diff --git a/.gitignore b/.gitignore index 28a16866..9c5dca46 100644 --- a/.gitignore +++ b/.gitignore @@ -31,6 +31,7 @@ traces utils/reports ### Wasm-Fuzzer ### -wasm-fuzzer/fuzzing-client-afl/afl_out -wasm-fuzzer/fuzzing-client-afl/cpp_out -wasm-fuzzer/logs/* +wasm-fuzzer/wafl-temp/* + +*.log +*.log.txt \ No newline at end of file diff --git a/.gitmodules b/.gitmodules index d7e36960..8591f655 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,7 +10,3 @@ path = llvm url = https://github.com/Jacarte/llvm-project branch = master -[submodule "wasm-fuzzer/fuzzing-server-swam"] - path = wasm-fuzzer/fuzzing-server-swam - url = https://github.com/KTH/swam - branch = feature/swam-server diff --git a/wasm-fuzzer/.dockerignore b/wasm-fuzzer/.dockerignore index 0ccb0e5f..70c908be 100644 --- a/wasm-fuzzer/.dockerignore +++ b/wasm-fuzzer/.dockerignore @@ -1,2 +1,4 @@ *.out -*.dat \ No newline at end of file +*.dat +./fuzzing-server-swam/out +./wafl-temp \ No newline at end of file diff --git a/wasm-fuzzer/.env b/wasm-fuzzer/.env index 348177cd..ea9d6702 100644 --- a/wasm-fuzzer/.env +++ b/wasm-fuzzer/.env @@ -7,34 +7,21 @@ LOG_LEVEL=INFO # Set True if AFL should always continue where it left off (and not delete old findings). Useful if AFL/SWAM may crash and auto-restart. REUSE_DATA_AFL=True -# Path to the parent directory of our local .wasm/.wat executable -LOCAL_WASM=/tmp/fuzzer-wat_files - -# Name of our local .wasm/.wat executable -WASM_EXECUTABLE=fibo.wat - -# Path on our local machine for us to read AFL's output -LOCAL_AFL_OUTPUT=/tmp/afl_out - -# Path on our local machine for us to read our own logs -LOCAL_LOGS=/tmp/fuzzer/fuzzerlogs - -# Path on our local machine for us to read SWAM's output (if any) -# SWAM_OUTPUT_LOCAL=/tmp/swam-out - -# Function to be executed in .wasm/.wat ("_start" is default) -TARGET_FUNCTION=clever +# Filter out WASI coverage +WASI_FILTER=True -# Parameter types for target function. Comma-separated list of types Int32, Int64, Float32, Float64. -WASM_ARG_TYPES_LIST=Int64 +######################################## +##### Necessary for Docker volumes ##### +######################################## -# Sample input for target function. Comma-separated list of numbers. -WASM_ARG_LIST=14 +# Path on our local machine where wasm/wat file is located +LOCAL_WASM_DIR=/tmp/wasm -# Executable has wasi format -WASI=False +############################# +##### No need to change ##### +############################# -##### No need to change: ##### +SWAM_SOCKET_HOST=localhost SWAM_SOCKET_PORT=9999 # Filter out WASI diff --git a/wasm-fuzzer/.gitignore b/wasm-fuzzer/.gitignore new file mode 100644 index 00000000..d05ee3b4 --- /dev/null +++ b/wasm-fuzzer/.gitignore @@ -0,0 +1,4 @@ +aflpp +wafl +out* +fuzzing-server-swam \ No newline at end of file diff --git a/wasm-fuzzer/Dockerfile b/wasm-fuzzer/Dockerfile index e090537d..0ad5a97d 100644 --- a/wasm-fuzzer/Dockerfile +++ b/wasm-fuzzer/Dockerfile @@ -9,6 +9,7 @@ FROM aflplusplus/aflplusplus RUN yes | apt-get install curl RUN apt-get update RUN DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata wget +RUN apt-get update RUN yes | apt-get install software-properties-common RUN apt-get update RUN yes | add-apt-repository ppa:openjdk-r/ppa @@ -30,58 +31,64 @@ WORKDIR /root ##### fuzzing-server-swam ###### ################################ -ENV DOCKER_SWAM_SRC=/home/server/src -ENV DOCKER_WASM=/home/server/wasm +ENV SRC_SWAM_DIR=/home/server/src +ENV WASM_DIR=/home/server/wasm # Create the appropriate directories -RUN mkdir -p $DOCKER_SWAM_SRC -RUN mkdir -p $DOCKER_WASM +RUN mkdir -p $SRC_SWAM_DIR +RUN mkdir -p $WASM_DIR -WORKDIR $DOCKER_SWAM_SRC +WORKDIR $SRC_SWAM_DIR # TODO: Find way of installing dependencies with Mill without copying over entire repo # See: https://stackoverflow.com/questions/62834693/mill-build-tool-install-dependencies-without-compiling-source-code -ADD ./fuzzing-server-entry/entrypoint_mill_server.sh $DOCKER_SWAM_SRC - # DOWNLOAD latest version of SWAM cli jar file -ADD https://github.com/KTH/swam/releases/download/v0.6.0-RC3/cli-0.6.0-RC3.jar $DOCKER_SWAM_SRC - +ADD https://github.com/KTH/swam/releases/download/v0.6.0-RC3/cli-0.6.0-RC3.jar $SRC_SWAM_DIR -RUN chmod +x $DOCKER_SWAM_SRC/entrypoint_mill_server.sh +ADD entrypoint_mill_server.sh /home +RUN chmod +x /home/entrypoint_mill_server.sh ############################# #### fuzzing-client-afl ##### ############################# -ENV DOCKER_INTERFACE_SRC=/home/client/interface -ENV DOCKER_AFL_INPUT=/home/client/in -ENV DOCKER_AFL_OUTPUT=/home/client/out +ENV SRC_INTERFACE_DIR=/home/client/interface +ENV OUT_INTERFACE_DIR=/home/client/interface/cpp_out +ENV INPUT_AFL_DIR=/home/client/in +ENV OUTPUT_AFL_DIR=/home/client/out # Create the appropriate directories -RUN mkdir -p $DOCKER_INTERFACE_SRC -RUN mkdir -p $DOCKER_AFL_INPUT -RUN mkdir -p $DOCKER_AFL_OUTPUT -WORKDIR $DOCKER_INTERFACE_SRC +RUN mkdir -p $SRC_INTERFACE_DIR +RUN mkdir -p $OUT_INTERFACE_DIR +RUN mkdir -p $INPUT_AFL_DIR +RUN mkdir -p $OUTPUT_AFL_DIR +WORKDIR $SRC_INTERFACE_DIR -ADD ./fuzzing-client-afl $DOCKER_INTERFACE_SRC +ADD ./fuzzing-client-afl $SRC_INTERFACE_DIR -RUN g++ -o ./prepare_wasm_input.out ./prepare_wasm_input.cpp ./utils.cpp -RUN g++ -o ./getFileSize.out ./getFileSize.cpp ./utils.cpp -RUN g++ -o ./wait_for_server.out ./wait_for_server.cpp ./utils.cpp ./socket_client.cpp -RUN g++ -o ./interface.out ./interface.cpp ./socket_client.cpp ./utils.cpp +RUN g++ -o $OUT_INTERFACE_DIR/prepare_wasm_input.out ./prepare_wasm_input.cpp ./utils.cpp +RUN g++ -o $OUT_INTERFACE_DIR/getFileSize.out ./getFileSize.cpp ./utils.cpp +RUN g++ -o $OUT_INTERFACE_DIR/wait_for_server.out ./wait_for_server.cpp ./utils.cpp ./socket_client.cpp +RUN g++ -o $OUT_INTERFACE_DIR/interface.out ./interface.cpp ./socket_client.cpp ./utils.cpp -RUN chmod +x $DOCKER_INTERFACE_SRC/entrypoint_afl.sh +RUN chmod +x $SRC_INTERFACE_DIR/entrypoint_afl.sh ######################### ######## Shared ######### ######################### -ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf +WORKDIR /home + +ENV LOGS_DIR=/home/shared/logs + +RUN mkdir -p $LOGS_DIR -ENV DOCKER_SHARED=/home/shared -ENV