blob: 87eea66535fa467285a42741a4522b0a89047bd1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
#!/bin/bash
# if you want a specific performance file (e.g. to compare features to another)
# you can set the AFL_PERFORMANCE_FILE environment variable:
FILE=$AFL_PERFORMANCE_FILE
# otherwise we use ~/.afl_performance
test -z "$FILE" && FILE=~/.afl_performance
test -e $FILE || {
echo Warning: This script measure the performance of afl++ and saves the result for future comparisons into $FILE
echo Press ENTER to continue or CONTROL-C to abort
read IN
}
export AFL_QUIET=1
unset AFL_EXIT_WHEN_DONE
unset AFL_SKIP_CPUFREQ
unset AFL_DEBUG
unset AFL_HARDEN
unset AFL_USE_ASAN
unset AFL_USE_MSAN
unset AFL_CC
unset AFL_PRELOAD
unset AFL_GCC_WHITELIST
unset AFL_LLVM_WHITELIST
unset AFL_LLVM_INSTRIM
unset AFL_LLVM_LAF_SPLIT_SWITCHES
unset AFL_LLVM_LAF_TRANSFORM_COMPARES
unset AFL_LLVM_LAF_SPLIT_COMPARES
# on OpenBSD we need to work with llvm from /usr/local/bin
test -e /usr/local/bin/opt && {
export PATH=/usr/local/bin:${PATH}
}
# on MacOS X we prefer afl-clang over afl-gcc, because
# afl-gcc does not work there
test `uname -s` = 'Darwin' -o `uname -s` = 'FreeBSD' && {
AFL_GCC=afl-clang
} || {
AFL_GCC=afl-gcc
}
ECHO="printf %b\\n"
$ECHO \\101 2>&1 | grep -qE '^A' || {
ECHO=
test -e /bin/printf && {
ECHO="/bin/printf %b\\n"
$ECHO '\\101' 2>&1 | grep -qE '^A' || ECHO=
}
}
test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; }
GREY="\\033[1;90m"
BLUE="\\033[1;94m"
GREEN="\\033[0;32m"
RED="\\033[0;31m"
YELLOW="\\033[1;93m"
RESET="\\033[0m"
MEM_LIMIT=150
>> $FILE || { echo Error: can not write to $FILE ; exit 1 ; }
echo Warning: this script is setting performance parameters with afl-system-config
sleep 1
afl-system-config > /dev/null 2>&1
echo Performance settings applied.
echo
$ECHO "${RESET}${GREY}[*] starting afl++ performance test framework ..."
$ECHO "$BLUE[*] Testing: ${AFL_GCC}"
GCC=x
test -e ../${AFL_GCC} -a -e ../afl-fuzz && {
../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1
test -e test-instr.plain && {
$ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded"
mkdir -p in
echo 0 > in/in
$ECHO "$GREY[*] running afl-fuzz for ${AFL_GCC} for 30 seconds"
{
../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-gcc -- ./test-instr.plain
} >>errors 2>&1
test -n "$( ls out-gcc/queue/id:000002* 2> /dev/null )" && {
GCC=`grep execs_done out-gcc/fuzzer_stats | awk '{print$3}'`
} || {
echo CUT----------------------------------------------------------------
cat errors
echo CUT----------------------------------------------------------------
$ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}"
}
rm -rf in out-gcc errors test-instr.plain
} || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed"
} || $ECHO "$YELLOW[-] afl is not compiled, cannot test"
$ECHO "$BLUE[*] Testing: llvm_mode"
LLVM=x
test -e ../afl-clang-fast -a -e ../afl-fuzz && {
../afl-clang-fast -o test-instr.llvm ../test-instr.c > /dev/null 2>&1
test -e test-instr.llvm && {
$ECHO "$GREEN[+] llvm_mode compilation succeeded"
mkdir -p in
echo 0 > in/in
$ECHO "$GREY[*] running afl-fuzz for llvm_mode for 30 seconds"
{
