From f8d6fabe9322022a2c7b4753b1696bfeb56eb15b Mon Sep 17 00:00:00 2001 From: Navidem Date: Mon, 29 Aug 2022 18:31:22 -0700 Subject: [PATCH] Add function_filter fuzzer based on centipede (#1476) * Add function_filter fuzzer based on centipede * Reuse centipede integration * fix lint * use centipede's weak --- .github/workflows/fuzzers.yml | 1 + .../builder.Dockerfile | 31 ++++++++++++++ fuzzers/centipede_function_filter/fuzzer.py | 40 +++++++++++++++++++ .../runner.Dockerfile | 22 ++++++++++ 4 files changed, 94 insertions(+) create mode 100644 fuzzers/centipede_function_filter/builder.Dockerfile create mode 100755 fuzzers/centipede_function_filter/fuzzer.py create mode 100644 fuzzers/centipede_function_filter/runner.Dockerfile diff --git a/.github/workflows/fuzzers.yml b/.github/workflows/fuzzers.yml index bffd4adf0..d0f063d17 100644 --- a/.github/workflows/fuzzers.yml +++ b/.github/workflows/fuzzers.yml @@ -107,6 +107,7 @@ jobs: - libfuzzer_focus_idx6 - libfuzzer_focus_idx7 - libfuzzer_focus_idx8 + - centipede_function_filter benchmark_type: - oss-fuzz diff --git a/fuzzers/centipede_function_filter/builder.Dockerfile b/fuzzers/centipede_function_filter/builder.Dockerfile new file mode 100644 index 000000000..a56736220 --- /dev/null +++ b/fuzzers/centipede_function_filter/builder.Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG parent_image +FROM $parent_image + +ENV CENTIPEDE_SRC=/src/centipede + +# Build centipede. +RUN git clone -n \ + https://github.com/google/centipede.git "$CENTIPEDE_SRC" && \ + echo 'build --client_env=CC=clang --cxxopt=-std=c++17 ' \ + '--cxxopt=-stdlib=libc++ --linkopt=-lc++' >> ~/.bazelrc && \ + (cd "$CENTIPEDE_SRC" && \ + git checkout 2a2c78a2c161d99f5962b9710bce61feb00acc3d && \ + ./install_dependencies_debian.sh && \ + bazel build -c opt :all) && \ + cp "$CENTIPEDE_SRC/bazel-bin/centipede" '/out/centipede' + +RUN /clang/bin/clang "$CENTIPEDE_SRC/weak_sancov_stubs.cc" -c -o /lib/weak.o diff --git a/fuzzers/centipede_function_filter/fuzzer.py b/fuzzers/centipede_function_filter/fuzzer.py new file mode 100755 index 000000000..9d403a768 --- /dev/null +++ b/fuzzers/centipede_function_filter/fuzzer.py @@ -0,0 +1,40 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +"""Integration code for centipede fuzzer.""" + +import os +import yaml + +from fuzzers.centipede import fuzzer + + +def build(): + """Build benchmark.""" + fuzzer.build() + + +def fuzz(input_corpus, output_corpus, target_binary): + """Run fuzzer. Wrapper that uses the defaults when calling run_fuzzer.""" + with open('/focus_map.yaml', 'r') as focus_file: + focus_map = yaml.safe_load(focus_file) + benchmark = os.getenv('BENCHMARK', None) + if benchmark not in focus_map: + return + focus_list = focus_map[benchmark] + focus_filter = ','.join(focus_list) + print("DEBUG: ", focus_filter) + fuzzer.run_fuzzer(input_corpus, + output_corpus, + target_binary, + extra_flags=[f'--function_filter={focus_filter}']) diff --git a/fuzzers/centipede_function_filter/runner.Dockerfile b/fuzzers/centipede_function_filter/runner.Dockerfile new file mode 100644 index 000000000..710fe6f4e --- /dev/null +++ b/fuzzers/centipede_function_filter/runner.Dockerfile @@ -0,0 +1,22 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM gcr.io/oss-fuzz-base/base-clang@sha256:30706816922bf9c141b15ff4a5a44af8c0ec5700d4b46e0572029c15e495d45b AS base-clang +FROM gcr.io/fuzzbench/base-image + +RUN apt-get update && apt-get install -y wget && \ + wget https://storage.googleapis.com/oss-fuzz-introspector-testing/focus_map.yaml && \ + apt-get remove --purge -y wget + +COPY --from=base-clang /usr/local/bin/llvm-symbolizer /usr/local/bin/ \ No newline at end of file