DOCKER_LOGS=$DOCKER_SHARED/logs +ADD supervisord.conf /home/supervisord.conf +ADD wafl.sh /home/wafl.sh +ADD prepare_env.sh /home/prepare_env.sh -RUN mkdir -p $DOCKER_LOGS +RUN chmod +x /home/wafl.sh +RUN chmod +x /home/prepare_env.sh -ENTRYPOINT ["/usr/bin/supervisord"] \ No newline at end of file +ENTRYPOINT ["/home/wafl.sh"] diff --git a/wasm-fuzzer/README.md b/wasm-fuzzer/README.md index 47dbdb9d..f775ce5c 100644 --- a/wasm-fuzzer/README.md +++ b/wasm-fuzzer/README.md @@ -19,7 +19,7 @@ Right now, we support fuzzing of four data types as function parameter: * int32 * int64 * float32 -* float 64 +* float64 Reference documentation in (see part 1, Coverage Measurements): https://github.com/google/AFL/blob/master/docs/technical_details.txt @@ -112,14 +112,14 @@ docker build -t wafl . 3. Run the Docker image. ```bash - docker run -it --rm --env-file=./.env \ - -e SWAM_SOCKET_HOST=localhost \ + docker run --env-file=./.env \ -v maven_data:/root/.cache/coursier/v1/https/repo1.maven.org/maven2 \ -v compiled_sources:/home/server/src/out/ \ - -v ${LOCAL_WASM:?err}:/home/server/wasm/ \ - -v ${LOCAL_AFL_OUTPUT:?err}:/home/client/out/ \ - -v ${LOCAL_LOGS:?err}:/home/shared/logs/ \ - wafl:latest + -v ${LOCAL_WASM_DIR:?err}:/home/server/wasm/ \ + -v ${PWD}/wafl-temp/afl-out:/home/client/out/ \ + -v ${PWD}/wafl-temp/logs:/home/shared/logs/ \ + wafl:latest \ + <.wasm/.wat filename> ``` ### Multi-processing @@ -128,7 +128,7 @@ AFLplusplus is encouraged to be run with multiple instances if multiple cores ar ```bash # 3 for the number of AFL instances. -./multi-processing.sh 3 +./multi-processing.sh 3 <.wasm/.wat filename> ``` ## Building & running without Docker diff --git a/wasm-fuzzer/build.sh b/wasm-fuzzer/build.sh new file mode 100755 index 00000000..06117527 --- /dev/null +++ b/wasm-fuzzer/build.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +echo "Cloning SWAM" +if [ ! -d fuzzing-server-swam ]; then + git clone --single-branch --branch master https://github.com/KTH/swam.git fuzzing-server-swam +fi + +echo "Building SWAM" +cd fuzzing-server-swam +git pull +./millw cli.assembly +export SWAM_JAR=$(CURRENT_DIR)/fuzzing-server-swam/out/cli/assembly/dest/out.jar +echo $SWAM_JAR +cd .. + + +# Download afl plus plus +if [ ! -d aflpp ]; then + echo "Downloading aflplusplus..." + git clone https://github.com/AFLplusplus/AFLplusplus.git aflpp + + echo "Building aflplusplus..." + cd aflpp + make distrib + sudo make install + cd .. +fi + + +echo "Building the wafl interface..." + +mkdir -p $CURRENT_DIR/wafl-temp +CPP_OUT_DIR=$CURRENT_DIR/wafl-temp/cpp-out +mkdir -p $CPP_OUT_DIR + +g++ -o $CPP_OUT_DIR/prepare_wasm_input.out ./fuzzing-client-afl/prepare_wasm_input.cpp ./fuzzing-client-afl/utils.cpp +g++ -o $CPP_OUT_DIR/getFileSize.out ./fuzzing-client-afl/getFileSize.cpp ./fuzzing-client-afl/utils.cpp +g++ -o $CPP_OUT_DIR/wait_for_server.out ./fuzzing-client-afl/wait_for_server.cpp ./fuzzing-client-afl/utils.cpp ./fuzzing-client-afl/socket_client.cpp +g++ -o $CPP_OUT_DIR/run_client.out ./fuzzing-client-afl/run_client.cpp ./fuzzing-client-afl/socket_client.cpp ./fuzzing-client-afl/utils.cpp +g++ -o $CPP_OUT_DIR/interface.out ./fuzzing-client-afl/interface.cpp ./fuzzing-client-afl/socket_client.cpp ./fuzzing-client-afl/utils.cpp + +echo "DONE !" \ No newline at end of file diff --git a/wasm-fuzzer/docker-compose.base.yml b/wasm-fuzzer/docker-compose.base.yml deleted file mode 100644 index 0553860d..00000000 --- a/wasm-fuzzer/docker-compose.base.yml +++ /dev/null @@ -1,29 +0,0 @@ -# This file does not work by itself - -version: '3.7' - -services: - swam_server: - entrypoint: /home/swam/entrypoint_mill_server.sh - env_file: - - ./.env - volumes: - - maven_data:/root/.cache/coursier/v1/https/repo1.maven.org/maven2 - - compiled_sources:/home/server/src/out/ - - ${LOCAL_WASM:?err}:/home/wasm/ - - afl_interface: - entrypoint: /home/interface/entrypoint_afl.sh - env_file: - - ./.env - environment: - SWAM_SOCKET_HOST: swam_server - volumes: - - ${LOCAL_AFL_OUTPUT:?err}:/home/out/ - - ${LOCAL_LOGS:?err}:/home/logs/ - depends_on: - - swam_server - -volumes: - maven_data: - compiled_sources: \ No newline at end of file diff --git a/wasm-fuzzer/docker-compose.stack.yml b/wasm-fuzzer/docker-compose.stack.yml deleted file mode 100644 index d5be88e3..00000000 --- a/wasm-fuzzer/docker-compose.stack.yml +++ /dev/null @@ -1,34 +0,0 @@ -# WARNING: -# This is still in testing! It still requires to set up AFL's Master-Slave mechanism. -# Also, the Socket Server does not seem to be running concurrently yet (even with a -# thread per request). - -# Create/update stack on the swarm: -# set -a -# source .env -# set +a -# docker stack deploy --compose-file docker-compose.base.yml -c docker-compose.stack.yml afl_swam - -# View all (multi-instance) services of stack: -# docker service ls - -# View live logs of (multi-instance) service: -# docker service logs -f {NAME_OF_THE_SERVICE} - -# Remove stack from the swarm -# docker stack rm afl_swam - -version: '3.7' - -services: - swam_server: - image: fuzzer_swam_server - - afl_interface: - image: fuzzer_afl_interface - deploy: - replicas: 6 - -volumes: - compiled_sources: - maven_data: diff --git a/wasm-fuzzer/docker-compose.yml b/wasm-fuzzer/docker-compose.yml deleted file mode 100644 index f23ccea3..00000000 --- a/wasm-fuzzer/docker-compose.yml +++ /dev/null @@ -1,17 +0,0 @@ -# WARNING: -# The env variables used in this file (e.g. LOCAL_WASM) can only -# be read by a file named ".env". This is standard Docker behaviour. - -# 1. Configure ./.env file -# 2. docker-compose -f docker-compose.base.yml -f docker-compose.yml up --build - -version: '3.7' - -services: - swam_server: - build: ./fuzzing-server-swam - expose: - - ${SWAM_SOCKET_PORT:?err} - - afl_interface: - build: ./fuzzing-client-afl diff --git a/wasm-fuzzer/entrypoint_mill_server.sh b/wasm-fuzzer/entrypoint_mill_server.sh new file mode 100755 index 00000000..8c48c838 --- /dev/null +++ b/wasm-fuzzer/entrypoint_mill_server.