[PATCH 0/2] Add aflplusplus

Open

Details

2 participants

Denis 'GNUtoo' Carikli
Hilton Chain

Owner: unassigned

Submitted by: Denis 'GNUtoo' Carikli

Severity: normal

Denis 'GNUtoo' Carikli wrote on 4 Apr 19:44 +0200

Recipients:(address . guix-patches@gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:20230404174449.5297-1-GNUtoo@cyberdimension.org

Hi,

Here's two patches to add aflplusplus. I've also patches (not part of this

serie) to add support for faster compilers with GCC plugins, but when I do

that it somehow fails to run:

$ cat main.c

int main()

{

printf("Hello world\n");

}

$ afl-gcc-fast ./main.c

afl-cc++4.05c by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: GCC_PLUGIN-DEFAULT

cc1: error: cannot load plugin /gnu/store/sx55p7b4r21kiw7sagi8cb8ff6zmvmqd-aflplusplus-4.05c/bin/../lib/afl//afl-gcc-pass.so: /gnu/store/sx55p7b4r21kiw7sagi8cb8ff6zmvmqd-aflplusplus-4.05c/bin/../lib/afl//afl-gcc-pass.so: undefined symbol: _Z30gimple_build_call_internal_vec11internal_fn3vecIP9tree_node7va_heap6vl_ptrE

So I limited that serie to what works well.

Denis 'GNUtoo' Carikli (2):

gnu: Add aflplusplus.

gnu: aflplusplus: Add python support

gnu/packages/debug.scm | 31 +++++++++++++++++++++++++++++++

1 file changed, 31 insertions(+)

base-commit: b9c9c23939a40a850a8c78579adaec25d1972bd1

2.39.1

Denis 'GNUtoo' Carikli wrote on 5 Apr 03:29 +0200

[PATCH 1/2] gnu: Add aflplusplus.

Recipients:(address . 62666@debbugs.gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:20230405012914.16778-1-GNUtoo@cyberdimension.org

* gnu/packages/debug.scm (aflplusplus): New variable.

---

gnu/packages/debug.scm | 31 +++++++++++++++++++++++++++++++

1 file changed, 31 insertions(+)

Toggle diff (44 lines)diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index 154232ed50..88b8cb8b8b 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -460,6 +460,37 @@ (define-public qemu-for-american-fuzzy-lop
     ;; Several tests fail on MIPS.
     (supported-systems (delete "mips64el-linux" %supported-systems))))))
 
+(define-public aflplusplus
+  (package
+    (inherit american-fuzzy-lop)
+    (name "aflplusplus")
+    (version "4.05c")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/AFLplusplus/AFLplusplus")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0cl0bgvd2yy331zchjz5drcnadam6w0vfmwcq1jf285hw0x8b0bk"))))
+    (inputs (list qemu))
+    (home-page "https://aflplus.plus")
+    (description
+     "AFLplusplus is a security-oriented fuzzer that employs a novel type of
+compile-time instrumentation and genetic algorithms to automatically discover
+clean, interesting test cases that trigger new internal states in the targeted
+binary.  This substantially improves the functional coverage for the fuzzed
+code.  The compact synthesized corpora produced by the tool are also useful
+for seeding other, more labor- or resource-intensive testing regimes down the
+road.  It is a fork of American Fuzzy Lop fuzzer and compared to it:
+@itemize
+@item It Supports a more recent qemu version
+@item It supports more algorithms like collision-free coverage, enhanced
+laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode,
+etc.
+@end itemize")))
+
 (define-public stress-make
   (let ((commit "97815bed8060de33952475b3498767c91f59ffd9")
         (revision "2"))                 ;No official source distribution
-- 
2.39.1

Denis 'GNUtoo' Carikli wrote on 5 Apr 03:29 +0200

[PATCH 2/2] gnu: aflplusplus: Add python support

Recipients:(address . 62666@debbugs.gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:20230405012914.16778-2-GNUtoo@cyberdimension.org

* gnu/packages/debug.scm (aflplusplus): [inputs]: Add python.

