Move to just (binary_only / full_system) (#2949)

* just port for binary only / systemmode fuzzers

* introduce just libraries, with pre-initialized variables and common recipes

---------

Co-authored-by: Dongjia "toka" Zhang <[email protected]>

Author: rmalmain

.devcontainer/devcontainer.json

@@ -23,7 +23,7 @@
 	// "forwardPorts": [],
 	// Uncomment the next line to run commands after the container is created - for example installing curl.
 	// Install development components that shouldn't be in the main Dockerfile
-	"postCreateCommand": "rustup component add --toolchain nightly rustfmt clippy llvm-tools-preview && cargo binstall --locked cargo-make",
+	"postCreateCommand": "rustup component add --toolchain nightly rustfmt clippy llvm-tools-preview",
 	// Uncomment when using a ptrace-based debugger like C++, Go, and Rust
 	"runArgs": [
 		"--cap-add=SYS_PTRACE",

.github/workflows/build_and_test.yml

@@ -259,7 +259,7 @@ jobs:
           # Binary-only
           - ./fuzzers/binary_only/fuzzbench_fork_qemu
           - ./fuzzers/binary_only/frida_executable_libpng
-          - ./fuzzers/binary_only/frida_windows_gdiplus
+          # - ./fuzzers/binary_only/frida_windows_gdiplus
           - ./fuzzers/binary_only/frida_libpng
           - ./fuzzers/binary_only/fuzzbench_qemu
           - ./fuzzers/binary_only/intel_pt_baby_fuzzer
@@ -291,7 +291,6 @@ jobs:
 
           # In-process
           - ./fuzzers/fuzz_anything/cargo_fuzz
-          # - ./fuzzers/inprocess/dynamic_analysis
           - ./fuzzers/inprocess/fuzzbench
           - ./fuzzers/inprocess/fuzzbench_text
           - ./fuzzers/inprocess/fuzzbench_ctx
@@ -303,10 +302,10 @@ jobs:
           - ./fuzzers/inprocess/libfuzzer_libpng_cmin
           - ./fuzzers/inprocess/libfuzzer_libpng_norestart
           # - ./fuzzers/inprocess/libfuzzer_libpng_tcp_manager
+          # - ./fuzzers/inprocess/libfuzzer_windows_asan
           - ./fuzzers/inprocess/libfuzzer_stb_image_sugar
           - ./fuzzers/inprocess/libfuzzer_stb_image
           # - ./fuzzers/structure_aware/libfuzzer_stb_image_concolic
-          # - ./fuzzers/inprocess/libfuzzer_windows_asan
           # - ./fuzzers/inprocess/sqlite_centralized_multi_machine
 
           # Fuzz Anything
@@ -429,9 +428,9 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/windows-tester-prepare
       - name: Build fuzzers/binary_only/frida_libpng
-        run: cd fuzzers/binary_only/frida_libpng/ && cargo make test
+        run: cd fuzzers/binary_only/frida_libpng/ && just test
 
-  windows-frida-libfuzzer-stb-image:
+  windows-libfuzzer-stb-image:
     runs-on: windows-latest
     needs:
       - common
@@ -441,6 +440,16 @@ jobs:
       - name: Build fuzzers/inprocess/libfuzzer_stb_image
         run: cd fuzzers/inprocess/libfuzzer_stb_image && cargo build --release
 
