gnu: Add American fuzzy lop.

* gnu/packages/debug.scm (american-fuzzy-lop): New variable.
2015-08-16 06:07:28 -05:00 · 2015-08-16 06:07:28 -05:00 · 9b459fc7e1
commit 9b459fc7e1
parent 20c263b00f
1 changed files with 100 additions and 1 deletions
--- a/gnu/packages/debug.scm
+++ b/gnu/packages/debug.scm
@ -27,7 +27,10 @@
  #:use-module (gnu packages indent)
  #:use-module (gnu packages llvm)
  #:use-module (gnu packages perl)
-  #:use-module (gnu packages pretty-print))
+  #:use-module (gnu packages pretty-print)
  #:use-module (gnu packages qemu)
  #:use-module (ice-9 match)
  #:use-module (srfi srfi-1))
 (define-public delta
  (package
@ -137,3 +140,99 @@ produces a much smaller C/C++ program that has the same property.  It is
 intended for use by people who discover and report bugs in compilers and other
 tools that process C/C++ code.")
    (license ncsa)))
 (define-public american-fuzzy-lop
  (let ((machine (match (or (%current-target-system)
                            (%current-system))
                   ("x86_64-linux"   "x86_64")
                   ("i686-linux"     "i386")
                   ;; Prevent errors when querying this package on unsupported
                   ;; platforms, e.g. when running "guix package --search="
                   (_                "UNSUPPORTED"))))
    (package
      (name "american-fuzzy-lop")
      (version "1.86b")             ;It seems all releases have the 'b' suffix
      (source
       (origin
         (method url-fetch)
         (uri (string-append "http://lcamtuf.coredump.cx/afl/releases/"
                             "afl-" version ".tgz"))
         (sha256
          (base32
           "1by9ncf6lgcyibzqwyla34jv64sd66mn8zhgjz2pcgsds51qwn0r"))))
      (build-system gnu-build-system)
      (inputs
       `(("custom-qemu"
          ;; The afl-qemu tool builds qemu 2.3.0 with a few patches applied.
          ,(package (inherit qemu-headless)
             (name "afl-qemu")
             (inputs
              `(("afl-src" ,source)
                ,@(package-inputs qemu-headless)))
             ;; afl only supports using a single afl-qemu-trace executable, so
             ;; we only build qemu for the native target.
             (arguments
              `(#:configure-flags
                (list (string-append "--target-list=" ,machine "-linux-user"))
                #:modules ((srfi srfi-1)
                           ,@%gnu-build-system-modules)
                ,@(substitute-keyword-arguments (package-arguments qemu-headless)
                    ((#:phases qemu-phases)
                     `(modify-phases ,qemu-phases
                        (add-after
                         'unpack 'apply-afl-patches
                         (lambda* (#:key inputs #:allow-other-keys)
                           (let* ((afl-dir (string-append "afl-" ,version))
                                  (patch-dir
                                   (string-append afl-dir
                                                  "/qemu_mode/patches")))
                             (unless (zero?
                                      (system* "tar" "xf"
                                               (assoc-ref inputs "afl-src")))
                               (error "tar failed to unpack afl-src"))
                             (copy-file (string-append patch-dir
                                                       "/afl-qemu-cpu-inl.h")
                                        "./afl-qemu-cpu-inl.h")
                             (copy-file (string-append afl-dir "/config.h")
                                        "./afl-config.h")
                             (copy-file (string-append afl-dir "/types.h")
                                        "./types.h")
                             (substitute* "afl-qemu-cpu-inl.h"
                               (("\\.\\./\\.\\./config.h") "afl-config.h"))
                             (substitute* (string-append patch-dir
                                                         "/cpu-exec.diff")
                               (("\\.\\./patches/") ""))
                             (every (lambda (patch-file)
                                      (zero? (system* "patch" "--force" "-p1"
                                                      "--input" patch-file)))
                                    (find-files patch-dir
                                                "\\.diff$"))))))))))))))
      (arguments
       `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
                            "CC=gcc")
         #:phases (modify-phases %standard-phases
                    (delete 'configure)
                    (add-after
                     ;; TODO: Build and install the afl-llvm tool.
                     'install 'install-qemu
                     (lambda* (#:key inputs outputs #:allow-other-keys)
                       (let ((qemu (assoc-ref inputs "custom-qemu"))
                             (out  (assoc-ref outputs "out")))
                         (copy-file (string-append qemu "/bin/qemu-" ,machine)
                                    (string-append out "/bin/afl-qemu-trace"))
                         #t)))
                    (delete 'check))))
      (supported-systems (fold delete
                               %supported-systems
                               '("armhf-linux" "mips64el-linux")))
      (home-page "http://lcamtuf.coredump.cx/afl")
      (synopsis "Security-oriented fuzzer")
      (description
       "American fuzzy lop is a security-oriented fuzzer that employs a novel
 type of compile-time instrumentation and genetic algorithms to automatically
 discover clean, interesting test cases that trigger new internal states in the
 targeted binary.  This substantially improves the functional coverage for the
 fuzzed code.  The compact synthesized corpora produced by the tool are also
 useful for seeding other, more labor- or resource-intensive testing regimes
 down the road.")
      (license asl2.0))))