From b1496d7ec61d057f58d14a5e6d722a3f0028b04d Mon Sep 17 00:00:00 2001 From: agroce Date: Wed, 24 Apr 2019 11:50:08 -0700 Subject: [PATCH 1/3] first make Eclipser run no_fork --- bin/deepstate/eclipser.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/bin/deepstate/eclipser.py b/bin/deepstate/eclipser.py index d5fe367..a244e4c 100644 --- a/bin/deepstate/eclipser.py +++ b/bin/deepstate/eclipser.py @@ -49,7 +49,7 @@ def main(): parser.add_argument( "--verbose", type=int, help="Verbosity level.", - default=1) + default=None) parser.add_argument( "--exectimeout", type=int, help="Execution timeout (ms) for Eclipser fuzz runs.", @@ -100,9 +100,11 @@ def main(): sys.exit(1) cmd = ["dotnet", eclipser, "fuzz"] - cmd += ["-p", deepstate, "-v", str(args.verbose)] + cmd += ["-p", deepstate] + if args.verbose is not None: + cmd += ["-v", str(args.verbose)] cmd += ["-t", str(args.timeout), "-o", out + "/eclipser.run", "--src", "file"] - deepargs = "--input_test_file eclipser.input --abort_on_fail" + deepargs = "--input_test_file eclipser.input --abort_on_fail --no_fork" if whichTest is not None: deepargs += " --input_which_test " + whichTest cmd += ["--initarg", deepargs] From 68419e12e9038d852665fefde2da0836609993a0 Mon Sep 17 00:00:00 2001 From: agroce Date: Wed, 24 Apr 2019 12:35:42 -0700 Subject: [PATCH 2/3] fix abort on fail for asserts in DeepState harness --- src/lib/DeepState.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lib/DeepState.c b/src/lib/DeepState.c index 0e9536a..8500826 100644 --- a/src/lib/DeepState.c +++ b/src/lib/DeepState.c @@ -920,6 +920,9 @@ void __assert_fail(const char * assertion, const char * file, DeepState_LogFormat(DeepState_LogFatal, "%s(%u): Assertion %s failed in function %s", file, line, assertion, function); + if (FLAGS_abort_on_fail) { + assert(0); // Terminate the testing in a way AFL/etc. can see as a crash + } __builtin_unreachable(); } From 81777f1e2de3d43dc831d0d1a2c90faefab2cf8f Mon Sep 17 00:00:00 2001 From: agroce Date: Wed, 24 Apr 2019 13:09:11 -0700 Subject: [PATCH 3/3] hard crash --- src/include/deepstate/DeepState.h | 13 +++++++++++-- src/lib/DeepState.c | 4 ++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/include/deepstate/DeepState.h b/src/include/deepstate/DeepState.h index af181c6..a442e97 100644 --- a/src/include/deepstate/DeepState.h +++ b/src/include/deepstate/DeepState.h @@ -247,6 +247,12 @@ DEEPSTATE_INLINE static void DeepState_Assert(int expr) { } } +/* Used to make DeepState really crash for fuzzers, on any platform. */ +DEEPSTATE_INLINE static void DeepState_HardCrash() { + char *p = 0; + (*p) = 0; +} + /* Asserts that `expr` must hold. If it does not, then the test fails, but * nonetheless continues on. */ DEEPSTATE_INLINE static void DeepState_Check(int expr) { @@ -578,6 +584,9 @@ static int DeepState_RunTestNoFork(struct DeepState_TestInfo *test) { if (HAS_FLAG_output_test_dir) { DeepState_SaveFailingTest(); } + if (HAS_FLAG_abort_on_fail) { + DeepState_HardCrash(); + } return(DeepState_TestRunFail); /* The test was abandoned. We may have gotten soft failures before @@ -753,7 +762,7 @@ static int DeepState_RunSingleSavedTestCase(void) { if ((result == DeepState_TestRunFail) || (result == DeepState_TestRunCrash)) { if (FLAGS_abort_on_fail) { - assert(0); // Terminate in a way AFL/etc. can see as a crash + DeepState_HardCrash(); } if (FLAGS_exit_on_fail) { exit(255); // Terminate the testing @@ -829,7 +838,7 @@ static int DeepState_RunSingleSavedTestDir(void) { if ((result == DeepState_TestRunFail) || (result == DeepState_TestRunCrash)) { if (FLAGS_abort_on_fail) { - assert(0); // Terminate in a way AFL/etc. can see as a crash + DeepState_HardCrash(); } if (FLAGS_exit_on_fail) { exit(255); // Terminate the testing diff --git a/src/lib/DeepState.c b/src/lib/DeepState.c index 8500826..30ceb21 100644 --- a/src/lib/DeepState.c +++ b/src/lib/DeepState.c @@ -833,7 +833,7 @@ enum DeepState_TestRunResult DeepState_FuzzOneTestCase(struct DeepState_TestInfo if (FLAGS_abort_on_fail && ((result == DeepState_TestRunCrash) || (result == DeepState_TestRunFail))) { - assert(0); // Terminate the testing in a way AFL/etc. can see as a crash + DeepState_HardCrash(); } if (FLAGS_exit_on_fail && ((result == DeepState_TestRunCrash) || @@ -921,7 +921,7 @@ void __assert_fail(const char * assertion, const char * file, "%s(%u): Assertion %s failed in function %s", file, line, assertion, function); if (FLAGS_abort_on_fail) { - assert(0); // Terminate the testing in a way AFL/etc. can see as a crash + DeepState_HardCrash(); } __builtin_unreachable(); }