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# TODO: Put this file back into the SWAM repo + +# TODO: Put this into entrypoint_afl.sh as well as soon as the server infers the signature itself. +# So that this script can be run by itself as +# well (same commands as wafl.sh) +if [[ $ENV_PREPARED != "True" ]]; then + echo "Preparing environment!" + source ../prepare_env.sh $@ +fi + +# Get wasm/wat from $WASM_DIR directory +echo "WASM_OR_WAT_FILE: $WASM_OR_WAT_FILE" + +# Parse WASM_ARG_TYPES_CSV: "Int64,Int32" to "--argType Int64 --argType Int32" +ALL_ARG_TYPES="" +IFS=',' read -r -a WASM_ARG_TYPES_ARRAY <<<"$WASM_ARG_TYPES_CSV" +for element in "${WASM_ARG_TYPES_ARRAY[@]}"; do + ALL_ARG_TYPES="$ALL_ARG_TYPES --argType $element" +done +echo "ALL_ARG_TYPES: $ALL_ARG_TYPES" + +if [[ $WASM_OR_WAT_FILE == *.wat ]]; then WAT_ARG="--wat"; fi +if [[ $WASI == "True" ]]; then WASI_ARG="--wasi"; fi +if [[ $WASI_FILTER == "True" ]]; then WASI_ARG="$WASI_ARG -r"; fi + +cd $SRC_SWAM_DIR + +LOGGING_ARG="1> $LOGS_DIR/swam.std.txt 2> $LOGS_DIR/swam.err.txt &" + +echo "$SWAM_CMD run_server $WASM_OR_WAT_FILE --main $TARGET_FUNCTION $WAT_ARG $WASI_ARG $ALL_ARG_TYPES $LOGGING_ARG" +exec $SWAM_CMD run_server $WASM_OR_WAT_FILE --main $TARGET_FUNCTION $WAT_ARG $WASI_ARG $ALL_ARG_TYPES 1> $LOGS_DIR/swam.std.txt 2> $LOGS_DIR/swam.err.txt diff --git a/wasm-fuzzer/fuzzing-client-afl/Dockerfile b/wasm-fuzzer/fuzzing-client-afl/Dockerfile deleted file mode 100644 index 86ddeb15..00000000 --- a/wasm-fuzzer/fuzzing-client-afl/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -FROM aflplusplus/aflplusplus - -ENV DOCKER_INTERFACE_SRC=/home/interface -ENV DOCKER_AFL_INPUT=/home/in -ENV DOCKER_AFL_OUTPUT=/home/out -ENV DOCKER_LOGS=/home/logs - -# Create the appropriate directories -RUN mkdir -p $DOCKER_INTERFACE_SRC -RUN mkdir -p $DOCKER_AFL_INPUT -RUN mkdir -p $DOCKER_AFL_OUTPUT -RUN mkdir -p $DOCKER_LOGS -WORKDIR $DOCKER_INTERFACE_SRC - -ADD ./ $DOCKER_INTERFACE_SRC - -RUN g++ -o ./prepare_wasm_input.out ./prepare_wasm_input.cpp ./utils.cpp -RUN g++ -o ./getFileSize.out ./getFileSize.cpp ./utils.cpp -RUN g++ -o ./wait_for_server.out ./wait_for_server.cpp ./utils.cpp ./socket_client.cpp -RUN g++ -o ./interface.out ./interface.cpp ./socket_client.cpp ./utils.cpp - -RUN chmod +x $DOCKER_INTERFACE_SRC/entrypoint_afl.sh diff --git a/wasm-fuzzer/fuzzing-client-afl/entrypoint_afl.sh b/wasm-fuzzer/fuzzing-client-afl/entrypoint_afl.sh old mode 100644 new mode 100755 index 450ca947..de76fd87 --- a/wasm-fuzzer/fuzzing-client-afl/entrypoint_afl.sh +++ b/wasm-fuzzer/fuzzing-client-afl/entrypoint_afl.sh @@ -1,19 +1,22 @@ #!/bin/bash -cd $DOCKER_INTERFACE_SRC +cd $SRC_INTERFACE_DIR -PREPARED_INPUT_PATH="$DOCKER_AFL_INPUT/prepared_input.dat" -./prepare_wasm_input.out $PREPARED_INPUT_PATH +$OUT_INTERFACE_DIR/prepare_wasm_input.out "$INPUT_AFL_DIR/prepared_input.dat" # TODO: Remove everything related to REQUIRED_BYTES -REQUIRED_BYTES=$(./getFileSize.out $PREPARED_INPUT_PATH) +REQUIRED_BYTES=$($OUT_INTERFACE_DIR/getFileSize.out $INPUT_AFL_DIR/prepared_input.dat) # Parallel fuzzing: https://github.com/mirrorer/afl/blob/master/docs/parallel_fuzzing.txt -if [[ ! -z "$MASTER_AFL_NODE" ]]; then +# TODO: Refactor this to work in non-Docker environment as well +if [[ ! -z "$MASTER_AFL_NODE" ]] +then DOCKER_CONTAINER_ID=$( #define AFL_SHM_SIZE 65536 @@ -66,18 +67,22 @@ void main_fuzz( int requiredBytes, pid_t aflPID) { - + //LOG("Entering"); + std::string LOGS_DIR = parseEnvVariables((char *)"LOGS_DIR"); std::string DUMMY_TESTING_AFL = parseEnvVariables((char *)"DUMMY_TESTING_AFL"); + if (DUMMY_TESTING_AFL == "True") { fillTraceDummyData(trace_bits); exit(0); } - + char sendBuffer[requiredBytes]; readBinaryToBuffer(sendBuffer, sizeof(sendBuffer), (std::string)fuzzed_input_path); + char readBuffer[AFL_SHM_SIZE + 1]; // + 1 for exit code + ///logBuffer(LOGS_DIR + "/interface.log", AFL_SHM_SIZE + 1, readBuffer); std::string SWAM_SOCKET_HOST = parseEnvVariables((char *)"SWAM_SOCKET_HOST"); std::string SWAM_SOCKET_PORT = parseEnvVariables((char *)"SWAM_SOCKET_PORT"); @@ -105,6 +110,7 @@ void main_fuzz( } } + //LOG("Passing data to afl..."); pass_data_to_afl(sizeof(readBuffer), readBuffer, trace_bits); // Read exit code from readBuffer and exit with same code @@ -137,11 +143,12 @@ void fork_server(char *fuzzed_input_path, uint8_t *trace_bits, int requiredBytes log_default("Forkserver's PID: " + forkServerPIDString, INFO); int status = 0; - // Starting the 'Fork server handshake' // Phone home and tell AFL that we're OK - if (write(199, &status, 4) != 4) + + int w = write(199, &status, 4); + if ( w != 4) { log_default("Write failed", ERROR); close(199); diff --git a/wasm-fuzzer/fuzzing-client-afl/prepare_wasm_input.cpp b/wasm-fuzzer/fuzzing-client-afl/prepare_wasm_input.cpp index 5ba2889a..248e6c1f 100644 --- a/wasm-fuzzer/fuzzing-client-afl/prepare_wasm_input.cpp +++ b/wasm-fuzzer/fuzzing-client-afl/prepare_wasm_input.cpp @@ -94,13 +94,13 @@ int main(int argc, char *argv[]) std::string filePath = (std::string) argv[1]; clearFile(filePath); - std::string WASM_ARG_TYPES_LIST = parseEnvVariables((char *)"WASM_ARG_TYPES_LIST"); - std::string WASM_ARG_LIST = parseEnvVariables((char *)"WASM_ARG_LIST"); + std::string WASM_ARG_TYPES_CSV = parseEnvVariables((char *)"WASM_ARG_TYPES_CSV"); + std::string WASM_ARG_CSV = parseEnvVariables((char *)"WASM_ARG_CSV"); // TODO: Escape commas that are in arrays // TODO: Delete whitespaces - std::vector typeArray = split(WASM_ARG_TYPES_LIST, ','); - std::vector argArray = split(WASM_ARG_LIST, ','); + std::vector typeArray = split(WASM_ARG_TYPES_CSV, ','); + std::vector argArray = split(WASM_ARG_CSV, ','); if (typeArray.size() != argArray.size()) { diff --git a/wasm-fuzzer/fuzzing-client-afl/run_test.sh b/wasm-fuzzer/fuzzing-client-afl/run_test.sh index 8aea665f..67bedd1a 100755 --- a/wasm-fuzzer/fuzzing-client-afl/run_test.sh +++ b/wasm-fuzzer/fuzzing-client-afl/run_test.sh @@ -1,6 +1,6 @@ #!