More Nyx hypercalls supported in libafl qemu. add tests for filters. #13846
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and test | |
on: | |
push: | |
branches: [ main, "pr/**" ] | |
pull_request: | |
branches: [ main ] | |
types: ["labeled", "opened", "synchronize", "reopened"] | |
workflow_dispatch: | |
merge_group: | |
env: | |
CARGO_TERM_COLOR: always | |
CARGO_NET_GIT_FETCH_WITH_CLI: true | |
MAIN_LLVM_VERSION: 18 | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
common: | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-24.04, windows-latest, macOS-latest ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Install mimetype | |
if: runner.os == 'Linux' | |
run: sudo apt-get update && sudo apt-get install -y libfile-mimeinfo-perl | |
- name: install mdbook | |
uses: baptiste0928/cargo-install@v3 | |
with: | |
crate: mdbook | |
- name: install linkcheck | |
uses: baptiste0928/cargo-install@v3 | |
with: | |
crate: mdbook-linkcheck | |
# NOTE: The current crates.io release of mdbook-linkcheck (v0.7.7) is broken | |
# => https://github.com/Michael-F-Bryan/mdbook-linkcheck/pull/82#issuecomment-2241058491 | |
git: https://github.com/Michael-F-Bryan/mdbook-linkcheck.git | |
rev: 8c783c5d754d83bcd50c28fb4174854b04ece990 | |
- name: default nightly | |
run: rustup default nightly | |
- uses: actions/checkout@v4 | |
- if: runner.os == 'Linux' | |
uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
with: { shared-key: "ubuntu" } | |
if: runner.os == 'Linux' | |
- uses: Swatinem/rust-cache@v2 | |
if: runner.os != 'Linux' | |
- name: Check for binary blobs | |
if: runner.os == 'Linux' | |
run: ./scripts/check_for_blobs.sh | |
- name: Build libafl debug | |
run: cargo build -p libafl | |
- name: Test the book (Linux) | |
# TODO: fix books test fail with updated windows-rs | |
if: runner.os == 'Linux' | |
run: cd docs && mdbook test -L ../target/debug/deps | |
- name: Test the book (MacOS) | |
if: runner.os == 'MacOS' | |
run: cd docs && mdbook test -L ../target/debug/deps $(python3-config --ldflags | cut -d ' ' -f1) | |
- name: Run tests | |
run: cargo test | |
- name: Test libafl no_std | |
run: cd libafl && cargo test --no-default-features | |
- name: Test libafl_bolts no_std no_alloc | |
run: cd libafl_bolts && cargo test --no-default-features | |
- name: Test libafl_targets no_std | |
run: cd libafl_targets && cargo test --no-default-features | |
ubuntu-doc-build: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
# ---- doc check ---- | |
- name: Build Docs | |
run: RUSTFLAGS="--cfg docsrs" cargo +nightly doc --all-features --no-deps | |
ubuntu-doc-test: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
# ---- doc check ---- | |
- name: Test Docs | |
run: RUSTFLAGS="--cfg docsrs" cargo +nightly test --doc --all-features | |
ubuntu-miri: | |
runs-on: ubuntu-24.04 | |
if: contains( github.event.pull_request.labels.*.name, 'pre-release') | |
steps: | |
- name: Add nightly clippy | |
run: rustup toolchain install nightly --component miri --allow-downgrade | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
# --- miri undefined behavior test -- | |
- name: Run miri tests | |
run: RUST_BACKTRACE=1 MIRIFLAGS="-Zmiri-disable-isolation" cargo +nightly miri test | |
ubuntu: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Remove Dotnet & Haskell | |
run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
with: { shared-key: "ubuntu" } | |
# pcguard edges and pcguard hitcounts are not compatible and we need to build them seperately | |
- name: Check pcguard edges | |
run: cargo check --features=sancov_pcguard_edges | |
- name: run shellcheck | |
