From 194188fe56f06dfc49aef9066e96bf90bc4fbe71 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Tue, 4 Aug 2020 21:33:29 +0200 Subject: split up testcases --- test/test-qemu-mode.sh | 217 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 217 insertions(+) create mode 100755 test/test-qemu-mode.sh (limited to 'test/test-qemu-mode.sh') diff --git a/test/test-qemu-mode.sh b/test/test-qemu-mode.sh new file mode 100755 index 00000000..0aa8b86a --- /dev/null +++ b/test/test-qemu-mode.sh @@ -0,0 +1,217 @@ +#!/bin/sh + +source ./test-pre.sh + +$ECHO "$BLUE[*] Testing: qemu_mode" +test -e ../afl-qemu-trace && { + cc -pie -fPIE -o test-instr ../test-instr.c + cc -o test-compcov test-compcov.c + test -e test-instr -a -e test-compcov && { + { + mkdir -p in + echo 00000 > in/in + $ECHO "$GREY[*] running afl-fuzz for qemu_mode, this will take approx 10 seconds" + { + ../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-instr >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" + RUNTIME=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + CODE=1 + } + rm -f errors + + $ECHO "$GREY[*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds" + { + { + if file test-instr | grep -q "32-bit"; then + # for 32-bit reduce 8 nibbles to the lower 7 nibbles + ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.//'` + else + # for 64-bit reduce 16 nibbles to the lower 9 nibbles + ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//'` + fi + export AFL_ENTRYPOINT=`expr 0x4${ADDR_LOWER_PART}` + $ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(nm test-instr | grep "T main") - $(file ./test-instr) + ../afl-fuzz -m ${MEM_LIMIT} -V2 -Q -i in -o out -- ./test-instr + unset AFL_ENTRYPOINT + } >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode AFL_ENTRYPOINT" + RUNTIME=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode AFL_ENTRYPOINT" + CODE=1 + } + rm -f errors + + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + test -e ../libcompcov.so && { + $ECHO "$GREY[*] running afl-fuzz for qemu_mode compcov, this will take approx 10 seconds" + { + export AFL_PRELOAD=../libcompcov.so + export AFL_COMPCOV_LEVEL=2 + ../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-compcov >>errors 2>&1 + unset AFL_PRELOAD + unset AFL_COMPCOV_LEVEL + } >>errors 2>&1 + test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode compcov" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode compcov" + CODE=1 + } + } || { + $ECHO "$YELLOW[-] we cannot test qemu_mode compcov because it is not present" + INCOMPLETE=1 + } + rm -f errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test qemu_mode compcov" + } + + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + $ECHO "$GREY[*] running afl-fuzz for qemu_mode cmplog, this will take approx 10 seconds" + { + ../afl-fuzz -m none -V10 -Q -c 0 -i in -o out -- ./test-compcov >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode cmplog" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode cmplog" + CODE=1 + } + rm -f errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test qemu_mode cmplog" + } + + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + $ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" + { + if file test-instr | grep -q "32-bit"; then + # for 32-bit reduce 8 nibbles to the lower 7 nibbles + ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.