/bin/bash -# TODO: Since now all logging is to a file (using env var DOCKER_LOGS), this script cannot be run locally anymore. Fix this. +# TODO: Since now all logging is to a file (using env var LOGS_DIR), this script cannot be run locally anymore. Fix this. # For testing the integration of prepare_wasm_input.cpp and socket_client.cpp. @@ -8,13 +8,10 @@ # >> mill -i cli.run run_server --wat --argType Int64 --main naive --out ./ /Users/vincent/not_in_cloud/Codes/KTH/swam/examples/docs/fibo.wat # Configured for fibo.wat: -export WASM_ARG_TYPES_LIST=Int64 -export WASM_ARG_LIST=15 +export WASM_ARG_TYPES_CSV=Int64 +export WASM_ARG_CSV=15 mkdir -p ./cpp_out -g++ -o ./cpp_out/prepare_wasm_input.out ./prepare_wasm_input.cpp ./utils.cpp -g++ -o ./cpp_out/run_client.out ./run_client.cpp ./socket_client.cpp ./utils.cpp - ./cpp_out/prepare_wasm_input.out "./cpp_out/prepared_input.dat" ./cpp_out/run_client.out "./cpp_out/prepared_input.dat" diff --git a/wasm-fuzzer/fuzzing-client-afl/utils.cpp b/wasm-fuzzer/fuzzing-client-afl/utils.cpp index ccd03456..fc0969ed 100644 --- a/wasm-fuzzer/fuzzing-client-afl/utils.cpp +++ b/wasm-fuzzer/fuzzing-client-afl/utils.cpp @@ -21,7 +21,7 @@ LogEnum getLogLevel() } LogEnum DEFAULT_LOG_LEVEL_ENUM = getLogLevel(); -std::string DOCKER_LOGS_DIR = parseEnvVariables((char *)"DOCKER_LOGS"); +std::string LOGS_DIR = parseEnvVariables((char *)"LOGS_DIR"); void log_default(std::string someString, LogEnum log_level) { @@ -53,7 +53,7 @@ void log_default(std::string someString, LogEnum log_level) break; } } - log(DOCKER_LOGS_DIR + "/afl.log", actualLog); + log(LOGS_DIR + "/afl.log", actualLog); } void log(std::string filename, std::string someString) diff --git a/wasm-fuzzer/multi-processing.sh b/wasm-fuzzer/multi-processing.sh index 65da22c7..3157f560 100755 --- a/wasm-fuzzer/multi-processing.sh +++ b/wasm-fuzzer/multi-processing.sh @@ -1,7 +1,6 @@ #!/bin/bash -if [ -z "$1" ] -then +if [ -z "$1" ]; then echo "Specifiy the number of AFL instances as argument!" exit 1 fi @@ -12,37 +11,36 @@ set -a source ./.env set +a +mkdir -p $LOCAL_WASM_DIR +mkdir -p $LOCAL_AFL_OUTPUT_DIR +mkdir -p $LOCAL_LOGS_DIR/1 + echo "Running #1" docker run --env-file=./.env \ - -e SWAM_SOCKET_HOST=localhost \ -e MASTER_AFL_NODE=True \ -v maven_data:/root/.cache/coursier/v1/https/repo1.maven.org/maven2 \ -v compiled_sources:/home/server/src/out/ \ - -v ${LOCAL_WASM:?err}:/home/server/wasm/ \ - -v ${LOCAL_AFL_OUTPUT:?err}:/home/client/out/ \ - -v ${LOCAL_LOGS:?err}:/home/shared/logs/ \ - -d \ - wafl:latest + -v ${LOCAL_WASM_DIR:?err}:/home/server/wasm/ \ + -v ${PWD}/wafl-temp/afl-out:/home/client/out/ \ + -v ${PWD}/wafl-temp/logs/1:/home/shared/logs/ \ + -d slumps/wafl:latest $2 $3 $4 -if [ $1 -lt 2 ] -then +if [ $1 -lt 2 ]; then exit 0 fi -for i in $(seq 2 $1) -do +for i in $(seq 2 $1); do echo "Waiting for previous mill server to compile..." sleep 30s + mkdir -p $LOCAL_LOGS_DIR/${i} echo "Running #${i}" docker run --env-file=./.env \ - -e SWAM_SOCKET_HOST=localhost \ -e MASTER_AFL_NODE=False \ -v maven_data:/root/.cache/coursier/v1/https/repo1.maven.org/maven2 \ -v compiled_sources:/home/server/src/out/ \ - -v ${LOCAL_WASM:?err}:/home/server/wasm/ \ - -v ${LOCAL_AFL_OUTPUT:?err}:/home/client/out/ \ - -v ${LOCAL_LOGS:?err}:/home/shared/logs/ \ - -d \ - wafl:latest + -v ${LOCAL_WASM_DIR:?err}:/home/server/wasm/ \ + -v ${PWD}/wafl-temp/afl-out:/home/client/out/ \ + -v ${PWD}/wafl-temp/logs/${i}:/home/shared/logs/ \ + -d slumps/wafl:latest $2 $3 $4 done exit 0 diff --git a/wasm-fuzzer/prepare_env.sh b/wasm-fuzzer/prepare_env.sh new file mode 100755 index 00000000..ec269e9d --- /dev/null +++ b/wasm-fuzzer/prepare_env.