mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 19:08:08 +00:00
test.sh with -no-pie
This commit is contained in:
van Hauser
18
Makefile
18
Makefile
@ -151,6 +151,18 @@ ifdef STATIC
|
|||||||
LDFLAGS += -lm -lpthread -lz -lutil
|
LDFLAGS += -lm -lpthread -lz -lutil
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
ifdef ASAN_BUILD
|
||||||
|
$(info Compiling ASAN version of binaries)
|
||||||
|
CFLAGS+=-fsanitize=address
|
||||||
|
LDFLAGS+=-fsanitize=address
|
||||||
|
endif
|
||||||
|
|
||||||
|
ifdef PROFILING
|
||||||
|
$(info Compiling profiling version of binaries)
|
||||||
|
CFLAGS+=-pg
|
||||||
|
LDFLAGS+=-pg
|
||||||
|
endif
|
||||||
|
|
||||||
ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1"
|
ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1"
|
||||||
SHMAT_OK=1
|
SHMAT_OK=1
|
||||||
else
|
else
|
||||||
@ -165,11 +177,6 @@ ifeq "$(TEST_MMAP)" "1"
|
|||||||
LDFLAGS+=-Wno-deprecated-declarations
|
LDFLAGS+=-Wno-deprecated-declarations
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef ASAN_BUILD
|
|
||||||
CFLAGS+=-fsanitize=address
|
|
||||||
LDFLAGS+=-fsanitize=address
|
|
||||||
endif
|
|
||||||
|
|
||||||
all: test_x86 test_shm test_python ready $(PROGS) afl-as test_build all_done
|
all: test_x86 test_shm test_python ready $(PROGS) afl-as test_build all_done
|
||||||
|
|
||||||
man: $(MANPAGES)
|
man: $(MANPAGES)
|
||||||
@ -208,6 +215,7 @@ help:
|
|||||||
@echo "=========================================="
|
@echo "=========================================="
|
||||||
@echo STATIC - compile AFL++ static
|
@echo STATIC - compile AFL++ static
|
||||||
@echo ASAN_BUILD - compiles with memory sanitizer for debug purposes
|
@echo ASAN_BUILD - compiles with memory sanitizer for debug purposes
|
||||||
|
@echo PROFILING - compile afl-fuzz with profiling information
|
||||||
@echo AFL_NO_X86 - if compiling on non-intel/amd platforms
|
@echo AFL_NO_X86 - if compiling on non-intel/amd platforms
|
||||||
@echo "=========================================="
|
@echo "=========================================="
|
||||||
@echo e.g.: make ASAN_BUILD=1
|
@echo e.g.: make ASAN_BUILD=1
|
||||||
|
|||||||
@ -174,6 +174,7 @@ These build options exist:
|
|||||||
|
|
||||||
* STATIC - compile AFL++ static
|
* STATIC - compile AFL++ static
|
||||||
* ASAN_BUILD - compiles with memory sanitizer for debug purposes
|
* ASAN_BUILD - compiles with memory sanitizer for debug purposes
|
||||||
|
* PROFILING - compile with profiling information (gprof)
|
||||||
* AFL_NO_X86 - if compiling on non-intel/amd platforms
|
* AFL_NO_X86 - if compiling on non-intel/amd platforms
|
||||||
* LLVM_CONFIG - if your distro doesn't use the standard name for llvm-config (e.g. Debian)
|
* LLVM_CONFIG - if your distro doesn't use the standard name for llvm-config (e.g. Debian)
|
||||||
|
|
||||||
|
|||||||
@ -118,6 +118,9 @@ extern s16 interesting_16[INTERESTING_8_LEN + INTERESTING_16_LEN];
|
|||||||
extern s32
|
extern s32
|
||||||
interesting_32[INTERESTING_8_LEN + INTERESTING_16_LEN + INTERESTING_32_LEN];
|
interesting_32[INTERESTING_8_LEN + INTERESTING_16_LEN + INTERESTING_32_LEN];
|
||||||
|
|
||||||
|
extern u32 bmcnt, initcnt, one1cnt, one2cnt, runcnt;
|
||||||
|
|
||||||
|
|
||||||
struct queue_entry {
|
struct queue_entry {
|
||||||
|
|
||||||
u8 *fname; /* File name for the test case */
|
u8 *fname; /* File name for the test case */
|
||||||
|
|||||||
@ -578,6 +578,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
|
|||||||
/* Try to calibrate inline; this also calls update_bitmap_score() when
|
/* Try to calibrate inline; this also calls update_bitmap_score() when
|
||||||
successful. */
|
successful. */
|
||||||
|
|
||||||
|
bmcnt++;
|
||||||
res = calibrate_case(afl, afl->queue_top, mem, afl->queue_cycle - 1, 0);
|
res = calibrate_case(afl, afl->queue_top, mem, afl->queue_cycle - 1, 0);
|
||||||
|
|
||||||
if (res == FAULT_ERROR) FATAL("Unable to execute target application");
|
if (res == FAULT_ERROR) FATAL("Unable to execute target application");
|
||||||
|
|||||||
@ -38,6 +38,8 @@ u8 *doc_path = NULL; /* gath to documentation dir */
|
|||||||
|
|
||||||
/* Initialize MOpt "globals" for this afl state */
|
/* Initialize MOpt "globals" for this afl state */
|
||||||
|
|
||||||
|
u32 bmcnt, initcnt, one1cnt, one2cnt, runcnt;
|
||||||
|
|
||||||
static void init_mopt_globals(afl_state_t *afl) {
|
static void init_mopt_globals(afl_state_t *afl) {
|
||||||
|
|
||||||
MOpt_globals_t *core = &afl->mopt_globals_core;
|
MOpt_globals_t *core = &afl->mopt_globals_core;
|
||||||
|
|||||||
