From 5a26656ea1095083def4c82918116b2d5cb2e641 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 13 Jul 2020 10:35:43 +0200 Subject: add floating point test cases. One for fuzzing (test-floatingpoint.c) and one for testing all cases with the instrumented program (test-fp_cases.c) --- test/test.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index 90920215..d76c1902 100755 --- a/test/test.sh +++ b/test/test.sh @@ -372,8 +372,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { $ECHO "$YELLOW[-] llvm_mode InsTrim not compiled, cannot test" INCOMPLETE=1 } - AFL_LLVM_INSTRUMENT=AFL - AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1 + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1 test -e test-compcov.compcov && test_compcov_binary_functionality ./test-compcov.compcov && { grep --binary-files=text -Eq " [ 123][0-9][0-9] location| [3-9][0-9] location" test.out && { $ECHO "$GREEN[+] llvm_mode laf-intel/compcov feature works correctly" @@ -386,6 +385,25 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov.compcov test.out + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c > test.out 2>&1 + test -e test-floatingpoint && { + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 16 seconds" + { + AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -V16 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" + } || { + $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature compilation failed" + CODE=1 + } + rm -f test-floatingpoint test.out in/in echo foobar.c > instrumentlist.txt AFL_DEBUG=1 AFL_LLVM_INSTRUMENT_FILE=instrumentlist.txt ../afl-clang-fast -o test-compcov test-compcov.c > test.out 2>&1 test -e test-compcov && test_compcov_binary_functionality ./test-compcov && { -- cgit 1.4.1 From 6b79e1f76dee1dc5775b1e10edfa5b2180f553f8 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 13 Jul 2020 11:27:08 +0200 Subject: test.sh: FP fuzzing: check for crashes --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index d76c1902..9938a051 100755 --- a/test/test.sh +++ b/test/test.sh @@ -393,7 +393,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { { AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -V16 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" } || { $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature failed" -- cgit 1.4.1 From 95276f7da6ed9dd72556236f505a8997bee23387 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 13 Jul 2020 23:17:21 +0200 Subject: test float splitting increase timeout to 30 seconds --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index 9938a051..e901176e 100755 --- a/test/test.sh +++ b/test/test.sh @@ -389,9 +389,9 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { test -e test-floatingpoint && { mkdir -p in echo 0 > in/in - $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 16 seconds" + $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 30 seconds" { - AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -V16 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" -- cgit 1.4.1 From c5963f707c9a1b1ec0d869d90fabf09072093e1d Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 14 Jul 2020 23:42:47 +0200 Subject: make fuzzing of test-floatingpoint reproducible --- test/test-floatingpoint.c | 2 +- test/test.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'test/test.sh') diff --git a/test/test-floatingpoint.c b/test/test-floatingpoint.c index 76cdccf0..8f691c2c 100644 --- a/test/test-floatingpoint.c +++ b/test/test-floatingpoint.c @@ -3,7 +3,7 @@ int main(void) { - long double magic; + float magic; ssize_t bytes_read = read(STDIN_FILENO, &magic, sizeof(magic)); if (bytes_read < (ssize_t)sizeof(magic)) { return 1; } diff --git a/test/test.sh b/test/test.sh index e901176e..15082070 100755 --- a/test/test.sh +++ b/test/test.sh @@ -388,10 +388,10 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c > test.out 2>&1 test -e test-floatingpoint && { mkdir -p in - echo 0 > in/in + echo ZZ > in/in $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 30 seconds" { - AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -s1 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" -- cgit 1.4.1 From 131df8bec9dc9dd7cf7a1c03d7189ba72580f6ab Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 25 Jul 2020 16:39:36 +0200 Subject: try to fix travis --- test/test-floatingpoint.c | 24 +++++++++++++++--------- test/test.sh | 4 ++-- 2 files changed, 17 insertions(+), 11 deletions(-) (limited to 'test/test.sh') diff --git a/test/test-floatingpoint.c b/test/test-floatingpoint.c index 8f691c2c..083f0df5 100644 --- a/test/test-floatingpoint.c +++ b/test/test-floatingpoint.c @@ -1,17 +1,23 @@ #include #include +#include +#include -int main(void) { - - float magic; +__AFL_FUZZ_INIT(); - ssize_t bytes_read = read(STDIN_FILENO, &magic, sizeof(magic)); - if (bytes_read < (ssize_t)sizeof(magic)) { return 1; } - - if ((-magic == 15.0 + 0.5 + 0.125 + 0.03125 + - 0.0078125)) { /* 15 + 1/2 + 1/8 + 1/32 + 1/128 */ - abort(); +int main(void) { + ssize_t bytes_read; + + __AFL_INIT(); + float *magic = (float*)__AFL_FUZZ_TESTCASE_BUF; + + while (__AFL_LOOP(INT_MAX)) { + + if (__AFL_FUZZ_TESTCASE_LEN != sizeof(float)) return 1; + /* 15 + 1/2 + 1/8 + 1/32 + 1/128 */ + if ((-*magic == 15.0 + 0.5 + 0.125 + 0.03125 + 0.0078125)) abort(); + } return 0; diff --git a/test/test.sh b/test/test.sh index 15082070..dc85f745 100755 --- a/test/test.sh +++ b/test/test.sh @@ -385,13 +385,13 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov.compcov test.out - AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c > test.out 2>&1 + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_NO_UI=1 AFL_LLVM_LAF_ALL=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c > test.out 2>&1 test -e test-floatingpoint && { mkdir -p in echo ZZ > in/in $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 30 seconds" { - AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -s1 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -s 123 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" -- cgit 1.4.1 From a879f721313a35274ce2d65f9aeed344027a208e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 25 Jul 2020 17:38:40 +0200 Subject: fix --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index dc85f745..76b089e7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -385,13 +385,13 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov.compcov test.out - AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_NO_UI=1 AFL_LLVM_LAF_ALL=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c > test.out 2>&1 + AFL_LLVM_INSTRUMENT=AFL AFL_LLVM_LAF_ALL=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c > test.out 2>&1 test -e test-floatingpoint && { mkdir -p in echo ZZ > in/in $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 30 seconds" { - AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -s 123 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -s 123 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" -- cgit 1.4.1 From 5ce55d87ecf5d3f0e8fbd0e1ce68f74efb0cf528 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 30 Jul 2020 13:46:52 +0200 Subject: make travis green again (floating point testcase), but all laf testcases need AFL_DEBUG=1 (that is another bug) --- test/test-floatingpoint.c | 9 +++++++-- test/test.sh | 7 ++++--- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'test/test.sh') diff --git a/test/test-floatingpoint.c b/test/test-floatingpoint.c index acecd55a..d1709b90 100644 --- a/test/test-floatingpoint.c +++ b/test/test-floatingpoint.c @@ -14,8 +14,13 @@ int main(void) { while (__AFL_LOOP(INT_MAX)) { - if (__AFL_FUZZ_TESTCASE_LEN != sizeof(float)) return 1; - /* 15 + 1/2 + 1/8 + 1/32 + 1/128 */ + int len = __AFL_FUZZ_TESTCASE_LEN; + if (len != sizeof(float)) return 1; + + /* 15 + 1/2 = 15.5 */ + /* 15 + 1/2 + 1/8 = 15.625 */ + /* 15 + 1/2 + 1/8 + 1/32 = 15.65625 */ + /* 15 + 1/2 + 1/8 + 1/32 + 1/128 = 15.6640625 */ if ((-*magic == 15.0 + 0.5 + 0.125 + 0.03125 + 0.0078125)) abort(); } diff --git a/test/test.sh b/test/test.sh index 76b089e7..427509a4 100755 --- a/test/test.sh +++ b/test/test.sh @@ -385,17 +385,18 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov.compcov test.out - AFL_LLVM_INSTRUMENT=AFL AFL_LLVM_LAF_ALL=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c > test.out 2>&1 + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_ALL=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c test -e test-floatingpoint && { mkdir -p in - echo ZZ > in/in + echo ZZZZ > in/in $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 30 seconds" { - AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -s 123 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -s 1 -V30 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" } || { + cat errors $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature failed" CODE=1 } -- cgit 1.4.1 From da8b464e679ce514bfd8cfd80d67e6c93ba33df9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 30 Jul 2020 16:07:47 +0200 Subject: fix test.sh --- test/test.