---

gnu/packages/debug.scm | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index 88b8cb8b8b..21df553ef6 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -474,7 +474,7 @@ (define-public aflplusplus
               (sha256
                (base32
                 "0cl0bgvd2yy331zchjz5drcnadam6w0vfmwcq1jf285hw0x8b0bk"))))
-    (inputs (list qemu))
+    (inputs (list python qemu))
     (home-page "https://aflplus.plus")
     (description
      "AFLplusplus is a security-oriented fuzzer that employs a novel type of
-- 
2.39.1

Hilton Chain wrote on 23 Aug 04:34 +0200

Re: [bug#62666] [PATCH 0/2] Add aflplusplus

Recipients:(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)(address . 62666@debbugs.gnu.org)

Message-ID:87a5ui4hbr.wl-hako@ultrarare.space

Hi Denis,

On Wed, 05 Apr 2023 01:44:49 +0800,

Denis 'GNUtoo' Carikli wrote:

Toggle quote (30 lines)>
> Hi,
>
> Here's two patches to add aflplusplus. I've also patches (not part of this
> serie) to add support for faster compilers with GCC plugins, but when I do
> that it somehow fails to run:
> $ cat main.c
> int main()
> {
> 	printf("Hello world\n");
> }
> $ afl-gcc-fast ./main.c
> afl-cc++4.05c by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: GCC_PLUGIN-DEFAULT
> cc1: error: cannot load plugin /gnu/store/sx55p7b4r21kiw7sagi8cb8ff6zmvmqd-aflplusplus-4.05c/bin/../lib/afl//afl-gcc-pass.so: /gnu/store/sx55p7b4r21kiw7sagi8cb8ff6zmvmqd-aflplusplus-4.05c/bin/../lib/afl//afl-gcc-pass.so: undefined symbol: _Z30gimple_build_call_internal_vec11internal_fn3vecIP9tree_node7va_heap6vl_ptrE
>
> So I limited that serie to what works well.
>
>
> Denis 'GNUtoo' Carikli (2):
>   gnu: Add aflplusplus.
>   gnu: aflplusplus: Add python support
>
>  gnu/packages/debug.scm | 31 +++++++++++++++++++++++++++++++
>  1 file changed, 31 insertions(+)
>
>
> base-commit: b9c9c23939a40a850a8c78579adaec25d1972bd1
> --
> 2.39.1

I think (for the plugin) this is related:

Toggle snippet (14 lines)[+] All set and ready to build.
g++ -O3 -g -funroll-loops -D_FORTIFY_SOURCE=1 -Wall -std=c++11 -fPIC -fno-rtti -I"/gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin"/include -I"/gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin" -shared instrumentation/afl-gcc-pass.so.cc -o afl-gcc-pass.so
In file included from /gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin/include/gcc-plugin.h:28,
                 from instrumentation/afl-gcc-common.h:46,
                 from instrumentation/afl-gcc-pass.so.cc:127:
/gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin/include/system.h:698:10: fatal error: gmp.h: No such file or directory
  698 | #include <gmp.h>
      |          ^~~~~~~
compilation terminated.
make[1]: *** [GNUmakefile.gcc_plugin:149: afl-gcc-pass.so] Error 1
make[1]: Leaving directory '/tmp/guix-build-aflplusplus-4.05c.drv-0/source'
make: [GNUmakefile:790: install] Error 2 (ignored)

Can you address the issue and send an updated patch?

Thanks

Denis 'GNUtoo' Carikli wrote on 15 Sep 05:25 +0200

Recipients:(name . Hilton Chain)(address . hako@ultrarare.space)(address . 62666@debbugs.gnu.org)

Message-ID:20230915052540.7a3029ba@primary_laptop

On Wed, 23 Aug 2023 10:34:48 +0800

Hilton Chain <hako@ultrarare.space> wrote:

