new afl++ variants (google#269)

Co-authored-by: Andrea Fioraldi <[email protected]>
arya772 · Apr 27, 2020 · 95e39a6 · 95e39a6
1 parent 980b0a6
commit 95e39a6
Show file tree

Hide file tree

Showing 36 changed files with 836 additions and 19 deletions.
diff --git a/.github/workflows/fuzzers.yml b/.github/workflows/fuzzers.yml
@@ -19,6 +19,16 @@ jobs:
           - aflplusplus_mopt
           - aflplusplus_cmplog
           - aflplusplus_instrim
+          - aflplusplus_instrim_coe
+          - aflplusplus_instrim_mopt2
+          - aflplusplus_ngram3
+          - aflplusplus_ngram4_17
+          - aflplusplus_ngram4_18
+          - aflplusplus_ngram4_coe
+          - aflplusplus_ngram5
+          - aflplusplus_ctx_17
+          - aflplusplus_ctx_18
+          - aflplusplus_ctx_coe
           - aflsmart
           - eclipser
           - entropic

diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile
@@ -24,7 +24,7 @@ RUN apt-get update && \
 # Set AFL_NO_X86 to skip flaky tests.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
     cd /afl && git checkout dev && \
-    git checkout 16ce55584512274804eadd71b4790be3d1bfbf97 && \
+    git checkout b3e77d3d500ea3c462b3eacdc338d57796f37c5d && \
     AFL_NO_X86=1 make PYTHON_INCLUDE=/ && \
     cd llvm_mode && CXXFLAGS= make
 

diff --git a/fuzzers/aflplusplus/fuzzer.py b/fuzzers/aflplusplus/fuzzer.py
@@ -27,7 +27,7 @@ def get_cmplog_build_directory(target_directory):
     return os.path.join(target_directory, 'cmplog')
 
 
-def build(*args):
+def build(*args):  # pylint: disable=too-many-branches,too-many-statements
     """Build benchmark."""
     # BUILD_MODES is not already supported by fuzzbench, meanwhile we provide
     # a default configuration.
@@ -37,34 +37,45 @@ def build(*args):
 
     # Enable context sentitivity for LLVM mode
     if 'ctx' in build_modes:
-        os.environ['AFL_LLVM_CTX'] = '1'
-
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'CTX'
     # Enable N-gram coverage for LLVM mode
-    if 'ngram2' in build_modes:
-        os.environ['AFL_LLVM_NGRAM_SIZE'] = '2'
+    elif 'ngram2' in build_modes:
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'NGRAM-2'
+    elif 'ngram3' in build_modes:
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'NGRAM-3'
     elif 'ngram4' in build_modes:
-        os.environ['AFL_LLVM_NGRAM_SIZE'] = '4'
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'NGRAM-4'
+    elif 'ngram5' in build_modes:
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'NGRAM-5'
+    elif 'ngram6' in build_modes:
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'NGRAM-6'
     elif 'ngram8' in build_modes:
-        os.environ['AFL_LLVM_NGRAM_SIZE'] = '8'
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'NGRAM-8'
     elif 'ngram16' in build_modes:
-        os.environ['AFL_LLVM_NGRAM_SIZE'] = '16'
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'NGRAM-16'
+    elif 'instrim' in build_modes:
+        # I avoid to put also AFL_LLVM_INSTRIM_LOOPHEAD
+        os.environ['AFL_LLVM_INSTRUMENTATION'] = 'CFG'
+        os.environ['AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK'] = '1'
 
     if 'qemu' in build_modes:
         os.environ['CC'] = 'clang'
         os.environ['CXX'] = 'clang++'
+    elif 'lto' in build_modes:
+        os.environ['CC'] = '/afl/afl-clang-lto'
+        os.environ['CXX'] = '/afl/afl-clang-lto++'
     else:
         os.environ['CC'] = '/afl/afl-clang-fast'
         os.environ['CXX'] = '/afl/afl-clang-fast++'
 
-        if 'laf' in build_modes:
-            os.environ['AFL_LLVM_LAF_SPLIT_SWITCHES'] = '1'
+    if 'laf' in build_modes:
+        os.environ['AFL_LLVM_LAF_SPLIT_SWITCHES'] = '1'
+        os.environ['AFL_LLVM_LAF_SPLIT_COMPARES'] = '1'
+        if 'autodict' not in build_modes:
             os.environ['AFL_LLVM_LAF_TRANSFORM_COMPARES'] = '1'
-            os.environ['AFL_LLVM_LAF_SPLIT_COMPARES'] = '1'
 
