From 287828fe0bef3224e5e4f0b80e880235570876e4 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 11 Oct 2019 03:24:50 +0200 Subject: if afl-clang has to be used, extend the hardening test as from llvm_mode --- test/test.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 44236b63..0c5c18f7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -64,7 +64,7 @@ $ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap and afl-fuzz" test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 - AFL_HARDEN=1 ../${AFL_GCC} -o test-instr.harden ../test-instr.c > /dev/null 2>&1 + AFL_HARDEN=1 ../${AFL_GCC} -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { $ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded" echo 0 | ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.0 -r -- ./test-instr.plain > /dev/null 2>&1 @@ -76,11 +76,11 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { } || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" rm -f test-instr.plain.0 test-instr.plain.1 } || $ECHO "$RED[!] ${AFL_GCC} failed" - test -e test-instr.harden && { - grep -qa fstack-protector-all test-instr.harden > /dev/null 2>&1 && { + test -e test-compcov.harden && { + grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { $ECHO "$GREEN[+] ${AFL_GCC} hardened mode succeeded and is working" } || $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened" - rm -f test-instr.harden + rm -f test-compcov.harden } || $ECHO "$RED[!] ${AFL_GCC} hardened mode compilation failed" # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux -- cgit v1.2.3 From 132ecc0580e35a629ce7b6c0d9441ac63262318d Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 12 Oct 2019 01:49:23 +0200 Subject: catch afl-fuzz's output and print it in case of errors --- test/test.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 0c5c18f7..a7376d16 100755 --- a/test/test.sh +++ b/test/test.sh @@ -97,12 +97,15 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for ${AFL_GCC}, this will take approx 10 seconds" { - ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" - rm -rf in out + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" + } + rm -rf in out errors } rm -f test-instr.plain } || $ECHO "$YELLOW[-] afl is not compiled, cannot test" @@ -144,12 +147,15 @@ test -e ../afl-clang-fast && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for llvm_mode, this will take approx 10 seconds" { - ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" - rm -rf in out + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" + } + rm -rf in out errors } rm -f test-instr.plain -- cgit v1.2.3 From bd312607a36a319ecfbd01820dc1ac222afabcd2 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 12 Oct 2019 00:39:59 +0200 Subject: add afl-fuzz error capturing for qemu_mode and unicorn_mode --- test/test.sh | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index a7376d16..27bf708f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -222,24 +222,31 @@ test -e ../afl-qemu-trace && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for qemu_mode, this will take approx 10 seconds" { - ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + } + rm -f errors test -e ../libcompcov.so && { $ECHO "$GREY[*] running afl-fuzz for qemu_mode libcompcov, this will take approx 10 seconds" { export AFL_PRELOAD=../libcompcov.so export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V10 -Q -i in -o out -- ./test-compcov > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -Q -i in -o out -- ./test-compcov >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode libcompcov" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" + } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" - rm -rf in out + rm -rf in out errors } } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" @@ -267,21 +274,28 @@ test -d ../unicorn_mode/unicorn && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 15 seconds" { - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" + } + rm -f errors $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" - rm -rf in out + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" + } + rm -rf in out errors } } || $ECHO "$RED[-] missing sample binaries in unicorn_mode/samples/ - what is going on??" -- cgit v1.2.3 From 8f854ee83a6dd70ff5a3e70f6064928b35d2ab17 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Sun, 13 Oct 2019 10:34:51 +0200 Subject: test for persistent qemu --- test/test.sh | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 27bf708f..94d28047 100755 --- a/test/test.sh +++ b/test/test.sh @@ -113,7 +113,11 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { $ECHO "$BLUE[*] Testing: llvm_mode" test -e ../afl-clang-fast && { # on FreeBSD need to set AFL_CC - export AFL_CC=`llvm-config --bindir`/clang + if which clang >/dev/null; then + export AFL_CC=`which clang` + else + export AFL_CC=`llvm-config --bindir`/clang + fi ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { @@ -244,25 +248,28 @@ test -e ../afl-qemu-trace && { } || { cat errors $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" - } + } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" + rm -f errors + + $ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" + { + export AFL_QEMU_PERSISTENT_ADDR=0x$(nm test-instr | grep "T main" | awk '{ print $1 }') + export AFL_QEMU_PERSISTENT_GPR=1 + ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr > /dev/null 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" + exit 1 + } + $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" rm -rf in out errors } } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" - $ECHO "$YELLOW[?] we need a test case for qemu_mode persistent mode" - $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" - # This works but there are already problems with persistent (e.g. stability) - #$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" - #{ - # export AFL_QEMU_PERSISTENT_ADDR=0x$(nm test-instr | grep "T main" | awk '{ print $1 }') - # export AFL_QEMU_PERSISTENT_GPR=1 - # ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr > /dev/null 2>&1 - #} > /dev/null 2>&1 - #test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { - # $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" - #} || $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" - rm -f test-instr test-compcov } || $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" -- cgit v1.2.3 From 540de896e346694dd6df03bf4b3676388b53fecf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 14 Oct 2019 11:08:25 +0200 Subject: more time for test case --- test/test.sh | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 94d28047..d5372233 100755 --- a/test/test.sh +++ b/test/test.sh @@ -102,7 +102,9 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" } || { - cat errors + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" } rm -rf in out errors @@ -156,7 +158,9 @@ test -e ../afl-clang-fast && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" } rm -rf in out errors @@ -231,7 +235,9 @@ test -e ../afl-qemu-trace && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" } rm -f errors @@ -246,7 +252,9 @@ test -e ../afl-qemu-trace && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode libcompcov" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" @@ -261,7 +269,9 @@ test -e ../afl-qemu-trace && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" exit 1 } @@ -286,20 +296,24 @@ test -d ../unicorn_mode/unicorn && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" } rm -f errors - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" } rm -rf in out errors -- cgit v1.2.3 From 77695d75bb9619807dc27d3542e81b6b6332e2cf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 15 Oct 2019 17:14:59 +0200 Subject: test.sh check to see if qemu persistent mode is faster --- test/test.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index d5372233..4fcd132e 100755 --- a/test/test.sh +++ b/test/test.sh @@ -234,6 +234,7 @@ test -e ../afl-qemu-trace && { } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" + RUNTIME=`grep execs_done out/fuzzer_stats | awk '{print$3}'` } || { echo CUT------------------------------------------------------------------CUT cat errors @@ -268,6 +269,18 @@ test -e ../afl-qemu-trace && { } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" + RUNTIMEP=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + test -n "$RUNTIME" -a -n "$RUNTIMEP" && { + SLOW=`expr $RUNTIME '*' 103` # persistent mode should be at least 3% faster - minimum! + FAST=`expr $RUNTIMEP '*' 100` + test "$SLOW" -lt "$FAST" && { + $ECHO "$GREEN[+] persistent qemu_mode was noticeable faster than standard qemu_mode" + } || { + $ECHO "$YELLOW[?] persistent qemu_mode was not noticeable faster than standard qemu_mode" + } + } || { + $ECHO "$YELLOW[?] we got no data on executions performed? weird!" + } } || { echo CUT------------------------------------------------------------------CUT cat errors -- cgit v1.2.3 From f2a1456e940949a1cb976795ff3bc054e0a3c3b5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 17 Oct 2019 11:31:12 +0200 Subject: needed increased unicorn test time --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 4fcd132e..e93e19f8 100755 --- a/test/test.sh +++ b/test/test.sh @@ -302,9 +302,9 @@ test -d ../unicorn_mode/unicorn && { { mkdir -p in echo 0 > in/in - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 15 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" -- cgit v1.2.3 From f4a74a3405d140e81111657ca28b994c5758286c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Oct 2019 10:10:47 +0200 Subject: added test/test-performance.sh --- test/test-performance.sh | 189 +++++++++++++++++++++++++++++++++++++++++++++++ test/test.sh | 15 ++-- 2 files changed, 197 insertions(+), 7 deletions(-) create mode 100755 test/test-performance.sh (limited to 'test') diff --git a/test/test-performance.sh b/test/test-performance.sh new file mode 100755 index 00000000..198b58c4 --- /dev/null +++ b/test/test-performance.sh @@ -0,0 +1,189 @@ +#!/bin/bash + +FILE=~/.afl_performance + +test -e $FILE || { + echo Warning: This script measure the performance of afl++ and saves the result for future comparisons into $FILE + echo Press ENTER to continue or CONTROL-C to abort + read IN +} + +export AFL_QUIET=1 +unset AFL_EXIT_WHEN_DONE +unset AFL_SKIP_CPUFREQ +unset AFL_DEBUG +unset AFL_HARDEN +unset AFL_USE_ASAN +unset AFL_USE_MSAN +unset AFL_CC +unset AFL_PRELOAD +unset AFL_LLVM_WHITELIST +unset AFL_LLVM_INSTRIM +unset AFL_LLVM_LAF_SPLIT_SWITCHES +unset AFL_LLVM_LAF_TRANSFORM_COMPARES +unset AFL_LLVM_LAF_SPLIT_COMPARES + +# on OpenBSD we need to work with llvm from /usr/local/bin +test -e /usr/local/bin/opt && { + export PATH=/usr/local/bin:${PATH} +} +# on MacOS X we prefer afl-clang over afl-gcc, because +# afl-gcc does not work there +test `uname -s` = 'Darwin' -o `uname -s` = 'FreeBSD' && { + AFL_GCC=afl-clang +} || { + AFL_GCC=afl-gcc +} + +ECHO="printf %b\\n" +$ECHO \\101 2>&1 | grep -qE '^A' || { + ECHO= + test -e /bin/printf && { + ECHO="/bin/printf %b\\n" + $ECHO '\\101' 2>&1 | grep -qE '^A' || ECHO= + } +} +test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } + +GREY="\\033[1;90m" +BLUE="\\033[1;94m" +GREEN="\\033[0;32m" +RED="\\033[0;31m" +YELLOW="\\033[1;93m" +RESET="\\033[0m" + +MEM_LIMIT=150 + +>> $FILE || { echo Error: can not write to $FILE ; exit 1 ; } + +echo Warning: this script is setting performance parameters with afl-system-config +sleep 1 +afl-system-config > /dev/null 2>&1 +echo Performance settings applied. +echo + +$ECHO "${RESET}${GREY}[*] starting afl++ performance test framework ..." + +$ECHO "$BLUE[*] Testing: ${AFL_GCC}" +GCC=x +test -e ../${AFL_GCC} -a -e ../afl-fuzz && { + ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 + test -e test-instr.plain && { + $ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded" + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for ${AFL_GCC} for 30 seconds" + { + ../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-gcc -- ./test-instr.plain + } >>errors 2>&1 + test -n "$( ls out-gcc/queue/id:000002* 2> /dev/null )" && { + GCC=`grep execs_done out-gcc/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT---------------------------------------------------------------- + cat errors + echo CUT---------------------------------------------------------------- + $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" + } + rm -rf in out-gcc errors test-instr.plain + } || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" +} || $ECHO "$YELLOW[-] afl is not compiled, cannot test" + +$ECHO "$BLUE[*] Testing: llvm_mode" +LLVM=x +test -e ../afl-clang-fast -a -e ../afl-fuzz && { + ../afl-clang-fast -o test-instr.llvm ../test-instr.c > /dev/null 2>&1 + test -e test-instr.llvm && { + $ECHO "$GREEN[+] llvm_mode compilation succeeded" + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for llvm_mode for 30 seconds" + { + ../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-llvm -- ./test-instr.llvm + } >>errors 2>&1 + test -n "$( ls out-llvm/queue/id:000002* 2> /dev/null )" && { + LLVM=`grep execs_done out-llvm/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT---------------------------------------------------------------- + cat errors + echo CUT---------------------------------------------------------------- + $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" + } + rm -rf in out-llvm errors test-instr.llvm + } || $ECHO "$RED[!] llvm_mode instrumentation failed" +} || $ECHO "$YELLOW[-] llvm_mode is not compiled, cannot test" + +$ECHO "$BLUE[*] Testing: qemu_mode" +QEMU=x +test -e ../afl-qemu-trace -a -e ../afl-fuzz && { + cc -o test-instr.qemu ../test-instr.c > /dev/null 2>&1 + test -e test-instr.qemu && { + $ECHO "$GREEN[+] native compilation with cc succeeded" + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for qemu_mode for 30 seconds" + { + ../afl-fuzz -Q -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-qemu -- ./test-instr.qemu + } >>errors 2>&1 + test -n "$( ls out-qemu/queue/id:000002* 2> /dev/null )" && { + QEMU=`grep execs_done out-qemu/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT---------------------------------------------------------------- + cat errors + echo CUT---------------------------------------------------------------- + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + } + rm -rf in out-qemu errors test-instr.qemu + } || $ECHO "$RED[!] qemu_mode instrumentation failed" +} || $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" + +LOW_GCC= +HIGH_GCC= +LAST_GCC= +LOW_LLVM= +HIGH_LLVM= +LAST_LLVM= +LOW_QEMU= +HIGH_QEMU= +LAST_QEMU= + +test -s $FILE && { + while read LINE; do + G=`echo $LINE | awk '{print$1}'` + L=`echo $LINE | awk '{print$2}'` + Q=`echo $LINE | awk '{print$3}'` + test "$G" = x && G= + test "$L" = x && L= + test "$Q" = x && Q= + test -n "$G" && LAST_GCC=$G + test -n "$L" && LAST_LLVM=$L + test -n "$Q" && LAST_QEMU=$Q + test -n "$G" -a -z "$LOW_GCC" && LOW_GCC=$G || { + test -n "$G" -a "$G" -lt "$LOW_GCC" 2> /dev/null && LOW_GCC=$G + } + test -n "$L" -a -z "$LOW_LLVM" && LOW_LLVM=$L || { + test -n "$L" -a "$L" -lt "$LOW_LLVM" 2> /dev/null && LOW_LLVM=$L + } + test -n "$Q" -a -z "$LOW_QEMU" && LOW_QEMU=$Q || { + test -n "$Q" -a "$Q" -lt "$LOW_QEMU" 2> /dev/null && LOW_QEMU=$Q + } + test -n "$G" -a -z "$HIGH_GCC" && HIGH_GCC=$G || { + test -n "$G" -a "$G" -gt "$HIGH_GCC" 2> /dev/null && HIGH_GCC=$G + } + test -n "$L" -a -z "$HIGH_LLVM" && HIGH_LLVM=$L || { + test -n "$L" -a "$L" -gt "$HIGH_LLVM" 2> /dev/null && HIGH_LLVM=$L + } + test -n "$Q" -a -z "$HIGH_QEMU" && HIGH_QEMU=$Q || { + test -n "$Q" -a "$Q" -gt "$HIGH_QEMU" 2> /dev/null && HIGH_QEMU=$Q + } + done < $FILE + $ECHO "$YELLOW[!] Reading saved data from $FILE completed, please compare the results:" + $ECHO "$BLUE[!] afl-cc: lowest=$LOW_GCC highest=$HIGH_GCC last=$LAST_GCC current=$GCC" + $ECHO "$BLUE[!] llvm_mode: lowest=$LOW_LLVM highest=$HIGH_LLVM last=$LAST_LLVM current=$LLVM" + $ECHO "$BLUE[!] qemu_mode: lowest=$LOW_QEMU highest=$HIGH_QEMU last=$LAST_QEMU current=$QEMU" +} || { + $ECHO "$YELLOW[!] First run, just saving data" + $ECHO "$BLUE[!] afl-gcc=$GCC llvm_mode=$LLVM qemu_mode=$QEMU" +} +echo "$GCC $LLVM $QEMU" >> $FILE +$ECHO "$GREY[*] done." +$ECHO "$RESET" diff --git a/test/test.sh b/test/test.sh index e93e19f8..ab2985fe 100755 --- a/test/test.sh +++ b/test/test.sh @@ -46,10 +46,11 @@ test -e /usr/local/bin/opt && { # on MacOS X we