../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-llvm -- ./test-instr.llvm
} >>errors 2>&1
test -n "$( ls out-llvm/queue/id:000002* 2> /dev/null )" && {
LLVM=`grep execs_done out-llvm/fuzzer_stats | awk '{print$3}'`
} || {
echo CUT----------------------------------------------------------------
cat errors
echo CUT----------------------------------------------------------------
$ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode"
}
rm -rf in out-llvm errors test-instr.llvm
} || $ECHO "$RED[!] llvm_mode instrumentation failed"
} || $ECHO "$YELLOW[-] llvm_mode is not compiled, cannot test"
$ECHO "$BLUE[*] Testing: qemu_mode"
QEMU=x
test -e ../afl-qemu-trace -a -e ../afl-fuzz && {
cc -o test-instr.qemu ../test-instr.c > /dev/null 2>&1
test -e test-instr.qemu && {
$ECHO "$GREEN[+] native compilation with cc succeeded"
mkdir -p in
echo 0 > in/in
$ECHO "$GREY[*] running afl-fuzz for qemu_mode for 30 seconds"
{
../afl-fuzz -Q -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-qemu -- ./test-instr.qemu
} >>errors 2>&1
test -n "$( ls out-qemu/queue/id:000002* 2> /dev/null )" && {
QEMU=`grep execs_done out-qemu/fuzzer_stats | awk '{print$3}'`
} || {
echo CUT----------------------------------------------------------------
cat errors
echo CUT----------------------------------------------------------------
$ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode"
}
rm -rf in out-qemu errors test-instr.qemu
} || $ECHO "$RED[!] qemu_mode instrumentation failed"
} || $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test"
LOW_GCC=
HIGH_GCC=
LAST_GCC=
LOW_LLVM=
HIGH_LLVM=
LAST_LLVM=
LOW_QEMU=
HIGH_QEMU=
LAST_QEMU=
test -s $FILE && {
while read LINE; do
G=`echo $LINE | awk '{print$1}'`
L=`echo $LINE | awk '{print$2}'`
Q=`echo $LINE | awk '{print$3}'`
test "$G" = x && G=
test "$L" = x && L=
test "$Q" = x && Q=
test -n "$G" && LAST_GCC=$G
test -n "$L" && LAST_LLVM=$L
test -n "$Q" && LAST_QEMU=$Q
test -n "$G" -a -z "$LOW_GCC" && LOW_GCC=$G || {
test -n "$G" -a "$G" -lt "$LOW_GCC" 2> /dev/null && LOW_GCC=$G
}
test -n "$L" -a -z "$LOW_LLVM" && LOW_LLVM=$L || {
test -n "$L" -a "$L" -lt "$LOW_LLVM" 2> /dev/null && LOW_LLVM=$L
}
test -n "$Q" -a -z "$LOW_QEMU" && LOW_QEMU=$Q || {
test -n "$Q" -a "$Q" -lt "$LOW_QEMU" 2> /dev/null && LOW_QEMU=$Q
}
test -n "$G" -a -z "$HIGH_GCC" && HIGH_GCC=$G || {
test -n "$G" -a "$G" -gt "$HIGH_GCC" 2> /dev/null && HIGH_GCC=$G
}
test -n "$L" -a -z "$HIGH_LLVM" && HIGH_LLVM=$L || {
test -n "$L" -a "$L" -gt "$HIGH_LLVM" 2> /dev/null && HIGH_LLVM=$L
}
test -n "$Q" -a -z "$HIGH_QEMU" && HIGH_QEMU=$Q || {
test -n "$Q" -a "$Q" -gt "$HIGH_QEMU" 2> /dev/null && HIGH_QEMU=$Q
}
done < $FILE
$ECHO "$YELLOW[!] Reading saved data from $FILE completed, please compare the results:"
$ECHO "$BLUE[!] afl-cc: lowest=$LOW_GCC highest=$HIGH_GCC last=$LAST_GCC current=$GCC"
$ECHO "$BLUE[!] llvm_mode: lowest=$LOW_LLVM highest=$HIGH_LLVM last=$LAST_LLVM current=$LLVM"
$ECHO "$BLUE[!] qemu_mode: lowest=$LOW_QEMU highest=$HIGH_QEMU last=$LAST_QEMU current=$QEMU"
} || {
$ECHO "$YELLOW[!] First run, just saving data"
$ECHO "$BLUE[!] afl-gcc=$GCC llvm_mode=$LLVM qemu_mode=$QEMU"
}
echo "$GCC $LLVM $QEMU" >> $FILE
$ECHO "$GREY[*] done."
$ECHO "$RESET"
|