run: shellcheck ./scripts/*.sh | |
# ---- build normal and examples ---- | |
- name: Run a normal build | |
run: cargo build --verbose | |
- name: Build examples | |
run: cargo build --examples --verbose | |
ubuntu-clippy: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Remove Dotnet & Haskell | |
run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc | |
- name: Add nightly clippy | |
run: rustup toolchain install nightly --component clippy --allow-downgrade && rustup default nightly | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
with: { shared-key: "ubuntu" } | |
- name: Run clippy | |
run: LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/clippy.sh | |
# --- test embedding the libafl_libfuzzer_runtime library | |
# Fix me plz | |
# - name: Test Build libafl_libfuzzer with embed | |
# run: cargo +nightly test --features=embed-runtime --manifest-path libafl_libfuzzer/Cargo.toml | |
ubuntu-check: | |
runs-on: ubuntu-24.04 | |
needs: ubuntu | |
strategy: | |
matrix: | |
instance_idx: [ "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17" ] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
with: { shared-key: "ubuntu" } | |
# ---- build and feature check ---- | |
# cargo-hack's --feature-powerset would be nice here but libafl has a too many knobs | |
- name: Check each feature | |
# Skipping `python` as it has to be built with the `maturin` tool | |
# `sancov_pcguard_edges` is tested seperatelyc | |
run: python3 ./scripts/parallellize_cargo_check.py ${{ matrix.instance_idx }} | |
ubuntu-concolic: | |
runs-on: ubuntu-24.04 | |
needs: ubuntu | |
steps: | |
- name: Install curl | |
run: sudo apt-get update && sudo apt-get install clang | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: actions/checkout@v4 | |
- uses: Swatinem/rust-cache@v2 | |
with: { shared-key: "ubuntu" } | |
- name: Install smoke test deps | |
run: sudo ./libafl_concolic/test/smoke_test_ubuntu_deps.sh | |
- name: Run smoke test | |
run: ./libafl_concolic/test/smoke_test.sh | |
python-bindings: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Install deps | |
run: sudo apt-get update && sudo apt-get install -y lsb-release wget software-properties-common gnupg ninja-build python3-dev python3-pip python3-venv libz3-dev | |
- name: Install maturin | |
run: cargo install --locked maturin | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- uses: Swatinem/rust-cache@v2 | |
with: { shared-key: "ubuntu" } | |
- name: Run a maturin build | |
run: export LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} && cd ./bindings/pylibafl && python3 -m venv .env && . .env/bin/activate && pip install --upgrade --force-reinstall . && ./test.sh | |
- name: Run python test | |
run: . ./bindings/pylibafl/.env/bin/activate # && cd ./fuzzers/binary_only/python_qemu/ && python3 fuzzer.py 2>&1 | grep "Bye" | |
cargo-fmt: | |
runs-on: ubuntu-24.04 | |
env: | |
MAIN_LLVM_VERSION: 19 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/ubuntu-prepare | |
- name: Add rustfmt nightly | |
shell: bash | |
run: rustup component add --toolchain nightly-x86_64-unknown-linux-gnu rustfmt | |
- uses: Swatinem/rust-cache@v2 | |
with: { shared-key: "ubuntu" } | |
- name: Installing black | |
run: python3 -m pip install black | |
- name: Format Check | |
run: ./scripts/fmt_all.sh check | |
check-md-links: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install linkspector | |
shell: bash | |
run: sudo apt-get update && sudo apt-get install -y npm && npm install -g @umbrelladocs/linkspector | |
- name: Run linkspector | |
shell: bash | |
run: ./scripts/check_md_links.sh | |
