https://github.com/sonicstark/afl-cc-rtfsc

RTFSC of afl-cc.c in AFLplusplus
https://github.com/sonicstark/afl-cc-rtfsc

afl-compiler afl-gcc aflplusplus

Last synced: 11 months ago
JSON representation

RTFSC of afl-cc.c in AFLplusplus

• Host: GitHub
• URL: https://github.com/sonicstark/afl-cc-rtfsc
• Owner: SonicStark
• License: apache-2.0
• Created: 2023-11-30T11:31:26.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-01-31T11:46:47.000Z (over 2 years ago)
• Last Synced: 2025-05-30T05:07:42.603Z (about 1 year ago)
• Topics: afl-compiler, afl-gcc, aflplusplus
• Language: C
• Homepage:
• Size: 635 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# afl-cc-rtfsc

RTFSC of `afl-cc.c` in AFLplusplus :)

`afl-cc.c` has become bloated for a long time. I try to decompose it and understand its internal mechanisms during this process. A nice big monitor really helps me a lot.

The story starts from weird behaviors of `afl-clang-fast` which confused a friend of mine: running `afl-clang-fast` but actually same as `afl-gcc`. Not long after, I embarked on a long journey of exploring `afl-cc.c`...

## release v4.08c

This is the first try, based on [Version ++4.08c (release)](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.08c).

Original source code locates in `release-4.08c-src` and the production locates in `release-4.08c-dat`.

It works well and successfully fixed the messes about `afl-clang-fast` and param parsing, but not elegant and compact enough.

## dev-5f492da7

Start to reorganize and forward all modifications to [PR 1912](https://github.com/AFLplusplus/AFLplusplus/pull/1912).

`dev-5f492da7-src` contains original source code copied as-is upon [head 5f492da](https://github.com/AFLplusplus/AFLplusplus/commit/5f492da71793e75e145e13d4c0dd9506bac2d60c).

The disassembled `afl-cc.c` is preserved in `dev-5f492da7-dat`, while the develops of AFL++ prefer to *keep all tools in a single file, with the exception of afl-fuzz*.

## rsp-file-parse

New implementation for parsing response file (aka rsp-file) in `afl-cc`, harness it, fuzz it, and do some regression tests against `gcc` and `clang`. 

Recommanded prerequisites:

- AFLplusplus

- clang-16

- libclang-16-dev

- libclang-cpp16-dev

- libiberty-dev

Overview:

1. `afl.c`：Harness rsp-file parsing in `afl-cc`.

2. `gcc.c`：Harness rsp-file parsing in `gcc`.

3. `clang.cc`：Harness rsp-file parsing in `clang`.

4. `regression.py`：Read some inputs, send each of them to two specified harnesses (named Alpha and Bravo) of rsp-file parsing, compare the two results from Alpha and Bravo, and give report on this.

5. `build.sh`：Build harnesses mentioned above, as `afl-rsp`, `clg-rsp` and `gcc-rsp`. Also build `afl-rsp-fuzz` for fuzzing. The outputs would be located in `./build`. Please use clang for it!

6. `corpus`：Some rsp-files as initial seeds for fuzzing. Start fuzzing like:

   ```bash

   afl-fuzz -f /tmp/frsp -m none -i ./corpus -o ./fuzzout -- ./build/afl-rsp-fuzz @/tmp/frsp

   ```

Harmless inconsistence found so far:

1. `gcc` stop reading file when `\0` was seen, while `clang` keeps reading until `EOF` was seen and regards `\0` as a normal char. `afl-cc` follows the latter.

2. `clang` treats `\x0c` (aka `\f`) and `\x0b` (aka `\b`) as normal chars, while as spaces in `gcc` which is same as what `isspace(3)` does. `afl-cc` follows the latter.

3. `afl-cc` always suppresses spaces between two args, while `gcc` sometimes not.

## tools

 - `apply-patch.sh`: Help to apply the disassembled `afl-cc.c` to AFL++ repo.