push to stable #2486
Merged
push to stable #2486
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The target system might be different from the host system. For example, you can fuzz Linux binaries compiled for *mipsel*, while your host is *x86_64*. Some of the tests depend on specific platforms to run correctly. For example, the afl-fuzz qemu_mode cmplog test only works on Intel or ARM systems. The `SYS` variable is populated using `uname -m` and the test cases then consult this variable to decide whether to run the test or not. If you want to test afl-fuzz for qemu_mode on mipsel, you might want to make sure that Intel or ARM tests don't run. With this patch, you can supply your own `CPU_TARGET` environment variable and skip platform specific tests. `SYS` then contains the value of `CPU_TARGET`. This allows you to add tests for *mipsel* or other niche platforms in the future as well. Sample usage: ``` $ cd qemu_mode && env CPU_TARGET=mipsel ./build_qemu_support.sh $ cd ../test && env CPU_TARGET=mipsel ./test-qemu-mode.sh [*] Using environment variable CPU_TARGET=mipsel for SYS [*] starting AFL++ test framework ... [*] Testing: qemu_mode ... ```
shellcheck pointed out a few command substition (backtick vs. $(...)) and quoting issues. This patch fixes them.
Let user pass their own CPU_TARGET in test-pre.sh
qemuafl now supports persistent mode for *mipsel* targets. This patch changes the `SYS` variable tests and runs the persistent qemu_mode tests for *mipsel* as well. This also adds an optional environment variable called `CPU_TARGET_CC` that you can pass to the `./test-qemu-mode.sh` test script. This allows you to specify a cross-compiler for the target platform. The test script then it uses to compile `test-instr.c` and `test-compcov.c`. Example usage: ``` CPU_TARGET_CC=mipsel-linux-gnu-cc CPU_TARGET=mipsel ./test-qemu-mode.sh ``` The output should look something like this: ``` [*] Using environment variable CPU_TARGET=mipsel for SYS [*] starting AFL++ test framework ... [*] Testing: qemu_mode [*] Using mipsel-linux-gnu-cc as compiler for target [*] running afl-fuzz for qemu_mode, this will take approx 10 seconds [+] afl-fuzz is working correctly with qemu_mode [*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds [+] afl-fuzz is working correctly with qemu_mode AFL_ENTRYPOINT [-] not an intel or arm platform, cannot test qemu_mode compcov [-] not an intel or arm platform, cannot test qemu_mode cmplog [*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds [+] afl-fuzz is working correctly with persistent qemu_mode [+] persistent qemu_mode was noticeable faster than standard qemu_mode [*] running afl-fuzz for persistent qemu_mode with AFL_QEMU_PERSISTENT_EXITS, this will take approx 10 seconds [+] afl-fuzz is working correctly with persistent qemu_mode and AFL_QEMU_PERSISTENT_EXITS [+] persistent qemu_mode with AFL_QEMU_PERSISTENT_EXITS was noticeable faster than standard qemu_mode [-] we cannot test qemu_mode unsigaction library (32 bit) because it is not present [+] qemu_mode unsigaction library (64 bit) ignores signals [*] 1 test cases completed. [-] not all test cases were executed [+] all tests were successful :-) ```
This adds a new persistent hook library `mipsel_read_into_a0.c`. With it, you can test the persistent hook on the *mipsel* architecture. I'm also updating the README in `utils/qemu_persistent_hook` and Makefile and explain how to test the persistent hook on *mipsel*. This all works thanks to qemuafl already having the correct CPU struct for *mipsel* in `qemuafl/api.h`. This patch also updates the root `.gitignore` file to ignore the two test binaries `test` and `mipsel_test`.
Update test code and documentation for afl-fuzz qemu_mode on mipsel
…duling_for_main_fuzzer WARNF for setting scheduling for main fuzzer instead of FATAL
TODO_verify_il was removed in GCC trunk by 9739ae9384dd7cd3bb1c7683d6b80b7a9116eaf8, so drop it here.
refactor!: drop python2
instrumentation: drop removed TODO flag from GCC plugins
Modify the UID and GIDs of fuzzing target
qemu_mode/README.persistent.md documents the different base address, but the test still only had the cases for x86 and x64.
Fix persistent qemu_mode test base address on aarch64
Fix a cmplog rtn instrumentation check if all vectors are empty.
Remove macros for old compiler versions from afl-llvm-* passes
Remove macros for old compiler versions from split-* and injection passes
Remove macros for old compiler versions from sancov passes
Patch for Nyx bug in afl-showmap #2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.