# TODO: Use github action once it's fixed (https://github.com/UmbrellaDocs/action-linkspector/issues/20) | |
# - name: Run linkspector | |
# uses: umbrelladocs/action-linkspector@v1 | |
# with: | |
# fail_on_error: 'true' | |
# config_file: '.github/.linkspector.yml' | |
msrv: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: taiki-e/install-action@cargo-hack | |
# Note: We currently only specify minimum rust versions for the default workspace members | |
- run: cargo hack check --rust-version -p libafl -p libafl_bolts -p libafl_derive -p libafl_cc -p libafl_targets | |
fuzzers-preflight: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Fuzzer in CI Check | |
run: ./scripts/check_tested_fuzzers.sh | |
fuzzers: | |
needs: | |
- fuzzers-preflight | |
strategy: | |
fail-fast: true | |
matrix: | |
os: [ ubuntu-24.04 ] | |
fuzzer: | |
# Baby | |
- ./fuzzers/baby/baby_fuzzer_swap_differential | |
- ./fuzzers/baby/tutorial | |
- ./fuzzers/baby/baby_fuzzer | |
# - ./fuzzers/baby/backtrace_baby_fuzzers | |
- ./fuzzers/baby/baby_fuzzer_unicode | |
- ./fuzzers/baby/baby_fuzzer_minimizing | |
- ./fuzzers/baby/backtrace_baby_fuzzers/c_code_with_fork_executor | |
- ./fuzzers/baby/backtrace_baby_fuzzers/c_code_with_inprocess_executor | |
- ./fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_fork_executor | |
- ./fuzzers/baby/backtrace_baby_fuzzers/rust_code_with_inprocess_executor | |
- ./fuzzers/baby/backtrace_baby_fuzzers/command_executor | |
- ./fuzzers/baby/backtrace_baby_fuzzers/forkserver_executor | |
- ./fuzzers/baby/baby_fuzzer_custom_executor | |
# Binary-only | |
- ./fuzzers/binary_only/fuzzbench_fork_qemu | |
- ./fuzzers/binary_only/frida_executable_libpng | |
- ./fuzzers/binary_only/frida_windows_gdiplus | |
- ./fuzzers/binary_only/frida_libpng | |
- ./fuzzers/binary_only/fuzzbench_qemu | |
- ./fuzzers/binary_only/intel_pt_baby_fuzzer | |
- ./fuzzers/binary_only/intel_pt_command_executor | |
- ./fuzzers/binary_only/tinyinst_simple | |
# Forkserver | |
- ./fuzzers/forkserver/forkserver_simple | |
- ./fuzzers/forkserver/forkserver_libafl_cc | |
- ./fuzzers/forkserver/fuzzbench_forkserver | |
- ./fuzzers/forkserver/fuzzbench_forkserver_cmplog | |
- ./fuzzers/forkserver/libafl-fuzz | |
- ./fuzzers/forkserver/baby_fuzzer_with_forkexecutor | |
# Full-system | |
- ./fuzzers/full_system/nyx_libxml2_standalone | |
- ./fuzzers/full_system/nyx_libxml2_parallel | |
# Structure-aware | |
- ./fuzzers/structure_aware/nautilus_sync | |
- ./fuzzers/structure_aware/baby_fuzzer_grimoire | |
- ./fuzzers/structure_aware/baby_fuzzer_gramatron | |
- ./fuzzers/structure_aware/baby_fuzzer_tokens | |
- ./fuzzers/structure_aware/baby_fuzzer_multi | |
- ./fuzzers/structure_aware/baby_fuzzer_custom_input | |
- ./fuzzers/structure_aware/baby_fuzzer_nautilus | |
- ./fuzzers/structure_aware/forkserver_simple_nautilus | |
# In-process | |
- ./fuzzers/fuzz_anything/cargo_fuzz | |
# - ./fuzzers/inprocess/dynamic_analysis | |
- ./fuzzers/inprocess/fuzzbench | |
- ./fuzzers/inprocess/fuzzbench_text | |
- ./fuzzers/inprocess/fuzzbench_ctx | |
- ./fuzzers/inprocess/libfuzzer_libmozjpeg | |
- ./fuzzers/inprocess/libfuzzer_libpng | |
- ./fuzzers/inprocess/libfuzzer_libpng_launcher | |
- ./fuzzers/inprocess/libfuzzer_libpng_accounting | |
- ./fuzzers/inprocess/libfuzzer_libpng_centralized | |
- ./fuzzers/inprocess/libfuzzer_libpng_cmin | |
- ./fuzzers/inprocess/libfuzzer_libpng_norestart | |
# - ./fuzzers/inprocess/libfuzzer_libpng_tcp_manager | |
- ./fuzzers/inprocess/libfuzzer_stb_image_sugar | |
- ./fuzzers/inprocess/libfuzzer_stb_image | |
