feat(tools, fuzzing): better fuzzing tooling to start the docker imag…

…e immediately, build arkscript and launch multiple fuzzers
ArkScript-lang · Jul 7, 2024 · 0ee7cf0 · 0ee7cf0
1 parent d1cf245
commit 0ee7cf0
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 4 deletions.
diff --git a/tests/fuzzing/prepare-corpus.sh → tests/fuzzing/docker/0-prepare-corpus.sh b/tests/fuzzing/prepare-corpus.sh → tests/fuzzing/docker/0-prepare-corpus.sh
diff --git a/tests/fuzzing/docker/1-build-with-afl.sh b/tests/fuzzing/docker/1-build-with-afl.sh
@@ -0,0 +1,18 @@
+if ! [ -f /.dockerenv ]; then
+  echo "This script needs to run inside the aflplusplus docker container"
+  exit 1
+fi
+if [[ $(ls -l | grep tests) == "" ]]; then
+  echo "This script needs to run at the root of ArkScript-lang/Ark"
+  exit 1
+fi
+
+cd /src || exit 1
+
+cmake -Bbuild \
+  -DCMAKE_C_COMPILER=/AFLplusplus/afl-cc \
+  -DCMAKE_CXX_COMPILER=/AFLplusplus/afl-c++ \
+  -DCMAKE_BUILD_TYPE=Release \
+  -DARK_BUILD_EXE=On \
+  -DARK_SANITIZERS=On
+cmake --build build --config Release -j $(nproc)
diff --git a/tests/fuzzing/fuzz.sh → tests/fuzzing/docker/2-fuzz.sh b/tests/fuzzing/fuzz.sh → tests/fuzzing/docker/2-fuzz.sh
@@ -21,6 +21,8 @@ fi
 export AFL_IMPORT_FIRST=1
 export AFL_USE_ASAN=1
 export AFL_USE_UBSAN=1
+export AFL_TMPDIR=/ramdisk$1
+export AFL_AUTORESUME=1
 
 export FUZZER_SEED=0
 export FUZZER_TIMEOUT_EXEC_MS=500

diff --git a/tests/fuzzing/docker/setup-container.sh b/tests/fuzzing/docker/setup-container.sh
@@ -0,0 +1,31 @@
+if ! [ -f /.dockerenv ]; then
+  echo "This script needs to run inside the aflplusplus docker container"
+  exit 1
+fi
+
+cd /src || exit 1
+
+###################################################
+# Install utilities
+###################################################
+
+apt update -yq
+apt install -yq tmux
+
+###################################################
+# Build ArkScript
+###################################################
+source ./tests/fuzzing/docker/1-build-with-afl.sh
+
+###################################################
+# Launch the fuzzers
+###################################################
+echo "Starting main fuzzer" && tmux new-session -d './tests/fuzzing/docker/2-fuzz.sh 0'
+sleep 20  # wait for the main fuzzer to be up and ready
+
+echo "Starting sub-fuzzer" && tmux new-session -d './tests/fuzzing/docker/2-fuzz.sh 1'
+echo "Starting sub-fuzzer" && tmux new-session -d './tests/fuzzing/docker/2-fuzz.sh 2'
+echo "Starting sub-fuzzer" && tmux new-session -d './tests/fuzzing/docker/2-fuzz.sh 3'
+echo "Starting sub-fuzzer" && tmux new-session -d './tests/fuzzing/docker/2-fuzz.sh 4'
+
+tmux attach 0
diff --git a/tests/fuzzing/start-afl-docker.sh b/tests/fuzzing/start-afl-docker.sh
@@ -2,15 +2,20 @@ if [[ $(ls -l | grep tests) == "" ]]; then
   echo "This script needs to run at the root of ArkScript-lang/Ark"
   exit 1
 fi
+if [[ "$TERM" =~ "screen".* ]]; then
+  echo "This script shouldn't be running inside tmux!"
+  exit 1
+fi
+
 
 # we need a ton of ramdisks, one per fuzzer, to avoid killing the
 # disk with millions of writes when cmin/tmin/fuzz are running
 docker run -it --rm --name afldocker \
-  --mount type=tmpfs,destination=/ramdisk \
+  --mount type=tmpfs,destination=/ramdisk0 \
+  --mount type=tmpfs,destination=/ramdisk1 \
   --mount type=tmpfs,destination=/ramdisk2 \
   --mount type=tmpfs,destination=/ramdisk3 \
   --mount type=tmpfs,destination=/ramdisk4 \
-  --mount type=tmpfs,destination=/ramdisk5 \
-  -e AFL_TMPDIR=/ramdisk \
   -v $(pwd):/src \
-  aflplusplus/aflplusplus:v4.20c
+  aflplusplus/aflplusplus:v4.20c \
+  bash /src/tests/fuzzing/docker/setup-container.sh