Skip to content
Snippets Groups Projects
Commit 9371fe01 authored by Anh Nguyen-Tuong's avatar Anh Nguyen-Tuong
Browse files

Test zafl of main exec + lib on bc

parent 4fce7417
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
afl_transforms/tools/zafl/zafl.cpp
+ 2
0
View file @ 9371fe01
...@@ -504,12 +504,14 @@ void Zafl_t::setupForkServer() ...@@ -504,12 +504,14 @@ void Zafl_t::setupForkServer()
{ {
insertForkServer("main"); insertForkServer("main");
} }
#ifdef NOT_YET_SUPPORTED
else else
{ {
// if no main then use autozafl, which automatically sets up a fork server // if no main then use autozafl, which automatically sets up a fork server
auto ed=ElfDependencies_t(getFileIR()); auto ed=ElfDependencies_t(getFileIR());
(void)ed.appendLibraryDepedencies("libautozafl.so"); (void)ed.appendLibraryDepedencies("libautozafl.so");
} }
#endif
} }
} }
......
test/bc/test_bc.sh 0 → 100755
+ 79
0
View file @ 9371fe01
export AFL_TIMEOUT=60
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SECURITY_TRANSFORMS_HOME/lib/:.
session=/tmp/tmp.bc.$$
cleanup()
{
rm -fr /tmp/gzip.tmp* gzip*.zafl peasoup_exec*.gzip* zafl_in zafl_out $session
}
log_error()
{
echo "TEST FAIL: $1"
cleanup
exit 1
}
log_message()
{
echo "TEST MSG: $1"
}
log_success()
{
echo "TEST PASS: $1"
}
fuzz_with_zafl()
{
bc_zafl=$1
# setup AFL directories
mkdir zafl_in
echo "1" > zafl_in/1
# run for 30 seconds
timeout $AFL_TIMEOUT afl-fuzz -i zafl_in -o zafl_out -- $bc_zafl
if [ $? -eq 124 ]; then
if [ ! -e zafl_out/fuzzer_stats ]; then
log_error "$bc_zafl: something went wrong with afl -- no fuzzer stats file"
fi
cat zafl_out/fuzzer_stats
execs_per_sec=$( grep execs_per_sec zafl_out/fuzzer_stats )
log_success "$bc_zafl: $execs_per_sec"
else
log_error "$bc_zafl: unable to run with afl"
fi
}
mkdir $session
pushd $session
# build ZAFL version of bc executable
$PSZ `which bc` bc.stars.zafl -c move_globals=on -c zafl=on -o move_globals:--elftables -o zipr:--traceplacement:on -o zipr:true -o zipr:--stars
if [ $? -eq 0 ]; then
log_success "build bc.stars.zafl"
else
log_error "build bc.stars.zafl"
fi
# build ZAFL version of readline shared library
readline=$( ldd `which bc` | grep libreadline | cut -d'>' -f2 | cut -d'(' -f1 )
readline_basename=$( basename $readline )
readline_realpath=$( realpath $readline )
echo "basename: $readline_basename realpath: $readline_realpath"
$PSZ $readline_realpath $readline_basename -c move_globals=on -c zafl=on -o move_globals:--elftables -o zipr:--traceplacement:on -o zipr:true -o zipr:--stars
if [ $? -eq 0 ]; then
log_success "build zafl version of $readline_basename at $readline_realpath"
else
log_error "build zafl version of $readline_basename at $readline_realpath"
fi
ls -lt
fuzz_with_zafl $(realpath ./bc.stars.zafl)
popd
test/gzip/test_gzip.sh
+ 38
9
View file @ 9371fe01
TMP_FILE_1=/tmp/gzip.tmp.$$ TMP_FILE_1=/tmp/gzip.tmp.$$
TMP_FILE_2=/tmp/gzip.tmp.$$ TMP_FILE_2=/tmp/gzip.tmp.$$
AFL_TIMEOUT=3000
cleanup() cleanup()
{ {
rm -fr /tmp/gzip.tmp* gzip*.zafl peasoup_exec*.gzip* rm -fr /tmp/gzip.tmp* gzip*.zafl peasoup_exec*.gzip* zafl_in zafl_out
} }
log_error() log_error()
...@@ -60,8 +61,34 @@ test_zafl() ...@@ -60,8 +61,34 @@ test_zafl()
fi fi
} }
fuzz_with_zafl()
{
gzip_zafl=$1
# setup AFL directories
mkdir zafl_in
echo "1" > zafl_in/1
# run for 30 seconds
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$SECURITY_TRANSFORMS_HOME/lib/ timeout $AFL_TIMEOUT afl-fuzz -i zafl_in -o zafl_out -- $gzip_zafl -f
if [ $? -eq 124 ]; then
if [ ! -e zafl_out/fuzzer_stats ]; then
log_error "$gzip_zafl: something went wrong with afl -- no fuzzer stats file"
fi
cat zafl_out/fuzzer_stats
execs_per_sec=$( grep execs_per_sec zafl_out/fuzzer_stats )
log_success "$gzip_zafl: $execs_per_sec"
else
log_error "$gzip_zafl: unable to run with afl"
fi
}
pushd /tmp pushd /tmp
cleanup
# test setting of entry point via address # test setting of entry point via address
setup setup
ep=$( objdump -Mintel -d /bin/gzip | grep text | grep -v -i disassembly | cut -d' ' -f1 | sed 's/^00000000//g' ) ep=$( objdump -Mintel -d /bin/gzip | grep text | grep -v -i disassembly | cut -d' ' -f1 | sed 's/^00000000//g' )
...@@ -75,14 +102,6 @@ build_zafl gzip.entrypoint.zafl -o "zafl:--entrypoint=main" ...@@ -75,14 +102,6 @@ build_zafl gzip.entrypoint.zafl -o "zafl:--entrypoint=main"
test_zafl ./gzip.entrypoint.zafl --best test_zafl ./gzip.entrypoint.zafl --best
cleanup cleanup
# test STARS version
setup
build_zafl gzip.stars.zafl -o zafl:--stars
test_zafl ./gzip.stars.zafl
test_zafl ./gzip.stars.zafl --fast
test_zafl ./gzip.stars.zafl --best
cleanup
# test non-STARS version # test non-STARS version
setup setup
build_zafl gzip.nostars.zafl build_zafl gzip.nostars.zafl
...@@ -91,6 +110,16 @@ test_zafl ./gzip.nostars.zafl --fast ...@@ -91,6 +110,16 @@ test_zafl ./gzip.nostars.zafl --fast
test_zafl ./gzip.nostars.zafl --best test_zafl ./gzip.nostars.zafl --best
cleanup cleanup
# test STARS version
setup
build_zafl gzip.stars.zafl -o zafl:--stars
test_zafl ./gzip.stars.zafl
test_zafl ./gzip.stars.zafl --fast
test_zafl ./gzip.stars.zafl --best
# test STARS version on AFL
fuzz_with_zafl ./gzip.stars.zafl
cleanup
log_success "all tests passed: zafl instrumentation operational on gzip" log_success "all tests passed: zafl instrumentation operational on gzip"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment