fuzzbench icon indicating copy to clipboard operation
fuzzbench copied to clipboard

Published 20 hours ago verified publisher icon google

DONT MERGE add af++symqemu + experiment

Open vanhauser-thc opened this issue 3 years ago • 6 comments

getting symcc working in fuzzbench was a horrible experience as the image is based on an old ubuntu ... it might be difficult for the CI as I have to get and compile z3, which takes like forever... but it works! :) sucessfully tested openssl (oss-fuzz) and re2 (normal)

vanhauser-thc avatar Jan 28 '21 16:01 vanhauser-thc

Maybe we can wait for https://github.com/google/fuzzbench/pull/1062 to land so we can include it in the experiment?

jonathanmetzman avatar Jan 28 '21 16:01 jonathanmetzman

@jonathanmetzman sure! in that case maybe also add eclipser so to have a fair comparison to afl+symqemu (which is yours)

Edit: fixed :)

vanhauser-thc avatar Jan 28 '21 16:01 vanhauser-thc

different solution to integrate symqemu. and with afl++. @laurentsimon @sebastianpoeplau

vanhauser-thc avatar Jan 28 '21 16:01 vanhauser-thc

getting symcc working in fuzzbench was a horrible experience as the image is based on an old ubuntu ... it might be difficult for the CI as I have to get and compile z3, which takes like forever... but it works! :) sucessfully tested openssl (oss-fuzz) and re2 (normal)

if you want use the release builds of Z3, that would save you compiling Z3 every build. I've done something like this for QSYM, which is the dependency for Z3.

     wget -qO /tmp/z3x64.zip 'https://github.com/Z3Prover/z3/releases/download/z3-4.6.0/z3-4.6.0-x64-ubuntu-16.04.zip' && \
     unzip -jd /usr/include /tmp/z3x64.zip "*/include/*.h" && \
     unzip -jd /usr/lib /tmp/z3x64.zip "*/bin/libz3.so" && \
     rm -f /tmp/*.zip && \
     ldconfig && \

for a newer release (still 16.04)

     wget -qO /tmp/z3x64.zip 'https://github.com/Z3Prover/z3/releases/download/z3-4.8.9/z3-4.8.9-x64-ubuntu-16.04.zip' && \
     unzip -jd /usr/include /tmp/z3x64.zip "*/include/*.h" && \
     unzip -jd /usr/lib /tmp/z3x64.zip "*/bin/libz3.so" && \
     rm -f /tmp/*.zip && \
     ldconfig && \

wideglide avatar Jan 29 '21 07:01 wideglide

@wideglide thank you for that hint! If the experiment shows that symqemu is enhancing coverage (so, useful to use) I will rewrite this and more closely base on @jonathanmetzman's version.

but: for the two targets I tested (re2 and openssl) symqemu was unable to find any new inputs in a 5 minute test run. I am currently building a test for libjpeg and see if this is just because of a saturated corpus, or an issue of the build. it works fine for me on my own docker build.

vanhauser-thc avatar Jan 29 '21 08:01 vanhauser-thc

yes, no paths are discovered in the fuzzbench container by symqemu, I will now try #1062

vanhauser-thc avatar Jan 29 '21 10:01 vanhauser-thc

I think this can probably be closed.

jonathanmetzman avatar Jan 31 '23 17:01 jonathanmetzman