-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
263 lines (237 loc) · 9.92 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
# local setting (set local path to duckdb repository); only for target 'compile-fuzzers-local'
DUCKDB_LOCAL_DIR ?= ${HOME}/git/duckdb
# container lay-out
DUCKDB_DIR = /duckdb
DUCKDB_AFLPLUSPLUS_DIR = /duckdb_aflplusplus
SRC_DIR = $(DUCKDB_AFLPLUSPLUS_DIR)/src
SCRIPT_DIR = $(DUCKDB_AFLPLUSPLUS_DIR)/scripts
BUILD_DIR = $(DUCKDB_AFLPLUSPLUS_DIR)/build
CORPUS_DIR = $(DUCKDB_AFLPLUSPLUS_DIR)/corpus
RESULT_DIR = $(DUCKDB_AFLPLUSPLUS_DIR)/fuzz_results
# fuzz targets (executables)
CSV_BASE_FUZZER ?= $(BUILD_DIR)/csv_base_fuzzer
CSV_SINGLE_PARAM_FUZZER ?= $(BUILD_DIR)/csv_single_param_fuzzer
CSV_MULTI_PARAM_FUZZER ?= $(BUILD_DIR)/csv_multi_param_fuzzer
CSV_PIPE_FUZZER ?= $(BUILD_DIR)/csv_pipe_fuzzer
JSON_BASE_FUZZER ?= $(BUILD_DIR)/json_base_fuzzer
JSON_MULTI_PARAM_FUZZER ?= $(BUILD_DIR)/json_multi_param_fuzzer
JSON_PIPE_FUZZER ?= $(BUILD_DIR)/json_pipe_fuzzer
PARQUET_BASE_FUZZER ?= $(BUILD_DIR)/parquet_base_fuzzer
PARQUET_MULTI_PARAM_FUZZER ?= $(BUILD_DIR)/parquet_multi_param_fuzzer
DUCKDB_FILE_FUZZER ?= $(BUILD_DIR)/duckdb_file_fuzzer
WAL_FUZZER ?= $(BUILD_DIR)/wal_fuzzer
# duckdb version
# DUCKDB_COMMIT_ISH ?= v1.1.3
DUCKDB_COMMIT_ISH ?= main
# clones duckdb into AFL++ container
afl-up:
@open -a docker && while ! docker info > /dev/null 2>&1; do sleep 1 ; done
@docker pull aflplusplus/aflplusplus > /dev/null
@docker run --name afl-container -d \
aflplusplus/aflplusplus sleep infinity \
> /dev/null
@docker exec -w / afl-container mkdir -p duckdb_aflplusplus
@docker cp src afl-container:$(SRC_DIR) > /dev/null
@docker cp scripts afl-container:$(SCRIPT_DIR) > /dev/null
@docker exec afl-container mkdir -p $(BUILD_DIR)
@docker exec afl-container mkdir -p $(CORPUS_DIR)
@docker exec afl-container mkdir -p $(RESULT_DIR)
docker exec -w / afl-container git clone https://github.com/duckdb/duckdb.git --no-checkout
@docker ps
copy-src-to-container:
@docker exec afl-container rm -rf $(SRC_DIR) > /dev/null
@docker cp src afl-container:$(SRC_DIR) > /dev/null
checkout-duckdb:
docker exec -w $(DUCKDB_DIR) afl-container git checkout main
docker exec -w $(DUCKDB_DIR) afl-container git pull
docker exec -w $(DUCKDB_DIR) afl-container git checkout $(DUCKDB_COMMIT_ISH)
compile-duckdb: checkout-duckdb
docker exec -w $(SRC_DIR) \
-e CC=/AFLplusplus/afl-clang-fast \
-e CXX=/AFLplusplus/afl-clang-fast++ \
-e BUILD_JEMALLOC=1 \
afl-container \
make duckdb-lib
re-compile-duckdb: checkout-duckdb
docker exec -w $(DUCKDB_DIR) afl-container make clean
docker exec -w $(SRC_DIR) \
-e CC=/AFLplusplus/afl-clang-fast \
-e CXX=/AFLplusplus/afl-clang-fast++ \
-e BUILD_JEMALLOC=1 \
afl-container \
make duckdb-lib
compile-fuzzers: copy-src-to-container compile-duckdb
docker exec -w $(SRC_DIR) \
-e CC=/AFLplusplus/afl-clang-fast \
-e CXX=/AFLplusplus/afl-clang-fast++ \
-e BUILD_JEMALLOC=1 \
afl-container \
make all
# use local duckdb compiled with 'make GEN=ninja BUILD_JSON=1 CRASH_ON_ASSERT=1'
compile-fuzzers-local:
$(eval ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))))
mkdir -p $(ROOT_DIR)/build
cd src && DUCKDB_DIR=$(DUCKDB_LOCAL_DIR) DUCKDB_AFLPLUSPLUS_DIR=$(ROOT_DIR) make all