Toggle quote (24 lines)> > Here's two patches to add aflplusplus. I've also patches (not part
> > of this serie) to add support for faster compilers with GCC
> > plugins, but when I do that it somehow fails to run:
> I think (for the plugin) this is related:
> --8<---------------cut here---------------start------------->8---
> [+] All set and ready to build.
> g++ -O3 -g -funroll-loops -D_FORTIFY_SOURCE=1 -Wall -std=c++11 -fPIC
> -fno-rtti
> -I"/gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin"/include
> -I"/gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin"
> -shared instrumentation/afl-gcc-pass.so.cc -o afl-gcc-pass.so In file
> included from
> /gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin/include/gcc-plugin.h:28,
> from instrumentation/afl-gcc-common.h:46, from
> instrumentation/afl-gcc-pass.so.cc:127:
> /gnu/store/930nwsiysdvy2x5zv1sf6v7ym75z8ayk-gcc-11.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/11.3.0/plugin/include/system.h:698:10:
> fatal error: gmp.h: No such file or directory 698 | #include <gmp.h>
> |          ^~~~~~~ compilation terminated. make[1]: ***
> [GNUmakefile.gcc_plugin:149: afl-gcc-pass.so] Error 1 make[1]:
> Leaving directory '/tmp/guix-build-aflplusplus-4.05c.drv-0/source'
> make: [GNUmakefile:790: install] Error 2 (ignored)
> --8<---------------cut here---------------end--------------->8---
> 
> Can you address the issue and send an updated patch?

The issue turned out to be that it called "gcc" instead of the gcc

available during the build.

Qemu is one of the aflplusplus dependencies and it doesn't cross

compile:

Toggle quote (4 lines)

> $ guix build --target=aarch64-linux-gnu qemu

> guix build: error: gnu/packages/gnome.scm:3501:2: librsvg@2.54.5:

> build system `cargo' does not support cross builds

So for simplicity I've simply made aflplusplus use the gcc that is in

the inputs.

I've verified that it took the right gcc by adding '(invoke "gcc"

"--version")' to the package and verifying that it was really gcc-11.

I've also updated aflplusplus to the latest version along the way.

Denis.

Denis 'GNUtoo' Carikli wrote on 15 Sep 05:27 +0200

[PATCH v2 1/3] gnu: Add aflplusplus.

Recipients:(address . 62666@debbugs.gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:08dda007d354a5857a348d8d001c06216c940893.1694747779.git.GNUtoo@cyberdimension.org

* gnu/packages/debug.scm (aflplusplus): New variable.
---
ChangeLog:
- Updated to 4.08c
---
 gnu/packages/debug.scm | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

Toggle diff (44 lines)diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index e2a29a3ae9..cd1eccbd7b 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -459,6 +459,37 @@ (define-public qemu-for-american-fuzzy-lop
     ;; Several tests fail on MIPS.
     (supported-systems (delete "mips64el-linux" %supported-systems))))))
 
+(define-public aflplusplus
+  (package
+    (inherit american-fuzzy-lop)
+    (name "aflplusplus")
+    (version "4.08c")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/AFLplusplus/AFLplusplus")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "01hxj65if6rkjrj1fqcgq0jl95dirhkn00mi2k65mff6bckaamxg"))))
+    (inputs (list qemu))
+    (home-page "https://aflplus.plus")
+    (description
+     "AFLplusplus is a security-oriented fuzzer that employs a novel type of
+compile-time instrumentation and genetic algorithms to automatically discover
+clean, interesting test cases that trigger new internal states in the targeted
+binary.  This substantially improves the functional coverage for the fuzzed
+code.  The compact synthesized corpora produced by the tool are also useful
+for seeding other, more labor- or resource-intensive testing regimes down the
+road.  It is a fork of American Fuzzy Lop fuzzer and compared to it:
+@itemize
+@item It Supports a more recent qemu version
+@item It supports more algorithms like collision-free coverage, enhanced
+laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode,
+etc.
+@end itemize")))
+
 (define-public stress-make
   (let ((commit "97815bed8060de33952475b3498767c91f59ffd9")
         (revision "2"))                 ;No official source distribution
-- 
2.41.0

Denis 'GNUtoo' Carikli wrote on 15 Sep 05:27 +0200

[PATCH v2 2/3] gnu: aflplusplus: Add python support

Recipients:(address . 62666@debbugs.gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:6382108e29da93b59e39e7df48351444397cb843.1694747779.git.GNUtoo@cyberdimension.org