//'` + else + # for 64-bit reduce 16 nibbles to the lower 9 nibbles + ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//'` + fi + export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4${ADDR_LOWER_PART}` + export AFL_QEMU_PERSISTENT_GPR=1 + $ECHO "Info: AFL_QEMU_PERSISTENT_ADDR=$AFL_QEMU_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')" + env|grep AFL_|sort + file test-instr + ../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-instr + unset AFL_QEMU_PERSISTENT_ADDR + } >>errors 2>&1 + test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" + RUNTIMEP=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + test -n "$RUNTIME" -a -n "$RUNTIMEP" && { + DIFF=`expr $RUNTIMEP / $RUNTIME` + test "$DIFF" -gt 1 && { # must be at least twice as fast + $ECHO "$GREEN[+] persistent qemu_mode was noticeable faster than standard qemu_mode" + } || { + $ECHO "$YELLOW[-] persistent qemu_mode was not noticeable faster than standard qemu_mode" + } + } || { + $ECHO "$YELLOW[-] we got no data on executions performed? weird!" + } + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" + CODE=1 + } + rm -rf in out errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent qemu_mode" + } + + test -e ../qemu_mode/unsigaction/unsigaction32.so && { + ${AFL_CC} -o test-unsigaction32 -m32 test-unsigaction.c >> errors 2>&1 && { + ./test-unsigaction32 + RETVAL_NORMAL32=$? + LD_PRELOAD=../qemu_mode/unsigaction/unsigaction32.so ./test-unsigaction32 + RETVAL_LIBUNSIGACTION32=$? + test $RETVAL_NORMAL32 = "2" -a $RETVAL_LIBUNSIGACTION32 = "0" && { + $ECHO "$GREEN[+] qemu_mode unsigaction library (32 bit) ignores signals" + } || { + test $RETVAL_NORMAL32 != "2" && { + $ECHO "$RED[!] cannot trigger signal in test program (32 bit)" + } + test $RETVAL_LIBUNSIGACTION32 != "0" && { + $ECHO "$RED[!] signal in test program (32 bit) is not ignored with unsigaction" + } + CODE=1 + } + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] cannot compile test program (32 bit) for unsigaction library" + CODE=1 + } + } || { + $ECHO "$YELLOW[-] we cannot test qemu_mode unsigaction library (32 bit) because it is not present" + INCOMPLETE=1 + } + test -e ../qemu_mode/unsigaction/unsigaction64.so && { + ${AFL_CC} -o test-unsigaction64 -m64 test-unsigaction.c >> errors 2>&1 && { + ./test-unsigaction64 + RETVAL_NORMAL64=$? + LD_PRELOAD=../qemu_mode/unsigaction/unsigaction64.so ./test-unsigaction64 + RETVAL_LIBUNSIGACTION64=$? + test $RETVAL_NORMAL64 = "2" -a $RETVAL_LIBUNSIGACTION64 = "0" && { + $ECHO "$GREEN[+] qemu_mode unsigaction library (64 bit) ignores signals" + } || { + test $RETVAL_NORMAL64 != "2" && { + $ECHO "$RED[!] cannot trigger signal in test program (64 bit)" + } + test $RETVAL_LIBUNSIGACTION64 != "0" && { + $ECHO "$RED[!] signal in test program (64 bit) is not ignored with unsigaction" + } + CODE=1 + } + unset LD_PRELOAD + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] cannot compile test program (64 bit) for unsigaction library" + CODE=1 + } + } || { + $ECHO "$YELLOW[-] we cannot test qemu_mode unsigaction library (64 bit) because it is not present" + INCOMPLETE=1 + } + rm -rf errors test-unsigaction32 test-unsigaction64 + } + } || { + $ECHO "$RED[!] gcc compilation of test targets failed - what is going on??" + CODE=1 + } + + rm -f test-instr test-compcov +} || { + $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" + INCOMPLETE=1 +} + +source ./test-post.sh -- cgit 1.4.1 From 79f873a5979a118938c46a74aded85eeaba7db1b Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Tue, 4 Aug 2020 21:57:56 +0200 Subject: posix compatible sourcing --- test/test-all.sh | 22 +++++++++++----------- test/test-basic.sh | 4 ++-- test/test-compcov.sh | 4 ++-- test/test-custom-mutators.sh | 4 ++-- test/test-gcc-plugin.sh | 4 ++-- test/test-llvm-lto.sh | 4 ++-- test/test-llvm.sh | 4 ++-- test/test-qemu-mode.sh | 4 ++-- test/test-unicorn-mode.sh | 4 ++-- test/test-unittests.sh | 4 ++-- 10 files changed, 29 insertions(+), 29 deletions(-) (limited to 'test/test-qemu-mode.sh') diff --git a/test/test-all.sh b/test/test-all.sh index 53251979..7175493b 100755 --- a/test/test-all.sh +++ b/test/test-all.sh @@ -1,23 +1,23 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh -source ./test-basic.sh +. ./test-basic.sh -source ./test-llvm.sh +. ./test-llvm.sh -source ./test-llvm-lto.sh +. ./test-llvm-lto.sh -source ./test-gcc-plugin.sh +. ./test-gcc-plugin.sh -source ./test-compcov.sh +. ./test-compcov.sh -source ./test-qemu-mode.sh +. ./test-qemu-mode.sh -source ./test-unicorn-mode.sh +. ./test-unicorn-mode.sh -source ./test-custom-mutators.sh +. ./test-custom-mutators.sh -source ./test-unittests.sh +. ./test-unittests.sh -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-basic.sh b/test/test-basic.sh index 3f25288b..59269ffe 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "i386" && { @@ -122,4 +122,4 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc $ECHO "$YELLOW[-] not an intel platform, cannot test afl-gcc" } -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-compcov.sh b/test/test-compcov.sh index 5becc862..905a4cbc 100755 --- a/test/test-compcov.sh +++ b/test/test-compcov.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh test -z "$AFL_CC" && unset AFL_CC @@ -48,4 +48,4 @@ test -z "$AFL_CC" && { fi } -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index f6de4d9e..b0a05e15 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Testing: custom mutator" test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { @@ -122,4 +122,4 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { INCOMPLETE=1 } -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-gcc-plugin.sh b/test/test-gcc-plugin.sh index adf42f7e..2ed10a72 100755 --- a/test/test-gcc-plugin.sh +++ b/test/test-gcc-plugin.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Testing: gcc_plugin" test -e ../afl-gcc-fast -a -e ../afl-gcc-rt.o && { @@ -113,4 +113,4 @@ test -e ../afl-gcc-fast -a -e ../afl-gcc-rt.o && { INCOMPLETE=1 } -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-llvm-lto.sh b/test/test-llvm-lto.sh index 0e7e8ba2..6b327633 100755 --- a/test/test-llvm-lto.sh +++ b/test/test-llvm-lto.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Testing: LTO llvm_mode" test -e ../afl-clang-lto -a -e ../afl-llvm-lto-instrumentation.so && { @@ -75,4 +75,4 @@ test -e ../afl-clang-lto -a -e ../afl-llvm-lto-instrumentation.so && { INCOMPLETE=1 } -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-llvm.sh b/test/test-llvm.sh index fd2bfd6c..24fc6a34 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { @@ -227,4 +227,4 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { INCOMPLETE=1 } -source ./test-post.sh \ No newline at end of file +. ./test-post.sh \ No newline at end of file diff --git a/test/test-qemu-mode.sh b/test/test-qemu-mode.sh index 0aa8b86a..85a0b8b5 100755 --- a/test/test-qemu-mode.sh +++ b/test/test-qemu-mode.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Testing: qemu_mode" test -e ../afl-qemu-trace && { @@ -214,4 +214,4 @@ test -e ../afl-qemu-trace && { INCOMPLETE=1 } -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-unicorn-mode.sh b/test/test-unicorn-mode.sh index efc16647..eb2ad294 100755 --- a/test/test-unicorn-mode.sh +++ b/test/test-unicorn-mode.sh @@ -1,6 +1,6 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Testing: unicorn_mode" test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/samples/shellcode && { @@ -109,4 +109,4 @@ test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/samples/shel INCOMPLETE=1 } -source ./test-post.sh +. ./test-post.sh diff --git a/test/test-unittests.sh b/test/test-unittests.sh index 55afc8b6..f540b5f8 100755 --- a/test/test-unittests.sh +++ b/test/test-unittests.sh @@ -1,9 +1,9 @@ #!/bin/sh -source ./test-pre.sh +. ./test-pre.sh $ECHO "$BLUE[*] Execution cmocka Unit-Tests $GREY" unset AFL_CC make -C .. unit || CODE=1 INCOMPLETE=1 : -source ./test-post.sh +. ./test-post.sh -- cgit 1.4.1 From 5427f7ca981a537f14f842a98d5981463efe8c5b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 12 Oct 2020 05:02:11 +0200 Subject: fix tests for sync mode --- test/checkcommit.sh | 2 +- test/test-basic.sh | 2 +- test/test-custom-mutators.sh | 8 ++++---- test/test-gcc-plugin.sh | 2 +- test/test-llvm.sh | 6 +++--- test/test-performance.sh | 16 ++++++++-------- test/test-qemu-mode.sh | 16 ++++++++-------- test/test-unicorn-mode.sh | 6 +++--- 8 files changed, 29 insertions(+), 29 deletions(-) (limited to 'test/test-qemu-mode.sh') diff --git a/test/checkcommit.sh b/test/checkcommit.sh index 27d08d36..35eae540 100755 --- a/test/checkcommit.sh +++ b/test/checkcommit.sh @@ -34,7 +34,7 @@ time nice -n -20 ./afl-fuzz -i "$INDIR" -s 123 -o out-profile -- $CMDLINE 2>> $C STOP=`date +%s` echo $STOP >> $C.out echo RUNTIME: `expr $STOP - $START` >> $C.out -cat out-profile/fuzzer_stats >> $C.out +cat out-profile/default/fuzzer_stats >> $C.out gprof ./afl-fuzz gmon.out >> $C.out make clean >/dev/null 2>&1 diff --git a/test/test-basic.sh b/test/test-basic.sh index 06c40efe..0d16ebd1 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -67,7 +67,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc { ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" } || { echo CUT------------------------------------------------------------------CUT diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index 4d73739f..f7677ac5 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -1,4 +1,4 @@ -#!/bin/sh +f#!/bin/sh . ./test-pre.sh @@ -43,7 +43,7 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { } >>errors 2>&1 # Check results - test -n "$( ls out/crashes/id:000000* 2>/dev/null )" && { # TODO: update here + test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here $ECHO "$GREEN[+] afl-fuzz is working correctly with the C mutator" } || { echo CUT------------------------------------------------------------------CUT @@ -62,7 +62,7 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V1 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/crashes/id:000000* 2>/dev/null )" && { # TODO: update here + test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here $ECHO "$GREEN[+] afl-fuzz is working correctly with multiple C mutators" } || { echo CUT------------------------------------------------------------------CUT @@ -86,7 +86,7 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { } >>errors 2>&1 # Check results - test -n "$( ls out/crashes/id:000000* 2>/dev/null )" && { # TODO: update here + test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && { # TODO: update here $ECHO "$GREEN[+] afl-fuzz is working correctly with the Python mutator" } || { echo CUT------------------------------------------------------------------CUT diff --git a/test/test-gcc-plugin.sh b/test/test-gcc-plugin.sh index 8b8cbd8e..b0ff2be0 100755 --- a/test/test-gcc-plugin.sh +++ b/test/test-gcc-plugin.sh @@ -66,7 +66,7 @@ test -e ../afl-gcc-fast -a -e ../afl-compiler-rt.o && { { ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain.gccpi >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with gcc_plugin" } || { echo CUT------------------------------------------------------------------CUT diff --git a/test/test-llvm.sh b/test/test-llvm.sh index feeb3992..7daac0f2 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -70,7 +70,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { { ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode" } || { echo CUT------------------------------------------------------------------CUT @@ -161,7 +161,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { { AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -s 1 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/crashes/id:* 2>/dev/null )" && { + test -n "$( ls out/default/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" } || { cat errors @@ -195,7 +195,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { echo 0000000000000000000000000 > in/in AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -m none -V60 -i in -o out -c./test-cmplog -- ./test-cmplog >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/crashes/id:000000* out/hangs/id:000000* 2>/dev/null )" & { + test -n "$( ls out/default/crashes/id:000000* out/default/hangs/id:000000* 2>/dev/null )" & { $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode cmplog" } || { echo CUT------------------------------------------------------------------CUT diff --git a/test/test-performance.sh