-        if 'instrim' in build_modes:
-            # I avoid to put also AFL_LLVM_INSTRIM_LOOPHEAD
-            os.environ['AFL_LLVM_INSTRIM'] = '1'
-            os.environ['AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK'] = '1'
+    if 'autodict' in build_modes:
+        os.environ['AFL_LLVM_LTO_AUTODICTIONARY'] = '1'
 
     os.environ['FUZZER_LIB'] = '/libAFLDriver.a'
 

diff --git a/fuzzers/aflplusplus_cmplog/builder.Dockerfile b/fuzzers/aflplusplus_cmplog/builder.Dockerfile
@@ -24,7 +24,7 @@ RUN apt-get update && \
 # Set AFL_NO_X86 to skip flaky tests.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
     cd /afl && git checkout dev && \
-    git checkout 16ce55584512274804eadd71b4790be3d1bfbf97 && \
+    git checkout b3e77d3d500ea3c462b3eacdc338d57796f37c5d && \
     AFL_NO_X86=1 make PYTHON_INCLUDE=/ && \
     cd llvm_mode && CXXFLAGS= make
 

diff --git a/fuzzers/aflplusplus_ctx_17/builder.Dockerfile b/fuzzers/aflplusplus_ctx_17/builder.Dockerfile
@@ -0,0 +1,36 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG parent_image=gcr.io/fuzzbench/base-builder
+FROM $parent_image
+
+# Install wget to download afl_driver.cpp. Install libstdc++ to use llvm_mode.
+RUN apt-get update && \
+    apt-get install wget libstdc++-5-dev -y
+
+# Download and compile afl++ (v2.62d).
+# Build without Python support as we don't need it.
+# Set AFL_NO_X86 to skip flaky tests.
+RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
+    cd /afl && \
+    git checkout b3e77d3d500ea3c462b3eacdc338d57796f37c5d && \
+    sed -i 's/.*define MAP_SIZE_POW2.*/#define MAP_SIZE_POW2 17/g' include/config.h  && \ 
+    AFL_NO_X86=1 make PYTHON_INCLUDE=/ && \
+    cd libdislocator && make && cd .. && \
+    cd llvm_mode && CXXFLAGS= make
+
+# Use afl_driver.cpp from LLVM as our fuzzing library.
+RUN wget https://raw.githubusercontent.com/llvm/llvm-project/5feb80e748924606531ba28c97fe65145c65372e/compiler-rt/lib/fuzzer/afl/afl_driver.cpp -O /afl/afl_driver.cpp && \
+    clang++ -stdlib=libc++ -std=c++11 -O2 -c /afl/afl_driver.cpp && \
+    ar ru /libAFLDriver.a *.o
diff --git a/fuzzers/aflplusplus_ctx_17/fuzzer.py b/fuzzers/aflplusplus_ctx_17/fuzzer.py
@@ -0,0 +1,28 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Integration code for AFLplusplus fuzzer."""
+
+from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer
+
+# OUT environment variable is the location of build directory (default is /out).
+
+
+def build():
+    """Build benchmark."""
+    aflplusplus_fuzzer.build("ctx")
+
+
+def fuzz(input_corpus, output_corpus, target_binary):
+    """Run fuzzer."""
+    aflplusplus_fuzzer.fuzz(input_corpus, output_corpus, target_binary)
diff --git a/fuzzers/aflplusplus_ctx_17/runner.Dockerfile b/fuzzers/aflplusplus_ctx_17/runner.Dockerfile
@@ -0,0 +1,15 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/fuzzbench/base-runner
diff --git a/fuzzers/aflplusplus_ctx_18/builder.Dockerfile b/fuzzers/aflplusplus_ctx_18/builder.Dockerfile
@@ -0,0 +1,36 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG parent_image=gcr.io/fuzzbench/base-builder
+FROM $parent_image
+
+# Install wget to download afl_driver.cpp. Install libstdc++ to use llvm_mode.
+RUN apt-get update && \
+    apt-get install wget libstdc++-5-dev -y
+
+# Download and compile afl++ (v2.62d).
+# Build without Python support as we don't need it.
+# Set AFL_NO_X86 to skip flaky tests.
+RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
+    cd /afl && \
+    git checkout b3e77d3d500ea3c462b3eacdc338d57796f37c5d && \
+    sed -i 's/.*define MAP_SIZE_POW2.*/#define MAP_SIZE_POW2 18/g' include/config.h  && \ 
+    AFL_NO_X86=1 make PYTHON_INCLUDE=/ && \
+    cd libdislocator && make && cd .. && \
+    cd llvm_mode && CXXFLAGS= make
+
+# Use afl_driver.cpp from LLVM as our fuzzing library.
+RUN wget https://raw.githubusercontent.com/llvm/llvm-project/5feb80e748924606531ba28c97fe65145c65372e/compiler-rt/lib/fuzzer/afl/afl_driver.cpp -O /afl/afl_driver.cpp && \
+    clang++ -stdlib=libc++ -std=c++11 -O2 -c /afl/afl_driver.cpp && \
+    ar ru /libAFLDriver.a *.o
diff --git a/fuzzers/aflplusplus_ctx_18/fuzzer.py b/fuzzers/aflplusplus_ctx_18/fuzzer.py
@@ -0,0 +1,28 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Integration code for AFLplusplus fuzzer."""
+
+from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer
+
+# OUT environment variable is the location of build directory (default is /out).
+
+
+def build():
+    """Build benchmark."""
+    aflplusplus_fuzzer.build("ctx")
+
+
+def fuzz(input_corpus, output_corpus, target_binary):
+    """Run fuzzer."""
+    aflplusplus_fuzzer.fuzz(input_corpus, output_corpus, target_binary)
diff --git a/fuzzers/aflplusplus_ctx_18/runner.Dockerfile b/fuzzers/aflplusplus_ctx_18/runner.Dockerfile
@@ -0,0 +1,15 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/fuzzbench/base-runner
diff --git a/fuzzers/aflplusplus_ctx_coe/builder.Dockerfile b/fuzzers/aflplusplus_ctx_coe/builder.Dockerfile
@@ -0,0 +1,35 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG parent_image=gcr.io/fuzzbench/base-builder
+FROM $parent_image
+
+# Install wget to download afl_driver.cpp. Install libstdc++ to use llvm_mode.
+RUN apt-get update && \
+    apt-get install wget libstdc++-5-dev -y
+
+# Download and compile afl++ (v2.62d).
+# Build without Python support as we don't need it.
+# Set AFL_NO_X86 to skip flaky tests.
+RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
+    cd /afl && \
+    git checkout b3e77d3d500ea3c462b3eacdc338d57796f37c5d && \
+    AFL_NO_X86=1 make PYTHON_INCLUDE=/ && \
+    cd libdislocator && make && cd .. && \
+    cd llvm_mode && CXXFLAGS= make
+
+# Use afl_driver.cpp from LLVM as our fuzzing library.
+RUN wget https://raw.githubusercontent.com/llvm/llvm-project/5feb80e748924606531ba28c97fe65145c65372e/compiler-rt/lib/fuzzer/afl/afl_driver.cpp -O /afl/afl_driver.cpp && \
+    clang++ -stdlib=libc++ -std=c++11 -O2 -c /afl/afl_driver.cpp && \
+    ar ru /libAFLDriver.a *.o
diff --git a/fuzzers/aflplusplus_ctx_coe/fuzzer.py b/fuzzers/aflplusplus_ctx_coe/fuzzer.py
@@ -0,0 +1,31 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Integration code for AFLplusplus fuzzer."""
+
+from fuzzers.aflplusplus import fuzzer as aflplusplus_fuzzer
+
+# OUT environment variable is the location of build directory (default is /out).
+
+
+def build():
+    """Build benchmark."""
+    aflplusplus_fuzzer.build("ctx")
+
+
+def fuzz(input_corpus, output_corpus, target_binary):
+    """Run fuzzer."""
+    aflplusplus_fuzzer.fuzz(input_corpus,
+                            output_corpus,
+                            target_binary,
+                            flags=("-p", "coe"))
diff --git a/fuzzers/aflplusplus_ctx_coe/runner.Dockerfile b/fuzzers/aflplusplus_ctx_coe/runner.Dockerfile
@@ -0,0 +1,15 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/fuzzbench/base-runner
diff --git a/fuzzers/aflplusplus_instrim/builder.Dockerfile b/fuzzers/aflplusplus_instrim/builder.Dockerfile
@@ -24,7 +24,7 @@ RUN apt-get update && \
 # Set AFL_NO_X86 to skip flaky tests.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
     cd /afl && \
-    git checkout 16ce55584512274804eadd71b4790be3d1bfbf97 && \
+    git checkout b3e77d3d500ea3c462b3eacdc338d57796f37c5d && \
     AFL_NO_X86=1 make PYTHON_INCLUDE=/ && \
     cd libdislocator && make && cd .. && \
     cd llvm_mode && CXXFLAGS= make