* gnu/packages/debug.scm (aflplusplus): [inputs]: Add python.
---
ChangeLog: no changes
---
 gnu/packages/debug.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Toggle diff (15 lines)diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index cd1eccbd7b..04458d0220 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -473,7 +473,7 @@ (define-public aflplusplus
               (sha256
                (base32
                 "01hxj65if6rkjrj1fqcgq0jl95dirhkn00mi2k65mff6bckaamxg"))))
-    (inputs (list qemu))
+    (inputs (list python qemu))
     (home-page "https://aflplus.plus")
     (description
      "AFLplusplus is a security-oriented fuzzer that employs a novel type of
-- 
2.41.0

Denis 'GNUtoo' Carikli wrote on 15 Sep 05:27 +0200

[PATCH v2 3/3] gnu: aflplusplus: Build afl-gcc/g++-fast

Recipients:(address . 62666@debbugs.gnu.org)(name . Denis 'GNUtoo' Carikli)(address . GNUtoo@cyberdimension.org)

Message-ID:b52a0ec129defb832bc03e69a12259d6d3563676.1694747779.git.GNUtoo@cyberdimension.org

* gnu/packages/debug.scm (aflplusplus): [inputs]: Add gcc, gmp.
---
ChangeLog: New patch
---
 gnu/packages/debug.scm | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

Toggle diff (59 lines)diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index 04458d0220..c9fdca8c8b 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -50,6 +50,7 @@ (define-module (gnu packages debug)
   #:use-module (gnu packages code)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages flex)
+  #:use-module (gnu packages gcc)
   #:use-module (gnu packages gdb)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gtk)
@@ -59,6 +60,7 @@ (define-module (gnu packages debug)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages llvm)
+  #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages ninja)
   #:use-module (gnu packages perl)
@@ -473,7 +475,35 @@ (define-public aflplusplus
               (sha256
                (base32
                 "01hxj65if6rkjrj1fqcgq0jl95dirhkn00mi2k65mff6bckaamxg"))))
-    (inputs (list python qemu))
+    (arguments
+     (substitute-keyword-arguments (package-arguments american-fuzzy-lop)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           ;; TODO: Enable to cross compile aflplusplus by also enabling qemu
+           ;; to be cross compiled and by fixing the use-build-gcc phase below.
+           (add-before 'build 'use-build-gcc
+             (lambda _
+               ;; We need to patch it to select the build-time gcc else we get
+               ;; something like that:
+               ;; $ afl-gcc-fast main.c
+               ;; afl-cc++4.08c by [...] - mode: GCC_PLUGIN-DEFAULT
+               ;; cc1: error: cannot load plugin
+               ;; /gnu/[...]-aflplusplus-4.08c/bin/../lib/afl//afl-gcc-pass.so:
+               ;; /gnu/[...]-aflplusplus-4.08c/bin/../lib/afl//afl-gcc-pass.so:
+               ;; undefined symbol:
+               ;; _Z30gimple_build_call_internal_vec11internal_fn3vecIP9tree_node7va_heap6vl_ptrE
+               (substitute* "src/afl-cc.c"
+                 (("alt_cc = \"gcc\";")
+                  (string-append "alt_cc = \""
+                                 (which "gcc") "\";"))
+                 (("alt_cxx = \"g\\+\\+\";")
+                  (string-append "alt_cxx = \""
+                                 (which "g++") "\";")))))))))
+    ;; afl-gcc and g++-fast require gcc and gmp. The gcc-11 input is used
+    ;; instead of gcc because in the Dockerfile inside aflplusplus source code
+    ;; has the following comment: "GCC 12 is producing compile errors for some
+    ;; targets so we stay at GCC 11".
+    (inputs (list gcc-11 gmp python qemu))
     (home-page "https://aflplus.plus")
     (description
      "AFLplusplus is a security-oriented fuzzer that employs a novel type of
-- 
2.41.0

Denis 'GNUtoo' Carikli wrote on 23 Nov 17:56 +0100

(no subject)

Recipients:(address . 62666@debbugs.gnu.org)

Message-ID:20231123175643.283ca7ce@primary_laptop

ping

Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 62666@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date