+  windows-libfuzzer-asan:
+    runs-on: windows-latest
+    needs:
+      - common
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/workflows/windows-tester-prepare
+      - name: Build fuzzers/inprocess/libfuzzer_windows_asan
+        run: cd fuzzers/inprocess/libfuzzer_windows_asan && just test
+
   windows-frida-gdiplus:
     runs-on: windows-latest
     needs:
@@ -449,7 +458,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/windows-tester-prepare
       - name: Build fuzzers/binary_only/frida_windows_gdiplus
-        run: cd fuzzers/binary_only/frida_windows_gdiplus/ && cargo make test && cargo make test_cmplog
+        run: cd fuzzers/binary_only/frida_windows_gdiplus/ && just test && just test_cmplog
 
   windows-tinyinst-simple:
     runs-on: windows-latest
@@ -461,7 +470,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/workflows/windows-tester-prepare
       - name: Build fuzzers/binary_only/tinyinst_simple
-        run: cd fuzzers/binary_only/tinyinst_simple/ && cargo make test
+        run: cd fuzzers/binary_only/tinyinst_simple/ && just test
 
   windows-clippy:
     runs-on: windows-latest

.github/workflows/fuzzer-tester-prepare/action.yml

@@ -22,10 +22,6 @@ runs:
     - name: Add wasm target
       shell: bash
       run: rustup target add wasm32-unknown-unknown
-    - name: install cargo-make
-      uses: baptiste0928/cargo-install@v3
-      with:
-        crate: cargo-make
     - name: install just
       uses: extractions/setup-just@v2
       with:

.github/workflows/qemu-fuzzer-tester-prepare/action.yml

@@ -10,10 +10,6 @@ runs:
     - name: enable mult-thread for `make`
       shell: bash
       run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)"
-    - name: install cargo-make
-      uses: baptiste0928/cargo-install@v3
-      with:
-        crate: cargo-make
     - name: install just
       uses: extractions/setup-just@v2
       with:

.github/workflows/windows-tester-prepare/action.yml

@@ -15,9 +15,6 @@ runs:
     - name: Set LIBCLANG_PATH
       shell: pwsh
       run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV
-    - name: install cargo-make
-      shell: pwsh
-      run: cargo install --force cargo-make
     - name: install just
       uses: extractions/setup-just@v2
       with:

README.md

@@ -29,8 +29,8 @@ LibAFL is fast, multi-platform, no_std compatible, and scales over cores and mac
 - **LLVM tools**
     - The LLVM tools (including clang, clang++) are needed (newer than LLVM 15.0.0 up to LLVM 18.1.3) If you are using Debian/Ubuntu, again, we highly recommmend that you install the package from [here](https://apt.llvm.org/)
     - (In `libafl_concolic`, we only support LLVM version newer than 18)
-- Cargo-make:
-    - We use cargo-make to build the fuzzers in `fuzzers/` directory. You can install it with `cargo install cargo-make`
+- Just:
+    - We use [just](https://github.com/casey/just) to build the fuzzers in `fuzzers/` directory. You can find instructions to install it in your environment [in the Just Programmer's Manual](https://just.systems/man/en/packages.html).
 
