Add more examples

examples/c-ares/custom.rule

@@ -0,0 +1,5 @@
+func_include ares_*
+
+// func_exclude ares_expand_name,ares_getaddrinfo,ares_gethostbyaddr
+// func_exclude ares_fds,ares_dup
+// func_exclude ares_library_init_mem

examples/c-ares/hopper.config

@@ -0,0 +1,23 @@
+# Configurations for hopper fuzzer
+
+# Full path for header file
+TEST_HEADER=/data/workspace/fuzzing_bench/c-ares/src/include/ares.h
+
+# Full path to shared library
+TEST_LIBRARY=/data/workspace/fuzzing_bench/c-ares/build/hopper_build/install/lib/libcares.so
+
+# Output directory
+OUT_DIR=output
+
+# Set map size
+HOPPER_MAP_SIZE_POW2=18
+
+# Set the header include path
+HOPPER_INCLUDE_SEARCH_PATH=/data/workspace/fuzzing_bench/c-ares/src/include/
+
+# Disable generate calls that failed to be invoked
+DISABLE_GEN_FAIL=1
+
+# Set seeds
+HOPPER_SEED_DIR=/data/workspace/fuzzing_bench/c-ares/src/test/fuzzinput
+

examples/lcms2/hopper.config

@@ -14,12 +14,14 @@ OUT_DIR=output
 # Custom rule for invoking API functions
 CUSTOM_RULES=custom.rule
 
-# set map size for branch counting
+# Set map size for branch counting
 HOPPER_MAP_SIZE_POW2=18
-# disable API-sensitive
+
+# Disable API-sensitive
 HOPPER_API_INSENSITIVE_COV=1
-# disable fast loop for execution
+
+# Disable fast loop for execution
 HOPPER_FAST_EXECUTE_LOOP=1
 
-# set seeds for hopper
-# HOPPER_SEED_DIR=seeds
+# Set seeds for hopper
+# HOPPER_SEED_DIR=seeds

examples/libaom/av1_dev_fuzzer.dict

@@ -0,0 +1,8 @@
+# from aom's source code.
+
+# IVF Signature + version (bytes 0-5)
+kw1="DKIF\x00\x00"
+
+# AV1 codec fourCC (bytes 8-11)
+kw2="AV01"
+

examples/libaom/custom.rule

@@ -0,0 +1,4 @@
+func_include aom_*
+// func_include aom_codec_decode,aom_codec_dec_init_ver,aom_codec_av1_dx
+// func_key aom_codec_decode,aom_codec_get_frame
+func_exclude aom_img_metadata_free,aom_img_free,aom_codec_control,aom_img_alloc,aom_img_alloc_with_border

examples/libaom/hopper.config

@@ -0,0 +1,19 @@
+# Configurations for hopper fuzzer
+
+# Full path for header file
+TEST_HEADER=aom_all.h
+
+# Full path to shared library
+TEST_LIBRARY=/data/workspace/fuzzing_bench/libaom/build/hopper_build/libaom.so
+
+# Output directory
+OUT_DIR=output
+
+# Set map size for branch counting
+HOPPER_MAP_SIZE_POW2=18
+
+# Set dictionary for bytes
+HOPPER_DICT=./av1_dec_fuzzer.dict
+
+# Set the header include path
+HOPPER_INCLUDE_SEARCH_PATH=/data/workspace/fuzzing_bench/libaom/src

examples/libmagic/custom.rule

@@ -0,0 +1,3 @@
+target_include magic_*
+# You need to set it the correct path
+func magic_load[$1] = "/data/workspace/fuzzing_bench/libmagic/build/hopper_build/magic/magic.mgc"

examples/libmagic/hopper.config

@@ -0,0 +1,16 @@
+# Configurations for hopper fuzzer
+
+# Full path for header file
+TEST_HEADER=/data/workspace/fuzzing_bench/libmagic/build/hopper_build/src/magic.h
+
+# Full path to shared library
+TEST_LIBRARY=/data/workspace/fuzzing_bench/libmagic/build/hopper_build/src/.libs/libmagic.so
+
+# Output directory
+OUT_DIR=output
+
+# set map size for branch counting
+HOPPER_MAP_SIZE_POW2=18
+
+# Set seeds
+# HOPPER_SEED_DIR=./seeds

examples/libpcap/custom.rule

@@ -0,0 +1,10 @@
+func_include pcap_*
+# func_key pcap_compile
+# PCAP_DEPRECATED
+func_exclude pcap_freealldevs,pcap_geterr
+func_exclude pcap_dump_file,pcap_file,pcap_dump
+func_exclude pcap_open_live,pcap_activate
+
+# type pcap_pkthdr = $opaque
+# func pcap_open[$0] = $read_file
+# func pcap_dump_open_append[$1] = $write_file

