diff --git a/infra/base-images/base-builder/Dockerfile b/infra/base-images/base-builder/Dockerfile index 037035cbf..c172ce960 100644 --- a/infra/base-images/base-builder/Dockerfile +++ b/infra/base-images/base-builder/Dockerfile @@ -59,6 +59,9 @@ RUN mkdir honggfuzz && \ tar -xzv --strip-components=1 -f $SRC/oss-fuzz.tar.gz && \ rm -rf $SRC/oss-fuzz.tar.gz -COPY compile compile_afl compile_libfuzzer compile_honggfuzz coverage_report srcmap /usr/local/bin/ +RUN git clone --depth 1 https://github.com/carolemieux/perffuzz perffuzz + +COPY compile compile_afl compile_libfuzzer compile_honggfuzz compile_perffuzz \ + coverage_report srcmap /usr/local/bin/ CMD ["compile"] diff --git a/infra/base-images/base-builder/compile_perffuzz b/infra/base-images/base-builder/compile_perffuzz new file mode 100755 index 000000000..f5376375c --- /dev/null +++ b/infra/base-images/base-builder/compile_perffuzz @@ -0,0 +1,48 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +echo -n "Compiling perffuzz to $LIB_FUZZING_ENGINE ..." + +# afl needs its special coverage flags +export COVERAGE_FLAGS="-fsanitize-coverage=trace-pc-guard" + +mkdir -p $WORK/perffuzz +pushd $WORK/perffuzz > /dev/null +# Add -Wno-pointer-sign to silence warning (AFL is compiled this way). +$CC $CFLAGS -Wno-pointer-sign -c $SRC/perffuzz/llvm_mode/afl-llvm-rt.o.c +$CXX $CXXFLAGS -std=c++11 -O2 -c $SRC/libfuzzer/afl/*.cpp -I$SRC/libfuzzer +ar r $LIB_FUZZING_ENGINE $WORK/perffuzz/*.o +popd > /dev/null +rm -rf $WORK/perffuzz + +# Build and copy afl tools necessary for fuzzing. +pushd $SRC/perffuzz > /dev/null + +# Unset CFLAGS and CXXFLAGS while building AFL since we don't want to slow it +# down with sanitizers. +INITIAL_CXXFLAGS=$CXXFLAGS +INITIAL_CFLAGS=$CFLAGS +unset CXXFLAGS +unset CFLAGS +make clean && make +CFLAGS=$INITIAL_CFLAGS +CXXFLAGS=$INITIAL_CXXFLAGS + +find . -name 'afl-*' -executable -type f | xargs cp -t $OUT +popd > /dev/null + +echo " done." diff --git a/infra/base-images/base-runner/run_fuzzer b/infra/base-images/base-runner/run_fuzzer index c56d9b89e..6505308ef 100755 --- a/infra/base-images/base-runner/run_fuzzer +++ b/infra/base-images/base-runner/run_fuzzer @@ -36,7 +36,11 @@ if [ -f $SEED_CORPUS ] && [ -z ${SKIP_SEED_CORPUS:-} ]; then unzip -d ${CORPUS_DIR}/ $SEED_CORPUS > /dev/null fi -if [[ "$FUZZING_ENGINE" = afl ]]; then +if [[ "$FUZZING_ENGINE" = perffuzz ]]; then + AFL_FUZZER_ARGS="$AFL_FUZZER_ARGS -p" +fi + +if [[ "$FUZZING_ENGINE" = afl || "$FUZZING_ENGINE" = perffuzz ]]; then # https://chromium.googlesource.com/chromium/src/+/master/third_party/afl/src/docs/env_variables.txt export ASAN_OPTIONS="$ASAN_OPTIONS:abort_on_error=1:symbolize=0" export MSAN_OPTIONS="$MSAN_OPTIONS:exit_code=86:symbolize=0" diff --git a/infra/helper.py b/infra/helper.py index 021bd6080..97ea6b7eb 100755 --- a/infra/helper.py +++ b/infra/helper.py @@ -240,7 +240,8 @@ def _get_work_dir(project_name=''): def _add_engine_args(parser): """Add common engine args.""" parser.add_argument('--engine', default='libfuzzer', - choices=['libfuzzer', 'afl', 'honggfuzz', 'none']) + choices=['libfuzzer', 'afl', 'honggfuzz', 'perffuzz', + 'none']) def _add_sanitizer_args(parser):