test_8q.sh

#! /bin/bash

export AFL_TIMEOUT=20
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SECURITY_TRANSFORMS_HOME/lib/:. 
export AFL_SKIP_CPUFREQ=1
export AFL_SKIP_BIN_CHECK=1
export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1

TEST_SRC_DIR=$ZAFL_HOME/test/eightqueens

user=$(whoami)
session=/tmp/tmp.${user}.zafl.bc.$$

lowercase()
{
    echo "$1" | sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/"
}

unamestr=lowercase $(uname)

if [ "$unamestr" == 'centos' ]; then
    CENTOS_FOUND=1
    log_success "Found CentOS"
else
    CENTOS_FOUND=0
fi

if [ $CENTOS_FOUND ]; then
    ALIGN_ARG=""
    INLINE_ARG=""
    CLANG_STD_ARG=" -std=c++1y "
else
    ALIGN_ARG=" -malign-data=cacheline "
    INLINE_ARG=" -finline-functions "
    CLANG_STD_ARG=" -std=c++14 "
fi

cleanup()
{
	rm -fr $session
}

log_error()
{
	echo "TEST FAIL: $1"
	cleanup
	exit 1
}

log_message()
{
	echo "TEST  MSG: $1"
}

log_success()
{
	echo "TEST PASS: $1"
}

fuzz_with_zafl()
{
	queens_zafl=$1

	# setup AFL directories
	mkdir zafl_in
	echo "1" > zafl_in/1

	if [ -d zafl_out ]; then
		rm -fr zafl_out
	fi

	# run for 30 seconds
	timeout $AFL_TIMEOUT afl-fuzz -i zafl_in -o zafl_out -- $queens_zafl 
	if [ $? -eq 124 ]; then
		if [ ! -e zafl_out/fuzzer_stats ]; then
			log_error "$queens_zafl: something went wrong with afl -- no fuzzer stats file"
		fi

		cat zafl_out/fuzzer_stats
		execs_per_sec=$( grep execs_per_sec zafl_out/fuzzer_stats )
		log_success "$queens_zafl: $execs_per_sec"
	else
		log_error "$queens_zafl: unable to run with afl"
	fi

}

build_all_exes()
{
    rm -f *.ncexe
    gcc -m64 -fno-stack-protector -O1 -std=c99 -o eightqueens_c_O1.ncexe $TEST_SRC_DIR/eightqueens.c
    if [ $? -ne 0 ]; then
        log_error "C build failure for O1 optimization level"
    fi

    gcc -m64 -fno-stack-protector -Og -std=c99 -o eightqueens_c_Og.ncexe $TEST_SRC_DIR/eightqueens.c
    if [ $? -ne 0 ]; then
        log_error "C build failure for Og optimization level"
    fi

    gcc -m64 -fno-stack-protector -O3 -std=c99 -o eightqueens_c_O3.ncexe $TEST_SRC_DIR/eightqueens.c
    if [ $? -ne 0 ]; then
        log_error "C build failure for O3 optimization level"
    fi

    g++ -m64 -fno-stack-protector -O1 -std=c++1y -o eightqueens_cpp_O1.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for O1 optimization level"
    fi

    g++ -m64 -fno-stack-protector -Og -std=c++1y -o eightqueens_cpp_Og.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for Og optimization level"
    fi

    g++ -m64 -fno-stack-protector -O3 -std=c++1y -o eightqueens_cpp_O3.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for O3 optimization level"
    fi

    # Kitchen sink: tons of options at once.
    g++ -m64 -fno-stack-protector -falign-functions -falign-loops -falign-jumps -falign-labels -ffast-math -fomit-frame-pointer -funroll-all-loops $ALIGN_ARG -O3 -std=c++1y -o eightqueens_cpp_ks.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for O3 kitchen sink optimization level"
    fi
    
    clang -m64 -O1 -o eightqueens_c_clang_O1.ncexe $TEST_SRC_DIR/eightqueens.c
    if [ $? -ne 0 ]; then
        log_error "C build failure for clang O1 optimization level"
    fi

    clang -m64 -O2 -o eightqueens_c_clang_O2.ncexe $TEST_SRC_DIR/eightqueens.c
    if [ $? -ne 0 ]; then
        log_error "C build failure for clang O2 optimization level"
    fi

    clang -m64 -O3 -o eightqueens_c_clang_O3.ncexe $TEST_SRC_DIR/eightqueens.c
    if [ $? -ne 0 ]; then
        log_error "C build failure for clang O3 optimization level"
    fi

    clang++ -m64 -O1 -o eightqueens_cpp_clang_O1.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for clang O1 optimization level"
    fi

    clang++ -m64 -O2 -o eightqueens_cpp_clang_O2.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for clang O2 optimization level"
    fi

    clang++ -m64 -O3 -o eightqueens_cpp_clang_O3.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for clang O3 optimization level"
    fi

