From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Bavier Subject: Re: [PATCH 2/2] gnu: Add American fuzzy lop. Date: Sun, 16 Aug 2015 18:11:17 -0500 Message-ID: <20150816181117.2d369925@openmailbox.org> References: <1439728559-2606-1-git-send-email-ericbavier@openmailbox.org> <1439728559-2606-2-git-send-email-ericbavier@openmailbox.org> <878u9aom2c.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35373) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZRBeN-0003UM-54 for guix-devel@gnu.org; Mon, 17 Aug 2015 00:03:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZRBeH-0004nC-Vj for guix-devel@gnu.org; Mon, 17 Aug 2015 00:03:55 -0400 Received: from smtp22.openmailbox.org ([62.4.1.56]:35778) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZRBeH-0004n2-Ju for guix-devel@gnu.org; Mon, 17 Aug 2015 00:03:49 -0400 In-Reply-To: <878u9aom2c.fsf@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Mark H Weaver Cc: guix-devel@gnu.org On Sun, 16 Aug 2015 19:22:51 -0400 Mark H Weaver wrote: > ericbavier@openmailbox.org writes: > > > From: Eric Bavier > > > > * gnu/packages/debug.scm (american-fuzzy-lop): New variable. > > --- > > gnu/packages/debug.scm | 96 > > +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, > > 95 insertions(+), 1 deletion(-) > > > > diff --git a/gnu/packages/debug.scm b/gnu/packages/debug.scm > > index ba80711..dba3091 100644 > > --- a/gnu/packages/debug.scm > > +++ b/gnu/packages/debug.scm > > @@ -27,7 +27,10 @@ > > #:use-module (gnu packages indent) > > #:use-module (gnu packages llvm) > > #:use-module (gnu packages perl) > > - #:use-module (gnu packages pretty-print)) > > + #:use-module (gnu packages pretty-print) > > + #:use-module (gnu packages qemu) > > + #:use-module (ice-9 match) > > + #:use-module (srfi srfi-1)) > > > > (define-public delta > > (package > > @@ -137,3 +140,94 @@ produces a much smaller C/C++ program that has > > the same property. It is intended for use by people who discover > > and report bugs in compilers and other tools that process C/C++ > > code.") (license ncsa))) > > + > > +(define-public american-fuzzy-lop > > + (let ((machine (match (or (%current-target-system) > > + (%current-system)) > > + ("x86_64-linux" "x86_64") > > + ("i686-linux" "i386") > > + ;; Prevent errors when querying this package on > > unsupported > > + ;; platforms, e.g. when running "guix package > > --search=" > > + (_ "UNSUPPORTED")))) > > + (package > > + (name "american-fuzzy-lop") > > + (version "1.86b") ;It seems all releases have > > the 'b' suffix > > + (source > > + (origin > > + (method url-fetch) > > + (uri (string-append > > "http://lcamtuf.coredump.cx/afl/releases/" > > + "afl-" version ".tgz")) > > + (sha256 > > + (base32 > > + > > "1by9ncf6lgcyibzqwyla34jv64sd66mn8zhgjz2pcgsds51qwn0r")))) > > + (build-system gnu-build-system) > > + (inputs > > + `(("custom-qemu" > > + ;; The afl-qemu tool builds qemu 2.3.0 with a few > > patches applied. > > + ,(package (inherit qemu-headless) > > + (name "afl-qemu") > > + (inputs > > + `(("afl-src" ,source) > > + ,@(package-inputs qemu-headless))) > > + ;; afl only supports using a single afl-qemu-trace > > executable, so > > + ;; we only build qemu for the native target. > > + (arguments > > + `(#:configure-flags > > + (list (string-append "--target-list=" ,machine > > "-linux-user")) > > + ,@(substitute-keyword-arguments (package-arguments > > qemu-headless) > > + ((#:phases qemu-phases) > > + `(modify-phases ,qemu-phases > > + (add-after > > + 'unpack 'apply-afl-patches > > + (lambda* (#:key inputs #:allow-other-keys) > > + (let* ((afl-dir (string-append > > "afl-" ,version)) > > + (patch-dir > > + (string-append afl-dir > > + > > "/qemu_mode/patches"))) > > + (system* "tar" "xf" (assoc-ref inputs > > "afl-src")) > > Please check for an error here, with something like: > > (unless (zero? (system* ...)) > (error "tar failed to unpack afl-src")) > > > + (copy-file (string-append patch-dir > > + > > "/afl-qemu-cpu-inl.h") > > + "./afl-qemu-cpu-inl.h") > > + (copy-file (string-append afl-dir > > "/config.h") > > + "./afl-config.h") > > + (copy-file (string-append afl-dir > > "/types.h") > > + "./types.h") > > + (substitute* "afl-qemu-cpu-inl.h" > > + (("\\.\\./\\.\\./config.h") > > "afl-config.h")) > > + (substitute* (string-append patch-dir > > + > > "/cpu-exec.diff") > > + (("\\.\\./patches/") "")) > > + (for-each (lambda (patch-file) > > + (system* "patch" > > "--force" "-p1" > > + "--input" > > patch-file)) > > Likewise, if these patches fail to apply, the failures will be > ignored. Please change 'for-each' to 'every', and wrap (zero? ...) > around the 'system*' call. > > > + (find-files patch-dir > > + > > ".*\\.diff")))))))))))))) > > "\\.diff$" > > > + (arguments > > + `(#:make-flags (list (string-append "PREFIX=" (assoc-ref > > %outputs "out")) > > + "CC=gcc") > > + #:phases (modify-phases %standard-phases > > + (delete 'configure) > > + (add-after > > + ;; TODO: Build and install th afl-llvm tool. > > s/th/the/ > > > + 'install 'install-qemu > > + (lambda* (#:key inputs outputs > > #:allow-other-keys) > > + (let ((qemu (assoc-ref inputs > > "custom-qemu")) > > + (out (assoc-ref %outputs "out"))) > > s/%outputs/outputs/ > > > + (copy-file (string-append qemu > > "/bin/qemu-" ,machine) > > + (string-append out > > "/bin/afl-qemu-trace")) > > + #t))) > > + (delete 'check)))) > > + (supported-systems (fold delete > > + %supported-systems > > + '("armhf-linux" "mips64el-linux"))) > > + (home-page "http://lcamtuf.coredump.cx/afl") > > + (synopsis "Security-oriented fuzzer") > > + (description > > + "American fuzzy lop is a security-oriented fuzzer that > > employs a novel +type of compile-time instrumentation and genetic > > algorithms to automatically +discover clean, interesting test cases > > that trigger new internal states in the +targeted binary. This > > substantially improves the functional coverage for the +fuzzed > > code. The compact synthesized corpora produced by the tool are > > also +useful for seeding other, more labor- or resource-intensive > > testing regimes +down the road.") > > + (license asl2.0)))) > > Otherwise it looks good to me. Thank you for the review. Changes applied and pushed. `~Eric