# - ./fuzzers/structure_aware/libfuzzer_stb_image_concolic | |
# - ./fuzzers/inprocess/libfuzzer_windows_asan | |
# - ./fuzzers/inprocess/sqlite_centralized_multi_machine | |
# Fuzz Anything | |
- ./fuzzers/fuzz_anything/push_harness | |
- ./fuzzers/fuzz_anything/push_stage_harness | |
- ./fuzzers/fuzz_anything/libafl_atheris | |
- ./fuzzers/fuzz_anything/baby_no_std | |
- ./fuzzers/fuzz_anything/baby_fuzzer_wasm | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/fuzzer-tester-prepare | |
- name: Build and run example fuzzers (Linux) | |
if: runner.os == 'Linux' | |
shell: bash | |
run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} | |
changes: | |
runs-on: ubuntu-24.04 | |
permissions: | |
pull-requests: read | |
outputs: | |
qemu: ${{ steps.filter.outputs.qemu }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
qemu: | |
- '.github/**' | |
- 'libafl/**' | |
- 'libafl_bolts/**' | |
- 'libafl_targets/**' | |
- 'libafl_qemu/**' | |
- 'fuzzers/*qemu*/**' | |
fuzzers-qemu: | |
needs: | |
- changes | |
if: ${{ needs.changes.outputs.qemu == 'true' }} | |
strategy: | |
matrix: | |
os: [ubuntu-24.04] | |
fuzzer: | |
# Binary only | |
- ./fuzzers/binary_only/qemu_cmin | |
- ./fuzzers/binary_only/qemu_coverage | |
- ./fuzzers/binary_only/qemu_launcher | |
# Full-system | |
- ./fuzzers/full_system/qemu_baremetal | |
# - ./fuzzers/full_system/qemu_linux_kernel | |
#- ./fuzzers/full_system/qemu_linux_process | |
runs-on: [ self-hosted, qemu ] | |
container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/qemu-fuzzer-tester-prepare | |
- name: Build and run example QEMU fuzzers (Linux) | |
if: runner.os == 'Linux' | |
shell: bash | |
run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} | |
nostd-build: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: dtolnay/rust-toolchain@nightly | |
with: | |
components: rust-src | |
- name: Add targets | |
run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi | |
- uses: actions/checkout@v4 | |
- uses: Swatinem/rust-cache@v2 | |
- name: Build aarch64-unknown-none | |
run: cd ./fuzzers/fuzz_anything/baby_no_std && cargo +nightly build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --release && cd ../.. | |
- name: run x86_64 until panic! | |
run: cd ./fuzzers/fuzz_anything/baby_no_std && cargo +nightly run || test $? -ne 0 || exit 1 | |
- name: no_std tests | |
run: cd ./libafl && cargo test --no-default-features | |
nostd-clippy: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: dtolnay/rust-toolchain@nightly | |
with: | |
components: clippy, rust-src | |
- name: Add targets | |
run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi | |
- uses: actions/checkout@v4 | |
- uses: Swatinem/rust-cache@v2 | |
- name: libafl armv6m-none-eabi (32 bit no_std) clippy | |
run: cd ./libafl && cargo clippy --target thumbv6m-none-eabi --no-default-features | |
- name: Build no_std no_alloc bolts | |
run: cd ./libafl_bolts && cargo +nightly build -Zbuild-std=core --target aarch64-unknown-none --no-default-features -v --release && cd ../ | |
format-toml: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Install taplo | |
run: curl -fsSL https://github.com/tamasfe/taplo/releases/latest/download/taplo-full-linux-x86_64.gz | gzip -d - | install -m 755 /dev/stdin /usr/local/bin/taplo | |
- uses: actions/checkout@v4 | |
- name: Run taplo | |
run: taplo format --check | |
build-docker: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build docker | |
run: docker build -t libafl . | |
windows-frida-libpng: | |
runs-on: windows-latest | |
needs: | |
- common | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/windows-tester-prepare | |
- name: Build fuzzers/binary_only/frida_libpng | |
