies = ["demo", "build"] -args = [ - "-ex", - "set architecture powerpc:MPC8XX", - "-ex", - "set pagination off", - "-ex", - "set confirm off", - "-ex", - "file ${DEMO_DIR}/gdb_demo", - "-ex", - "target remote | ${TARGET_DIR}/gdb_qemu -p 1234 -L trace qemu-ppc -- -L /usr/powerpc-linux-gnu -g 1234 ${DEMO_DIR}/gdb_demo", -] - -[tasks.all] -dependencies = ["demo", "build"] diff --git a/utils/noaslr/Justfile b/utils/noaslr/Justfile new file mode 100644 index 0000000000..cabc6f39e9 --- /dev/null +++ b/utils/noaslr/Justfile @@ -0,0 +1,29 @@ +import "../../just/libafl.just" +FUZZER_NAME := "" + +clean: + cargo clean + +format: + cargo fmt -- --emit=files + +demo: format + cargo build -p noaslr_demo --profile {{PROFILE}} + +run_demo: demo + cargo run -p noaslr_demo + +build: format + cargo build -p noaslr --profile {{PROFILE}} + +buildlib: format + cargo build -p libnoaslr --profile {{PROFILE}} + +run: demo + cargo run -p noaslr --profile {{PROFILE}} -- {{BUILD_DIR}}/demo -- -f /proc/self/maps -- test + + +runlib: demo buildlib + LD_PRELOAD={{BUILD_DIR}}/libnoaslr.so cargo run -p noaslr_demo --profile {{PROFILE}} -- -f /proc/self/maps -- test + +all: demo build buildlib diff --git a/utils/noaslr/Makefile.toml b/utils/noaslr/Makefile.toml deleted file mode 100644 index ce1fed9b66..0000000000 --- a/utils/noaslr/Makefile.toml +++ /dev/null @@ -1,78 +0,0 @@ -[config] -default_to_workspace = false - -[env] -PROFILE = "dev" -BUILD_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/debug" - -[env.release] -PROFILE = "release" -BUILD_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/release" - -[tasks.clean] -command = "cargo" -args = ["clean"] - -[tasks.format] -install_crate = "rustfmt" -command = "cargo" -args = ["fmt", "--", "--emit=files"] - -[tasks.demo] -dependencies = ["format", "clippy"] -command = "cargo" -args = ["build", "-p", "demo", "--profile", "${PROFILE}"] - -[tasks.run_demo] -dependencies = ["demo"] -command = "cargo" -args = ["run", "-p", "demo"] - -[tasks.build] -dependencies = ["format", "clippy"] -command = "cargo" -args = ["build", "-p", "noaslr", "--profile", "${PROFILE}"] - -[tasks.buildlib] -dependencies = ["format", "clippy"] -command = "cargo" -args = ["build", "-p", "libnoaslr", "--profile", "${PROFILE}"] - -[tasks.run] -command = "cargo" -dependencies = ["demo"] -env = { "ZZZ_TEST_ZZZ" = "ZZZ TEST ZZZ" } -args = [ - "run", - "-p", - "noaslr", - "--profile", - "${PROFILE}", - "--", - "${BUILD_DIR}/demo", - "--", - "-f", - "/proc/self/maps", - "--", - "test", -] - -[tasks.runlib] -command = "cargo" -dependencies = ["demo", "buildlib"] -env = { "LD_PRELOAD" = "${BUILD_DIR}/libnoaslr.so", "ZZZ_TEST_ZZZ" = "ZZZ TEST ZZZ" } -args = [ - "run", - "-p", - "demo", - "--profile", - "${PROFILE}", - "--", - "-f", - "/proc/self/maps", - "--", - "test", -] - -[tasks.all] -dependencies = ["demo", "build", "buildlib"]