search

AngoraFuzzer / Angora

Angora is a mutation-based fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.
Apache License 2.0
917 stars 166 forks source link

link errors when running angora #12

Closed hexcoder- closed 5 years ago

hexcoder- commented 5 years ago

Using Ubuntu 16.04 I wanted to run the tests with my new shiny angora docker image (built log appended), so I did docker run -it --rm angora /bin/bash under the Angora directory. Then cd /angora/tests and ./test.sh alloca. This failed with

+ BUILD_TYPE=debug
+ num_jobs=1
+ sync_afl=
+ LOG_TYPE=angora
+ [ ! -z ]
+ envs=RUST_BACKTRACE=1 RUST_LOG=angora
+ fuzzer=../target/debug/fuzzer
+ input=./input
+ output=./output
+ [ 1 -ne 1 ]
+ [ -d alloca ]
+ rm -rf ./output
+ name=alloca
+ echo Compile...
Compile...
+ target=alloca/alloca
+ rm -f alloca/alloca.fast alloca/alloca.cmp alloca/alloca.taint
+ bin_dir=../bin/
+ USE_FAST=1 ../bin//angora-clang alloca/alloca.c -lz -o alloca/alloca.fast
error: unable to load plugin '../bin//unfold-branch-pass.so': '../bin//unfold-branch-pass.so: undefined symbol:
      _ZN4llvm6Module19getOrInsertFunctionENS_9StringRefEPNS_12FunctionTypeENS_13AttributeListE'
error: unable to load plugin '../bin//angora-llvm-pass.so': '../bin//angora-llvm-pass.so: undefined symbol:
      _ZN4llvm6Module19getOrInsertFunctionENS_9StringRefEPNS_12FunctionTypeENS_13AttributeListE'
clang (LLVM option parsing): Unknown command line argument '-angora-dfsan-abilist=../bin//angora_abilist.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-dfsan-abilist=../bin//angora_abilist.txt'?
clang (LLVM option parsing): Unknown command line argument '-angora-dfsan-abilist=../bin//dfsan_abilist.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-dfsan-abilist=../bin//dfsan_abilist.txt'?
clang (LLVM option parsing): Unknown command line argument '-angora-exploitation-list=../bin//exploitation_list.txt'.  Try: 'clang (LLVM option parsing) -help'
clang (LLVM option parsing): Did you mean '-precise-rotation-cost=../bin//exploitation_list.txt'?

The same error occurs under a current ArchLinux.

Wishlist++: Could we add a quick test in the docker build in order to see whether Angora has any linking problems? That would result then in a successful build only when Angora built ok.

Thanks.

BTW: Under Ubuntu 18.10 I could run the tests. How could I control the DEBUG and TRACE output lines? angora_build.log

spinpx commented 5 years ago

I tested on the docker image builded by angora's dockerfile and it works well. ~You can check that you if you have build the angora tools by the script '../build/build.sh".~ I found the "angora_build.log" has ran ./build/build.sh successfully. Can you check directory /angora/bin? I will add such checks in the future. Thanks for your suggestion.

DEBUG and TRACE output is determined by RUST_LOG environment variable. e.g. "RUST_LOG=trace" or "RUST_LOG=debug".

hexcoder- commented 5 years ago

I rebuilt the angora docker image afresh with a new git clone, which solved my problems. I must have messed something up. Thanks for your support. From my side this issue can be closed (unless you want to keep it as a reminder for my suggestion).

Here is the content of /angora/bin.

root@475f77fd235d:/angora/bin# ls
DFSanPass.so    angora-llvm-pass.so    fuzzer             unfold-branch-pass.so
DFSanRT.a       angora-llvm-rt.o       io-func.o          zlib-func.o
DFSanRT.a.syms  angora_abilist.txt     libcxx_dfsan       zlib_abilist.txt
angora-clang    dfsan_abilist.txt      libruntime.a
angora-clang++  exploitation_list.txt  libruntime_fast.a
benekent commented 5 years ago

I experience the same issues. Have you figured out what went wrong?

spinpx commented 5 years ago

I guess the reason is that angora was not been compiled (or fail). Did you use the docker version? Or try to update to the newest source code and try again.

benekent commented 5 years ago

I didn't notice the Dockerfile and tried to set up my own container. The provided Dockerfile works. I probably messed up setting the env. variables.

Thank you!

hexcoder- commented 5 years ago

As far as I remember, I first tried to compile angora directly with the build/build.sh script, but then stopped as it did not compile with the installed LLVM 6. Later i tried the docker_build.sh script, which seemed to work ('successfully build'). But I should have done a make clean before that last script run. I can imagine object files from LLVM 6 and LLVM 4 got mixed. So I deleted all, cloned the repo anew, and then did the docker_build directly, which worked.

kbeckmann commented 5 years ago

I ran in to this issue as well and it was exactly like you describe @hexcoder- - I had a dirty broken build when I created the docker image. Solved it by running git clean -fxd and building the dockerfile again. Works great now :).

spinpx commented 5 years ago

I add a check for llvm version here. https://github.com/AngoraFuzzer/Angora/commit/d1493cdf3a44b8f0497a20424d99568f14924984