WIP: support the real coverage in fuzzer #59
Conversation
Feature/handle crashed server
monperrus
changed the title
|
next steps per today's meeting:
|
| exec afl-fuzz -i $DOCKER_AFL_INPUT -o $DOCKER_AFL_OUTPUT $RANK -d -- "${DOCKER_INTERFACE_SRC}/interface.out" @@ $REQUIRED_BYTES | ||
|
|
||
| echo "$AFL -i $DOCKER_AFL_INPUT -o $DOCKER_AFL_OUTPUT $RANK -d -- ${DOCKER_INTERFACE_SRC}/interface.out @@ $REQUIRED_BYTES" | ||
| $AFL -i "$DOCKER_AFL_INPUT" -o $DOCKER_AFL_OUTPUT $RANK -t 12000 -d -- "${DOCKER_INTERFACE_SRC}/interface.out" @@ $REQUIRED_BYTES |
There was a problem hiding this comment.
The "exec" is actually quite important for it to work properly with supervisord in Docker. You can't "supervise" detached processes. If I recall correctly, the script will just start again if the main process exits.
wasm-fuzzer/wafl.sh
Outdated
| mkdir -p $DOCKER_INTERFACE_SRC/logs-$currentID | ||
|
|
||
| pkill -f out.jar | ||
| java -jar fuzzing-server-swam/out/cli/assembly/dest/out.jar run_server $1 --main $2 $ALL_ARG_TYPES $WASI_ARG 1> $DOCKER_INTERFACE_SRC/logs-$currentID/swam.std.txt 2> $DOCKER_INTERFACE_SRC/logs-$currentID/swam.err.txt & |
There was a problem hiding this comment.
I know this may be a bit fancy and not entirely necessary, but since we already have the functionality built in, can't we just use supervisord here as well? It's quite clean and is going to take care of the restarting any of the two processes in case one of them crashes (which is quite likely imo).
I think running /usr/bin/supervisord -c ./supervisord.conf should work out fine.
For Linux to install:
apt-get install -y supervisor
There was a problem hiding this comment.
Also, if we do this, we can actually use this as the entrypoint to the Dockerfile.
If we don't use this as an entrypoint to the Dockerfile, the env variables you removed from .env are also going to be missing there, basically breaking the Docker version.
But then we also have to adjust the README on how to run it with Docker like this.
| exec afl-fuzz -i $DOCKER_AFL_INPUT -o $DOCKER_AFL_OUTPUT $RANK -d -- "${DOCKER_INTERFACE_SRC}/interface.out" @@ $REQUIRED_BYTES | ||
|
|
||
| echo "$AFL -i $DOCKER_AFL_INPUT -o $DOCKER_AFL_OUTPUT $RANK -d -- ${DOCKER_INTERFACE_SRC}/interface.out @@ $REQUIRED_BYTES" | ||
| $AFL -i "$DOCKER_AFL_INPUT" -o $DOCKER_AFL_OUTPUT $RANK -t 12000 -d -- "${DOCKER_INTERFACE_SRC}/interface.out" @@ $REQUIRED_BYTES |
There was a problem hiding this comment.
This timeout should not be in master imo. According to AFL it really screws the performance. The timeout is a multiple of the time taken of the first test cases anyways, so we shouldn't worry about it.
|
Since the AFL entrypoint now also potentially relies on the swam.jar to infer the signature, I don't see how it's necessary to keep the docker-compose configuration with two separate containers up and running. This would only be realistic if we do the signature inferring via socket communication using a proper serializer, which would be quite overhead for now I think. Meaning we can remove the two extra Dockerfiles + the docker-compose.yml file. Correct me if I'm wrong. |
wasm-fuzzer/wafl.sh
Outdated
|
|
||
| echo "Infering signature for wasm" | ||
|
|
||
| echo "java -jar fuzzing-server-swam/out/cli/assembly/dest/out.jar infer $WAT_ARG $1 $2" |
There was a problem hiding this comment.
I think this should be moved into entrypoint_afl.sh. Then we can remove the argument passing into out.jar run_server for SWAM and just call the function again directly in Scala when the server starts up.
There was a problem hiding this comment.
And we can remove all of this code: ALL_ARG_TYPES="$ALL_ARG_TYPES --argType $element"; a couple lines down.
wasm-fuzzer/wafl.sh
Outdated
| sleep 2 | ||
| echo "Running AFL fuzzing client" | ||
|
|
||
| $TIMEOUT bash fuzzing-client-afl/entrypoint_afl.sh |
There was a problem hiding this comment.
I don't think any of this timeout code should be in master? What is it for?
wasm-fuzzer/wafl.sh
Outdated
|
|
||
| $TIMEOUT bash fuzzing-client-afl/entrypoint_afl.sh | ||
|
|
||
| pkill -f $swamPid |
wasm-fuzzer/wafl.sh
Outdated
|
|
||
| ## Replace env variables | ||
| set -a | ||
| source .env |
There was a problem hiding this comment.
I think if you're doing this, you might as well remove half of the export statements above.
…supervisord into wafl && made entrypoint_mill_server executable by itself
|
That's a new milestone! Thanks for the great team work! |
WIP: support the real coverage in fuzzer
WIP: support the real coverage in fuzzer
No description provided.