run: cd fuzzers/binary_only/frida_libpng/ && cargo make test | |
windows-frida-libfuzzer-stb-image: | |
runs-on: windows-latest | |
needs: | |
- common | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/windows-tester-prepare | |
- name: Build fuzzers/inprocess/libfuzzer_stb_image | |
run: cd fuzzers/inprocess/libfuzzer_stb_image && cargo build --release | |
windows-frida-gdiplus: | |
runs-on: windows-latest | |
needs: | |
- common | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/windows-tester-prepare | |
- name: Build fuzzers/binary_only/frida_windows_gdiplus | |
run: cd fuzzers/binary_only/frida_windows_gdiplus/ && cargo make test && cargo make test_cmplog | |
windows-tinyinst-simple: | |
runs-on: windows-latest | |
needs: | |
- common | |
steps: | |
- name: install cxx bridge | |
run: cargo install cxxbridge-cmd | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/windows-tester-prepare | |
- name: Build fuzzers/binary_only/tinyinst_simple | |
run: cd fuzzers/binary_only/tinyinst_simple/ && cargo make test | |
windows-clippy: | |
runs-on: windows-latest | |
needs: | |
- common | |
steps: | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/windows-tester-prepare | |
- uses: Swatinem/rust-cache@v2 | |
- name: Run real clippy, not the fake one | |
shell: pwsh | |
run: .\scripts\clippy.ps1 | |
macos: | |
runs-on: macOS-latest | |
steps: | |
- uses: dtolnay/rust-toolchain@stable | |
- name: Add nightly clippy | |
run: rustup toolchain install nightly --component clippy --allow-downgrade && rustup default nightly | |
- name: Install deps | |
run: brew install z3 gtk+3 python | |
- name: Install cxxbridge | |
run: cargo install cxxbridge-cmd | |
- uses: actions/checkout@v4 | |
- uses: Swatinem/rust-cache@v2 | |
- name: MacOS Build | |
run: cargo build --verbose | |
- name: Increase map sizes | |
run: ./scripts/shmem_limits_macos.sh | |
- name: Run Tests | |
run: cargo test | |
- name: Clippy | |
run: cargo +nightly clippy --tests --all --exclude libafl_nyx --exclude symcc_runtime --exclude runtime_test | |
ios: | |
runs-on: macOS-latest | |
steps: | |
- uses: dtolnay/rust-toolchain@stable | |
- name: install ios | |
run: rustup target add aarch64-apple-ios | |
- uses: actions/checkout@v4 | |
- uses: Swatinem/rust-cache@v2 | |
- name: Build iOS | |
run: PYO3_CROSS_PYTHON_VERSION=$(python3 -c "print('{}.{}'.format(__import__('sys').version_info.major, __import__('sys').version_info.minor))") cargo build --target aarch64-apple-ios && cd libafl_frida && cargo build --target aarch64-apple-ios && cd .. | |
android: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Install curl | |
run: sudo apt-get update && sudo apt-get install clang | |
- uses: dtolnay/rust-toolchain@stable | |
- uses: nttld/setup-ndk@v1 | |
with: | |
ndk-version: r25b | |
- name: install android | |
run: rustup target add aarch64-linux-android | |
- name: install cargo ndk | |
run: cargo install cargo-ndk | |
- uses: actions/checkout@v4 | |
- uses: Swatinem/rust-cache@v2 | |
- name: Build Android | |
run: cd libafl && PYO3_CROSS_PYTHON_VERSION=$(python3 -c "print('{}.{}'.format(__import__('sys').version_info.major, __import__('sys').version_info.minor))") cargo ndk -t arm64-v8a build --release | |
#run: cargo build --target aarch64-linux-android | |
# TODO: Figure out how to properly build stuff with clang | |
#- name: Add clang path to $PATH env | |
# if: runner.os == 'Windows' | |
# run: echo "C:\msys64\mingw64\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 | |
#- name: Try if clang works | |
# run: clang -v | |
#- name: Windows Test | |
# run: C:\Rust\.cargo\bin\cargo.exe test --verbose |