prefer afl-clang over afl-gcc, because # afl-gcc does not work there test `uname -s` = 'Darwin' -o `uname -s` = 'FreeBSD' && { -AFL_GCC=afl-clang + AFL_GCC=afl-clang } || { -AFL_GCC=afl-gcc + AFL_GCC=afl-gcc } + GREY="\\033[1;90m" BLUE="\\033[1;94m" GREEN="\\033[0;32m" @@ -102,9 +103,9 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" } || { - echo CUT------------------------------------------------------------------CUT - cat errors - echo CUT------------------------------------------------------------------CUT + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" } rm -rf in out errors @@ -116,9 +117,9 @@ $ECHO "$BLUE[*] Testing: llvm_mode" test -e ../afl-clang-fast && { # on FreeBSD need to set AFL_CC if which clang >/dev/null; then - export AFL_CC=`which clang` + export AFL_CC=`which clang` else - export AFL_CC=`llvm-config --bindir`/clang + export AFL_CC=`llvm-config --bindir`/clang fi ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 -- cgit v1.2.3 From e7ab8be0cd97f9a18e6ca2f855afa69768322dfb Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 18 Oct 2019 19:53:10 +0200 Subject: sync afl-fast-gcc with afl-clang-fast, add tests for gcc_plugin --- test/test.sh | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index ab2985fe..1c5cdda6 100755 --- a/test/test.sh +++ b/test/test.sh @@ -200,6 +200,75 @@ test -e ../afl-clang-fast && { rm -f test-persistent } || $ECHO "$YELLOW[-] llvm_mode not compiled, cannot test" +$ECHO "$BLUE[*] Testing: gcc_plugin" +export AFL_CC=`which gcc` +test -e ../afl-gcc-fast && { + ../afl-gcc-fast -o test-instr.plain.gccpi ../test-instr.c > /dev/null 2>&1 + AFL_HARDEN=1 ../afl-gcc-fast -o test-compcov.harden.gccpi test-compcov.c > /dev/null 2>&1 + test -e test-instr.plain.gccpi && { + $ECHO "$GREEN[+] gcc_plugin compilation succeeded" + echo 0 | ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.0 -r -- ./test-instr.plain.gccpi > /dev/null 2>&1 + ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.1 -r -- ./test-instr.plain.gccpi < /dev/null > /dev/null 2>&1 + test -e test-instr.plain.0 -a -e test-instr.plain.1 && { + diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { + $ECHO "$RED[!] gcc_plugin instrumentation should be different on different input but is not" + } || $ECHO "$GREEN[+] gcc_plugin instrumentation present and working correctly" + } || $ECHO "$RED[!] gcc_plugin instrumentation failed" + rm -f test-instr.plain.0 test-instr.plain.1 + } || $ECHO "$RED[!] gcc_plugin failed" + + test -e test-compcov.harden.gccpi && { + grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden.gccpi > /dev/null 2>&1 && { + $ECHO "$GREEN[+] gcc_plugin hardened mode succeeded and is working" + } || $ECHO "$RED[!] gcc_plugin hardened mode is not hardened" + rm -f test-compcov.harden.gccpi + } || $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" + # now we want to be sure that afl-fuzz is working + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + true + }) || + # make sure crash reporter is disabled on Mac OS X + (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + true + }) || { + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for gcc_plugin, this will take approx 10 seconds" + { + ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain.gccpi >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with gcc_plugin" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with gcc_plugin" + } + rm -rf in out errors + } + rm -f test-instr.plain.gccpi + + # now for the special gcc_plugin things + echo foobar.c > whitelist.txt + AFL_GCC_WHITELIST=whitelist.txt ../afl-gcc-fast -o test-compcov test-compcov.c > /dev/null 2>&1 + test -e test-compcov && { + echo 1 | ../afl-showmap -m ${MEM_LIMIT} -o - -r -- ./test-compcov 2>&1 | grep -q "Captured 1 tuples" && { + $ECHO "$GREEN[+] gcc_plugin whitelist feature works correctly" + } || $ECHO "$RED[!] gcc_plugin whitelist feature failed" + } || $ECHO "$RED[!] gcc_plugin whitelist feature compilation failed" + rm -f test-compcov test.out whitelist.txt + ../afl-gcc-fast -o test-persistent ../experimental/persistent_demo/persistent_demo.c > /dev/null 2>&1 + test -e test-persistent && { + echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { + $ECHO "$GREEN[+] gcc_plugin persistent mode feature works correctly" + } || $ECHO "$RED[!] gcc_plugin persistent mode feature failed to work" + } || $ECHO "$RED[!] gcc_plugin persistent mode feature compilation failed" + rm -f test-persistent +} || $ECHO "$YELLOW[-] gcc_plugin not compiled, cannot test" + $ECHO "$BLUE[*] Testing: shared library extensions" gcc -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { -- cgit v1.2.3 From d0bbef74ef4ecdf41f7b88b77ff833b563d78450 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sun, 20 Oct 2019 02:35:06 +0200 Subject: loading dynamical libraries on Darwin/MacOSX is done with DYLD_INSERT_LIBRARIES --- test/test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 1c5cdda6..d1be014f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -281,7 +281,8 @@ test -e ../libtokencap.so && { test -e ../libdislocator.so && { { ulimit -c 1 - LD_PRELOAD=../libdislocator.so ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null + # DYLD_INSERT_LIBRARIES is used on Darwin/MacOSX + LD_PRELOAD=../libdislocator.so DYLD_INSERT_LIBRARIES=../libdislocator.so ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null } > /dev/null 2>&1 grep -q BUFFEROVERFLOW test.out > /dev/null 2>&1 && { $ECHO "$RED[!] libdislocator did not detect the memory corruption" -- cgit v1.2.3 From b9bc81544a438868529fbe040f4734256dce7a1d Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 23 Oct 2019 14:53:05 +0200 Subject: debugged and fixed libdislocator malfunction on MacOSX --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index d1be014f..598fb502 100755 --- a/test/test.sh +++ b/test/test.sh @@ -281,8 +281,8 @@ test -e ../libtokencap.so && { test -e ../libdislocator.so && { { ulimit -c 1 - # DYLD_INSERT_LIBRARIES is used on Darwin/MacOSX - LD_PRELOAD=../libdislocator.so DYLD_INSERT_LIBRARIES=../libdislocator.so ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null + # DYLD_INSERT_LIBRARIES and DYLD_FORCE_FLAT_NAMESPACE is used on Darwin/MacOSX + LD_PRELOAD=../libdislocator.so DYLD_INSERT_LIBRARIES=../libdislocator.