fuzzing + concolic = fuzzolic :)
Home Page: https://season-lab.github.io/fuzzolic/
License: GNU General Public License v2.0
Please refer to the documentation in the docs directory for build and usage instructions. You can also find it online on https://season-lab.github.io/fuzzolic/.
not sure how to get that information to you :)
fuzzbench run started, will take ~25-50 more hours until the results are useful:
https://www.fuzzbench.com/reports/experimental/2021-06-27-symbolic/index.html
You can verify the fuzzolic parameters used here:
https://github.com/google/fuzzbench/blob/master/fuzzers/fuzzolic_aflplusplus_fuzzy/fuzzer.py#L83
cd docker/fuzzolic-runner/
docker build -t fuzzolic .
[...]
tep 10/27 : RUN cd tracer && ./configure --prefix=`pwd`/../build --target-list=x86_64-linux-user && make -j `nproc`
---> Running in 4e4d86927963
/bin/sh: 1: cd: can't cd to tracer
The command '/bin/sh -c cd tracer && ./configure --prefix=`pwd`/../build --target-list=x86_64-linux-user && make -j `nproc`' returned a non-zero code: 2
when I fix the dockerfile for this issue I run into another one:
RUN cd solver/fuzzy-sat/fuzzolic-z3 && mkdir build && cd build && cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=`pwd`/dist && make -j `nproc` && make install:
#15 0.588 CMake Error: The source directory "solver/fuzzy-sat/fuzzolic-z3" does not appear to contain CMakeLists.txt.
and this is not surprising as the directory solver/fuzzy-sat/fuzzolic-z3 is empty.
Hi!
I tried to use fuzzolic on a test example.c, everything worked as expected.
Then I tried another case that reads from stdin:
void vuln_function(char *str)
{
if (str[0] == 'B')
if (str[1] == 'O')
if (str[2] == 'O')
if (str[3] == 'M')
raise(11);
}
int main() {
char buf[10];
read(0, buf, 10);
vuln_function(buf);
return 0;
}
Build it gcc -o boom boom.c and run ./fuzzolic/fuzzolic.py -o /src/workdir -i /src/in -- /src/boom without @@
And the output:
Configuration file for /src/boom is missing. Using default configuration.
Running directory: /src/workdir/fuzzolic-00000
Using SMT solver
ERROR: tracer has returned code -6
Run took 0.5 secs
[FUZZOLIC] no more testcase. Finishing.
What did I do wrong?
# docker build -t fuzzolicn -f ./docker/fuzzolic-runner/Dockerfile.Ubuntu2004 .
[...]
Step 11/24 : RUN cd solver/fuzzy-sat/fuzzolic-z3 && mkdir build && cd build && cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=`pwd`/dist && make -j `nproc` && make install
---> Running in 9cbf205cb75d
CMake Error: The source directory "/home/ubuntu/fuzzolic/solver/fuzzy-sat/fuzzolic-z3" does not appear to contain CMakeLists.txt.
Specify --help for usage, or press the help button on the CMake GUI.
The command '/bin/sh -c cd solver/fuzzy-sat/fuzzolic-z3 && mkdir build && cd build && cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=`pwd`/dist && make -j `nproc` && make install' returned a non-zero code: 1
the same error happens in /docker/fuzzolic-runner/Dockerfile
I have a program that I am trying to fuzz which uses a docker container made on Ubuntu 20.04 with specific dependency issues that prevent me from using ubuntu 18.04. Could you please look into providing the Dockerfile and Make file you used to create the ubuntu 20.04 version of Fuzzolic?