@ -473,6 +473,7 @@ void perform_dry_run(afl_state_t *afl) {
|
|||||||
|
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
|
initcnt++;
|
||||||
res = calibrate_case(afl, q, use_mem, 0, 1);
|
res = calibrate_case(afl, q, use_mem, 0, 1);
|
||||||
ck_free(use_mem);
|
ck_free(use_mem);
|
||||||
|
|
||||||
|
|||||||
@ -442,6 +442,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
|
|||||||
|
|
||||||
if (afl->queue_cur->cal_failed < CAL_CHANCES) {
|
if (afl->queue_cur->cal_failed < CAL_CHANCES) {
|
||||||
|
|
||||||
|
one1cnt++;
|
||||||
res =
|
res =
|
||||||
calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0);
|
calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0);
|
||||||
|
|
||||||
@ -2460,6 +2461,7 @@ u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
|
|||||||
|
|
||||||
if (afl->queue_cur->cal_failed < CAL_CHANCES) {
|
if (afl->queue_cur->cal_failed < CAL_CHANCES) {
|
||||||
|
|
||||||
|
one2cnt++;
|
||||||
res =
|
res =
|
||||||
calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0);
|
calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0);
|
||||||
|
|
||||||
|
|||||||
@ -303,6 +303,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
|
|||||||
trying to calibrate already-added finds. This helps avoid trouble due
|
trying to calibrate already-added finds. This helps avoid trouble due
|
||||||
to intermittent latency. */
|
to intermittent latency. */
|
||||||
|
|
||||||
|
runcnt++;
|
||||||
|
|
||||||
if (!from_queue || afl->resuming_fuzz)
|
if (!from_queue || afl->resuming_fuzz)
|
||||||
use_tmout = MAX(afl->fsrv.exec_tmout + CAL_TMOUT_ADD,
|
use_tmout = MAX(afl->fsrv.exec_tmout + CAL_TMOUT_ADD,
|
||||||
afl->fsrv.exec_tmout * CAL_TMOUT_PERC / 100);
|
afl->fsrv.exec_tmout * CAL_TMOUT_PERC / 100);
|
||||||
|
|||||||
@ -1196,6 +1196,8 @@ stop_fuzzing:
|
|||||||
|
|
||||||
OKF("We're done here. Have a nice day!\n");
|
OKF("We're done here. Have a nice day!\n");
|
||||||
|
|
||||||
|
printf("%u %u %u %u %u\n", bmcnt, initcnt, one1cnt, one2cnt, runcnt);
|
||||||
|
|
||||||
exit(0);
|
exit(0);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
10
test/test.sh
10
test/test.sh
@ -653,7 +653,7 @@ test -e ../libradamsa.so && {
|
|||||||
|
|
||||||
$ECHO "$BLUE[*] Testing: qemu_mode"
|
$ECHO "$BLUE[*] Testing: qemu_mode"
|
||||||
test -e ../afl-qemu-trace && {
|
test -e ../afl-qemu-trace && {
|
||||||
gcc -pie -fPIE -o test-instr ../test-instr.c
|
gcc -no-pie -fPIE -o test-instr ../test-instr.c
|
||||||
gcc -o test-compcov test-compcov.c
|
gcc -o test-compcov test-compcov.c
|
||||||
test -e test-instr -a -e test-compcov && {
|
test -e test-instr -a -e test-compcov && {
|
||||||
{
|
{
|
||||||
@ -678,8 +678,8 @@ test -e ../afl-qemu-trace && {
|
|||||||
$ECHO "$GREY[*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds"
|
$ECHO "$GREY[*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds"
|
||||||
{
|
{
|
||||||
{
|
{
|
||||||
export AFL_ENTRYPOINT=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//')`
|
export AFL_ENTRYPOINT=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' )`
|
||||||
$ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(m test-instr | grep "T main") - $(file ./test-instr)
|
#$ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(nm test-instr | grep "T main") - $(file ./test-instr)
|
||||||
../afl-fuzz -m ${MEM_LIMIT} -V2 -Q -i in -o out -- ./test-instr
|
../afl-fuzz -m ${MEM_LIMIT} -V2 -Q -i in -o out -- ./test-instr
|
||||||
unset AFL_ENTRYPOINT
|
unset AFL_ENTRYPOINT
|
||||||
} >>errors 2>&1
|
} >>errors 2>&1
|
||||||
@ -727,9 +727,9 @@ test -e ../afl-qemu-trace && {
|
|||||||
test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && {
|
test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && {
|
||||||
$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds"
|
$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds"
|
||||||
{
|
{
|
||||||
export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//')`
|
export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' )`
|
||||||
export AFL_QEMU_PERSISTENT_GPR=1
|
export AFL_QEMU_PERSISTENT_GPR=1
|
||||||
$ECHO "Info: AFL_QEMU_PERSISTENT_ADDR=$AFL_QEMU_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')"
|
#$ECHO "Info: AFL_QEMU_PERSISTENT_ADDR=$AFL_QEMU_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')"
|
||||||
file test-instr
|
file test-instr
|
||||||
../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-instr
|
../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-instr
|
||||||
unset AFL_QEMU_PERSISTENT_ADDR
|
unset AFL_QEMU_PERSISTENT_ADDR
|
||||||
|
|||||||
Reference in New Issue
Block a user