check_duckdb_in_pyenv:
@[[ "$(shell pip3 list)" == *"duckdb"* ]] || (echo "error: python package 'duckdb' not found" && exit 1)
fuzz_csv_base:
docker exec afl-container mkdir -p $(RESULT_DIR)/csv_base_fuzzer
docker exec afl-container find $(DUCKDB_DIR)/data/csv -type f -size +40k -delete
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(DUCKDB_DIR)/data/csv \
-o $(RESULT_DIR)/csv_base_fuzzer \
-m none \
-d \
-- $(CSV_BASE_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/csv_base_fuzzer fuzz_results
fuzz_csv_single_param:
docker exec afl-container mkdir -p $(RESULT_DIR)/csv_single_param_fuzzer
docker exec afl-container find $(DUCKDB_DIR)/data/csv -type f -size +40k -delete
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(DUCKDB_DIR)/data/csv \
-o $(RESULT_DIR)/csv_single_param_fuzzer \
-m none \
-d \
-- $(CSV_SINGLE_PARAM_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/csv_single_param_fuzzer fuzz_results
fuzz_csv_multi_param: check_duckdb_in_pyenv
$(eval ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))))
$(ROOT_DIR)/scripts/corpus_creation/create_multi_param_corpus_info.py read_csv
$(ROOT_DIR)/scripts/corpus_creation/create_multi_param_corpus.py read_csv
docker exec afl-container mkdir -p $(RESULT_DIR)/csv_multi_param_fuzzer
docker exec afl-container mkdir -p $(CORPUS_DIR)/csv/corpus_prepended
docker cp $(ROOT_DIR)/corpus/csv/corpus_prepended afl-container:$(CORPUS_DIR)/csv
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(CORPUS_DIR)/csv/corpus_prepended \
-o $(RESULT_DIR)/csv_multi_param_fuzzer \
-m none \
-d \
-- $(CSV_MULTI_PARAM_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/csv_multi_param_fuzzer fuzz_results
fuzz_csv_pipe:
docker exec afl-container mkdir -p $(RESULT_DIR)/csv_pipe_fuzzer
docker exec afl-container find $(DUCKDB_DIR)/data/csv -type f -size +40k -delete
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(DUCKDB_DIR)/data/csv \
-o $(RESULT_DIR)/csv_pipe_fuzzer \
-m none \
-d \
-- $(CSV_PIPE_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/csv_pipe_fuzzer fuzz_results
fuzz_json_base:
docker exec afl-container mkdir -p $(RESULT_DIR)/json_base_fuzzer
docker exec afl-container find $(DUCKDB_DIR)/data/json -type f -size +40k -delete
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(DUCKDB_DIR)/data/json \
-o $(RESULT_DIR)/json_base_fuzzer \
-m none \
-d \
-- $(JSON_BASE_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/json_base_fuzzer fuzz_results
fuzz_json_multi_param: check_duckdb_in_pyenv
$(eval ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))))
$(ROOT_DIR)/scripts/corpus_creation/create_multi_param_corpus_info.py read_json
$(ROOT_DIR)/scripts/corpus_creation/create_multi_param_corpus.py read_json
docker exec afl-container mkdir -p $(RESULT_DIR)/json_multi_param_fuzzer
docker exec afl-container mkdir -p $(CORPUS_DIR)/json/corpus_prepended
docker cp $(ROOT_DIR)/corpus/json/corpus_prepended afl-container:$(CORPUS_DIR)/json
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(CORPUS_DIR)/json/corpus_prepended \
-o $(RESULT_DIR)/json_multi_param_fuzzer \
-m none \
-d \
