[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 2/2] gnu: Add American fuzzy lop.
From: |
ericbavier |
Subject: |
[PATCH 2/2] gnu: Add American fuzzy lop. |
Date: |
Sun, 16 Aug 2015 07:35:59 -0500 |
From: Eric Bavier <address@hidden>
* gnu/packages/debug.scm (american-fuzzy-lop): New variable.
---
gnu/packages/debug.scm | 96 +++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 95 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm
index ba80711..dba3091 100644
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@@ -27,7 +27,10 @@
#:use-module (gnu packages indent)
#:use-module (gnu packages llvm)
#:use-module (gnu packages perl)
- #:use-module (gnu packages pretty-print))
+ #:use-module (gnu packages pretty-print)
+ #:use-module (gnu packages qemu)
+ #:use-module (ice-9 match)
+ #:use-module (srfi srfi-1))
(define-public delta
(package
@@ -137,3 +140,94 @@ produces a much smaller C/C++ program that has the same
property. It is
intended for use by people who discover and report bugs in compilers and other
tools that process C/C++ code.")
(license ncsa)))
+
+(define-public american-fuzzy-lop
+ (let ((machine (match (or (%current-target-system)
+ (%current-system))
+ ("x86_64-linux" "x86_64")
+ ("i686-linux" "i386")
+ ;; Prevent errors when querying this package on unsupported
+ ;; platforms, e.g. when running "guix package --search="
+ (_ "UNSUPPORTED"))))
+ (package
+ (name "american-fuzzy-lop")
+ (version "1.86b") ;It seems all releases have the 'b' suffix
+ (source
+ (origin
+ (method url-fetch)
+ (uri (string-append "http://lcamtuf.coredump.cx/afl/releases/"
+ "afl-" version ".tgz"))
+ (sha256
+ (base32
+ "1by9ncf6lgcyibzqwyla34jv64sd66mn8zhgjz2pcgsds51qwn0r"))))
+ (build-system gnu-build-system)
+ (inputs
+ `(("custom-qemu"
+ ;; The afl-qemu tool builds qemu 2.3.0 with a few patches applied.
+ ,(package (inherit qemu-headless)
+ (name "afl-qemu")
+ (inputs
+ `(("afl-src" ,source)
+ ,@(package-inputs qemu-headless)))
+ ;; afl only supports using a single afl-qemu-trace executable, so
+ ;; we only build qemu for the native target.
+ (arguments
+ `(#:configure-flags
+ (list (string-append "--target-list=" ,machine "-linux-user"))
+ ,@(substitute-keyword-arguments (package-arguments
qemu-headless)
+ ((#:phases qemu-phases)
+ `(modify-phases ,qemu-phases
+ (add-after
+ 'unpack 'apply-afl-patches
+ (lambda* (#:key inputs #:allow-other-keys)
+ (let* ((afl-dir (string-append "afl-" ,version))
+ (patch-dir
+ (string-append afl-dir
+ "/qemu_mode/patches")))
+ (system* "tar" "xf" (assoc-ref inputs "afl-src"))
+ (copy-file (string-append patch-dir
+ "/afl-qemu-cpu-inl.h")
+ "./afl-qemu-cpu-inl.h")
+ (copy-file (string-append afl-dir "/config.h")
+ "./afl-config.h")
+ (copy-file (string-append afl-dir "/types.h")
+ "./types.h")
+ (substitute* "afl-qemu-cpu-inl.h"
+ (("\\.\\./\\.\\./config.h") "afl-config.h"))
+ (substitute* (string-append patch-dir
+ "/cpu-exec.diff")
+ (("\\.\\./patches/") ""))
+ (for-each (lambda (patch-file)
+ (system* "patch" "--force" "-p1"
+ "--input" patch-file))
+ (find-files patch-dir
+ ".*\\.diff"))))))))))))))
+ (arguments
+ `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs
"out"))
+ "CC=gcc")
+ #:phases (modify-phases %standard-phases
+ (delete 'configure)
+ (add-after
+ ;; TODO: Build and install th afl-llvm tool.
+ 'install 'install-qemu
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let ((qemu (assoc-ref inputs "custom-qemu"))
+ (out (assoc-ref %outputs "out")))
+ (copy-file (string-append qemu "/bin/qemu-" ,machine)
+ (string-append out "/bin/afl-qemu-trace"))
+ #t)))
+ (delete 'check))))
+ (supported-systems (fold delete
+ %supported-systems
+ '("armhf-linux" "mips64el-linux")))
+ (home-page "http://lcamtuf.coredump.cx/afl")
+ (synopsis "Security-oriented fuzzer")
+ (description
+ "American fuzzy lop is a security-oriented fuzzer that employs a novel
+type of compile-time instrumentation and genetic algorithms to automatically
+discover clean, interesting test cases that trigger new internal states in the
+targeted binary. This substantially improves the functional coverage for the
+fuzzed code. The compact synthesized corpora produced by the tool are also
+useful for seeding other, more labor- or resource-intensive testing regimes
+down the road.")
+ (license asl2.0))))
--
2.4.3