From mboxrd@z Thu Jan 1 00:00:00 1970 From: ericbavier@openmailbox.org Subject: [PATCH 2/2] gnu: Add American fuzzy lop. Date: Sun, 16 Aug 2015 07:35:59 -0500 Message-ID: <1439728559-2606-2-git-send-email-ericbavier@openmailbox.org> References: <1439728559-2606-1-git-send-email-ericbavier@openmailbox.org> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55345) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZR1jx-00045O-TN for guix-devel@gnu.org; Sun, 16 Aug 2015 13:29:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZR1ju-0007V1-Fb for guix-devel@gnu.org; Sun, 16 Aug 2015 13:29:01 -0400 Received: from smtp21.openmailbox.org ([62.4.1.55]:37877) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZR1ju-0007Ut-7V for guix-devel@gnu.org; Sun, 16 Aug 2015 13:28:58 -0400 In-Reply-To: <1439728559-2606-1-git-send-email-ericbavier@openmailbox.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org Cc: Eric Bavier From: Eric Bavier * gnu/packages/debug.scm (american-fuzzy-lop): New variable. --- gnu/packages/debug.scm | 96 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm index ba80711..dba3091 100644 --- a/gnu/packages/debug.scm +++ b/gnu/packages/debug.scm @@ -27,7 +27,10 @@ #:use-module (gnu packages indent) #:use-module (gnu packages llvm) #:use-module (gnu packages perl) - #:use-module (gnu packages pretty-print)) + #:use-module (gnu packages pretty-print) + #:use-module (gnu packages qemu) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1)) (define-public delta (package @@ -137,3 +140,94 @@ produces a much smaller C/C++ program that has the same property. It is intended for use by people who discover and report bugs in compilers and other tools that process C/C++ code.") (license ncsa))) + +(define-public american-fuzzy-lop + (let ((machine (match (or (%current-target-system) + (%current-system)) + ("x86_64-linux" "x86_64") + ("i686-linux" "i386") + ;; Prevent errors when querying this package on unsupported + ;; platforms, e.g. when running "guix package --search=" + (_ "UNSUPPORTED")))) + (package + (name "american-fuzzy-lop") + (version "1.86b") ;It seems all releases have the 'b' suffix + (source + (origin + (method url-fetch) + (uri (string-append "http://lcamtuf.coredump.cx/afl/releases/" + "afl-" version ".tgz")) + (sha256 + (base32 + "1by9ncf6lgcyibzqwyla34jv64sd66mn8zhgjz2pcgsds51qwn0r")))) + (build-system gnu-build-system) + (inputs + `(("custom-qemu" + ;; The afl-qemu tool builds qemu 2.3.0 with a few patches applied. + ,(package (inherit qemu-headless) + (name "afl-qemu") + (inputs + `(("afl-src" ,source) + ,@(package-inputs qemu-headless))) + ;; afl only supports using a single afl-qemu-trace executable, so + ;; we only build qemu for the native target. + (arguments + `(#:configure-flags + (list (string-append "--target-list=" ,machine "-linux-user")) + ,@(substitute-keyword-arguments (package-arguments qemu-headless) + ((#:phases qemu-phases) + `(modify-phases ,qemu-phases + (add-after + 'unpack 'apply-afl-patches + (lambda* (#:key inputs #:allow-other-keys) + (let* ((afl-dir (string-append "afl-" ,version)) + (patch-dir + (string-append afl-dir + "/qemu_mode/patches"))) + (system* "tar" "xf" (assoc-ref inputs "afl-src")) + (copy-file (string-append patch-dir + "/afl-qemu-cpu-inl.h") + "./afl-qemu-cpu-inl.h") + (copy-file (string-append afl-dir "/config.h") + "./afl-config.h") + (copy-file (string-append afl-dir "/types.h") + "./types.h") + (substitute* "afl-qemu-cpu-inl.h" + (("\\.\\./\\.\\./config.h") "afl-config.h")) + (substitute* (string-append patch-dir + "/cpu-exec.diff") + (("\\.\\./patches/") "")) + (for-each (lambda (patch-file) + (system* "patch" "--force" "-p1" + "--input" patch-file)) + (find-files patch-dir + ".*\\.diff")))))))))))))) + (arguments + `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")) + "CC=gcc") + #:phases (modify-phases %standard-phases + (delete 'configure) + (add-after + ;; TODO: Build and install th afl-llvm tool. + 'install 'install-qemu + (lambda* (#:key inputs outputs #:allow-other-keys) + (let ((qemu (assoc-ref inputs "custom-qemu")) + (out (assoc-ref %outputs "out"))) + (copy-file (string-append qemu "/bin/qemu-" ,machine) + (string-append out "/bin/afl-qemu-trace")) + #t))) + (delete 'check)))) + (supported-systems (fold delete + %supported-systems + '("armhf-linux" "mips64el-linux"))) + (home-page "http://lcamtuf.coredump.cx/afl") + (synopsis "Security-oriented fuzzer") + (description + "American fuzzy lop is a security-oriented fuzzer that employs a novel +type of compile-time instrumentation and genetic algorithms to automatically +discover clean, interesting test cases that trigger new internal states in the +targeted binary. This substantially improves the functional coverage for the +fuzzed code. The compact synthesized corpora produced by the tool are also +useful for seeding other, more labor- or resource-intensive testing regimes +down the road.") + (license asl2.0)))) -- 2.4.3