search

ispras / Futag

FUTAG (FUzzing Target Automated Generator) - автоматический генератор фаззинг-оберток для библиотек
GNU General Public License v3.0
51 stars 10 forks source link

При выборе типа цели AFLPLUSPLUS получаю ошибки компиляции #71

Closed CourteousSleet closed 1 year ago

CourteousSleet commented 1 year ago 
/home/sedley/Work/Fuzzing/futag-llvm.2.0.2/futag-llvm/AFLplusplus/usr/local/bin/afl-clang-fast -fsanitize=address -g -O0 -fPIE  
-I/home/sedley/Work/Development/libpq-standalone/libpq/pg/src/interfaces/libpq/ -I/home/sedley/Work/Development/libpq-
standalone/libpq/pg/src/include/ -I/home/sedley/Work/Development/libpq-standalone/.futag-build/libpq/  /home/sedley
/Work/Development/libpq-standalone/.futag-fuzz-drivers/PQputnbytes/PQputnbytes2/PQputnbytes2.c -o /home/sedley
/Work/Development/libpq-standalone/.futag-fuzz-drivers/PQputnbytes/PQputnbytes2/PQputnbytes2.out -Wl,--start-group 
/home/sedley/Work/Development/libpq-standalone/.futag-build/libpq/libpq.a /home/sedley/Work/Development/libpq-standalone
/libpq/pg/pgsql/lib/libpgtypes.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/pgsql/lib/libecpg.a /home/sedley
/Work/Development/libpq-standalone/libpq/pg/pgsql/lib/libpgfeutils.a /home/sedley/Work/Development/libpq-standalone/libpq
/pg/pgsql/lib/libpgcommon_shlib.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/pgsql/lib/libpgport_shlib.a 
/home/sedley/Work/Development/libpq-standalone/libpq/pg/pgsql/lib/libpq.a /home/sedley/Work/Development/libpq-standalone
/libpq/pg/pgsql/lib/libpgport.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/pgsql/lib/libecpg_compat.a 
/home/sedley/Work/Development/libpq-standalone/libpq/pg/pgsql/lib/libpgcommon.a /home/sedley/Work/Development/libpq-
standalone/libpq/pg/install/lib/libpgtypes.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/install/lib/libecpg.a 
/home/sedley/Work/Development/libpq-standalone/libpq/pg/install/lib/libpgfeutils.a /home/sedley/Work/Development/libpq-
standalone/libpq/pg/install/lib/libpgcommon_shlib.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/install
/lib/libpgport_shlib.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/install/lib/libpq.a /home/sedley
/Work/Development/libpq-standalone/libpq/pg/install/lib/libpgport.a /home/sedley/Work/Development/libpq-standalone/libpq
/pg/install/lib/libecpg_compat.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/install/lib/libpgcommon.a 
/home/sedley/Work/Development/libpq-standalone/libpq/pg/src/interfaces/ecpg/compatlib/libecpg_compat.a /home/sedley
/Work/Development/libpq-standalone/libpq/pg/src/interfaces/ecpg/pgtypeslib/libpgtypes.a /home/sedley/Work/Development/libpq-
standalone/libpq/pg/src/interfaces/ecpg/ecpglib/libecpg.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/src
/interfaces/libpq/libpq.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/src/fe_utils/libpgfeutils.a /home/sedley
/Work/Development/libpq-standalone/libpq/pg/src/port/libpgport_shlib.a /home/sedley/Work/Development/libpq-standalone/libpq
/pg/src/port/libpgport.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/src/port/libpgport_srv.a /home/sedley
/Work/Development/libpq-standalone/libpq/pg/src/common/libpgcommon_shlib.a /home/sedley/Work/Development/libpq-
standalone/libpq/pg/src/common/libpgcommon_srv.a /home/sedley/Work/Development/libpq-standalone/libpq/pg/src/common
/libpgcommon.a -Wl,--end-group 

-- [Futag] ERROR on target  PQputnbytes2 

-- [Futag] collecting result ...
-- [Futag] Result of compiling: 0 fuzz-driver(s)

При генерации целей их получается 590, при компиляции в виде libFuzzer их выходит >600, а для AFL++ - 0.

thientc commented 1 year ago

если вы собираете Futag на своем компе, проблема будет?