examples/libpcap/hopper.config

@@ -0,0 +1,26 @@
+# Configurations for hopper fuzzer
+
+# Full path for header file
+TEST_HEADER=/data/workspace/fuzzing_bench/libpcap/src/pcap/pcap.h
+
+# Full path to shared library
+TEST_LIBRARY=/data/workspace/fuzzing_bench/libpcap/build/hopper_build/libpcap.so.1.10.1
+
+# Output directory
+OUT_DIR=output
+
+# Custom rule for invoking API functions
+CUSTOM_RULES=custom.rule
+
+# Set map size
+HOPPER_MAP_SIZE_POW2=18
+
+# Do not use API-senitive
+#HOPPER_API_INSENSITIVE_COV=1
+
+# Set seeds
+HOPPER_SEED_DIR=./seeds
+
+# Set the header include path
+HOPPER_INCLUDE_SEARCH_PATH=/data/workspace/fuzzing_bench/libpcap/src
+

examples/libpcap/seeds/1.txt

@@ -0,0 +1 @@
+host 192.168.1.1

examples/libpcap/seeds/2.txt

@@ -0,0 +1 @@
+port 80

examples/libpcap/seeds/3.txt

@@ -0,0 +1 @@
+tcp[tcpflags]&tcp-syn != 0 or tcp[tcpflags]&tcp-fin != 0 or tcp[tcpflags]&tcp-rst != 0

examples/libpcap/seeds/4.txt

@@ -0,0 +1 @@
+ether[12:2] = 0x800 or ether[12:2] = 0x8100 or ether[0] & 0x80 != 0 or ether[12:2] = 0x9100

examples/libpcap/seeds/5.txt

@@ -0,0 +1 @@
+vlan 186 and ip

examples/libpcap/seeds/6.txt

@@ -0,0 +1 @@
+ip and ((icmp and dst host 1.1.1.1 and not host 2.2.2.2) or (host 1.1.1.1 and src host 3.3.3.3))

examples/libpcap/seeds/7.txt

@@ -0,0 +1 @@
+not vlan and tcp port 80

examples/libpng/hopper.config

@@ -18,4 +18,4 @@ CUSTOM_RULES=custom.rule
 HOPPER_MAP_SIZE_POW2=18
 
 # set seeds for hopper
-# HOPPER_SEED_DIR=seeds
+# HOPPER_SEED_DIR=seeds

examples/libvpx/custom.rule

@@ -0,0 +1,4 @@
+func_include vpx_*
+// func_include vpx_codec_dec_init_ver,vpx_codec_vp9_dx,vpx_codec_decode
+// func_key vpx_codec_decode,vpx_codec_get_frame
+func_exclude vpx_img_free,vpx_codec_control_

examples/libvpx/hopper.config

@@ -0,0 +1,19 @@
+# Configurations for hopper fuzzer
+
+# Full path for header file
+TEST_HEADER=vpx_all.h
+
+# Full path to shared library
+TEST_LIBRARY=/data/workspace/fuzzing_bench/libvpx/build/hopper_build/libvpx.so.7.0.0
+
+# Output directory
+OUT_DIR=output
+
+# Set map size for branch counting
+HOPPER_MAP_SIZE_POW2=18
+
+# Set dictionary for bytes
+HOPPER_DICT=./vpx.dict
+
+# Set the header include path
+HOPPER_INCLUDE_SEARCH_PATH=/data/workspace/fuzzing_bench/libvpx/build/hopper_build

examples/libvpx/vpx.dict

@@ -0,0 +1,8 @@
+# IVF Signature + version (bytes 0-5)
+kw1="DKIF\x00\x00"
+
+# VP9 codec fourCC (bytes 8-11)
+kw2="VP90"
+
+# VP8 codec fourCC (bytes 8-11)
+kw3="VP80"

examples/re2/custom.rule

@@ -0,0 +1,4 @@
+func_include cre2_*
+func_exclude cre2_delete,cre2_set_delete,cre2_named_groups_iter_delete
+
+type cre2_string_t[length] = $len(data)

examples/re2/hopper.config

@@ -0,0 +1,26 @@
+# Configurations for hopper fuzzer
+
+# Full path for header file
+TEST_HEADER=/data/workspace/fuzzing_bench/re2/cre2.h
+
+# Full path to shared library
+TEST_LIB_DIR=/data/workspace/fuzzing_bench/re2/build/hopper_build/
+TEST_LIBRARY=${TEST_LIB_DIR}/cre2/lib/libcre2.so ${TEST_LIB_DIR}/lib/libre2.so.10.0.0
+
+# Output directory
+OUT_DIR=output
+
+# Custom rule for invoking API functions
+CUSTOM_RULES=custom.rule
+
+# set map size for branch counting
+HOPPER_MAP_SIZE_POW2=20
+
+# set seeds for hopper
+# HOPPER_SEED_DIR=seeds
+
+
+# target library
+HOPPER_TEST_LIBRARY=cre2/lib/libre2.so
+
+HOPPER_CUSTOM_RULES=$SRC_DIR/../custom_rule

examples/sqlite3/hopper.config

@@ -1,12 +1,12 @@
 # Configurations for hopper fuzzer
 
-LIB_DIR=/data/workspace/fuzzing_bench/sqlite3/build/hopper_build
+TEST_LIB_DIR=/data/workspace/fuzzing_bench/sqlite3/build/hopper_build
 