b/test/test-performance.sh index 61ec1e28..cd9f6caf 100755 --- a/test/test-performance.sh +++ b/test/test-performance.sh @@ -87,8 +87,8 @@ test -e ../${AFL_GCC} -a -e ../afl-fuzz && { { ../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-gcc -- ./test-instr.plain } >>errors 2>&1 - test -n "$( ls out-gcc/queue/id:000002* 2> /dev/null )" && { - GCC=`grep execs_done out-gcc/fuzzer_stats | awk '{print$3}'` + test -n "$( ls out-gcc/default/queue/id:000002* 2> /dev/null )" && { + GCC=`grep execs_done out-gcc/default/fuzzer_stats | awk '{print$3}'` } || { echo CUT---------------------------------------------------------------- cat errors @@ -111,8 +111,8 @@ test -e ../afl-clang-fast -a -e ../afl-fuzz && { { ../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-llvm -- ./test-instr.llvm } >>errors 2>&1 - test -n "$( ls out-llvm/queue/id:000002* 2> /dev/null )" && { - LLVM=`grep execs_done out-llvm/fuzzer_stats | awk '{print$3}'` + test -n "$( ls out-llvm/default/queue/id:000002* 2> /dev/null )" && { + LLVM=`grep execs_done out-llvm/default/fuzzer_stats | awk '{print$3}'` } || { echo CUT---------------------------------------------------------------- cat errors @@ -135,8 +135,8 @@ test -e ../afl-gcc-fast -a -e ../afl-fuzz && { { ../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-gccp -- ./test-instr.gccp } >>errors 2>&1 - test -n "$( ls out-gccp/queue/id:000002* 2> /dev/null )" && { - GCCP=`grep execs_done out-gccp/fuzzer_stats | awk '{print$3}'` + test -n "$( ls out-gccp/default/queue/id:000002* 2> /dev/null )" && { + GCCP=`grep execs_done out-gccp/default/fuzzer_stats | awk '{print$3}'` } || { echo CUT---------------------------------------------------------------- cat errors @@ -159,8 +159,8 @@ test -e ../afl-qemu-trace -a -e ../afl-fuzz && { { ../afl-fuzz -Q -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-qemu -- ./test-instr.qemu } >>errors 2>&1 - test -n "$( ls out-qemu/queue/id:000002* 2> /dev/null )" && { - QEMU=`grep execs_done out-qemu/fuzzer_stats | awk '{print$3}'` + test -n "$( ls out-qemu/default/queue/id:000002* 2> /dev/null )" && { + QEMU=`grep execs_done out-qemu/default/fuzzer_stats | awk '{print$3}'` } || { echo CUT---------------------------------------------------------------- echo ../afl-fuzz -Q -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-qemu -- ./test-instr.qemu diff --git a/test/test-qemu-mode.sh b/test/test-qemu-mode.sh index 85a0b8b5..73b39a43 100755 --- a/test/test-qemu-mode.sh +++ b/test/test-qemu-mode.sh @@ -14,9 +14,9 @@ test -e ../afl-qemu-trace && { { ../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-instr >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" - RUNTIME=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` } || { echo CUT------------------------------------------------------------------CUT cat errors @@ -42,9 +42,9 @@ test -e ../afl-qemu-trace && { unset AFL_ENTRYPOINT } >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode AFL_ENTRYPOINT" - RUNTIME=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` } || { echo CUT------------------------------------------------------------------CUT cat errors @@ -64,7 +64,7 @@ test -e ../afl-qemu-trace && { unset AFL_PRELOAD unset AFL_COMPCOV_LEVEL } >>errors 2>&1 - test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode compcov" } || { echo CUT------------------------------------------------------------------CUT @@ -87,7 +87,7 @@ test -e ../afl-qemu-trace && { { ../afl-fuzz -m none -V10 -Q -c 0 -i in -o out -- ./test-compcov >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode cmplog" } || { echo CUT------------------------------------------------------------------CUT @@ -119,9 +119,9 @@ test -e ../afl-qemu-trace && { ../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-instr unset AFL_QEMU_PERSISTENT_ADDR } >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" - RUNTIMEP=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + RUNTIMEP=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` test -n "$RUNTIME" -a -n "$RUNTIMEP" && { DIFF=`expr $RUNTIMEP / $RUNTIME` test "$DIFF" -gt 1 && { # must be at least twice as fast diff --git a/test/test-unicorn-mode.sh b/test/test-unicorn-mode.sh index eb2ad294..7ac4cdd2 100755 --- a/test/test-unicorn-mode.sh +++ b/test/test-unicorn-mode.sh @@ -35,7 +35,7 @@ test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/samples/shel make >>errors 2>&1 $ECHO "$GREY[*] running afl-fuzz for unicorn_mode (persistent), this will take approx 25 seconds" AFL_DEBUG_CHILD_OUTPUT=1 ../../../afl-fuzz -m none -V25 -U -i sample_inputs -o out -d -- ./harness @@ >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode (persistent)" } || { echo CUT------------------------------------------------------------------CUT @@ -63,7 +63,7 @@ test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/samples/shel { ../afl-fuzz -m ${MEM_LIMIT} -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" } || { echo CUT------------------------------------------------------------------CUT @@ -83,7 +83,7 @@ test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/samples/shel ../afl-fuzz -m ${MEM_LIMIT} -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 unset AFL_COMPCOV_LEVEL } >>errors 2>&1 - test -n "$( ls out/queue/id:000001* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" } || { echo CUT------------------------------------------------------------------CUT -- cgit 1.4.1 From e81f30828fbe6374b0fd3be03ebc13cfb490f8a3 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 6 Feb 2021 11:24:04 +0100 Subject: fix test-qemu-mode.sh to run standalone --- test/test-libextensions.sh | 10 ---------- test/test-qemu-mode.sh | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) (limited to 'test/test-qemu-mode.sh') diff --git a/test/test-libextensions.sh b/test/test-libextensions.sh index 905a4cbc..40a898c8 100755 --- a/test/test-libextensions.sh +++ b/test/test-libextensions.sh @@ -38,14 +38,4 @@ test -e ../libdislocator.so && { } rm -f test-compcov -test -z "$AFL_CC" && { - if type gcc >/dev/null; then - export AFL_CC=gcc - else - if type clang >/dev/null; then - export AFL_CC=clang - fi - fi -} - . ./test-post.sh diff --git a/test/test-qemu-mode.sh b/test/test-qemu-mode.sh index 73b39a43..0cd6ef40 100755 --- a/test/test-qemu-mode.sh +++ b/test/test-qemu-mode.sh @@ -3,6 +3,16 @@ . ./test-pre.sh $ECHO "$BLUE[*] Testing: qemu_mode" +test -z "$AFL_CC" && { + if type gcc >/dev/null; then + export AFL_CC=gcc + else + if type clang >/dev/null; then + export AFL_CC=clang + fi + fi +} + test -e ../afl-qemu-trace && { cc -pie -fPIE -o test-instr ../test-instr.c cc -o test-compcov test-compcov.c -- cgit 1.4.1 From 1a713ff4205672bf1bb6f444e9e8ada39472471c Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 18 Feb 2021 19:39:46 +0100 Subject: fix qemu AFL_ENTRYPOINT for arm 32 and 64 bit --- test/test-qemu-mode.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'test/test-qemu-mode.sh') diff --git a/test/test-qemu-mode.sh b/test/test-qemu-mode.sh index 0cd6ef40..85578d55 100755 --- a/test/test-qemu-mode.sh +++ b/test/test-qemu-mode.sh @@ -39,14 +39,7 @@ test -e ../afl-qemu-trace && { $ECHO "$GREY[*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds" { { - if file test-instr | grep -q "32-bit"; then - # for 32-bit reduce 8 nibbles to the lower 7 nibbles - ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.//'` - else - # for 64-bit reduce 16 nibbles to the lower 9 nibbles - ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//'` - fi - export AFL_ENTRYPOINT=`expr 0x4${ADDR_LOWER_PART}` + export AFL_ENTRYPOINT=`printf 1 | AFL_DEBUG=1 ../afl-qemu-trace ./test-instr 2>&1 >/dev/null | awk '/forkserver/{print $4; exit}'` $ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(nm test-instr | grep "T main") - $(file ./test-instr) ../afl-fuzz -m ${MEM_LIMIT} -V2 -Q -i in -o out -- ./test-instr unset AFL_ENTRYPOINT -- cgit 1.4.1