CourteousSleet commented 1 year ago

При окончании сборки получаю такое сообщение:

-- Building with -fPIC
CMake Warning at /home/sedley/Work/Fuzzing/Futag/custom-llvm/llvm-project/compiler-rt/cmake/Modules/CompilerRTUtils.cmake:352 (message):
  llvm-config finding testingsupport failed with status 1
Call Stack (most recent call first):
  /home/sedley/Work/Fuzzing/Futag/custom-llvm/llvm-project/compiler-rt/CMakeLists.txt:70 (load_llvm_config)

-- LLVM_MAIN_SRC_DIR: "/home/sedley/Work/Fuzzing/Futag/custom-llvm/llvm-project/runtimes/../llvm"
-- Compiler-RT supported architectures: x86_64
-- LLD version: 14.0.6
CMake Error at /home/sedley/Work/Fuzzing/Futag/custom-llvm/llvm-project/lld/COFF/CMakeLists.txt:2 (tablegen):
  Unknown CMake command "tablegen".
thientc commented 1 year ago

Необходимо собирать AFLplusplus на вашем компе чтобы все сработало. можете проверить докер здесь https://github.com/thientc/Futag-tests/tree/main/libpq-standalone. Если проблема не устранится откройте эту проблему еще раз.

CourteousSleet commented 1 year ago

По поводу собирать AFL++ - не актуально, так как проблема в сборке LLVM из FUTAG. В докере всё работает:

afl-fuzz++4.02c based on afl by Michal Zalewski and a large online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: This is v3.x which changes defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[*] Getting to work...
[+] Using exponential power schedule (FAST)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
[*] Checking core_pattern...
[*] Checking CPU scaling governor...
[+] You have 12 CPU cores and 2 runnable tasks (utilization: 17%).
[+] Try parallel jobs - see docs/parallel_fuzzing.md.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #0.
[*] Scanning 'input/'...
[+] Loaded a total of 1 seeds.
[*] Creating hard links for all input files...
[*] Validating target binary...
[+] Persistent mode binary detected.
[+] Deferred forkserver binary detected.
[*] Spinning up the fork server...
[+] All right - fork server is up.
[*] Using SHARED MEMORY FUZZING feature.
[*] Target map size: 12
[*] No auto-generated dictionary tokens to reuse.
[*] Attempting dry run with 'id:000000,time:0,execs:0,orig:1'...
    len = 10, map size = 4, exec speed = 92 us
[+] All test cases processed.
[+] Here are some useful stats:

    Test case count : 1 favored, 0 variable, 0 ignored, 1 total
       Bitmap range : 4 to 4 bits (average: 4.00 bits)
        Exec timing : 92 to 92 us (average: 92 us)

[*] No -t option specified, so I'll use an exec timeout of 20 ms.
[+] All set and ready to roll!

     american fuzzy lop ++4.02c {default} (./pg_ascii_toupper1.out) [fast]
┌─ process timing ────────────────────────────────────┬─ overall results ────┐
│        run time : 0 days, 0 hrs, 0 min, 1 sec       │  cycles done : 21    │
│   last new find : none yet (odd, check syntax!)     │ corpus count : 1     │
│last saved crash : none seen yet                     │saved crashes : 0     │
│ last saved hang : none seen yet                     │  saved hangs : 0     │
├─ cycle progress ─────────────────────┬─ map coverage┴──────────────────────┤
│  now processing : 0.66 (0.0%)        │    map density : 33.33% / 33.33%    │
│  runs timed out : 0 (0.00%)          │ count coverage : 105.00 bits/tuple  │
├─ stage progress ─────────────────────┼─ findings in depth ─────────────────┤
│  now trying : havoc                  │ favored items : 1 (100.00%)         │
│ stage execs : 585/1175 (49.79%)      │  new edges on : 1 (100.00%)         │
│ total execs : 76.1k                  │ total crashes : 0 (0 saved)         │
│  exec speed : 49.1k/sec              │  total tmouts : 0 (0 saved)         │
├─ fuzzing strategy yields ────────────┴─────────────┬─ item geometry ───────┤
│   bit flips : disabled (default, enable with -D)   │    levels : 1         │
│  byte flips : disabled (default, enable with -D)   │   pending : 0         │
│ arithmetics : disabled (default, enable with -D)   │  pend fav : 0         │
│  known ints : disabled (default, enable with -D)   │ own finds : 0         │
│  dictionary : n/a                                  │  imported : 0         │
│havoc/splice : 0/75.5k, 0/0                         │ stability : 100.00%   │
│py/custom/rq : unused, unused, unused, unused       ├───────────────────────┘
│    trim/eff : 60.00%/2, disabled                   │          [cpu000: 25%]
└────────────────────────────────────────────────────┘^C

+++ Baking aborted by the chef +++
[+] We're done here. Have a nice day!