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null } > /dev/null 2>&1 grep -q BUFFEROVERFLOW test.out > /dev/null 2>&1 && { $ECHO "$RED[!] libdislocator did not detect the memory corruption" -- cgit v1.2.3 From 39b7f488705a7e242b7a54695ca8e03fb2e73d81 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 23 Oct 2019 17:01:05 +0200 Subject: performance doc enhancements --- test/test-performance.sh | 7 ++++++- test/test.sh | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/test-performance.sh b/test/test-performance.sh index 198b58c4..87eea665 100755 --- a/test/test-performance.sh +++ b/test/test-performance.sh @@ -1,6 +1,10 @@ #!/bin/bash -FILE=~/.afl_performance +# if you want a specific performance file (e.g. to compare features to another) +# you can set the AFL_PERFORMANCE_FILE environment variable: +FILE=$AFL_PERFORMANCE_FILE +# otherwise we use ~/.afl_performance +test -z "$FILE" && FILE=~/.afl_performance test -e $FILE || { echo Warning: This script measure the performance of afl++ and saves the result for future comparisons into $FILE @@ -17,6 +21,7 @@ unset AFL_USE_ASAN unset AFL_USE_MSAN unset AFL_CC unset AFL_PRELOAD +unset AFL_GCC_WHITELIST unset AFL_LLVM_WHITELIST unset AFL_LLVM_INSTRIM unset AFL_LLVM_LAF_SPLIT_SWITCHES diff --git a/test/test.sh b/test/test.sh index 598fb502..da0590ef 100755 --- a/test/test.sh +++ b/test/test.sh @@ -33,6 +33,7 @@ unset AFL_USE_ASAN unset AFL_USE_MSAN unset AFL_CC unset AFL_PRELOAD +unset AFL_GCC_WHITELIST unset AFL_LLVM_WHITELIST unset AFL_LLVM_INSTRIM unset AFL_LLVM_LAF_SPLIT_SWITCHES -- cgit v1.2.3 From cb7ada2e78333c3d53928adf0575cf04be8bb907 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 24 Oct 2019 22:32:37 +0200 Subject: fix libtokencap test for Darwin --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index da0590ef..e4a5eb63 100755 --- a/test/test.sh +++ b/test/test.sh @@ -273,7 +273,7 @@ test -e ../afl-gcc-fast && { $ECHO "$BLUE[*] Testing: shared library extensions" gcc -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { - AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so ./test-compcov foobar > /dev/null 2>&1 + AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { $ECHO "$GREEN[+] libtokencap did successfully capture tokens" } || $ECHO "$RED[!] libtokencap did not capture tokens" -- cgit v1.2.3 From b0036759fa991f5c940e40ad4b313fbe3504f6f8 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 25 Oct 2019 01:22:20 +0200 Subject: portability fix: use cc instead of gcc for test-compcov --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index e4a5eb63..42ddf70b 100755 --- a/test/test.sh +++ b/test/test.sh @@ -271,7 +271,7 @@ test -e ../afl-gcc-fast && { } || $ECHO "$YELLOW[-] gcc_plugin not compiled, cannot test" $ECHO "$BLUE[*] Testing: shared library extensions" -gcc -o test-compcov test-compcov.c > /dev/null 2>&1 +cc -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { -- cgit v1.2.3 From ae990ce8dcf3074d770d2595a98d4c7706959dff Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:38:01 +0100 Subject: travis updates --- test/test.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 42ddf70b..e75d9fc7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -26,6 +26,7 @@ test -z "$ECHO" && { printf Error: printf command does not support octal charact export AFL_EXIT_WHEN_DONE=1 export AFL_SKIP_CPUFREQ=1 +export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 unset AFL_QUIET unset AFL_DEBUG unset AFL_HARDEN @@ -87,7 +88,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -143,7 +144,7 @@ test -e ../afl-clang-fast && { } || $ECHO "$RED[!] llvm_mode hardened mode compilation failed" # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -226,7 +227,7 @@ test -e ../afl-gcc-fast && { } || $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X -- cgit v1.2.3 From 744910ad1b458e5e713fd4bd0c383cc019ab2c6e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:43:51 +0100 Subject: travis update --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index e75d9fc7..02eea821 100755 --- a/test/test.sh +++ b/test/test.sh @@ -377,7 +377,7 @@ test -d ../unicorn_mode/unicorn && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -392,7 +392,7 @@ test -d ../unicorn_mode/unicorn && { $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit v1.2.3 From e8d0ffa8b474532c0364128f42a76f5ed9578dfe Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:56:59 +0100 Subject: travis update --- test/test.