1*08b48e0bSAndroid Build Coastguard Worker#!/bin/sh 2*08b48e0bSAndroid Build Coastguard Worker 3*08b48e0bSAndroid Build Coastguard Worker. ./test-pre.sh 4*08b48e0bSAndroid Build Coastguard Worker 5*08b48e0bSAndroid Build Coastguard WorkerOS=$(uname -s) 6*08b48e0bSAndroid Build Coastguard Worker 7*08b48e0bSAndroid Build Coastguard Worker$ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" 8*08b48e0bSAndroid Build Coastguard Workertest -e ../afl-clang-fast -a -e ../split-switches-pass.so && { 9*08b48e0bSAndroid Build Coastguard Worker ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 10*08b48e0bSAndroid Build Coastguard Worker AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 11*08b48e0bSAndroid Build Coastguard Worker test -e test-instr.plain && { 12*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode compilation succeeded" 13*08b48e0bSAndroid Build Coastguard Worker echo 0 | AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.0 -r -- ./test-instr.plain > /dev/null 2>&1 14*08b48e0bSAndroid Build Coastguard Worker AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.1 -r -- ./test-instr.plain < /dev/null > /dev/null 2>&1 15*08b48e0bSAndroid Build Coastguard Worker test -e test-instr.plain.0 -a -e test-instr.plain.1 && { 16*08b48e0bSAndroid Build Coastguard Worker diff test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { 17*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode instrumentation should be different on different input but is not" 18*08b48e0bSAndroid Build Coastguard Worker CODE=1 19*08b48e0bSAndroid Build Coastguard Worker } || { 20*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode instrumentation present and working correctly" 21*08b48e0bSAndroid Build Coastguard Worker TUPLES=`echo 0|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain 2>&1 | grep Captur | awk '{print$3}'` 22*08b48e0bSAndroid Build Coastguard Worker test "$TUPLES" -gt 2 -a "$TUPLES" -lt 8 && { 23*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode run reported $TUPLES instrumented locations which is fine" 24*08b48e0bSAndroid Build Coastguard Worker } || { 25*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode instrumentation produces weird numbers: $TUPLES" 26*08b48e0bSAndroid Build Coastguard Worker CODE=1 27*08b48e0bSAndroid Build Coastguard Worker } 28*08b48e0bSAndroid Build Coastguard Worker test "$TUPLES" -lt 3 && SKIP=1 29*08b48e0bSAndroid Build Coastguard Worker true 30*08b48e0bSAndroid Build Coastguard Worker } 31*08b48e0bSAndroid Build Coastguard Worker } || { 32*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode instrumentation failed" 33*08b48e0bSAndroid Build Coastguard Worker CODE=1 34*08b48e0bSAndroid Build Coastguard Worker } 35*08b48e0bSAndroid Build Coastguard Worker rm -f test-instr.plain.0 test-instr.plain.1 36*08b48e0bSAndroid Build Coastguard Worker } || { 37*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode failed" 38*08b48e0bSAndroid Build Coastguard Worker CODE=1 39*08b48e0bSAndroid Build Coastguard Worker } 40*08b48e0bSAndroid Build Coastguard Worker AFL_LLVM_INSTRUMENT=CLASSIC AFL_LLVM_THREADSAFE_INST=1 ../afl-clang-fast -o test-instr.ts ../test-instr.c > /dev/null 2>&1 41*08b48e0bSAndroid Build Coastguard Worker test -e test-instr.ts && { 42*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode threadsafe compilation succeeded" 43*08b48e0bSAndroid Build Coastguard Worker echo 0 | AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.ts.0 -r -- ./test-instr.ts > /dev/null 2>&1 44*08b48e0bSAndroid Build Coastguard Worker AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.ts.1 -r -- ./test-instr.ts < /dev/null > /dev/null 2>&1 45*08b48e0bSAndroid Build Coastguard Worker test -e test-instr.ts.0 -a -e test-instr.ts.1 && { 46*08b48e0bSAndroid Build Coastguard Worker diff test-instr.ts.0 test-instr.ts.1 > /dev/null 2>&1 && { 47*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode threadsafe instrumentation should be different on different input but is not" 48*08b48e0bSAndroid Build Coastguard Worker CODE=1 49*08b48e0bSAndroid Build Coastguard Worker } || { 50*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode threadsafe instrumentation present and working correctly" 51*08b48e0bSAndroid Build Coastguard Worker TUPLES=`echo 0|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.ts 2>&1 | grep Captur | awk '{print$3}'` 52*08b48e0bSAndroid Build Coastguard Worker test "$TUPLES" -gt 2 -a "$TUPLES" -lt 8 && { 53*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode run reported $TUPLES threadsafe instrumented locations which is fine" 54*08b48e0bSAndroid Build Coastguard Worker } || { 55*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode threadsafe instrumentation produces weird numbers: $TUPLES" 56*08b48e0bSAndroid Build Coastguard Worker CODE=1 57*08b48e0bSAndroid Build Coastguard Worker } 58*08b48e0bSAndroid Build Coastguard Worker test "$TUPLES" -lt 3 && SKIP=1 59*08b48e0bSAndroid Build Coastguard Worker true 60*08b48e0bSAndroid Build Coastguard Worker } 61*08b48e0bSAndroid Build Coastguard Worker } || { 62*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode threadsafe instrumentation failed" 63*08b48e0bSAndroid Build Coastguard Worker CODE=1 64*08b48e0bSAndroid Build Coastguard Worker } 65*08b48e0bSAndroid Build Coastguard Worker rm -f test-instr.ts.0 test-instr.ts.1 66*08b48e0bSAndroid Build Coastguard Worker } || { 67*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode (threadsafe) failed" 68*08b48e0bSAndroid Build Coastguard Worker CODE=1 69*08b48e0bSAndroid Build Coastguard Worker } 70*08b48e0bSAndroid Build Coastguard Worker ../afl-clang-fast -DTEST_SHARED_OBJECT=1 -z defs -fPIC -shared -o test-instr.so ../test-instr.c > /dev/null 2>&1 71*08b48e0bSAndroid Build Coastguard Worker test -e test-instr.so && { 72*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode shared object with -z defs compilation succeeded" 73*08b48e0bSAndroid Build Coastguard Worker test `uname -s` = 'Linux' && LIBS=-ldl 74*08b48e0bSAndroid Build Coastguard Worker ../afl-clang-fast -o test-dlopen.plain test-dlopen.c ${LIBS} > /dev/null 2>&1 75*08b48e0bSAndroid Build Coastguard Worker test -e test-dlopen.plain && { 76*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode test-dlopen compilation succeeded" 77*08b48e0bSAndroid Build Coastguard Worker echo 0 | DYLD_INSERT_LIBRARIES=./test-instr.so LD_PRELOAD=./test-instr.so TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ./test-dlopen.plain > /dev/null 2>&1 78*08b48e0bSAndroid Build Coastguard Worker if [ $? -ne 0 ]; then 79*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode test-dlopen exits with an error" 80*08b48e0bSAndroid Build Coastguard Worker CODE=1 81*08b48e0bSAndroid Build Coastguard Worker fi 82*08b48e0bSAndroid Build Coastguard Worker echo 0 | AFL_PRELOAD=./test-instr.so TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-dlopen.plain.0 -r -- ./test-dlopen.plain > /dev/null 2>&1 83*08b48e0bSAndroid Build Coastguard Worker AFL_PRELOAD=./test-instr.so TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-dlopen.plain.1 -r -- ./test-dlopen.plain < /dev/null > /dev/null 2>&1 84*08b48e0bSAndroid Build Coastguard Worker test -e test-dlopen.plain.0 -a -e test-dlopen.plain.1 && { 85*08b48e0bSAndroid Build Coastguard Worker diff test-dlopen.plain.0 test-dlopen.plain.1 > /dev/null 2>&1 && { 86*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode test-dlopen instrumentation should be different on different input but is not" 87*08b48e0bSAndroid Build Coastguard Worker CODE=1 88*08b48e0bSAndroid Build Coastguard Worker } || { 89*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode test-dlopen instrumentation present and working correctly" 90*08b48e0bSAndroid Build Coastguard Worker TUPLES=`echo 0|AFL_PRELOAD=./test-instr.so TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-dlopen.plain 2>&1 | grep Captur | awk '{print$3}'` 91*08b48e0bSAndroid Build Coastguard Worker test "$TUPLES" -gt 3 -a "$TUPLES" -lt 12 && { 92*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode test-dlopen run reported $TUPLES instrumented locations which is fine" 93*08b48e0bSAndroid Build Coastguard Worker } || { 94*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode test-dlopen instrumentation produces weird numbers: $TUPLES" 95*08b48e0bSAndroid Build Coastguard Worker CODE=1 96*08b48e0bSAndroid Build Coastguard Worker } 97*08b48e0bSAndroid Build Coastguard Worker test "$TUPLES" -lt 3 && SKIP=1 98*08b48e0bSAndroid Build Coastguard Worker true 99*08b48e0bSAndroid Build Coastguard Worker } 100*08b48e0bSAndroid Build Coastguard Worker } || { 101*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode test-dlopen instrumentation failed" 102*08b48e0bSAndroid Build Coastguard Worker CODE=1 103*08b48e0bSAndroid Build Coastguard Worker } 104*08b48e0bSAndroid Build Coastguard Worker } || { 105*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode test-dlopen compilation failed" 106*08b48e0bSAndroid Build Coastguard Worker CODE=1 107*08b48e0bSAndroid Build Coastguard Worker } 108*08b48e0bSAndroid Build Coastguard Worker rm -f test-dlopen.plain test-dlopen.plain.0 test-dlopen.plain.1 test-instr.so 109*08b48e0bSAndroid Build Coastguard Worker unset LIBS 110*08b48e0bSAndroid Build Coastguard Worker } || { 111*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode shared object with -z defs compilation failed" 112*08b48e0bSAndroid Build Coastguard Worker CODE=1 113*08b48e0bSAndroid Build Coastguard Worker } 114*08b48e0bSAndroid Build Coastguard Worker test -e test-compcov.harden && test_compcov_binary_functionality ./test-compcov.harden && { 115*08b48e0bSAndroid Build Coastguard Worker nm test-compcov.harden | grep -Eq 'stack_chk_fail|fstack-protector-all|fortified' > /dev/null 2>&1 && { 116*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode hardened mode succeeded and is working" 117*08b48e0bSAndroid Build Coastguard Worker } || { 118*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode hardened mode is not hardened" 119*08b48e0bSAndroid Build Coastguard Worker CODE=1 120*08b48e0bSAndroid Build Coastguard Worker } 121*08b48e0bSAndroid Build Coastguard Worker rm -f test-compcov.harden 122*08b48e0bSAndroid Build Coastguard Worker } || { 123*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode hardened mode compilation failed" 124*08b48e0bSAndroid Build Coastguard Worker CODE=1 125*08b48e0bSAndroid Build Coastguard Worker } 126*08b48e0bSAndroid Build Coastguard Worker # now we want to be sure that afl-fuzz is working 127*08b48e0bSAndroid Build Coastguard Worker # make sure crash reporter is disabled on Mac OS X 128*08b48e0bSAndroid Build Coastguard Worker (test "$OS" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { 129*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" 130*08b48e0bSAndroid Build Coastguard Worker CODE=1 131*08b48e0bSAndroid Build Coastguard Worker true 132*08b48e0bSAndroid Build Coastguard Worker }) || { 133*08b48e0bSAndroid Build Coastguard Worker mkdir -p in 134*08b48e0bSAndroid Build Coastguard Worker echo 0 > in/in 135*08b48e0bSAndroid Build Coastguard Worker test -z "$SKIP" && { 136*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for llvm_mode, this will take approx 10 seconds" 137*08b48e0bSAndroid Build Coastguard Worker { 138*08b48e0bSAndroid Build Coastguard Worker ../afl-fuzz -V07 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain >>errors 2>&1 139*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 140*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { 141*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode" 142*08b48e0bSAndroid Build Coastguard Worker } || { 143*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 144*08b48e0bSAndroid Build Coastguard Worker cat errors 145*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 146*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" 147*08b48e0bSAndroid Build Coastguard Worker CODE=1 148*08b48e0bSAndroid Build Coastguard Worker } 149*08b48e0bSAndroid Build Coastguard Worker } 150*08b48e0bSAndroid Build Coastguard Worker test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" || { 151*08b48e0bSAndroid Build Coastguard Worker mkdir -p in2 152*08b48e0bSAndroid Build Coastguard Worker echo 000000000000000000000000 > in/in2 153*08b48e0bSAndroid Build Coastguard Worker echo 111 > in/in3 154*08b48e0bSAndroid Build Coastguard Worker test "$OS" = "Darwin" && { 155*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] afl-cmin not available on macOS, cannot test afl-cmin" 156*08b48e0bSAndroid Build Coastguard Worker } || { 157*08b48e0bSAndroid Build Coastguard Worker ../afl-cmin -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 2>&1 # why is afl-forkserver writing to stderr? 158*08b48e0bSAndroid Build Coastguard Worker CNT=`ls in2/* 2>/dev/null | wc -l` 159*08b48e0bSAndroid Build Coastguard Worker case "$CNT" in 160*08b48e0bSAndroid Build Coastguard Worker *2) $ECHO "$GREEN[+] afl-cmin correctly minimized the number of testcases" ;; 161*08b48e0bSAndroid Build Coastguard Worker *) $ECHO "$RED[!] afl-cmin did not correctly minimize the number of testcases ($CNT)" 162*08b48e0bSAndroid Build Coastguard Worker CODE=1 163*08b48e0bSAndroid Build Coastguard Worker ;; 164*08b48e0bSAndroid Build Coastguard Worker esac 165*08b48e0bSAndroid Build Coastguard Worker rm -f in2/in* 166*08b48e0bSAndroid Build Coastguard Worker } 167*08b48e0bSAndroid Build Coastguard Worker export AFL_QUIET=1 168*08b48e0bSAndroid Build Coastguard Worker if type bash >/dev/null ; then { 169*08b48e0bSAndroid Build Coastguard Worker ../afl-cmin.bash -m ${MEM_LIMIT} -i in -o in2 -- ./test-instr.plain >/dev/null 170*08b48e0bSAndroid Build Coastguard Worker CNT=`ls in2/* 2>/dev/null | wc -l` 171*08b48e0bSAndroid Build Coastguard Worker case "$CNT" in 172*08b48e0bSAndroid Build Coastguard Worker *2) $ECHO "$GREEN[+] afl-cmin.bash correctly minimized the number of testcases" ;; 173*08b48e0bSAndroid Build Coastguard Worker *) $ECHO "$RED[!] afl-cmin.bash did not correctly minimize the number of testcases ($CNT)" 174*08b48e0bSAndroid Build Coastguard Worker CODE=1 175*08b48e0bSAndroid Build Coastguard Worker ;; 176*08b48e0bSAndroid Build Coastguard Worker esac 177*08b48e0bSAndroid Build Coastguard Worker } else { 178*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] no bash available, cannot test afl-cmin.bash" 179*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 180*08b48e0bSAndroid Build Coastguard Worker } 181*08b48e0bSAndroid Build Coastguard Worker fi 182*08b48e0bSAndroid Build Coastguard Worker ../afl-tmin -m ${MEM_LIMIT} -i in/in2 -o in2/in2 -- ./test-instr.plain > /dev/null 2>&1 183*08b48e0bSAndroid Build Coastguard Worker SIZE=`ls -l in2/in2 2>/dev/null | awk '{print$5}'` 184*08b48e0bSAndroid Build Coastguard Worker test "$SIZE" = 1 && $ECHO "$GREEN[+] afl-tmin correctly minimized the testcase" 185*08b48e0bSAndroid Build Coastguard Worker test "$SIZE" = 1 || { 186*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-tmin did incorrectly minimize the testcase to $SIZE" 187*08b48e0bSAndroid Build Coastguard Worker CODE=1 188*08b48e0bSAndroid Build Coastguard Worker } 189*08b48e0bSAndroid Build Coastguard Worker rm -rf in2 190*08b48e0bSAndroid Build Coastguard Worker } 191*08b48e0bSAndroid Build Coastguard Worker rm -rf in out errors 192*08b48e0bSAndroid Build Coastguard Worker } 193*08b48e0bSAndroid Build Coastguard Worker rm -f test-instr.plain 194*08b48e0bSAndroid Build Coastguard Worker 195*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] llvm_mode laf-intel/compcov testing splitting integer types (this might take some time)" 196*08b48e0bSAndroid Build Coastguard Worker for testcase in ./test-int_cases.c ./test-uint_cases.c; do 197*08b48e0bSAndroid Build Coastguard Worker for I in char short int long "long long"; do 198*08b48e0bSAndroid Build Coastguard Worker for BITS in 8 16 32 64; do 199*08b48e0bSAndroid Build Coastguard Worker bin="$testcase-split-$I-$BITS.compcov" 200*08b48e0bSAndroid Build Coastguard Worker AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES_BITW=$BITS AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -fsigned-char -DINT_TYPE="$I" -o "$bin" "$testcase" > test.out 2>&1; 201*08b48e0bSAndroid Build Coastguard Worker if ! test -e "$bin"; then 202*08b48e0bSAndroid Build Coastguard Worker cat test.out 203*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting failed! ($testcase with type $I split to $BITS)!"; 204*08b48e0bSAndroid Build Coastguard Worker CODE=1 205*08b48e0bSAndroid Build Coastguard Worker break 206*08b48e0bSAndroid Build Coastguard Worker fi 207*08b48e0bSAndroid Build Coastguard Worker if ! "$bin"; then 208*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting resulted in miscompilation (type $I split to $BITS)!"; 209*08b48e0bSAndroid Build Coastguard Worker CODE=1 210*08b48e0bSAndroid Build Coastguard Worker break 211*08b48e0bSAndroid Build Coastguard Worker fi 212*08b48e0bSAndroid Build Coastguard Worker rm -f "$bin" test.out || true 213*08b48e0bSAndroid Build Coastguard Worker done 214*08b48e0bSAndroid Build Coastguard Worker done 215*08b48e0bSAndroid Build Coastguard Worker done 216*08b48e0bSAndroid Build Coastguard Worker rm -f test-int-split*.compcov test.out 217*08b48e0bSAndroid Build Coastguard Worker 218*08b48e0bSAndroid Build Coastguard Worker AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1 219*08b48e0bSAndroid Build Coastguard Worker test -e test-compcov.compcov && test_compcov_binary_functionality ./test-compcov.compcov && { 220*08b48e0bSAndroid Build Coastguard Worker grep --binary-files=text -Eq " [ 123][0-9][0-9] location| [3-9][0-9] location" test.out && { 221*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode laf-intel/compcov feature works correctly" 222*08b48e0bSAndroid Build Coastguard Worker } || { 223*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode laf-intel/compcov feature failed" 224*08b48e0bSAndroid Build Coastguard Worker CODE=1 225*08b48e0bSAndroid Build Coastguard Worker } 226*08b48e0bSAndroid Build Coastguard Worker } || { 227*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode laf-intel/compcov feature compilation failed" 228*08b48e0bSAndroid Build Coastguard Worker CODE=1 229*08b48e0bSAndroid Build Coastguard Worker } 230*08b48e0bSAndroid Build Coastguard Worker rm -f test-compcov.compcov test.out 231*08b48e0bSAndroid Build Coastguard Worker AFL_LLVM_INSTRUMENT=AFL AFL_LLVM_LAF_SPLIT_FLOATS=1 ../afl-clang-fast -o test-floatingpoint test-floatingpoint.c >errors 2>&1 232*08b48e0bSAndroid Build Coastguard Worker test -e test-floatingpoint && { 233*08b48e0bSAndroid Build Coastguard Worker mkdir -p in 234*08b48e0bSAndroid Build Coastguard Worker echo ZZZZ > in/in 235*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 45 seconds" 236*08b48e0bSAndroid Build Coastguard Worker { 237*08b48e0bSAndroid Build Coastguard Worker AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -Z -s 123 -V15 -m ${MEM_LIMIT} -i in -o out -- ./test-floatingpoint >>errors 2>&1 238*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 239*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/crashes/id:* 2>/dev/null )" && { 240*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" 241*08b48e0bSAndroid Build Coastguard Worker } || { 242*08b48e0bSAndroid Build Coastguard Worker cat errors 243*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature failed" 244*08b48e0bSAndroid Build Coastguard Worker CODE=1 245*08b48e0bSAndroid Build Coastguard Worker } 246*08b48e0bSAndroid Build Coastguard Worker } || { 247*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode laf-intel floatingpoint splitting feature compilation failed" 248*08b48e0bSAndroid Build Coastguard Worker CODE=1 249*08b48e0bSAndroid Build Coastguard Worker } 250*08b48e0bSAndroid Build Coastguard Worker rm -f test-floatingpoint test.out in/in errors core.* 251*08b48e0bSAndroid Build Coastguard Worker echo foobar.c > instrumentlist.txt 252*08b48e0bSAndroid Build Coastguard Worker AFL_DEBUG=1 AFL_LLVM_INSTRUMENT_FILE=instrumentlist.txt ../afl-clang-fast -o test-compcov test-compcov.c > test.out 2>&1 253*08b48e0bSAndroid Build Coastguard Worker test -e test-compcov && test_compcov_binary_functionality ./test-compcov && { 254*08b48e0bSAndroid Build Coastguard Worker grep -q "No instrumentation targets found" test.out && { 255*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode instrumentlist feature works correctly" 256*08b48e0bSAndroid Build Coastguard Worker } || { 257*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode instrumentlist feature failed" 258*08b48e0bSAndroid Build Coastguard Worker CODE=1 259*08b48e0bSAndroid Build Coastguard Worker } 260*08b48e0bSAndroid Build Coastguard Worker } || { 261*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode instrumentlist feature compilation failed" 262*08b48e0bSAndroid Build Coastguard Worker CODE=1 263*08b48e0bSAndroid Build Coastguard Worker } 264*08b48e0bSAndroid Build Coastguard Worker rm -f test-compcov test.out instrumentlist.txt 265*08b48e0bSAndroid Build Coastguard Worker AFL_LLVM_CMPLOG=1 ../afl-clang-fast -o test-cmplog test-cmplog.c > /dev/null 2>&1 266*08b48e0bSAndroid Build Coastguard Worker ../afl-clang-fast -O0 -o test-c test-cmplog.c > /dev/null 2>&1 267*08b48e0bSAndroid Build Coastguard Worker test -e test-cmplog && { 268*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for llvm_mode cmplog, this will take approx 10 seconds" 269*08b48e0bSAndroid Build Coastguard Worker { 270*08b48e0bSAndroid Build Coastguard Worker mkdir -p in 271*08b48e0bSAndroid Build Coastguard Worker echo 00000000000000000000000000000000 > in/in 272*08b48e0bSAndroid Build Coastguard Worker AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -l 3 -m none -V30 -i in -o out -c ./test-cmplog -- ./test-c >>errors 2>&1 273*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 274*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/crashes/id:000000* out/default/hangs/id:000000* 2>/dev/null )" && { 275*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode cmplog" 276*08b48e0bSAndroid Build Coastguard Worker } || { 277*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 278*08b48e0bSAndroid Build Coastguard Worker cat errors 279*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 280*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode cmplog" 281*08b48e0bSAndroid Build Coastguard Worker CODE=1 282*08b48e0bSAndroid Build Coastguard Worker } 283*08b48e0bSAndroid Build Coastguard Worker } || { 284*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] we cannot test llvm_mode cmplog because it is not present" 285*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 286*08b48e0bSAndroid Build Coastguard Worker } 287*08b48e0bSAndroid Build Coastguard Worker rm -rf errors test-cmplog test-c in core.* 288*08b48e0bSAndroid Build Coastguard Worker ../afl-clang-fast -o test-persistent ../utils/persistent_mode/persistent_demo.c > /dev/null 2>&1 289*08b48e0bSAndroid Build Coastguard Worker test -e test-persistent && { 290*08b48e0bSAndroid Build Coastguard Worker echo foo | AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -q -r ./test-persistent && { 291*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] llvm_mode persistent mode feature works correctly" 292*08b48e0bSAndroid Build Coastguard Worker } || { 293*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode persistent mode feature failed to work" 294*08b48e0bSAndroid Build Coastguard Worker CODE=1 295*08b48e0bSAndroid Build Coastguard Worker } 296*08b48e0bSAndroid Build Coastguard Worker } || { 297*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] llvm_mode persistent mode feature compilation failed" 298*08b48e0bSAndroid Build Coastguard Worker CODE=1 299*08b48e0bSAndroid Build Coastguard Worker } 300*08b48e0bSAndroid Build Coastguard Worker rm -f test-persistent 301*08b48e0bSAndroid Build Coastguard Worker} || { 302*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] llvm_mode not compiled, cannot test" 303*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 304*08b48e0bSAndroid Build Coastguard Worker} 305*08b48e0bSAndroid Build Coastguard Worker 306*08b48e0bSAndroid Build Coastguard Worker. ./test-post.sh 307