Open dr0o0id opened 4 months ago
Hi, thank you for your interest in our tool.
It seems that the CIL frontend parser for sparrow cannot parse the source of libsndfile.
Try updating the frontend
field from cil
to clang
in the following dictionary entry.
'sndfile_fuzzer': {
'frontend':'cil',
'entry_point':'main',
'bugs': ['SND001']
},
Appreciate, I do make sparrow run after following your response.
However, still some obstacles with sparrow.
--------------------------------------------------------------------------------
Front-end begins...
--------------------------------------------------------------------------------
Front-end completes: 208.796966
'void*' returning functions: []
'void*' returning fields: []
Unwrapped functions: []
Unwrapped fields: []
--------------------------------------------------------------------------------
Graph construction begins...
--------------------------------------------------------------------------------
Warning: main not Found
#nodes all : 31617
#unreachable : 294
Graph construction completes: 0.244024
--------------------------------------------------------------------------------
Pre-processing begins...
--------------------------------------------------------------------------------
InterCfg.cfgof start
Fatal error: exception Not_found
Raised at InterCfg.cfgof in file "src/program/interCfg.ml", line 127, characters 4-19
Called from InterCfg.nodes_of_pid in file "src/program/interCfg.ml", line 138, characters 45-58
Called from PreProcess.collect_fref_from_func in file "src/core/preProcess.ml", line 123, characters 16-44
Called from PreProcess.find_func_refs in file "src/core/preProcess.ml", line 145, characters 2-72
Called from StepManager.step in file "src/util/stepManager.ml", line 19, characters 10-14
Called from Dune__exe__Main.init_analysis in file "src/core/main.ml", line 49, characters 4-194
Called from Dune__exe__Main.main in file "src/core/main.ml", line 140, characters 8-135
Called from Dune__exe__Main in file "src/core/main.ml", line 153, characters 8-15
[*] Executing: cp /benchmark/tmp/sndfile_fuzzer/SND001/slice_func.txt /benchmark/DAFL-input/inst-targ/sndfile_fuzzer/SND001
[*] Executing: cp /benchmark/tmp/sndfile_fuzzer/SND001/slice_dfg.txt /benchmark/DAFL-input/dfg/sndfile_fuzzer/SND001
A "main" function does exist inside the ILs
root@7cd61d838243:/benchmark/scripts# grep -rnw "/benchmark/smake-out/sndfile_fuzzer" -e "main"
/benchmark/smake-out/sndfile_fuzzer/27.libstandaloneengine_la-standaloneengine.o.ii:2623:int main(int argc, char **argv)
For all these libfuzzers like binaries, did we need extra config during compilation to make sparrow work flawlessly?
Hi, I am sorry for the late reply and the inconvenience.
If the target binary is in libfuzzer style, I think it will have the LLVMFuzzerTestOneInput
function.
If so, can you also try the following to give LLVMFuzzerTestOneInput
as the entry point of the analysis?
'sndfile_fuzzer': {
'frontend':'clang',
'entry_point':'LLVMFuzzerTestOneInput',
'bugs': ['SND001']
},
I just recalled that this worked when I was working on Fuzzer Test Suite targets, which were also in the libfuzzer style.
If it still does not work, can you share the input files for Sparrow? I can take a look at it and see if I can do something.
By the way, if you provide multiple target lines in the input file, the Python script will only deliver the first line of the file to Sparrow. This is because Sparrow generates slicing information per single line. Thus, I recommend to give the target line that is most relevant to the target bug. For instance, if it is a buffer overflow, give the line where the buffer access occurs.
Hello there,
Really appreciate your astonishing work.
I'm trying to run DAFL on magma benchmarks. Refering to issue requested before, I knew that some modifications needed inside the run-smake.sh and run-sparrow.py.
I encoutered following errors while running the run-sparrow.py
Error popped while launching run-sparrow.py
command
Error
configuration
The docker image
Under the
/benchmark/project
, I added the alibsndfile_magma
directory.Following your convention, I modified the build.sh provided by magma, now it looks like ...
An AFLGo-like BBTargets.txt file was added under
/benchmark/target/line/sndfile_fuzzer/
And the SND001 was like ...
modified run-smake.sh
modified /benchmark/scripts/benchmark.py
I added the following entry inside the SLICE_TARGET
content inside the /benchmark/smake-out/sndfile_fuzzer