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 02eea821..2d5c5e39 100755 --- a/test/test.sh +++ b/test/test.sh @@ -373,11 +373,15 @@ $ECHO "$BLUE[*] Testing: unicorn_mode" test -d ../unicorn_mode/unicorn && { test -e ../unicorn_mode/samples/simple/simple_target.bin -a -e ../unicorn_mode/samples/compcov_x64/compcov_target.bin && { { + # travis workaround + PY=`which python2.7` + test "$PY" = "/opt/pyenv/shims/python2.7" -a -x /usr/bin/python2.7 && PY=/usr/bin/python2.7 mkdir -p in echo 0 > in/in + $ECHO "$GREY[*] Using python binary $PY" $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -392,7 +396,7 @@ test -d ../unicorn_mode/unicorn && { $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit v1.2.3 From 1c7b6a5e0590b4a34819fec3cdfe430d32b041d5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 4 Nov 2019 13:10:52 +0100 Subject: travis --- test/test.sh | 162 +++++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 130 insertions(+), 32 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 2d5c5e39..f954776f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -24,6 +24,8 @@ $ECHO \\101 2>&1 | grep -qE '^A' || { } test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } +CODE=0 + export AFL_EXIT_WHEN_DONE=1 export AFL_SKIP_CPUFREQ=1 export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 @@ -75,16 +77,26 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { test -e test-instr.plain.0 -a -e test-instr.plain.1 && { diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { $ECHO "$RED[!] ${AFL_GCC} instrumentation should be different on different input but is not" + CODE=1 } || $ECHO "$GREEN[+] ${AFL_GCC} instrumentation present and working correctly" - } || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" + } || { + $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" + CODE=1 + } rm -f test-instr.plain.0 test-instr.plain.1 } || $ECHO "$RED[!] ${AFL_GCC} failed" test -e test-compcov.harden && { grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { $ECHO "$GREEN[+] ${AFL_GCC} hardened mode succeeded and is working" - } || $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened" + } || { + $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened" + CODE=1 + } rm -f test-compcov.harden - } || $ECHO "$RED[!] ${AFL_GCC} hardened mode compilation failed" + } || { + $ECHO "$RED[!] ${AFL_GCC} hardened mode compilation failed" + CODE=1 + } # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { @@ -109,6 +121,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" + CODE=1 } rm -rf in out errors } @@ -132,16 +145,29 @@ test -e ../afl-clang-fast && { test -e test-instr.plain.0 -a -e test-instr.plain.1 && { diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { $ECHO "$RED[!] llvm_mode instrumentation should be different on different input but is not" + CODE=1 } || $ECHO "$GREEN[+] llvm_mode instrumentation present and working correctly" - } || $ECHO "$RED[!] llvm_mode instrumentation failed" + } || { + $ECHO "$RED[!] llvm_mode instrumentation failed" + CODE=1 + } rm -f test-instr.plain.0 test-instr.plain.1 - } || $ECHO "$RED[!] llvm_mode failed" + } || { + $ECHO "$RED[!] llvm_mode failed" + CODE=1 + } test -e test-compcov.harden && { grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { $ECHO "$GREEN[+] llvm_mode hardened mode succeeded and is working" - } || $ECHO "$RED[!] llvm_mode hardened mode is not hardened" + } || { + $ECHO "$RED[!] llvm_mode hardened mode is not hardened" + CODE=1 + } rm -f test-compcov.harden - } || $ECHO "$RED[!] llvm_mode hardened mode compilation failed" + } || { + $ECHO "$RED[!] llvm_mode hardened mode compilation failed" + CODE=1 + } # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" @@ -150,6 +176,7 @@ test -e ../afl-clang-fast && { # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + CODE=1 true }) || { mkdir -p in @@ -165,6 +192,7 @@ test -e ../afl-clang-fast && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" + CODE=1 } rm -rf in out errors } @@ -175,30 +203,54 @@ test -e ../afl-clang-fast && { test -e test-compcov.instrim && { grep -Eq " [1-3] location" test.out && { $ECHO "$GREEN[+] llvm_mode InsTrim feature works correctly" - } || $ECHO "$RED[!] llvm_mode InsTrim feature failed" - } || $ECHO "$RED[!] llvm_mode InsTrim feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode InsTrim feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode InsTrim feature compilation failed" + CODE=1 + } rm -f test-compcov.instrim test.out AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > /dev/null 2> test.out test -e test-compcov.compcov && { grep -Eq " [3-9][0-9] location" test.out && { $ECHO "$GREEN[+] llvm_mode laf-intel/compcov feature works correctly" - } || $ECHO "$RED[!] llvm_mode laf-intel/compcov feature failed" - } || $ECHO "$RED[!] llvm_mode laf-intel/compcov feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode laf-intel/compcov feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode laf-intel/compcov feature compilation failed" + CODE=1 + } rm -f test-compcov.compcov test.out echo foobar.c > whitelist.txt AFL_LLVM_WHITELIST=whitelist.txt ../afl-clang-fast -o test-compcov test-compcov.c > test.out 2>&1 test -e test-compcov && { grep -q "No instrumentation targets found" test.out && { $ECHO "$GREEN[+] llvm_mode whitelist feature works correctly" - } || $ECHO "$RED[!] llvm_mode whitelist feature failed" - } || $ECHO "$RED[!] llvm_mode whitelist feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode whitelist feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode whitelist feature compilation failed" + CODE=1 + } rm -f test-compcov test.out whitelist.txt ../afl-clang-fast -o test-persistent ../experimental/persistent_demo/persistent_demo.c > /dev/null 2>&1 test -e test-persistent && { echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { $ECHO "$GREEN[+] llvm_mode persistent mode feature works correctly" - } || $ECHO "$RED[!] llvm_mode persistent mode feature failed to work" - } || $ECHO "$RED[!] llvm_mode persistent mode feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode persistent mode feature failed to work" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode persistent mode feature compilation failed" + CODE=1 + } rm -f test-persistent } || $ECHO "$YELLOW[-] llvm_mode not compiled, cannot test" @@ -214,17 +266,32 @@ test -e ../afl-gcc-fast && { test -e test-instr.plain.0 -a -e test-instr.plain.1 && { diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { $ECHO "$RED[!] gcc_plugin instrumentation should be different on different input but is not" - } || $ECHO "$GREEN[+] gcc_plugin instrumentation present and working correctly" - } || $ECHO "$RED[!] gcc_plugin instrumentation failed" + CODE=1 + } || { + $ECHO "$GREEN[+] gcc_plugin instrumentation present and working correctly" + } + } || { + $ECHO "$RED[!] gcc_plugin instrumentation failed" + CODE=1 + } rm -f test-instr.plain.0 test-instr.plain.1 - } || $ECHO "$RED[!] gcc_plugin failed" + } || { + $ECHO "$RED[!] gcc_plugin failed" + CODE=1 + } test -e test-compcov.harden.gccpi && { grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden.gccpi > /dev/null 2>&1 && { $ECHO "$GREEN[+] gcc_plugin hardened mode succeeded and is working" - } || $ECHO "$RED[!] gcc_plugin hardened mode is not hardened" + } || { + $ECHO "$RED[!] gcc_plugin hardened mode is not hardened" + CODE=1 + } rm -f test-compcov.harden.gccpi - } || $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" + } || { + $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" + CODE=1 + } # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" @@ -233,6 +300,7 @@ test -e ../afl-gcc-fast && { # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + CODE=1 true }) || { mkdir -p in @@ -248,6 +316,7 @@ test -e ../afl-gcc-fast && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with gcc_plugin" + CODE=1 } rm -rf in out errors } @@ -259,15 +328,27 @@ test -e ../afl-gcc-fast && { test -e test-compcov && { echo 1 | ../afl-showmap -m ${MEM_LIMIT} -o - -r -- ./test-compcov 2>&1 | grep -q "Captured 1 tuples" && { $ECHO "$GREEN[+] gcc_plugin whitelist feature works correctly" - } || $ECHO "$RED[!] gcc_plugin whitelist feature failed" - } || $ECHO "$RED[!] gcc_plugin whitelist feature compilation failed" + } || { + $ECHO "$RED[!] gcc_plugin whitelist feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] gcc_plugin whitelist feature compilation failed" + CODE=1 + } rm -f test-compcov test.out whitelist.txt ../afl-gcc-fast -o test-persistent ../experimental/persistent_demo/persistent_demo.c > /dev/null 2>&1 test -e test-persistent && { echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { $ECHO "$GREEN[+] gcc_plugin persistent mode feature works correctly" - } || $ECHO "$RED[!] gcc_plugin persistent mode feature failed to work" - } || $ECHO "$RED[!] gcc_plugin persistent mode feature compilation failed" + } || { + $ECHO "$RED[!] gcc_plugin persistent mode feature failed to work" + CODE=1 + } + } || { + $ECHO "$RED[!] gcc_plugin persistent mode feature compilation failed" + CODE=1 + } rm -f test-persistent } || $ECHO "$YELLOW[-] gcc_plugin not compiled, cannot test" @@ -277,7 +358,10 @@ test -e ../libtokencap.so && { AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { $ECHO "$GREEN[+] libtokencap did successfully capture tokens" - } || $ECHO "$RED[!] libtokencap did not capture tokens" + } || { + $ECHO "$RED[!] libtokencap did not capture tokens" + CODE=1 + } rm -f token.out } || $ECHO "$YELLOW[-] libtokencap is not compiled, cannot test" test -e ../libdislocator.so && { @@ -288,6 +372,7 @@ test -e ../libdislocator.so && { } > /dev/null 2>&1 grep -q BUFFEROVERFLOW test.out > /dev/null 2>&1 && { $ECHO "$RED[!] libdislocator did not detect the memory corruption" + CODE=1 } || $ECHO "$GREEN[+] libdislocator did successfully detect the memory corruption" rm -f test.out core test-compcov.core core.test-compcov } || $ECHO "$YELLOW[-] libdislocator is not compiled, cannot test" @@ -313,6 +398,7 @@ test -e ../afl-qemu-trace && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + CODE=1 } rm -f errors @@ -330,6 +416,7 @@ test -e ../afl-qemu-trace && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" + CODE=1 } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" rm -f errors @@ -359,12 +446,16 @@ test -e ../afl-qemu-trace && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" + CODE=1 exit 1 } $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" rm -rf in out errors } - } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" + } || { + $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" + CODE=1 + } rm -f test-instr test-compcov } || $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" @@ -379,9 +470,9 @@ test -d ../unicorn_mode/unicorn && { mkdir -p in echo 0 > in/in $ECHO "$GREY[*] Using python binary $PY" - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 25 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -390,13 +481,14 @@ test -d ../unicorn_mode/unicorn && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" + CODE=1 } rm -f errors - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" @@ -405,12 +497,18 @@ test -d ../unicorn_mode/unicorn && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" + CODE=1 } rm -rf in out errors } - } || $ECHO "$RED[-] missing sample binaries in unicorn_mode/samples/ - what is going on??" + } || { + $ECHO "$RED[-] missing sample binaries in unicorn_mode/samples/ - what is going on??" + CODE=1 + } } || $ECHO "$YELLOW[-] unicorn_mode is not compiled, cannot test" $ECHO "$GREY[*] all test cases completed.