 #### Clone the LibAFL repository with
 ```sh
@@ -52,9 +52,9 @@ cd docs && mdbook serve
 We collect all example fuzzers in [`./fuzzers`](./fuzzers/).
 Be sure to read their documentation (and source), this is *the natural way to get started!*
 ```sh
-cargo make run
+just run
 ```
-You can run each example fuzzer with this following command, as long as the fuzzer directory has `Makefile.toml` file. The best-tested fuzzer is [`./fuzzers/inprocess/libfuzzer_libpng`](./fuzzers/inprocess/libfuzzer_libpng), a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness.
+You can run each example fuzzer with this following command, as long as the fuzzer directory has a `Justfile` file. The best-tested fuzzer is [`./fuzzers/inprocess/libfuzzer_libpng`](./fuzzers/inprocess/libfuzzer_libpng), a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness.
 
 ### Resources 
 - [Installation guide](./docs/src/getting_started/setup.md)

fuzzers/binary_only/frida_executable_libpng/Justfile

@@ -0,0 +1,50 @@
+import "../../../just/libafl.just"
+
+FUZZER_NAME := "libfrida_executable_fuzzer"
+FUZZER_LIB := FUZZER + ".so"
+
+[unix]
+libpng:
+    #!/bin/bash
+    if [ ! -f v1.6.37.tar.gz ]; then
+        wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz
+    fi
+    tar -xvf v1.6.37.tar.gz
+
+[unix]
+lib: libpng
+    cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes
+    make -j -C libpng-1.6.37
+
+[unix]
+harness: lib
+    clang++ -O0 -c -fPIC harness.cc -o harness.o
+    clang++ -O0 harness.cc libpng-1.6.37/.libs/libpng16.a -lz -o libpng-harness -g
+
+[unix]
+build:
+    cargo build --profile {{ PROFILE }}
+
+[unix]
+run: build harness
+    LD_PRELOAD={{ FUZZER_LIB }} ./libpng-harness -i corpus -o out -H ./libpng-harness
+
+[unix]
+test: build harness
+    #!/bin/bash
+
+    rm -rf libafl_unix_shmem_server || true
+    LD_PRELOAD={{ FUZZER_LIB }} ./libpng-harness -i corpus -o out -H ./libpng-harness > fuzz_stdout.log &
+    sleep 10s && pkill libpng-harness
+    if grep -qa "corpus: 30" fuzz_stdout.log; then
+        echo "Fuzzer is working"
+    else
+        echo "Fuzzer does not generate any testcases or any crashes"
+        exit 1
+    fi
+
+[unix]
+clean:
+    rm -rf ./libpng-harness
+    make -C libpng-1.6.37 clean
+    cargo clean

fuzzers/binary_only/frida_executable_libpng/Makefile.toml

@@ -0,0 +1,67 @@
+import "../../../just/libafl.just"
+
+FUZZER_NAME := "frida_fuzzer"
+FUZZER_NAME_WIN := "frida_fuzzer.exe"
+
+set windows-shell := ['cmd.exe', '/c']
+set unstable
+
+[unix]
+libpng:
+    #!/bin/bash
+    if [ ! -f v1.6.37.tar.gz ]; then
+        wget https://github.com/glennrp/libpng/archive/refs/tags/v1.6.37.tar.gz
+    fi
+    tar -xvf v1.6.37.tar.gz
+
+[unix]
+lib: libpng
+    cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes
+    make -j -C libpng-1.6.37
+
+[unix]
+harness: lib
+    clang++ -O3 -c -fPIC harness.cc -o harness.o
+    clang++ -O3 harness.o libpng-1.6.37/.libs/libpng16.a -shared -lz -o libpng-harness.so
+
+[windows]
+harness:
+    cl /c harness_win.cpp && link harness_win.obj /dll
+
+[unix]
+[windows]
+build:
+    cargo build --profile {{ PROFILE }}
+
+[unix]
+run: build harness
+    {{ FUZZER }} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so
+
+[windows]
+run: build harness
+    {{TARGET_DIR}}\{{PROFILE}}\{{FUZZER_NAME_WIN}} -F LLVMFuzzerTestOneInput -H .\harness_win.dll -l .\harness_win.dll --cores=0
+
+[unix]
+test: build harness
+    #!/bin/bash
+
+    rm -rf libafl_unix_shmem_server || true
+    timeout 30s {{ FUZZER }} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so | tee fuzz_stdout.log 2>/dev/null || true
+    if grep -qa "corpus: 70" fuzz_stdout.log; then
+        echo "Fuzzer is working"
+    else
+        echo "Fuzzer does not generate any testcases or any crashes"
+        exit 1
+    fi
+
+[windows]
+[script("cmd.exe", "/c")]
+test: build harness
+    start "" "{{TARGET_DIR}}\{{PROFILE}}\{{FUZZER_NAME_WIN}}" -F LLVMFuzzerTestOneInput -H .\harness_win.dll -l .\harness_win.dll --cores=0
+    ping -n 10 127.0.0.1>NUL && taskkill /im frida_fuzzer.exe /F
+    dir /a-d corpus_discovered && (echo Files exist) || (exit /b 1337)
+
+[unix]
+clean:
+    make -C libpng-1.6.37 clean
+    cargo clean