    # Kitchen sink: tons of options at once.
    clang++ -m64 -ffast-math -funroll-loops -pg $INLINE_ARG -O3 $CLANG_STD_ARG -o eightqueens_cpp_clang_ks.ncexe $TEST_SRC_DIR/eightqueens.cpp
    if [ $? -ne 0 ]; then
        log_error "C++ build failure for clang O3 kitchen sink optimization level"
    fi
    
    
    log_success "All builds of exes succeeded."
}

test_one_exe()
{
    test_exe=$1

# Run original binary early so that we can confirm valid build
#  happened before we invoke zafl.
    ./$test_exe > out.eightqueens.orig
    if [ $? -ne 0 ]; then
        log_error "Original run on $test_exe failed."
    fi

# Test sanity with zipr-only before zafl.sh is invoked.
    $PSZ ./$test_exe ./$test_exe.zipr -c rida
    if [ $? -ne 0 ]; then
        log_error "Zipr-only build of $test_exe failed."
    fi
    ./$test_exe.zipr > /dev/null
    if [ $? -ne 0 ]; then
        log_error "Zipr-only run of $test_exe failed."
    else
        log_success "Zipr-only run of $test_exe succeeded."
    fi


# build with graph optimization
    zafl.sh $test_exe $test_exe.stars.zafl.d.g.r.cs -d -g -c all --tempdir analysis.eightqueens.$test_exe.stars.zafl.d.g.r.cs -r 123 --enable-context-sensitivity function
    if [ $? -eq 0 ]; then
	     log_success "build $test_exe.stars.zafl.d.g.r.cs"
    else
	     log_error "build $test_exe.stars.zafl.d.g.r.cs"
    fi

# test functionality
    ./$test_exe.stars.zafl.d.g.r.cs > out.eightqueens.stars.zafl.d.g.r.cs
    if [ $? -ne 0 ]; then
        log_error "d.g.c run on $test_exe failed."
    fi
    diff out.eightqueens.orig out.eightqueens.stars.zafl.d.g.r.cs >/dev/null 2>&1
    if [ $? -eq 0 ]; then
	     log_success "$test_exe.stars.zafl.d.g.r.cs basic functionality"
    else
	     log_error "$test_exe.stars.zafl.d.g.r.cs basic functionality"
    fi

# Fuzz with AFL
    log_message "Fuzz for $AFL_TIMEOUT secs"
    fuzz_with_zafl $(realpath ./$test_exe.stars.zafl.d.g.r.cs)

#Do again with -D -G -C instead of -d -g -c
    zafl.sh $test_exe $test_exe.stars.zafl.D.G.r.cs -D -G -C all --tempdir analysis.eightqueens.$test_exe.stars.zafl.D.G.r.cs -r 123 --enable-context-sensitivity function
    if [ $? -eq 0 ]; then
	     log_success "build $test_exe.stars.zafl.D.G.r.cs"
    else
	     log_error "build $test_exe.stars.zafl.D.G.r.cs"
    fi

# test functionality
    ./$test_exe.stars.zafl.D.G.r.cs > out.eightqueens.stars.zafl.D.G.r.cs
    if [ $? -ne 0 ]; then
        log_error "D.G.C run on $test_exe failed."
    fi
    diff out.eightqueens.orig out.eightqueens.stars.zafl.D.G.r.cs >/dev/null 2>&1
    if [ $? -eq 0 ]; then
	     log_success "$test_exe.stars.zafl.D.G.r.cs basic functionality"
    else
	     log_error "$test_exe.stars.zafl.D.G.r.cs basic functionality"
    fi

# Fuzz with AFL
    log_message "Fuzz for $AFL_TIMEOUT secs"
    fuzz_with_zafl $(realpath ./$test_exe.stars.zafl.D.G.r.cs)
}

mkdir -p $session
pushd $session

build_all_exes

test_one_exe "eightqueens_c_O1.ncexe"
test_one_exe "eightqueens_c_Og.ncexe"
test_one_exe "eightqueens_c_O3.ncexe"
test_one_exe "eightqueens_cpp_O1.ncexe"
test_one_exe "eightqueens_cpp_Og.ncexe"
test_one_exe "eightqueens_cpp_O3.ncexe"
test_one_exe "eightqueens_cpp_ks.ncexe"

test_one_exe "eightqueens_c_clang_O1.ncexe"
test_one_exe "eightqueens_c_clang_O2.ncexe"
test_one_exe "eightqueens_c_clang_O3.ncexe"
test_one_exe "eightqueens_cpp_clang_O1.ncexe"
test_one_exe "eightqueens_cpp_clang_O2.ncexe"
test_one_exe "eightqueens_cpp_clang_O3.ncexe"
test_one_exe "eightqueens_cpp_clang_ks.ncexe"

popd

cleanup