clusterfuzz icon indicating copy to clipboard operation
clusterfuzz copied to clipboard
verified publisher icon google

`Centipede` integration (engine)

Open DonggeLiu opened this issue 3 years ago • 10 comments

Implements the fuzzing engine interface of Centipede, as the first of a series of PRs for Centipede integration.

DonggeLiu avatar Sep 05 '22 02:09 DonggeLiu

A draft engine.py for now to double-check it is on the right track, will come back with more fixes later:

  1. Remove redundant code blocks;
  2. Remove redundant packages;
  3. Fix the format/lint/test errors.

DonggeLiu avatar Sep 05 '22 02:09 DonggeLiu

There will be another 3 PRs to update:

  1. project_setup.py
  2. build_manager.py
  3. setup.py

DonggeLiu avatar Sep 15 '22 05:09 DonggeLiu

Could you please also add some integration tests? See the libFuzzer/afl examples.

oliverchang avatar Sep 16 '22 03:09 oliverchang

Could you please also add some integration tests? See the libFuzzer/afl examples.

Sure! I am also editing the engine interface to allow adding sanitized binaries.

DonggeLiu avatar Sep 16 '22 03:09 DonggeLiu

Could you please also add some integration tests? See the libFuzzer/afl examples.

Sure! I am also editing the engine interface to allow adding sanitized binaries.

Maybe we should unpack the binaries in a way that make this unnecessary. E.g. unpack to $PATH/blah/unsanitized/target and $PATH/blah/address/target? Changing the interface will mean we need to change CFL too btw

jonathanmetzman avatar Sep 16 '22 15:09 jonathanmetzman

Could you please also add some integration tests? See the libFuzzer/afl examples.

Sure! I am also editing the engine interface to allow adding sanitized binaries.

Maybe we should unpack the binaries in a way that make this unnecessary. E.g. unpack to $PATH/blah/unsanitized/target and $PATH/blah/address/target? Changing the interface will mean we need to change CFL too btw

Basically I want to avoid making a change to API that is very centipede-specific.

jonathanmetzman avatar Sep 16 '22 16:09 jonathanmetzman

Could you please also add some integration tests? See the libFuzzer/afl examples.

Sure! I am also editing the engine interface to allow adding sanitized binaries.

Maybe we should unpack the binaries in a way that make this unnecessary. E.g. unpack to $PATH/blah/unsanitized/target and $PATH/blah/address/target? Changing the interface will mean we need to change CFL too btw

Basically I want to avoid making a change to API that is very centipede-specific.

Ah sorry that I did not update here, I gave up on that because I learnt that I can overwrite the interface function in Centipede's child instance : ) I will test that later before committing, but I think it should work.

DonggeLiu avatar Sep 16 '22 23:09 DonggeLiu

Could you please also add some integration tests? See the libFuzzer/afl examples.

Sure! I am also editing the engine interface to allow adding sanitized binaries.

Maybe we should unpack the binaries in a way that make this unnecessary. E.g. unpack to $PATH/blah/unsanitized/target and $PATH/blah/address/target? Changing the interface will mean we need to change CFL too btw

Basically I want to avoid making a change to API that is very centipede-specific.

Ah sorry that I did not update here, I gave up on that because I learnt that I can overwrite the interface function in Centipede's child instance : ) I will test that later before committing, but I think it should work.

Maybe I'm misunderstanding but then won't the caller need to support calling two APIs instead of one? This seems worse than either of the two above cases I thought of

jonathanmetzman avatar Sep 18 '22 00:09 jonathanmetzman

Could you please also add some integration tests? See the libFuzzer/afl examples.

Sure! I am also editing the engine interface to allow adding sanitized binaries.

Maybe we should unpack the binaries in a way that make this unnecessary. E.g. unpack to $PATH/blah/unsanitized/target and $PATH/blah/address/target? Changing the interface will mean we need to change CFL too btw

Basically I want to avoid making a change to API that is very centipede-specific.

Ah sorry that I did not update here, I gave up on that because I learnt that I can overwrite the interface function in Centipede's child instance : ) I will test that later before committing, but I think it should work.

Maybe I'm misunderstanding but then won't the caller need to support calling two APIs instead of one? This seems worse than either of the two above cases I thought of

+1 to keeping the interface the same. The build_manager part can be smarter about where to unpack so that the Engine implementation part here can find the sanitized binaries.

oliverchang avatar Sep 19 '22 01:09 oliverchang

Cloud build failed due to two compatibility reasons:

  1. error while loading shared libraries: libcrypto.so.3: cannot open shared object file: No such file or directory
  2. /lib/x86_64-linux-gnu/libc.so.6: version 'GLIBC_2.32' not found (required by /path/to/centipede/test_data/__extra_build/test_fuzzer)\n

DonggeLiu avatar Sep 20 '22 12:09 DonggeLiu

please also address all of @jonathanmetzman's comments.

I reckon these are addressed in Fix workdir path + Replace os.path with Path : )

DonggeLiu avatar Sep 27 '22 00:09 DonggeLiu