-
Notifications
You must be signed in to change notification settings - Fork 0
/
launch-fuzzer.sh
executable file
·118 lines (106 loc) · 3.67 KB
/
launch-fuzzer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/bin/bash -x
FUZZER=$1 # videzzo|videzzo++|qemufuzzer
VMM=$2 # qemu|vbox
TARGET=$3 # uhci|ohci|ehci|xhci
VARIANT=$4 # arp, ar, rp, ap, a, r, p
RUNS=$5
TIMEOUT=$6
START=$7
usage="Usage $0 videzzo|videzzo++|qemufuzzer|vshuttle qemu|vbox uhci|ohci|ehci|xhci arp|ar|rp|ap|a|r|p|none [[[[RUNS] [TIMEOUT]] [START]]]"
if [ -z ${FUZZER} ] || [ -z ${VMM} ] || [ -z ${TARGET} ] || [ -z ${VARIANT} ]; then
echo ${usage}
exit 1
fi
if [ -z ${RUNS} ]; then
RUNS=10
fi
RUNS=$((${RUNS} - 1))
if [ -z ${TIMEOUT} ]; then
TIMEOUT=86400
fi
if [ -z ${START} ]; then
START=0
fi
export UBSAN_OPTIONS=symbolize=1:halt_on_error=0:print_stacktrace=1
if [ ${FUZZER} == 'videzzo' ]; then
if [ ${VMM} == 'qemu' ]; then
BIN=$PWD/../qemu-videzzo/out-cov/qemu-videzzo-i386
elif [ ${VMM} == 'vbox' ]; then
BIN=/root/videzzo/videzzo_vbox/vbox/out-cov/linux.amd64/debug/bin/VBoxViDeZZo
else
echo ${usage}
exit 1
fi
elif [ ${FUZZER} == 'videzzo++' ]; then
if [ ${VMM} == 'qemu' ]; then
BIN=$PWD/../qemu-videzzo/out-cov/qemu-videzzo-i386
else
echo ${usage}
exit 1
fi
elif [ ${FUZZER} == 'qemufuzzer' ]; then
if [ ${VMM} == 'qemu' ]; then
BIN=$PWD/../qemu-qemufuzzer/out-cov/qemu-fuzz-i386
else
echo ${usage}
exit 1
fi
elif [ ${FUZZER} == 'vshuttle' ]; then
if [ ${VMM} == 'qemu' ]; then
BIN=$PWD/02-fuzz-non-local.sh
else
echo ${usage}
exit 1
fi
fi
if [ ${VARIANT} == 'arp' ]; then
FLAGS=
elif [ ${VARIANT} == 'ar' ]; then
FLAGS="export VIDEZZO_FORK=1"
elif [ ${VARIANT} == 'rp' ]; then
FLAGS="export VIDEZZO_DISABLE_INTRA_MESSAGE_ANNOTATION=1"
elif [ ${VARIANT} == 'ap' ]; then
FLAGS="export VIDEZZO_DISABLE_INTER_MESSAGE_MUTATORS=1"
elif [ ${VARIANT} == 'a' ]; then
FLAGS="export VIDEZZO_DISABLE_INTER_MESSAGE_MUTATORS=1 export VIDEZZO_FORK=1"
elif [ ${VARIANT} == 'r' ]; then
FLAGS="export VIDEZZO_DISABLE_INTRA_MESSAGE_ANNOTATION=1 export VIDEZZO_FORK=1"
elif [ ${VARIANT} == 'p' ]; then
FLAGS="export VIDEZZO_DISABLE_INTRA_MESSAGE_ANNOTATION=1 export VIDEZZO_DISABLE_INTER_MESSAGE_MUTATORS=1"
elif [ ${VARIANT} == 'none' ]; then
FLAGS="export VIDEZZO_DISABLE_INTRA_MESSAGE_ANNOTATION=1 export VIDEZZO_DISABLE_INTER_MESSAGE_MUTATORS=1 export VIDEZZO_FORK=1"
else
echo ${usage}
exit 1
fi
SIG=$FUZZER-$VMM-$TARGET-$VARIANT
export UBSAN_OPTIONS=symbolize=1:halt_on_error=0:print_stacktrace=1
for ROUND in $(seq ${START} ${RUNS}); do
if [ ${FUZZER} == 'videzzo' ]; then
${FLAGS}; \
LLVM_PROFILE_FILE=profile-$SIG-$ROUND \
cpulimit -l 100 -- $BIN --fuzz-target=videzzo-fuzz-$TARGET -max_total_time=${TIMEOUT} >$SIG-$ROUND.log 2>&1
elif [ ${FUZZER} == 'videzzo++' ]; then
${FLAGS}; \
LLVM_PROFILE_FILE=profile-$SIG-$ROUND \
cpulimit -l 100 -- $BIN --fuzz-target=videzzo-fuzz-$TARGET -max_total_time=${TIMEOUT} -stateful_feedback=1 >$SIG-$ROUND.log 2>&1
elif [ ${FUZZER} == 'qemufuzzer' ]; then
LLVM_PROFILE_FILE=profile-$SIG-$ROUND \
cpulimit -l 100 -- $BIN --fuzz-target=generic-fuzz-$TARGET -max_total_time=${TIMEOUT} >$SIG-$ROUND.log 2>&1
elif [ ${FUZZER} == 'vshuttle' ]; then
echo core >/proc/sys/kernel/core_pattern
pushd /sys/devices/system/cpu
echo performance | tee cpu*/cpufreq/scaling_governor
popd
pushd ../v-shuttle/V-Shuttle-S/ && pushd afl-seedpool
make
make install
popd && popd
LLVM_PROFILE_FILE=profile-$SIG-$ROUND \
timeout -s KILL $TIMEOUT cpulimit -l 100 -- bash -x $BIN $TARGET $ROUND >/dev/null 2>&1 &
else
echo ${usage}
exit 1
fi
sleep 1
done