$RESET" - +test "$CODE" = "0" && $ECHO "$GREEN[+] all tests were successful :-)$RESET" +test "$CODE" = "0" || $ECHO "$RED[-] failure in tests :-($RESET" +exit $CODE -- cgit v1.2.3 From 73cb58726649b860cbea9eef727e90ad14be4b31 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 18:39:16 +0100 Subject: test unicorn && AFL_DISABLE_TRIM env var --- test/test.sh | 1 + 1 file changed, 1 insertion(+) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index f954776f..f086ee50 100755 --- a/test/test.sh +++ b/test/test.sh @@ -485,6 +485,7 @@ test -d ../unicorn_mode/unicorn && { } rm -f errors + echo -e '\xbf' > in/in $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" { export AFL_COMPCOV_LEVEL=2 -- cgit v1.2.3 From e13fdfb2ce4d3f97c8fa4ef3adfaa93e84835e39 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 18:41:23 +0100 Subject: reduce time for unicorn compcov test --- test/test.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index f086ee50..89310389 100755 --- a/test/test.sh +++ b/test/test.sh @@ -486,10 +486,12 @@ test -d ../unicorn_mode/unicorn && { rm -f errors echo -e '\xbf' > in/in - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" + # This seed is close to the first byte of the comparison. + # If CompCov works, a new tuple will appear in the map => new input in queue + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V15 -U -i in -o out -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit v1.2.3 From ed1628173717a91dbb8bd5b0498cb618da6d349c Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 19:48:17 +0100 Subject: mmmm travis doh --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 89310389..a56466c4 100755 --- a/test/test.sh +++ b/test/test.sh @@ -488,10 +488,10 @@ test -d ../unicorn_mode/unicorn && { echo -e '\xbf' > in/in # This seed is close to the first byte of the comparison. # If CompCov works, a new tuple will appear in the map => new input in queue - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 30 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V15 -U -i in -o out -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V30 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit v1.2.3 From 62d972962938fc84150768bbda448841e6c9d3e7 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 20:06:11 +0100 Subject: travis is drunk --- test/test.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index a56466c4..3b071468 100755 --- a/test/test.sh +++ b/test/test.sh @@ -485,13 +485,13 @@ test -d ../unicorn_mode/unicorn && { } rm -f errors - echo -e '\xbf' > in/in + printf '\xbf' > in/in # This seed is close to the first byte of the comparison. # If CompCov works, a new tuple will appear in the map => new input in queue - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 30 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V30 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit v1.2.3 From db7c990346ea9e24269358bee02d9efcbf5230cb Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 6 Nov 2019 13:41:23 +0100 Subject: even easier test case solving :) --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 3b071468..617401eb 100755 --- a/test/test.sh +++ b/test/test.sh @@ -485,7 +485,7 @@ test -d ../unicorn_mode/unicorn && { } rm -f errors - printf '\xbf' > in/in + printf '\x01\x01' > in/in # This seed is close to the first byte of the comparison. # If CompCov works, a new tuple will appear in the map => new input in queue $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" -- cgit v1.2.3 From 8290bb337451e06e71af2f1a1e3dc241a10b8652 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 8 Nov 2019 13:46:08 +0000 Subject: test, /sbin not necessarily in the path os casual users. --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 617401eb..679a514e 100755 --- a/test/test.sh +++ b/test/test.sh @@ -99,7 +99,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { } # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || @@ -169,7 +169,7 @@ test -e ../afl-clang-fast && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || -- cgit v1.2.3 From 58a18ea50bb5e73ce43e73151bdaa893fb7e2e84 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 9 Nov 2019 15:23:16 +0100 Subject: not all sysctl are in /sbin, e.g. with busybox --- test/test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 679a514e..98482d05 100755 --- a/test/test.sh +++ b/test/test.sh @@ -64,6 +64,8 @@ RESET="\\033[0m" MEM_LIMIT=150 +export PATH=$PATH:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + $ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap and afl-fuzz" @@ -99,7 +101,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { } # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || -- cgit v1.2.3 From 01d55372441960c435af8f3bd6b61d1302042728 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 9 Nov 2019 16:48:01 +0100 Subject: /sbin in path --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 98482d05..781313a7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -171,7 +171,7 @@ test -e ../afl-clang-fast && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || -- cgit v1.2.3