Skip to content

Latest commit

 

History

History
50 lines (50 loc) · 2.87 KB

README(non_wrapper based program).md

File metadata and controls

50 lines (50 loc) · 2.87 KB
Raw

Run K-Scheduler-based afl on an example (non wrapper)program size

  1. Build llvm-11.0.1 following K-Scheduler/libfuzzer_integration/llvm_11.0.1/README.md. You can skip this step if you have already build llvm-11.0.1.
  2. Install python3, wllvm, then install NetworKit using pip3
  3. Set up environment variable and build afl runtime. 
    # set clang as llvm-11.0.1
export PATH=[path to K-Scheduler repo]/K-Scheduler/libfuzzer_integration/llvm_11.0.1/build/bin:$PATH
# use wllvm as default compiler, make sure you are using llvm-11.0.1
export LLVM_COMPILER=clang
# build afl runtime library
$CC -O2 -c -w -fPIC [path to K-Scheduler repo]/K-Scheduler/afl_integration/afl-2.52b_kscheduler/llvm_mode/afl-llvm-rt.o.c -o afl-llvm-rt.o
  4. Build size. 
    cd [path to K-Scheduler repo]/K-Scheduler/qsym_integration/build_example/
# copy source code directory for afl build
cp -r binutils_src build_afl
cd build_afl
# configure and build
CC=wllvm CXX=wllvm++ CFLAGS="-fsanitize-coverage=trace-pc-guard,no-prune -O2 -fsanitize=address" CXXFLAGS="-fsanitize-coverage=trace-pc-guard,no-prune -O2 -fsanitize=address" LDFLAGS=[ABSOLUTE PATH to K-Scheduler repo]/K-Scheduler/afl_integration/build_example/afl-llvm-rt.o ./configure && make -j
# extract whole-program bitcode
cd binutils && extract-bc size
# convert bitcode to llvm ll code
llvm-dis size.bc
# If there exists functions with too long function name, we truncate their name with shorter hash. Becasue function with too long function names will be ignored by llvm opt CFG construction.
python [path to K-Scheduler repo]/K-Scheduler/afl_integration/build_example/fix_long_fun_name.py size.ll
# create directory for intra-precedural CFG
mkdir cfg_out_size
cd cfg_out_size
# generate intra-precedural CFG using llvm opt
opt -dot-cfg ../size_fix.ll
# The intra-CFGs generated by llvm opt are stored as hidden files, rename them as normal files.
for f in $(ls -a |grep '^\.*'|grep dot);do mv $f ${f:1};done
# Stitch intra-CFGs into a inter-CFG following caller-callee relationships
cd .. && python [path to K-Scheduler repo]/K-Scheduler/afl_integration/build_example/gen_graph.py ./size_fix.ll cfg_out_size
  5. Start graph analysis module 
    python3 [path to K-Scheduler repo]/K-Scheduler/afl_integration/build_example/gen_dyn_weight.py
  6. Open another terminal, start K-Scheduler-based afl on size 
    cd [path to K-Schduler repo]/K-Scheduler/qsym_integration/build_example/
# clean fuzzer corpus and other meta data generated by fuzzer
rm -rf afl_out_* cur_coverage dyn_katz_cent
# reset signal file for graph computation module
echo 0 > signal
# run libfuzzer_kscheduler
./afl-fuzz_kscheduler -i seeds/ -o afl_out_cent -d -m none ./size @@