The content below is the Dockerfile I am using:
FROM ubuntu:20.04
ARG DEBIAN_FRONTEND=noninteractive
RUN sed -i -- 's/# deb-src/deb-src/g' /etc/apt/sources.list && cat /etc/apt/sources.list
# dependencies
RUN apt update -y && \
apt-get build-dep -y qemu-user && \
apt install -y \
llvm-8 clang-8 nano \
qemu-user git libglib2.0-dev libfdt-dev \
libpixman-1-dev zlib1g-dev libcapstone-dev \
strace cmake python3 libprotobuf10 \
libibverbs-dev libjpeg62-dev \
libpng16-16 libjbig-dev \
build-essential libtool-bin python3-dev \
automake flex bison libglib2.0-dev \
libpixman-1-dev clang \
python3-setuptools llvm wget \
llvm-dev g++ g++-multilib python \
python-pip lsb-release gcc-4.8 g++-4.8 \
llvm-3.9 cmake libc6 libstdc++6 \
linux-libc-dev gcc-multilib \
apt-transport-https libtool \
libtool-bin wget \
automake autoconf \
bison git gdb dumb-init valgrind ninja-build \
time xxd python3-pip && \
apt clean && \
rm -rf /var/lib/apt/lists/*
RUN groupadd --gid 1008 ubuntu \
&& useradd --uid 1008 --gid ubuntu --shell /bin/bash --create-home ubuntu
USER ubuntu
RUN pip install --user virtualenv
RUN python3 -m pip install --user pytest
COPY --chown=1008:1008 . /home/ubuntu/fuzzolic
WORKDIR /home/ubuntu/fuzzolic
# Build QEMU tracer
RUN cd tracer && ./configure --prefix=`pwd`/../build --target-list=x86_64-linux-user && make -j `nproc`
# Build custom Z3
RUN cd solver/fuzzy-sat/fuzzolic-z3 && mkdir build && cd build && cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=`pwd`/dist && make -j `nproc` && make install
# Set environment vars for Z3
ENV C_INCLUDE_PATH=/home/ubuntu/fuzzolic/solver/fuzzy-sat/fuzzolic-z3/build/dist/include
ENV LIBRARY_PATH=/home/ubuntu/fuzzolic/solver/fuzzy-sat/fuzzolic-z3/build/dist/lib
ENV LD_LIBRARY_PATH=/home/ubuntu/fuzzolic/solver/fuzzy-sat/fuzzolic-z3/build/dist/lib
ENV BASH_ENV=/home/ubuntu/.bashrc
RUN echo "export C_INCLUDE_PATH=/home/ubuntu/fuzzolic/solver/fuzzy-sat/fuzzolic-z3/build/dist/include" >> $BASH_ENV
RUN echo "export LIBRARY_PATH=/home/ubuntu/fuzzolic/solver/fuzzy-sat/fuzzolic-z3/build/dist/lib" >> $BASH_ENV
RUN echo "export LD_LIBRARY_PATH=/home/ubuntu/fuzzolic/solver/fuzzy-sat/fuzzolic-z3/build/dist/lib" >> $BASH_ENV
# Create fuzzy-sat-CLI folder
RUN cd solver/fuzzy-sat && \
git rev-parse HEAD > /tmp/revision && \
git checkout master && \
git submodule update && \
cd ../.. && \
cp -r solver/fuzzy-sat solver/fuzzy-sat-cli && \
rm solver/fuzzy-sat-cli/.git && \
cd solver/fuzzy-sat && \
git checkout `cat /tmp/revision` && \
git submodule update
# Build fuzzy-sat-CLI
RUN cd solver/fuzzy-sat-cli && make -j `nproc`
# Build fuzzy-sat
RUN cd solver/fuzzy-sat && make -j `nproc`
# Build solver frontend
RUN cd solver && cmake . && make -j `nproc`
# Build AFL++
RUN cd utils && git clone https://github.com/AFLplusplus/AFLplusplus.git && \
cd AFLplusplus && git checkout 2dac4e7 && \
git apply ../afl-showmap.c.patch && \
make -j `nproc` all && cd qemu_mode && ./build_qemu_support.sh
ENV AFL_PATH=/home/ubuntu/fuzzolic/utils/AFLplusplus
RUN echo "export AFL_PATH=/home/ubuntu/fuzzolic/utils/AFLplusplus" >> $BASH_ENV
# Build fuzzolic tests
RUN cd tests && make
CMD bash
The content below is the Makefile I am using:
build: # --force-rm
(cd ../../ && git submodule sync && git submodule update --init)
(cd ../../solver/fuzzy-sat && git fetch && git submodule sync && git submodule update --init)
docker build -t ercoppa/fuzzolic-runner-v1-20 -f ./Dockerfile ../../
push:
docker push ercoppa/fuzzolic-runner-v1-20
patch-afl:
cd AFLplusplus && git diff > ../../../utils/afl-showmap.c.patch
I have a(n incredibly) complex target that I was hoping to use fuzzolic to dig further into than standard fuzzers will get. Sadly, after letting it run for a few hours (with a good seed), it seemingly wasn't doing anything. When I ran ./fuzzolic/fuzzolic/fuzzolic.py --address-reasoning --optimistic-solving --timeout 90000 -o ./workdir/ -i seeds/ -- target all I got was
Configuration file for /home/ubuntu/target is missing. Using default configuration.
Running directory: /home/ubuntu/workdir/fuzzolic-00000
Using SMT solver
Run took 0.6 secs
[FUZZOLIC] no more testcase. Finishing.
Similarly when I run run_afl_fuzzolic.py similarly I see afl finding test cases, but just a stream of output like
Running directory: /home/ubuntu/workdir/fuzzolic/fuzzolic-00006
Using Fuzzy-SAT solver
Run took 0.4 secs
Is there something missing I need to do to properly instrument my target? Alternatively, is there some way I can debug this?
Hi, fuzzolic devs
We have been utilizing fuzzolic for vulnerability detection recently. Unfortunately, we found that two of the internal tests failed. Here are the detailed steps and error messages.
$ docker run -ti --rm ercoppa/fuzzolic-runner-v1
$ make -C tests/ run
...
if perf_run:
slowdown = emulated_time / native_time
print("Slowdown: %s" % round(slowdown, 1))
assert slowdown < 70
if expected_inputs > 0:
testcases = glob.glob(WORKDIR + "/tests/test_*.dat")
> assert len(testcases) == expected_inputs
E assert 0 == 1
E + where 0 = len([])
run.py:85: AssertionError
Running directory: /home/ubuntu/fuzzolic/tests/workdir/fuzzolic-00000
Using SMT solver
Run took 0.2 secs
[FUZZOLIC] no more testcase. Finishing.
if perf_run:
slowdown = emulated_time / native_time
print("Slowdown: %s" % round(slowdown, 1))
assert slowdown < 70
if expected_inputs > 0:
testcases = glob.glob(WORKDIR + "/tests/test_*.dat")
> assert len(testcases) == expected_inputs
E AssertionError: assert 2 == 7
E + where 2 = len(['/home/ubuntu/fuzzolic/tests/workdir/tests/test_case_000_000.dat', '/home/ubuntu/fuzzolic/tests/workdir/tests/test_case_000_001.dat'])
run.py:85: AssertionError
Running directory: /home/ubuntu/fuzzolic/tests/workdir/fuzzolic-00000
Using SMT solver
[+] Keeping test_case_1_1.dat
[+] Keeping test_case_0_0.dat
Run took 0.2 secs
Running directory: /home/ubuntu/fuzzolic/tests/workdir/fuzzolic-00001
Using SMT solver
Run took 0.2 secs
Running directory: /home/ubuntu/fuzzolic/tests/workdir/fuzzolic-00002
Using SMT solver
Run took 0.2 secs
[FUZZOLIC] no more testcase. Finishing.
We would like to know whether these test fails affect the normal use of the program, because it seems that fuzzolic fails to handle some situations well.
Really appreciate your help!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.