new afl++ experiment (google#1819)

test new -z option test new mutation implementation test old weird super performing variant
ardier · Apr 10, 2023 · 98e76e3 · 98e76e3
1 parent 73b488f
commit 98e76e3
Show file tree

Hide file tree

Showing 17 changed files with 50 additions and 13 deletions.
diff --git a/fuzzers/aflplusplus/builder.Dockerfile b/fuzzers/aflplusplus/builder.Dockerfile
@@ -37,7 +37,7 @@ RUN apt-get update && \
 # Download afl++.
 RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \
     cd /afl && \
-    git checkout 5fea071ae99dc68d634afd996fcd280f57f78002 || \
+    git checkout 0782ed38414bed37168feafc971fd102b8294510 || \
     true
 
 # Build without Python support as we don't need it.

diff --git a/...flplusplus_mutnewhavoc/builder.Dockerfile → fuzzers/aflplusplus_313/builder.Dockerfile b/...flplusplus_mutnewhavoc/builder.Dockerfile → fuzzers/aflplusplus_313/builder.Dockerfile
@@ -37,13 +37,20 @@ RUN apt-get update && \
 # Download afl++.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl && \
     cd /afl && \
-    git checkout e313180e4d3f7ba44b773e43af40d4af21088576
+    git checkout 02294d368a29a0e748ab00c240d56c2c225b0941 || \
+    true
+
+RUN apt install -y lsb-release wget software-properties-common gnupg
+
+RUN wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 11
+
+ENV LLVM_CONFIG llvm-config-11
 
 # Build without Python support as we don't need it.
 # Set AFL_NO_X86 to skip flaky tests.
 RUN cd /afl && \
     unset CFLAGS CXXFLAGS && \
     export CC=clang AFL_NO_X86=1 && \
     PYTHON_INCLUDE=/ make && \
-    make install && \
+    make -C utils/aflpp_driver && \
     cp utils/aflpp_driver/libAFLDriver.a /
diff --git a/fuzzers/aflplusplus_406/description.md → fuzzers/aflplusplus_313/description.md b/fuzzers/aflplusplus_406/description.md → fuzzers/aflplusplus_313/description.md
diff --git a/fuzzers/aflplusplus_406/fuzzer.py → fuzzers/aflplusplus_313/fuzzer.py b/fuzzers/aflplusplus_406/fuzzer.py → fuzzers/aflplusplus_313/fuzzer.py
diff --git a/fuzzers/aflplusplus_406/runner.Dockerfile → fuzzers/aflplusplus_313/runner.Dockerfile b/fuzzers/aflplusplus_406/runner.Dockerfile → fuzzers/aflplusplus_313/runner.Dockerfile
diff --git a/fuzzers/aflplusplus_406/builder.Dockerfile → fuzzers/aflplusplus_313_2/builder.Dockerfile b/fuzzers/aflplusplus_406/builder.Dockerfile → fuzzers/aflplusplus_313_2/builder.Dockerfile
@@ -37,7 +37,7 @@ RUN apt-get update && \
 # Download afl++.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl && \
     cd /afl && \
-    git checkout b2f9802f9f0f54337c552d83a860f3e1a84d7191 || \
+    git checkout a321d4102b6c3bec3471c4351692d1ad2a410e70 || \
     true
 
 RUN apt install -y lsb-release wget software-properties-common gnupg

diff --git a/...rs/aflplusplus_mutnewhavoc/description.md → fuzzers/aflplusplus_313_2/description.md b/...rs/aflplusplus_mutnewhavoc/description.md → fuzzers/aflplusplus_313_2/description.md
diff --git a/fuzzers/aflplusplus_newqueue/fuzzer.py → fuzzers/aflplusplus_313_2/fuzzer.py b/fuzzers/aflplusplus_newqueue/fuzzer.py → fuzzers/aflplusplus_313_2/fuzzer.py
@@ -116,7 +116,7 @@ def build(*args):  # pylint: disable=too-many-branches,too-many-statements
     # Generate an extra dictionary.
     if 'dict2file' in build_modes or 'native' in build_modes:
         os.environ['AFL_LLVM_DICT2FILE'] = build_directory + '/afl++.dict'
-        os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1'
+        #os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1'
     # Enable context sentitivity for LLVM mode (non LTO only)
     if 'ctx' in build_modes:
         os.environ['AFL_LLVM_CTX'] = '1'

diff --git a/...aflplusplus_mutnewhavoc/runner.Dockerfile → fuzzers/aflplusplus_313_2/runner.Dockerfile b/...aflplusplus_mutnewhavoc/runner.Dockerfile → fuzzers/aflplusplus_313_2/runner.Dockerfile
diff --git a/fuzzers/aflplusplus_314/builder.Dockerfile b/fuzzers/aflplusplus_314/builder.Dockerfile
@@ -37,7 +37,7 @@ RUN apt-get update && \
 # Download afl++.
 RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl && \
     cd /afl && \
-    git checkout 48c878a76ddec2c133fd5708b185b2ac27740084 || \
+    git checkout 9321a24e682b5c8bf6278961bd014cb883b87295 || \
     true
 
