diff options
| author | van Hauser <vh@thc.org> | 2019-09-22 10:42:48 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2019-09-22 10:42:48 +0200 |
| commit | 7adb7cf7f698b309029d4853b1ec8900fe1baafe (patch) | |
| tree | dcf96079163d5764089066bcfd9aeca378421264 | |
| parent | e36e5f4fc927370c3c04fd589aca23197e1b518a (diff) | |
| download | afl++-7adb7cf7f698b309029d4853b1ec8900fe1baafe.tar.gz | |
more tests
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-pass.so.cc | 4 | ||||
| -rwxr-xr-x | test/test.sh | 66 |
3 files changed, 64 insertions, 8 deletions
diff --git a/Makefile b/Makefile index 5d9a55a6..d7309cff 100644 --- a/Makefile +++ b/Makefile @@ -80,7 +80,7 @@ endif all: test_x86 test_shm test_python27 ready $(PROGS) afl-as test_build all_done -tests: +tests: source-only @cd test ; ./test.sh help: diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index 5d531a87..58acd9be 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -105,9 +105,7 @@ bool AFLCoverage::runOnModule(Module &M) { SAYF(cCYA "afl-llvm-pass" VERSION cRST " by <lszekeres@google.com>\n"); - } else - - be_quiet = 1; + } else if (getenv("AFL_QUIET")) be_quiet = 1; /* Decide instrumentation ratio */ diff --git a/test/test.sh b/test/test.sh index 0e2ba52b..6a706ab9 100755 --- a/test/test.sh +++ b/test/test.sh @@ -34,7 +34,7 @@ RED="\\x1b[0;31m" YELLOW="\\x1b[1;93m" RESET="\\x1b[0m" -$ECHO "$RESET" +$ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." test -e ../afl-gcc -a -e ../afl-showmap -a -e ../afl-fuzz && { ../afl-gcc -o test-instr.plain ../test-instr.c > /dev/null 2>&1 @@ -65,7 +65,7 @@ test -e ../afl-gcc -a -e ../afl-showmap -a -e ../afl-fuzz && { timeout -s KILL 10 ../afl-fuzz -i in -o out -- ./test-instr.plain > /dev/null 2>&1 } > /dev/null 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { - $ECHO "$GREEN[+] afl-fuzz is working correctly" + $ECHO "$GREEN[+] afl-fuzz is working correctly with afl-gcc" } || $ECHO "$RED[!] afl-fuzz is not working correctly" rm -rf in out } || $ECHO "$YELLOW[-] we cannot test afl-fuzz because we are missing the timeout command" @@ -74,7 +74,65 @@ test -e ../afl-gcc -a -e ../afl-showmap -a -e ../afl-fuzz && { test -e ../afl-clang-fast && { - echo todo: llvm_mode + ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 + AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 + test -e test-instr.plain && { + $ECHO "$GREEN[+] llvm_mode compilation succeeded" + echo 0 | ../afl-showmap -o test-instr.plain.0 -r -- ./test-instr.plain > /dev/null 2>&1 + ../afl-showmap -o test-instr.plain.1 -r -- ./test-instr.plain < /dev/null > /dev/null 2>&1 + test -e test-instr.plain.0 -a -e test-instr.plain.1 && { + diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { + $ECHO "$RED[!] llvm_mode instrumentation should be different on different input but is not" + } || $ECHO "$GREEN[+] llvm_mode instrumentation present and working correctly" + } || $ECHO "$RED[!] llvm_mode instrumentation failed" + rm -f test-instr.plain.0 test-instr.plain.1 + } || $ECHO "$RED[!] llvm_mode failed" + test -e test-compcov.harden && { + grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { + $ECHO "$GREEN[+] llvm_mode hardened mode succeeded and is working" + } || $ECHO "$RED[!] hardened mode is not hardened" + rm -f test-compcov.harden + } || $ECHO "$RED[!] llvm_mode hardened mode compilation failed" + # now we want to be sure that afl-fuzz is working + test -n "$TIMEOUT" && { + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz, this will take approx 10 seconds" + { + timeout -s KILL 10 ../afl-fuzz -i in -o out -- ./test-instr.plain > /dev/null 2>&1 + } > /dev/null 2>&1 + test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode" + } || $ECHO "$RED[!] afl-fuzz is not working correctly" + rm -rf in out + } || $ECHO "$YELLOW[-] we cannot test afl-fuzz because we are missing the timeout command" + rm -f test-instr.plain + # now for the special llvm_mode things + AFL_LLVM_INSTRIM=1 AFL_LLVM_INSTRIM_LOOPHEAD=1 ../afl-clang-fast -o test-compcov.instrim test-compcov.c > /dev/null 2> test.out + test -e test-compcov.instrim && { + grep -q " 1 location" test.out && { + $ECHO "$GREEN[+] llvm_mode InsTrim feature works correctly" + } || $ECHO "$RED[!] llvm_mode InsTrim feature failed" + } || $ECHO "$RED[!] llvm_mode InsTrim feature compilation failed" + rm -f test-compcov.instrim test.out + + AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > /dev/null 2> test.out + test -e test-compcov.compcov && { + grep -Eq " [3-9][0-9] location" test.out && { + $ECHO "$GREEN[+] llvm_mode laf-intel/compcov feature works correctly" + } || $ECHO "$RED[!] llvm_mode laf-intel/compcov feature failed" + } || $ECHO "$RED[!] llvm_mode laf-intel/compcov feature compilation failed" + rm -f test-compcov.compcov test.out + + + echo foobar.c > whitelist.txt + AFL_LLVM_WHITELIST=whitelist.txt ../afl-clang-fast -o test-compcov test-compcov.c > test.out 2>&1 + test -e test-compcov && { + grep -q "No instrumentation targets found" test.out && { + $ECHO "$GREEN[+] llvm_mode whitelist feature works correctly" + } || $ECHO "$RED[!] llvm_mode whitelist feature failed" + } || $ECHO "$RED[!] llvm_mode whitelist feature compilation failed" + rm -f test-compcov test.out } || $ECHO "$YELLOW[-] llvm_mode not compiled, cannot test" @@ -108,7 +166,7 @@ test -e ../afl-qemu-trace && { rm -f test-compcov -$ECHO "$GREY[*] all tests completed!" +$ECHO "$GREY[*] all test cases completed.$RESET" $ECHO "$RESET" # unicorn_mode ? |