diff options
Diffstat (limited to 'infra/base-images/base-builder/compile_afl')
| -rw-r--r-- | infra/base-images/base-builder/compile_afl | 83 |
1 files changed, 59 insertions, 24 deletions
diff --git a/infra/base-images/base-builder/compile_afl b/infra/base-images/base-builder/compile_afl index 318eca44e..dc6624459 100644 --- a/infra/base-images/base-builder/compile_afl +++ b/infra/base-images/base-builder/compile_afl @@ -15,43 +15,78 @@ # ################################################################################ -echo "Compiling afl++" +# afl++ configuration options. +# The 'env|grep' setup ensures we do not trigger the linter. +# The variables need to be set to "1" here - or before running this script. -# Build and copy afl++ tools necessary for fuzzing. +# AFL++ settings. +export AFL_LLVM_MODE_WORKAROUND=0 +export AFL_ENABLE_DICTIONARY=0 + +# Start compiling afl++. +echo "Copying precompiled afl++" + +# Copy afl++ tools necessary for fuzzing. pushd $SRC/aflplusplus > /dev/null -# Unset CFLAGS and CXXFLAGS while building AFL since we don't want to slow it -# down with sanitizers. -INITIAL_CXXFLAGS=$CXXFLAGS -INITIAL_CFLAGS=$CFLAGS -unset CXXFLAGS -unset CFLAGS -make clean -AFL_NO_X86=1 PYTHON_INCLUDE=/ make -CFLAGS=$INITIAL_CFLAGS -CXXFLAGS=$INITIAL_CXXFLAGS - -# Build afl++ driver with existing CFLAGS, CXXFLAGS. -make -C utils/aflpp_driver -cp libAFLDriver.a $LIB_FUZZING_ENGINE +cp -f libAFLDriver.a $LIB_FUZZING_ENGINE # Some important projects include libraries, copy those even when they don't # start with "afl-". Use "sort -u" to avoid a warning about duplicates. ls afl-* *.txt *.a *.o *.so | sort -u | xargs cp -t $OUT -popd > /dev/null - export CC="$SRC/aflplusplus/afl-clang-fast" export CXX="$SRC/aflplusplus/afl-clang-fast++" # Set sane afl++ environment defaults: # Be quiet, otherwise this can break some builds. export AFL_QUIET=1 -# Several targets run their own tools, so ensure its working. -export AFL_MAP_SIZE=4194304 # No leak errors during builds. -export ASAN_OPTIONS="detect_leaks=0:symbolize=0" -# -# Placeholder for the upcoming afl++ build options roulette -# +export ASAN_OPTIONS="detect_leaks=0:symbolize=0:detect_odr_violation=0:abort_on_error=1" + +# AFL compile option roulette. It is OK if they all happen together. + +# 40% chance to perform CMPLOG +rm -f "$OUT/afl_cmplog.txt" +test $(($RANDOM % 10)) -lt 4 && { + export AFL_LLVM_CMPLOG=1 + touch "$OUT/afl_cmplog.txt" +} + +# 10% chance to perform LAF_INTEL +test $(($RANDOM % 10)) -lt 1 && { + export AFL_LLVM_LAF_ALL=1 +} + +# If the targets wants a dictionary - then create one. +test "$AFL_ENABLE_DICTIONARY" = "1" && { + export AFL_LLVM_DICT2FILE="$OUT/afl++.dict" +} + +# In case afl-clang-fast ever breaks, this is a workaround: +test "$AFL_LLVM_MODE_WORKAROUND" = "1" && { + export CC=clang + export CXX=clang++ + WORKAROUND_FLAGS=-fsanitize-coverage=trace-pc-guard + # We can still do CMPLOG light: + test -e "$OUT/afl_cmplog.txt" && { + WORKAROUND_FLAGS="$WORKAROUND_FLAGS",trace-cmp + } + export CFLAGS="$CFLAGS $WORKAROUND_FLAGS" + export CXXFLAGS="$CXXFLAGS $WORKAROUND_FLAGS" + unset AFL_LLVM_LAF_ALL + unset AFL_LLVM_DICT2FILE + unset AFL_ENABLE_DICTIONARY + # We need to create a new fuzzer lib however. + ar ru libAFLDrivernew.a afl-compiler-rt.o utils/aflpp_driver/aflpp_driver.o + cp -f libAFLDrivernew.a $LIB_FUZZING_ENGINE +} + +# Provide a way to document the afl++ options used in this build: +echo +echo afl++ target compilation setup: +env | grep AFL_ | tee "$OUT/afl_options.txt" +echo + +popd > /dev/null echo " done." |