-- $(JSON_MULTI_PARAM_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/json_multi_param_fuzzer fuzz_results
fuzz_json_pipe:
docker exec afl-container mkdir -p $(RESULT_DIR)/json_pipe_fuzzer
docker exec afl-container find $(DUCKDB_DIR)/data/json -type f -size +40k -delete
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(DUCKDB_DIR)/data/json \
-o $(RESULT_DIR)/json_pipe_fuzzer \
-m none \
-d \
-- $(JSON_PIPE_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/json_pipe_fuzzer fuzz_results
fuzz_parquet_base:
docker exec afl-container mkdir -p $(RESULT_DIR)/parquet_base_fuzzer
docker exec afl-container find $(DUCKDB_DIR)/data/parquet-testing -type f -size +100k -delete
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(DUCKDB_DIR)/data/parquet-testing \
-o $(RESULT_DIR)/parquet_base_fuzzer \
-m none \
-d \
-- $(PARQUET_BASE_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/parquet_base_fuzzer fuzz_results
fuzz_parquet_multi_param: check_duckdb_in_pyenv
$(eval ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST)))))
$(ROOT_DIR)/scripts/corpus_creation/create_multi_param_corpus_info.py read_parquet
$(ROOT_DIR)/scripts/corpus_creation/create_multi_param_corpus.py read_parquet
docker exec afl-container mkdir -p $(RESULT_DIR)/parquet_multi_param_fuzzer
docker exec afl-container mkdir -p $(CORPUS_DIR)/parquet/corpus_prepended
docker cp $(ROOT_DIR)/corpus/parquet/corpus_prepended afl-container:$(CORPUS_DIR)/parquet
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(CORPUS_DIR)/parquet/corpus_prepended \
-o $(RESULT_DIR)/parquet_multi_param_fuzzer \
-m none \
-d \
-- $(PARQUET_MULTI_PARAM_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/parquet_multi_param_fuzzer fuzz_results
fuzz_duckdb_file:
./scripts/corpus_creation/create_duckdb_file_corpus.sh "./scripts/corpus_creation/duckdb_corpus_init" "./corpus/duckdbfiles"
docker exec afl-container mkdir -p $(RESULT_DIR)/duckdb_file_fuzzer
docker cp ./corpus/duckdbfiles afl-container:$(CORPUS_DIR)
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(CORPUS_DIR)/duckdbfiles \
-o $(RESULT_DIR)/duckdb_file_fuzzer \
-m none \
-d \
-- $(DUCKDB_FILE_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/duckdb_file_fuzzer fuzz_results
fuzz_wal_file:
./scripts/corpus_creation/create_wal_file_corpus.sh
docker exec afl-container mkdir -p $(RESULT_DIR)/wal_fuzzer
docker cp ./corpus/walfiles afl-container:$(CORPUS_DIR)
docker cp ./build/base_db afl-container:$(BUILD_DIR)/base_db
docker exec afl-container /AFLplusplus/afl-fuzz \
-V 3600 \
-i $(CORPUS_DIR)/walfiles \
-o $(RESULT_DIR)/wal_fuzzer \
-m none \
-d \
-- $(WAL_FUZZER)
mkdir -p fuzz_results/
docker cp afl-container:$(RESULT_DIR)/wal_fuzzer fuzz_results
# removes container, but not the image
afl-down:
@docker stop -t0 afl-container
@docker system prune -f > /dev/null
man-page:
@docker exec afl-container afl-fuzz -hh || true
format:
find src -name "*.cpp" -o -name "*.hpp" | xargs clang-format -i --sort-includes=0 -style=file
.PHONY: afl-up compile-fuzzers afl-down \
fuzz_csv_base fuzz_csv_single_param fuzz_csv_multi_param fuzz_csv_pipe \
fuzz_json_base fuzz_json_pipe fuzz_json_multi_param \
fuzz_parquet_base fuzz_parquet_multi_param \
fuzz_duckdb_file fuzz_wal_file \
man-page format