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +currentID=$$ +echo "wafl ID $currentID" + +set -a +source .env +set +a + +CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +# Check if inside Docker: https://stackoverflow.com/a/25518345/9068781 +if ! [ -f /.dockerenv ]; then + echo "Not inside a Docker container"; + + TEMP_DIR=$CURRENT_DIR/wafl-temp + + mkdir -p $TEMP_DIR/afl-in + mkdir -p $TEMP_DIR/afl-out + mkdir -p $TEMP_DIR/logs + + export SRC_INTERFACE_DIR=$CURRENT_DIR/fuzzing-client-afl + export SRC_SWAM_DIR=$CURRENT_DIR/fuzzing-server-swam + + + export OUT_INTERFACE_DIR=$TEMP_DIR/cpp-out + + export INPUT_AFL_DIR=$TEMP_DIR/afl-in/$currentID + export OUTPUT_AFL_DIR=$TEMP_DIR/afl-out/$currentID + + export LOGS_DIR=$TEMP_DIR/logs/$currentID + + export WASM_OR_WAT_FILE=$1 + + export BIN_AFL="$CURRENT_DIR/aflpp/afl-fuzz" + export SWAM_CMD="java -jar $SRC_SWAM_DIR/out/cli/assembly/dest/out.jar" + + mkdir -p $INPUT_AFL_DIR + mkdir -p $OUTPUT_AFL_DIR + mkdir -p $LOGS_DIR +else + echo "Inside a Docker container - env's are pre-defined"; + + # Get filename from $1 + export WASM_OR_WAT_FILE=$WASM_DIR/$(basename $1) + # export SWAM_CMD='mill cli.run' + export SWAM_CMD="java -jar $SRC_SWAM_DIR/cli-0.6.0-RC3.jar" +fi + +# TODO: Make this CLI-dependent +export WASI_FILTER=True +export WASI=True + +# TODO: Check if empty +export TARGET_FUNCTION=$2 +export WASM_ARG_CSV=$3 + +export ENV_PREPARED=True diff --git a/wasm-fuzzer/supervisord.conf b/wasm-fuzzer/supervisord.conf index 5a364a24..73f10b4d 100644 --- a/wasm-fuzzer/supervisord.conf +++ b/wasm-fuzzer/supervisord.conf @@ -1,16 +1,16 @@ [supervisord] nodaemon=true -user=root +user=root # Check if this is needed in docker remove otherwise [program:swam_server] -command=%(ENV_DOCKER_SWAM_SRC)s/entrypoint_mill_server.sh +command=%(ENV_PWD)s/entrypoint_mill_server.sh stdout_logfile=/dev/stdout stderr_logfile=/dev/stderr stdout_logfile_maxbytes=0 stderr_logfile_maxbytes=0 [program:afl_client] -command=%(ENV_DOCKER_INTERFACE_SRC)s/entrypoint_afl.sh +command=%(ENV_SRC_INTERFACE_DIR)s/entrypoint_afl.sh stdout_logfile=/dev/stdout stderr_logfile=/dev/stderr stdout_logfile_maxbytes=0 diff --git a/wasm-fuzzer/wafl.sh b/wasm-fuzzer/wafl.sh new file mode 100755 index 00000000..48446c4e --- /dev/null +++ b/wasm-fuzzer/wafl.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +CURRENT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +source ${CURRENT_DIR}/prepare_env.sh $@ + +# TODO: Put this into entrypoint_afl.sh + call function directly in Scala at server startup +echo "Infering signature for wasm" +echo "$SWAM_CMD infer $WAT_ARG $WASM_OR_WAT_FILE $TARGET_FUNCTION" +export WASM_ARG_TYPES_CSV=$($SWAM_CMD infer $WAT_ARG $WASM_OR_WAT_FILE $TARGET_FUNCTION) # Read from signature retriever +pkill -f out.jar + +SUPERVISORD_BIN=$(which supervisord) +exec $SUPERVISORD_BIN -c ${CURRENT_DIR}/supervisord.conf