diff options
Diffstat (limited to 'test')
| -rwxr-xr-x | test/test.sh | 117 | ||||
| -rw-r--r-- | test/unittests/unit_hash.c | 75 | ||||
| -rw-r--r-- | test/unittests/unit_rand.c | 84 |
3 files changed, 220 insertions, 56 deletions
diff --git a/test/test.sh b/test/test.sh index 921e2087..a7d9fc49 100755 --- a/test/test.sh +++ b/test/test.sh @@ -23,7 +23,7 @@ else fi test_compcov_binary_functionality() { - RUN="../afl-showmap -o /dev/null -- $1" + RUN="../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- $1" $RUN 'LIBTOKENCAP' | grep 'your string was LIBTOKENCAP' \ && $RUN 'BUGMENOT' | grep 'your string was BUGMENOT' \ && $RUN 'BANANA' | grep 'your string started with BAN' \ @@ -86,7 +86,7 @@ export AFL_LLVM_INSTRUMENT=AFL # on OpenBSD we need to work with llvm from /usr/local/bin test -e /usr/local/bin/opt && { - export PATH=/usr/local/bin:${PATH} + export PATH="/usr/local/bin:${PATH}" } # on MacOS X we prefer afl-clang over afl-gcc, because # afl-gcc does not work there @@ -108,7 +108,7 @@ RESET="\\033[0m" MEM_LIMIT=none -export PATH=$PATH:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin +export PATH="${PATH}:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" $ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." @@ -459,24 +459,23 @@ test -e ../afl-clang-lto -a -e ../afl-llvm-lto-instrumentation.so && { } rm -f test-instr.plain -# Disabled whitelist until I have a different solution -mh -# echo foobar.c > whitelist.txt -# AFL_LLVM_WHITELIST=whitelist.txt ../afl-clang-lto -o test-compcov test-compcov.c > test.out 2>&1 -# test -e test-compcov && { -# grep -q "No instrumentation targets found" test.out && { -# $ECHO "$GREEN[+] llvm_mode LTO whitelist feature works correctly" -# } || { -# $ECHO "$RED[!] llvm_mode LTO whitelist feature failed" -# CODE=1 -# } -# } || { -# $ECHO "$RED[!] llvm_mode LTO whitelist feature compilation failed" -# CODE=1 -# } -# rm -f test-compcov test.out whitelist.txt + echo foobar.c > whitelist.txt + AFL_DEBUG=1 AFL_LLVM_WHITELIST=whitelist.txt ../afl-clang-lto -o test-compcov test-compcov.c > test.out 2>&1 + test -e test-compcov && { + grep -q "No instrumentation targets found" test.out && { + $ECHO "$GREEN[+] llvm_mode LTO whitelist feature works correctly" + } || { + $ECHO "$RED[!] llvm_mode LTO whitelist feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode LTO whitelist feature compilation failed" + CODE=1 + } + rm -f test-compcov test.out whitelist.txt ../afl-clang-lto -o test-persistent ../examples/persistent_demo/persistent_demo.c > /dev/null 2>&1 test -e test-persistent && { - echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { + echo foo | ../afl-showmap -m none -o /dev/null -q -r ./test-persistent && { $ECHO "$GREEN[+] llvm_mode LTO persistent mode feature works correctly" } || { $ECHO "$RED[!] llvm_mode LTO persistent mode feature failed to work" @@ -638,43 +637,43 @@ test -e ../libdislocator.so && { INCOMPLETE=1 } rm -f test-compcov -test -e ../libradamsa.so && { - # on FreeBSD need to set AFL_CC - test `uname -s` = 'FreeBSD' && { - if type clang >/dev/null; then - export AFL_CC=`command -v clang` - else - export AFL_CC=`$LLVM_CONFIG --bindir`/clang - fi - } - test -e test-instr.plain || ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 - test -e test-instr.plain || ../afl-gcc-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 - test -e test-instr.plain || ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 - test -e test-instr.plain && { - mkdir -p in - printf 1 > in/in - $ECHO "$GREY[*] running afl-fuzz with radamsa, this will take approx 10 seconds" - { - ../afl-fuzz -RR -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain - } >>errors 2>&1 - test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { - $ECHO "$GREEN[+] libradamsa performs good - and very slow - mutations" - } || { - echo CUT------------------------------------------------------------------CUT - cat errors - echo CUT------------------------------------------------------------------CUT - $ECHO "$RED[!] libradamsa failed" - CODE=1 - } - rm -rf in out errors test-instr.plain - } || { - $ECHO "$YELLOW[-] compilation of test target failed, cannot test libradamsa" - INCOMPLETE=1 - } -} || { - $ECHO "$YELLOW[-] libradamsa is not compiled, cannot test" - INCOMPLETE=1 -} +#test -e ../libradamsa.so && { +# # on FreeBSD need to set AFL_CC +# test `uname -s` = 'FreeBSD' && { +# if type clang >/dev/null; then +# export AFL_CC=`command -v clang` +# else +# export AFL_CC=`$LLVM_CONFIG --bindir`/clang +# fi +# } +# test -e test-instr.plain || ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 +# test -e test-instr.plain || ../afl-gcc-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 +# test -e test-instr.plain || ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 +# test -e test-instr.plain && { +# mkdir -p in +# printf 1 > in/in +# $ECHO "$GREY[*] running afl-fuzz with radamsa, this will take approx 10 seconds" +# { +# ../afl-fuzz -RR -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain +# } >>errors 2>&1 +# test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { +# $ECHO "$GREEN[+] libradamsa performs good - and very slow - mutations" +# } || { +# echo CUT------------------------------------------------------------------CUT +# cat errors +# echo CUT------------------------------------------------------------------CUT +# $ECHO "$RED[!] libradamsa failed" +# CODE=1 +# } +# rm -rf in out errors test-instr.plain +# } || { +# $ECHO "$YELLOW[-] compilation of test target failed, cannot test libradamsa" +# INCOMPLETE=1 +# } +#} || { +# $ECHO "$YELLOW[-] libradamsa is not compiled, cannot test" +# INCOMPLETE=1 +#} test -z "$AFL_CC" && { if type gcc >/dev/null; then @@ -902,6 +901,9 @@ $ECHO "$BLUE[*] Testing: unicorn_mode" test -d ../unicorn_mode/unicornafl && { test -e ../unicorn_mode/samples/simple/simple_target.bin -a -e ../unicorn_mode/samples/compcov_x64/compcov_target.bin && { { + # We want to see python errors etc. in logs, in case something doesn't work + export AFL_DEBUG_CHILD_OUTPUT=1 + # some python version should be available now PYTHONS="`command -v python3` `command -v python` `command -v python2`" EASY_INSTALL_FOUND=0 @@ -988,6 +990,9 @@ test -d ../unicorn_mode/unicornafl && { rm -rf in out errors } fi + + unset AFL_DEBUG_CHILD_OUTPUT + } } || { $ECHO "$RED[!] missing sample binaries in unicorn_mode/samples/ - what is going on??" diff --git a/test/unittests/unit_hash.c b/test/unittests/unit_hash.c new file mode 100644 index 00000000..041d107a --- /dev/null +++ b/test/unittests/unit_hash.c @@ -0,0 +1,75 @@ +#include <stdarg.h> +#include <stddef.h> +#include <setjmp.h> +#include <assert.h> +#include <cmocka.h> +/* cmocka < 1.0 didn't support these features we need */ +#ifndef assert_ptr_equal +#define assert_ptr_equal(a, b) \ + _assert_int_equal(cast_ptr_to_largest_integral_type(a), \ + cast_ptr_to_largest_integral_type(b), \ + __FILE__, __LINE__) +#define CMUnitTest UnitTest +#define cmocka_unit_test unit_test +#define cmocka_run_group_tests(t, setup, teardown) run_tests(t) +#endif + + +extern void mock_assert(const int result, const char* const expression, + const char * const file, const int line); +#undef assert +#define assert(expression) \ + mock_assert((int)(expression), #expression, __FILE__, __LINE__); + +#include "afl-fuzz.h" +#include "hash.h" + +/* remap exit -> assert, then use cmocka's mock_assert + (compile with `--wrap=exit`) */ +extern void exit(int status); +extern void __real_exit(int status); +void __wrap_exit(int status); +void __wrap_exit(int status) { + assert(0); +} + +/* ignore all printfs */ +#undef printf +extern int printf(const char *format, ...); +extern int __real_printf(const char *format, ...); +int __wrap_printf(const char *format, ...); +int __wrap_printf(const char *format, ...) { + return 1; +} + +/* Rand with 0 seed would broke in the past */ +static void test_hash(void **state) { + + char bitmap[64] = {0}; + u64 hash0 = hash64(bitmap, sizeof(bitmap), 0xa5b35705); + + bitmap[10] = 1; + u64 hash1 = hash64(bitmap, sizeof(bitmap), 0xa5b35705); + + assert_int_not_equal(hash0, hash1); + + bitmap[10] = 0; + assert_int_equal(hash0, hash64(bitmap, sizeof(bitmap), 0xa5b35705)); + + bitmap[10] = 1; + assert_int_equal(hash1, hash64(bitmap, sizeof(bitmap), 0xa5b35705)); + +} + +int main(int argc, char **argv) { + + const struct CMUnitTest tests[] = { + cmocka_unit_test(test_hash) + }; + + //return cmocka_run_group_tests (tests, setup, teardown); + __real_exit( cmocka_run_group_tests (tests, NULL, NULL) ); + + // fake return for dumb compilers + return 0; +} diff --git a/test/unittests/unit_rand.c b/test/unittests/unit_rand.c new file mode 100644 index 00000000..0a90d8d1 --- /dev/null +++ b/test/unittests/unit_rand.c @@ -0,0 +1,84 @@ +#include <stdarg.h> +#include <stddef.h> +#include <setjmp.h> +#include <assert.h> +#include <cmocka.h> +#include <sys/stat.h> +#include <fcntl.h> +/* cmocka < 1.0 didn't support these features we need */ +#ifndef assert_ptr_equal +#define assert_ptr_equal(a, b) \ + _assert_int_equal(cast_ptr_to_largest_integral_type(a), \ + cast_ptr_to_largest_integral_type(b), \ + __FILE__, __LINE__) +#define CMUnitTest UnitTest +#define cmocka_unit_test unit_test +#define cmocka_run_group_tests(t, setup, teardown) run_tests(t) +#endif + + +extern void mock_assert(const int result, const char* const expression, + const char * const file, const int line); +#undef assert +#define assert(expression) \ + mock_assert((int)(expression), #expression, __FILE__, __LINE__); + +#include "afl-fuzz.h" + +/* remap exit -> assert, then use cmocka's mock_assert + (compile with `--wrap=exit`) */ +extern void exit(int status); +extern void __real_exit(int status); +void __wrap_exit(int status); +void __wrap_exit(int status) { + assert(0); +} + +/* ignore all printfs */ +#undef printf +extern int printf(const char *format, ...); +extern int __real_printf(const char *format, ...); +int __wrap_printf(const char *format, ...); +int __wrap_printf(const char *format, ...) { + return 1; +} + +/* Rand with 0 seed would broke in the past */ +static void test_rand_0(void **state) { + + afl_state_t afl = {0}; + rand_set_seed(&afl, 0); + + /* give this one chance to retry */ + assert_int_not_equal( + (rand_next(&afl) != rand_next(&afl) + || rand_next(&afl) != rand_next(&afl)) + , 0); + +} + +static void test_rand_below(void **state) { + + afl_state_t afl = {0}; + rand_set_seed(&afl, 1337); + + afl.fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); + + assert(!(rand_below(&afl, 9000) > 9000)); + assert_int_equal(rand_below(&afl, 1), 0); + +} + +int main(int argc, char **argv) { + + const struct CMUnitTest tests[] = { + cmocka_unit_test(test_rand_0), + cmocka_unit_test(test_rand_below) + }; + + //return cmocka_run_group_tests (tests, setup, teardown); + __real_exit( cmocka_run_group_tests (tests, NULL, NULL) ); + + // fake return for dumb compilers + return 0; +} |