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index 427509a4..e410321d 100755 --- a/test/test.sh +++ b/test/test.sh @@ -7,6 +7,10 @@ test -z "" 2>/dev/null || { echo Error: test command not found ; exit 1 ; } GREP=`type grep > /dev/null 2>&1 && echo OK` test "$GREP" = OK || { echo Error: grep command not found ; exit 1 ; } echo foobar | grep -qE 'asd|oob' 2>/dev/null || { echo Error: grep command does not support -q and/or -E option ; exit 1 ; } +test -e ./test.sh || cd $(dirname $0) || exit 1 +test -e ./test.sh || { echo Error: you must be in the test/ directory ; exit 1 ; } +export AFL_PATH=`pwd`/.. + echo 1 > test.1 echo 1 > test.2 OK=OK @@ -202,7 +206,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc rm -f in2/in* export AFL_QUIET=1 if command -v bash >/dev/null ; then { - AFL_PATH=`pwd`/.. ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null + ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null CNT=`ls in2/* 2>/dev/null | wc -l` case "$CNT" in *2) $ECHO "$GREEN[+] afl-cmin.bash correctly minimized the number of testcases" ;; @@ -326,7 +330,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { rm -f in2/in* export AFL_QUIET=1 if type bash >/dev/null ; then { - AFL_PATH=`pwd`/.. ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null + ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null CNT=`ls in2/* 2>/dev/null | wc -l` case "$CNT" in *2) $ECHO "$GREEN[+] afl-cmin.bash correctly minimized the number of testcases" ;; @@ -385,7 +389,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov.compcov test.out - AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_ALL=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c test -e test-floatingpoint && { mkdir -p in echo ZZZZ > in/in -- cgit 1.4.1 From cbe8f0a9d08437df921fa20b2d678aad65fb526c Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 30 Jul 2020 17:00:10 +0200 Subject: cleanup messages in floating point test case --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index e410321d..437a5113 100755 --- a/test/test.sh +++ b/test/test.sh @@ -389,7 +389,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov.compcov test.out - AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c + AFL_LLVM_INSTRUMENT=AFL AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c >errors test -e test-floatingpoint && { mkdir -p in echo ZZZZ > in/in -- cgit 1.4.1 From 486e5365d9e5cb56ffd5b5ade2f81a728de4a175 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 30 Jul 2020 18:01:18 +0200 Subject: fix float splitting if not on a tty --- llvm_mode/split-compares-pass.so.cc | 38 ++++++++++++++++++++++++------------- test/test-floatingpoint.c | 2 +- test/test.sh | 2 +- 3 files changed, 27 insertions(+), 15 deletions(-) (limited to 'test/test.sh') diff --git a/llvm_mode/split-compares-pass.so.cc b/llvm_mode/split-compares-pass.so.cc index 55128ca2..f65adde8 100644 --- a/llvm_mode/split-compares-pass.so.cc +++ b/llvm_mode/split-compares-pass.so.cc @@ -1247,7 +1247,8 @@ size_t SplitComparesTransform::splitIntCompares(Module &M, unsigned bitw) { bool SplitComparesTransform::runOnModule(Module &M) { - int bitw = 64; + int bitw = 64; + size_t count; char *bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW"); if (!bitw_env) bitw_env = getenv("LAF_SPLIT_COMPARES_BITW"); @@ -1261,18 +1262,26 @@ bool SplitComparesTransform::runOnModule(Module &M) { errs() << "Split-compare-pass by laf.intel@gmail.com, extended by " "heiko@hexco.de\n"; - if (enableFPSplit) { + } else { + + be_quiet = 1; + + } + + if (enableFPSplit) { - errs() << "Split-floatingpoint-compare-pass: " << splitFPCompares(M) + count = splitFPCompares(M); + + if (!be_quiet) { + + errs() << "Split-floatingpoint-compare-pass: " << count << " FP comparisons splitted\n"; } - } else + simplifyFPCompares(M); - be_quiet = 1; - - if (enableFPSplit) simplifyFPCompares(M); + } simplifyCompares(M); @@ -1281,9 +1290,10 @@ bool SplitComparesTransform::runOnModule(Module &M) { switch (bitw) { case 64: + count = splitIntCompares(M, bitw); if (!be_quiet) - errs() << "Split-integer-compare-pass " << bitw - << "bit: " << splitIntCompares(M, bitw) << " splitted\n"; + errs() << "Split-integer-compare-pass " << bitw << "bit: " << count + << " splitted\n"; bitw >>= 1; #if LLVM_VERSION_MAJOR > 3 || \ @@ -1291,9 +1301,10 @@ bool SplitComparesTransform::runOnModule(Module &M) { [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ #endif case 32: + count = splitIntCompares(M, bitw); if (!be_quiet) - errs() << "Split-integer-compare-pass " << bitw - << "bit: " << splitIntCompares(M, bitw) << " splitted\n"; + errs() << "Split-integer-compare-pass " << bitw << "bit: " << count + << " splitted\n"; bitw >>= 1; #if LLVM_VERSION_MAJOR > 3 || \ @@ -1301,9 +1312,10 @@ bool SplitComparesTransform::runOnModule(Module &M) { [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ #endif case 16: + count = splitIntCompares(M, bitw); if (!be_quiet) - errs() << "Split-integer-compare-pass " << bitw - << "bit: " << splitIntCompares(M, bitw) << " splitted\n"; + errs() << "Split-integer-compare-pass " << bitw << "bit: " << count + << " splitted\n"; bitw >>= 1; break; diff --git a/test/test-floatingpoint.c b/test/test-floatingpoint.c index 3a699595..66d84411 100644 --- a/test/test-floatingpoint.c +++ b/test/test-floatingpoint.c @@ -15,7 +15,7 @@ int main(void) { while (__AFL_LOOP(INT_MAX)) { int len = __AFL_FUZZ_TESTCASE_LEN; - if (len != sizeof(float)) return 1; + if (len < sizeof(float)) return 1; /* 15 + 1/2 = 15.5 */ /* 15 + 1/2 + 1/8 = 15.625 */ diff --git a/test/test.sh b/test/test.sh index 437a5113..dea9134f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -389,7 +389,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov.compcov test.out - AFL_LLVM_INSTRUMENT=AFL AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c >errors + AFL_LLVM_INSTRUMENT=AFL AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c >errors 2>&1 test -e test-floatingpoint && { mkdir -p in echo ZZZZ > in/in -- cgit 1.4.1 From 25ad992c62ad7abd2569ce89e7bb62f10c6423ac Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 31 Jul 2020 18:26:18 +0200 Subject: fix travis --- test/test.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index dea9134f..e4822451 100755 --- a/test/test.sh +++ b/test/test.sh @@ -10,6 +10,7 @@ echo foobar | grep -qE 'asd|oob' 2>/dev/null || { echo Error: grep command does test -e ./test.sh || cd $(dirname $0) || exit 1 test -e ./test.sh || { echo Error: you must be in the test/ directory ; exit 1 ; } export AFL_PATH=`pwd`/.. +export AFL_NO_AFFINITY=1 echo 1 > test.1 echo 1 > test.2 -- cgit 1.4.1 From b7bcc50c61deecd3596160aabf18e15bba548421 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 31 Jul 2020 19:09:04 +0200 Subject: reenable cpu tests in test.sh --- test/test.sh | 1 - 1 file changed, 1 deletion(-) (limited to 'test/test.sh') diff --git a/test/test.sh b/test/test.sh index e4822451..dea9134f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -10,7 +10,6 @@ echo foobar | grep -qE 'asd|oob' 2>/dev/null || { echo Error: grep command does test -e ./test.sh || cd $(dirname $0) || exit 1 test -e ./test.sh || { echo Error: you must be in the test/ directory ; exit 1 ; } export AFL_PATH=`pwd`/.. -export AFL_NO_AFFINITY=1 echo 1 > test.1 echo 1 > test.2 -- cgit 1.4.1 From 9d82c3cf5e131030073d6a4df1b2102573a8ace4 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 3 Aug 2020 11:30:34 +0200 Subject: test for llvm cmplog --- test/test-cmplog.c | 27 +++++++++++++++++++++++++++ test/test.sh | 22 ++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 test/test-cmplog.c (limited to 'test/test.sh') diff --git a/test/test-cmplog.c b/test/test-cmplog.c new file mode 100644 index 00000000..75efd887 --- /dev/null +++ b/test/test-cmplog.c @@ -0,0 +1,27 @@ +#include +#include +#include +#include +#include +#include +int main(int argc, char *argv[]) { + char buf[1024]; + ssize_t i; + if ((i = read(0, buf, sizeof(buf) - 1)) < 24) + return 0; + buf[i] = 0; + if (buf[0] != 'A') + return 0; + if (buf[1] != 'B') + return 0; + if (buf[2] != 'C') + return 0; + if (buf[3] != 'D') + return 0; + if (memcmp(buf + 4, "1234", 4) || memcmp(buf + 8, "EFGH", 4)) + return 0; + if (strncmp(buf + 12, "IJKL", 4) == 0 && strcmp(buf + 16, "DEADBEEF") == 0) + abort(); + return 0; +} + diff --git a/test/test.sh b/test/test.sh index dea9134f..46843d4a 100755 --- a/test/test.sh +++ b/test/test.sh @@ -423,6 +423,28 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-compcov test.out instrumentlist.txt + AFL_LLVM_CMPLOG=1 ../afl-clang-fast -o test-cmplog test-cmplog.c > /dev/null 2>&1 + test -e test-cmplog && { + $ECHO "$GREY[*] running afl-fuzz for llvm_mode cmplog, this will take approx 10 seconds" + { + mkdir -p in + echo 0000000000000000000000000 > in/in + ../afl-fuzz -m none -V10 -i in -o out -c./test-cmplog -- ./test-cmplog >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/crashes/id:000000* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode cmplog" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode cmplog" + CODE=1 + } + } || { + $ECHO "$YELLOW[-] we cannot test llvm_mode cmplog because it is not present" + INCOMPLETE=1 + } + rm -rf errors test-cmplog in ../afl-clang-fast -o test-persistent ../examples/persistent_demo/persistent_demo.c > /dev/null 2>&1 test -e test-persistent && { echo foo | ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -q -r ./test-persistent && { -- cgit 1.4.1