 RUN apt install -y lsb-release wget software-properties-common gnupg

diff --git a/...s/aflplusplus_newqueue/builder.Dockerfile → fuzzers/aflplusplus_mega/builder.Dockerfile b/...s/aflplusplus_newqueue/builder.Dockerfile → fuzzers/aflplusplus_mega/builder.Dockerfile
@@ -35,16 +35,22 @@ RUN apt-get update && \
         libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev
 
 # Download afl++.
-RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \
+RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl && \
     cd /afl && \
-    git checkout d67ee1777859b55b1660cef15fc09219fb165140 || \
+    git checkout 48c878a76ddec2c133fd5708b185b2ac27740084 || \
     true
 
+RUN apt install -y lsb-release wget software-properties-common gnupg
+
+RUN wget https://apt.llvm.org/llvm.sh && chmod +x llvm.sh && ./llvm.sh 13
+
+ENV LLVM_CONFIG llvm-config-13
+
 # Build without Python support as we don't need it.
 # Set AFL_NO_X86 to skip flaky tests.
 RUN cd /afl && \
     unset CFLAGS CXXFLAGS && \
     export CC=clang AFL_NO_X86=1 && \
     PYTHON_INCLUDE=/ make && \
-    make install && \
+    make -C utils/aflpp_driver && \
     cp utils/aflpp_driver/libAFLDriver.a /
diff --git a/fuzzers/aflplusplus_newqueue/description.md → fuzzers/aflplusplus_mega/description.md b/fuzzers/aflplusplus_newqueue/description.md → fuzzers/aflplusplus_mega/description.md
diff --git a/fuzzers/aflplusplus_mutnewhavoc/fuzzer.py → fuzzers/aflplusplus_mega/fuzzer.py b/fuzzers/aflplusplus_mutnewhavoc/fuzzer.py → fuzzers/aflplusplus_mega/fuzzer.py
@@ -116,7 +116,7 @@ def build(*args):  # pylint: disable=too-many-branches,too-many-statements
     # Generate an extra dictionary.
     if 'dict2file' in build_modes or 'native' in build_modes:
         os.environ['AFL_LLVM_DICT2FILE'] = build_directory + '/afl++.dict'
-        os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1'
+        #os.environ['AFL_LLVM_DICT2FILE_NO_MAIN'] = '1'
     # Enable context sentitivity for LLVM mode (non LTO only)
     if 'ctx' in build_modes:
         os.environ['AFL_LLVM_CTX'] = '1'

diff --git a/...rs/aflplusplus_newqueue/runner.Dockerfile → fuzzers/aflplusplus_mega/runner.Dockerfile b/...rs/aflplusplus_newqueue/runner.Dockerfile → fuzzers/aflplusplus_mega/runner.Dockerfile
diff --git a/fuzzers/aflplusplus_mutsamehavoc/builder.Dockerfile b/fuzzers/aflplusplus_mutsamehavoc/builder.Dockerfile
@@ -35,9 +35,9 @@ RUN apt-get update && \
         libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev
 
 # Download afl++.
-RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl && \
+RUN git clone -b muttest https://github.com/AFLplusplus/AFLplusplus /afl && \
     cd /afl && \
-    git checkout 61e31551fca170e0afe0c7a2faa4e9b4fe4a751f
+    git checkout 3c3fe89bc5e1e949b7381d476fea5f92e7845035
 
 # Build without Python support as we don't need it.
 # Set AFL_NO_X86 to skip flaky tests.

diff --git a/fuzzers/aflplusplus_newqueuez/builder.Dockerfile b/fuzzers/aflplusplus_newqueuez/builder.Dockerfile
@@ -37,7 +37,7 @@ RUN apt-get update && \
 # Download afl++.
 RUN git clone -b dev https://github.com/AFLplusplus/AFLplusplus /afl && \
     cd /afl && \
-    git checkout d67ee1777859b55b1660cef15fc09219fb165140 || \
+    git checkout 0782ed38414bed37168feafc971fd102b8294510 || \
     true
 
 # Build without Python support as we don't need it.

diff --git a/service/experiment-requests.yaml b/service/experiment-requests.yaml
@@ -20,6 +20,30 @@
 # Please add new experiment requests towards the top of this file.
 #
 
+- experiment: 2023-04-09-aflpp
+  description: "Test new mutation engine and -z option"
+  fuzzers:
+    - aflplusplus
+    - aflplusplus_mutsamehavoc
+    - aflplusplus_newqueuez
+    - aflplusplus_313
+    - aflplusplus_313_2
+    - aflplusplus_mega
+    - aflplusplus_314
+  benchmarks:
+    - bloaty_fuzz_target
+    - curl_curl_fuzzer_http
+    - freetype2_ftfuzzer
+    - lcms_cms_transform_fuzzer
+    - libpcap_fuzz_both
+    - libxml2_xml
+    - mbedtls_fuzz_dtlsclient
+    - openthread_ot-ip6-send-fuzzer
+    - proj4_proj_crs_to_crs_fuzzer
+    - sqlite3_ossfuzz
+    - stb_stbi_read_fuzzer
+    - woff2_convert_woff2ttf_fuzzer
+
 - experiment: 2023-04-05-aflpp
   description: "Test new mutation engine"
   fuzzers: