1*08b48e0bSAndroid Build Coastguard Worker#!/bin/sh 2*08b48e0bSAndroid Build Coastguard Worker 3*08b48e0bSAndroid Build Coastguard Worker. ./test-pre.sh 4*08b48e0bSAndroid Build Coastguard Worker 5*08b48e0bSAndroid Build Coastguard Worker$ECHO "$BLUE[*] Testing: qemu_mode" 6*08b48e0bSAndroid Build Coastguard Workertest -z "$AFL_CC" && { 7*08b48e0bSAndroid Build Coastguard Worker if type gcc >/dev/null; then 8*08b48e0bSAndroid Build Coastguard Worker export AFL_CC=gcc 9*08b48e0bSAndroid Build Coastguard Worker else 10*08b48e0bSAndroid Build Coastguard Worker if type clang >/dev/null; then 11*08b48e0bSAndroid Build Coastguard Worker export AFL_CC=clang 12*08b48e0bSAndroid Build Coastguard Worker fi 13*08b48e0bSAndroid Build Coastguard Worker fi 14*08b48e0bSAndroid Build Coastguard Worker} 15*08b48e0bSAndroid Build Coastguard Worker 16*08b48e0bSAndroid Build Coastguard Workertest -e ../afl-qemu-trace && { 17*08b48e0bSAndroid Build Coastguard Worker cc -pie -fPIE -o test-instr ../test-instr.c 18*08b48e0bSAndroid Build Coastguard Worker cc -o test-compcov test-compcov.c 19*08b48e0bSAndroid Build Coastguard Worker test -e test-instr -a -e test-compcov && { 20*08b48e0bSAndroid Build Coastguard Worker { 21*08b48e0bSAndroid Build Coastguard Worker mkdir -p in 22*08b48e0bSAndroid Build Coastguard Worker echo 00000 > in/in 23*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for qemu_mode, this will take approx 10 seconds" 24*08b48e0bSAndroid Build Coastguard Worker { 25*08b48e0bSAndroid Build Coastguard Worker ../afl-fuzz -m ${MEM_LIMIT} -V07 -Q -i in -o out -- ./test-instr >>errors 2>&1 26*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 27*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { 28*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" 29*08b48e0bSAndroid Build Coastguard Worker RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` 30*08b48e0bSAndroid Build Coastguard Worker } || { 31*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 32*08b48e0bSAndroid Build Coastguard Worker cat errors 33*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 34*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" 35*08b48e0bSAndroid Build Coastguard Worker CODE=1 36*08b48e0bSAndroid Build Coastguard Worker } 37*08b48e0bSAndroid Build Coastguard Worker rm -f errors 38*08b48e0bSAndroid Build Coastguard Worker 39*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds" 40*08b48e0bSAndroid Build Coastguard Worker { 41*08b48e0bSAndroid Build Coastguard Worker { 42*08b48e0bSAndroid Build Coastguard Worker export AFL_ENTRYPOINT=`printf 1 | AFL_DEBUG=1 ../afl-qemu-trace ./test-instr 2>&1 >/dev/null | awk '/forkserver/{print $4; exit}'` 43*08b48e0bSAndroid Build Coastguard Worker $ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(nm test-instr | grep "T main") - $(file ./test-instr) 44*08b48e0bSAndroid Build Coastguard Worker ../afl-fuzz -m ${MEM_LIMIT} -V2 -Q -i in -o out -- ./test-instr 45*08b48e0bSAndroid Build Coastguard Worker unset AFL_ENTRYPOINT 46*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 47*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 48*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { 49*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode AFL_ENTRYPOINT" 50*08b48e0bSAndroid Build Coastguard Worker RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` 51*08b48e0bSAndroid Build Coastguard Worker } || { 52*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 53*08b48e0bSAndroid Build Coastguard Worker cat errors 54*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 55*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode AFL_ENTRYPOINT" 56*08b48e0bSAndroid Build Coastguard Worker CODE=1 57*08b48e0bSAndroid Build Coastguard Worker } 58*08b48e0bSAndroid Build Coastguard Worker rm -f errors 59*08b48e0bSAndroid Build Coastguard Worker 60*08b48e0bSAndroid Build Coastguard Worker test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { 61*08b48e0bSAndroid Build Coastguard Worker test -e ../libcompcov.so && { 62*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for qemu_mode compcov, this will take approx 10 seconds" 63*08b48e0bSAndroid Build Coastguard Worker { 64*08b48e0bSAndroid Build Coastguard Worker export AFL_PRELOAD=../libcompcov.so 65*08b48e0bSAndroid Build Coastguard Worker export AFL_COMPCOV_LEVEL=2 66*08b48e0bSAndroid Build Coastguard Worker ../afl-fuzz -m ${MEM_LIMIT} -V07 -Q -i in -o out -- ./test-compcov >>errors 2>&1 67*08b48e0bSAndroid Build Coastguard Worker unset AFL_PRELOAD 68*08b48e0bSAndroid Build Coastguard Worker unset AFL_COMPCOV_LEVEL 69*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 70*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { 71*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode compcov" 72*08b48e0bSAndroid Build Coastguard Worker } || { 73*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 74*08b48e0bSAndroid Build Coastguard Worker cat errors 75*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 76*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode compcov" 77*08b48e0bSAndroid Build Coastguard Worker CODE=1 78*08b48e0bSAndroid Build Coastguard Worker } 79*08b48e0bSAndroid Build Coastguard Worker } || { 80*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] we cannot test qemu_mode compcov because it is not present" 81*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 82*08b48e0bSAndroid Build Coastguard Worker } 83*08b48e0bSAndroid Build Coastguard Worker rm -f errors 84*08b48e0bSAndroid Build Coastguard Worker } || { 85*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] not an intel or arm platform, cannot test qemu_mode compcov" 86*08b48e0bSAndroid Build Coastguard Worker } 87*08b48e0bSAndroid Build Coastguard Worker 88*08b48e0bSAndroid Build Coastguard Worker test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { 89*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for qemu_mode cmplog, this will take approx 10 seconds" 90*08b48e0bSAndroid Build Coastguard Worker { 91*08b48e0bSAndroid Build Coastguard Worker ../afl-fuzz -m none -V07 -Q -c 0 -l 3 -i in -o out -- ./test-compcov >>errors 2>&1 92*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 93*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { 94*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode cmplog" 95*08b48e0bSAndroid Build Coastguard Worker } || { 96*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 97*08b48e0bSAndroid Build Coastguard Worker cat errors 98*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 99*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode cmplog" 100*08b48e0bSAndroid Build Coastguard Worker CODE=1 101*08b48e0bSAndroid Build Coastguard Worker } 102*08b48e0bSAndroid Build Coastguard Worker rm -f errors 103*08b48e0bSAndroid Build Coastguard Worker } || { 104*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] not an intel or arm platform, cannot test qemu_mode cmplog" 105*08b48e0bSAndroid Build Coastguard Worker } 106*08b48e0bSAndroid Build Coastguard Worker 107*08b48e0bSAndroid Build Coastguard Worker test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { 108*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" 109*08b48e0bSAndroid Build Coastguard Worker { 110*08b48e0bSAndroid Build Coastguard Worker IS_STATIC="" 111*08b48e0bSAndroid Build Coastguard Worker file test-instr | grep -q 'statically linked' && IS_STATIC=1 112*08b48e0bSAndroid Build Coastguard Worker test -z "$IS_STATIC" && { 113*08b48e0bSAndroid Build Coastguard Worker if file test-instr | grep -q "32-bit"; then 114*08b48e0bSAndroid Build Coastguard Worker # for 32-bit reduce 8 nibbles to the lower 7 nibbles 115*08b48e0bSAndroid Build Coastguard Worker ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.//'` 116*08b48e0bSAndroid Build Coastguard Worker else 117*08b48e0bSAndroid Build Coastguard Worker # for 64-bit reduce 16 nibbles to the lower 9 nibbles 118*08b48e0bSAndroid Build Coastguard Worker ADDR_LOWER_PART=`nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//'` 119*08b48e0bSAndroid Build Coastguard Worker fi 120*08b48e0bSAndroid Build Coastguard Worker export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4${ADDR_LOWER_PART}` 121*08b48e0bSAndroid Build Coastguard Worker } 122*08b48e0bSAndroid Build Coastguard Worker test -n "$IS_STATIC" && { 123*08b48e0bSAndroid Build Coastguard Worker export AFL_QEMU_PERSISTENT_ADDR=0x`nm test-instr | grep "T main" | awk '{print $1}'` 124*08b48e0bSAndroid Build Coastguard Worker } 125*08b48e0bSAndroid Build Coastguard Worker export AFL_QEMU_PERSISTENT_GPR=1 126*08b48e0bSAndroid Build Coastguard Worker $ECHO "Info: AFL_QEMU_PERSISTENT_ADDR=$AFL_QEMU_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')" 127*08b48e0bSAndroid Build Coastguard Worker env|grep AFL_|sort 128*08b48e0bSAndroid Build Coastguard Worker file test-instr 129*08b48e0bSAndroid Build Coastguard Worker ../afl-fuzz -m ${MEM_LIMIT} -V07 -Q -i in -o out -- ./test-instr 130*08b48e0bSAndroid Build Coastguard Worker unset AFL_QEMU_PERSISTENT_ADDR 131*08b48e0bSAndroid Build Coastguard Worker } >>errors 2>&1 132*08b48e0bSAndroid Build Coastguard Worker test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { 133*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" 134*08b48e0bSAndroid Build Coastguard Worker RUNTIMEP=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` 135*08b48e0bSAndroid Build Coastguard Worker test -n "$RUNTIME" -a -n "$RUNTIMEP" && { 136*08b48e0bSAndroid Build Coastguard Worker DIFF=`expr $RUNTIMEP / $RUNTIME` 137*08b48e0bSAndroid Build Coastguard Worker test "$DIFF" -gt 1 && { # must be at least twice as fast 138*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] persistent qemu_mode was noticeable faster than standard qemu_mode" 139*08b48e0bSAndroid Build Coastguard Worker } || { 140*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] persistent qemu_mode was not noticeable faster than standard qemu_mode" 141*08b48e0bSAndroid Build Coastguard Worker } 142*08b48e0bSAndroid Build Coastguard Worker } || { 143*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] we got no data on executions performed? weird!" 144*08b48e0bSAndroid Build Coastguard Worker } 145*08b48e0bSAndroid Build Coastguard Worker } || { 146*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 147*08b48e0bSAndroid Build Coastguard Worker cat errors 148*08b48e0bSAndroid Build Coastguard Worker echo CUT------------------------------------------------------------------CUT 149*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" 150*08b48e0bSAndroid Build Coastguard Worker CODE=1 151*08b48e0bSAndroid Build Coastguard Worker } 152*08b48e0bSAndroid Build Coastguard Worker rm -rf in out errors 153*08b48e0bSAndroid Build Coastguard Worker } || { 154*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent qemu_mode" 155*08b48e0bSAndroid Build Coastguard Worker } 156*08b48e0bSAndroid Build Coastguard Worker 157*08b48e0bSAndroid Build Coastguard Worker test -e ../qemu_mode/unsigaction/unsigaction32.so && { 158*08b48e0bSAndroid Build Coastguard Worker ${AFL_CC} -o test-unsigaction32 -m32 test-unsigaction.c >> errors 2>&1 && { 159*08b48e0bSAndroid Build Coastguard Worker ./test-unsigaction32 160*08b48e0bSAndroid Build Coastguard Worker RETVAL_NORMAL32=$? 161*08b48e0bSAndroid Build Coastguard Worker LD_PRELOAD=../qemu_mode/unsigaction/unsigaction32.so ./test-unsigaction32 162*08b48e0bSAndroid Build Coastguard Worker RETVAL_LIBUNSIGACTION32=$? 163*08b48e0bSAndroid Build Coastguard Worker test $RETVAL_NORMAL32 = "2" -a $RETVAL_LIBUNSIGACTION32 = "0" && { 164*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] qemu_mode unsigaction library (32 bit) ignores signals" 165*08b48e0bSAndroid Build Coastguard Worker } || { 166*08b48e0bSAndroid Build Coastguard Worker test $RETVAL_NORMAL32 != "2" && { 167*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] cannot trigger signal in test program (32 bit)" 168*08b48e0bSAndroid Build Coastguard Worker } 169*08b48e0bSAndroid Build Coastguard Worker test $RETVAL_LIBUNSIGACTION32 != "0" && { 170*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] signal in test program (32 bit) is not ignored with unsigaction" 171*08b48e0bSAndroid Build Coastguard Worker } 172*08b48e0bSAndroid Build Coastguard Worker CODE=1 173*08b48e0bSAndroid Build Coastguard Worker } 174*08b48e0bSAndroid Build Coastguard Worker } || { 175*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] cannot compile test program (32 bit) for unsigaction library" 176*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 177*08b48e0bSAndroid Build Coastguard Worker } 178*08b48e0bSAndroid Build Coastguard Worker } || { 179*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] we cannot test qemu_mode unsigaction library (32 bit) because it is not present" 180*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 181*08b48e0bSAndroid Build Coastguard Worker } 182*08b48e0bSAndroid Build Coastguard Worker test -e ../qemu_mode/unsigaction/unsigaction64.so && { 183*08b48e0bSAndroid Build Coastguard Worker ${AFL_CC} -o test-unsigaction64 -m64 test-unsigaction.c >> errors 2>&1 && { 184*08b48e0bSAndroid Build Coastguard Worker ./test-unsigaction64 185*08b48e0bSAndroid Build Coastguard Worker RETVAL_NORMAL64=$? 186*08b48e0bSAndroid Build Coastguard Worker LD_PRELOAD=../qemu_mode/unsigaction/unsigaction64.so ./test-unsigaction64 187*08b48e0bSAndroid Build Coastguard Worker RETVAL_LIBUNSIGACTION64=$? 188*08b48e0bSAndroid Build Coastguard Worker test $RETVAL_NORMAL64 = "2" -a $RETVAL_LIBUNSIGACTION64 = "0" && { 189*08b48e0bSAndroid Build Coastguard Worker $ECHO "$GREEN[+] qemu_mode unsigaction library (64 bit) ignores signals" 190*08b48e0bSAndroid Build Coastguard Worker } || { 191*08b48e0bSAndroid Build Coastguard Worker test $RETVAL_NORMAL64 != "2" && { 192*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] cannot trigger signal in test program (64 bit)" 193*08b48e0bSAndroid Build Coastguard Worker } 194*08b48e0bSAndroid Build Coastguard Worker test $RETVAL_LIBUNSIGACTION64 != "0" && { 195*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] signal in test program (64 bit) is not ignored with unsigaction" 196*08b48e0bSAndroid Build Coastguard Worker } 197*08b48e0bSAndroid Build Coastguard Worker CODE=1 198*08b48e0bSAndroid Build Coastguard Worker } 199*08b48e0bSAndroid Build Coastguard Worker unset LD_PRELOAD 200*08b48e0bSAndroid Build Coastguard Worker } || { 201*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] cannot compile test program (64 bit) for unsigaction library" 202*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 203*08b48e0bSAndroid Build Coastguard Worker } 204*08b48e0bSAndroid Build Coastguard Worker } || { 205*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] we cannot test qemu_mode unsigaction library (64 bit) because it is not present" 206*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 207*08b48e0bSAndroid Build Coastguard Worker } 208*08b48e0bSAndroid Build Coastguard Worker rm -rf errors test-unsigaction32 test-unsigaction64 209*08b48e0bSAndroid Build Coastguard Worker } 210*08b48e0bSAndroid Build Coastguard Worker } || { 211*08b48e0bSAndroid Build Coastguard Worker $ECHO "$RED[!] gcc compilation of test targets failed - what is going on??" 212*08b48e0bSAndroid Build Coastguard Worker CODE=1 213*08b48e0bSAndroid Build Coastguard Worker } 214*08b48e0bSAndroid Build Coastguard Worker 215*08b48e0bSAndroid Build Coastguard Worker rm -f test-instr test-compcov 216*08b48e0bSAndroid Build Coastguard Worker} || { 217*08b48e0bSAndroid Build Coastguard Worker $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" 218*08b48e0bSAndroid Build Coastguard Worker INCOMPLETE=1 219*08b48e0bSAndroid Build Coastguard Worker} 220*08b48e0bSAndroid Build Coastguard Worker 221*08b48e0bSAndroid Build Coastguard Worker. ./test-post.sh 222