diff --git a/fuzzers/aflplusplus_instrim_coe/builder.Dockerfile b/fuzzers/aflplusplus_instrim_coe/builder.Dockerfile
@@ -0,0 +1,35 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG parent_image=gcr.io/fuzzbench/base-builder
+FROM $parent_image
+
+# Install wget to download afl_driver.cpp. Install libstdc++ to use llvm_mode.
+RUN apt-get update && \
+    apt-get install wget libstdc++-5-dev -y
+
+# Download and compile afl++ (v2.62d).
+# Build without Python support as we don't need it.
+# Set AFL_NO_X86 to skip flaky tests.
+RUN git clone https://github.com/AFLplusplus/AFLplusplus.git /afl && \
+    cd /afl && \
+    git checkout b3e77d3d500ea3c462b3eacdc338d57796f37c5d && \
+    AFL_NO_X86=1 make PYTHON_INCLUDE=/ && \
+    cd libdislocator && make && cd .. && \
+    cd llvm_mode && CXXFLAGS= make
+
+# Use afl_driver.cpp from LLVM as our fuzzing library.
+RUN wget https://raw.githubusercontent.com/llvm/llvm-project/5feb80e748924606531ba28c97fe65145c65372e/compiler-rt/lib/fuzzer/afl/afl_driver.cpp -O /afl/afl_driver.cpp && \
+    clang++ -stdlib=libc++ -std=c++11 -O2 -c /afl/afl_driver.cpp && \
+    ar ru /libAFLDriver.a *.o