 # Full path for header file
-TEST_HEADER=${LIB_DIR}/sqlite3.h
+TEST_HEADER=${TEST_LIB_DIR}/sqlite3.h
 
 # Full path to shared library
-TEST_LIBRARY=${LIB_DIR}/.libs/libsqlite3.so
+TEST_LIBRARY=${TEST_LIB_DIR}/.libs/libsqlite3.so
 
 # Output directory
 OUT_DIR=output
@@ -18,4 +18,4 @@ CUSTOM_RULES=custom.rule
 HOPPER_MAP_SIZE_POW2=20
 
 # set seeds for hopper
-# HOPPER_SEED_DIR=seeds
+# HOPPER_SEED_DIR=seeds

examples/zlib/hopper.config

@@ -16,4 +16,4 @@ CUSTOM_RULES=custom.rule
 HOPPER_MAP_SIZE_POW2=18
 
 # set seeds for hopper
-# HOPPER_SEED_DIR=seeds
+# HOPPER_SEED_DIR=seeds

hopper

@@ -36,7 +36,7 @@ if [[ -e "hopper.config" ]]; then
     while IFS='=' read -r key value; do
     if [[ $key && $value ]]; then
         declare -x "$key=$value"
-        # echo "config file set $key = $value"
+        echo "config file set: $key = $value"
     fi
     done < "hopper.config"
 fi
@@ -156,7 +156,7 @@ cov)
         set -e
     done
     # find .so file in output directory.
-    BIN_FILE=$(find $OUTPUT_DIR -maxdepth 1 -type f -name \*.so)
+    BIN_FILE=$(find $OUTPUT_DIR -maxdepth 1 -type f -name \*_fuzz.so)
     BIN_FILE=$(IFS= ; echo "${BIN_FILE[*]}")
     info "bin file: $BIN_FILE"
     rm -rf $COV_DIR

hopper-compiler/src/patch/patchelf.rs

@@ -3,7 +3,7 @@
 
 use std::{
     env,
-    path::{PathBuf},
+    path::PathBuf,
     process::Command,
 };
 

hopper-core/src/fuzz/object/buf.rs

@@ -86,7 +86,13 @@ impl<T: ObjFuzzable + ObjGenerate> BufMutate for Vec<T> {
                                     return Ok(true);
                                 }
                                 let chunk = &seed.buf[r.lower..r.upper];
-                                super::seq::vec_insert_chunk(buf1, state, *split_at, chunk, r.is_insert)?;
+                                super::seq::vec_insert_chunk(
+                                    buf1,
+                                    state,
+                                    *split_at,
+                                    chunk,
+                                    r.is_insert,
+                                )?;
                             } else {
                                 if *split_at >= seed.buf.len() {
                                     return Ok(true);
@@ -188,9 +194,7 @@ impl<T: ObjFuzzable + ObjGenerate> BufMutate for Vec<T> {
         let ele_type_name = std::any::type_name::<T>();
         let ident = state.key.as_str()?;
         let key = format!("{ident}_{ele_type_name}");
-        let buf1 = unsafe {
-            std::slice::from_raw_parts(self.as_ptr() as *const u8, self.len())
-        };
+        let buf1 = unsafe { std::slice::from_raw_parts(self.as_ptr() as *const u8, self.len()) };
         // Get current buffer's hash
         let hash = crate::utils::hash_buf(buf1);
         // Pick a random entry. Don't splice with yourself.
@@ -221,8 +225,8 @@ impl<T: ObjFuzzable + ObjGenerate> BufMutate for Vec<T> {
                             range: Some(crate::SpliceRange {
                                 lower,
                                 upper,
-                                is_insert
-                            })
+                                is_insert,
+                            }),
                         });
                     }
 
@@ -313,8 +317,6 @@ impl<T: ObjFuzzable + ObjGenerate> BufMutate for Vec<T> {
     }
 }
 
-
-
 /// Find a suitable splicing location, somewhere between the first and
 /// the last differing byte.
 fn find_splice_pos(buf1: &[u8], buf2: &[u8]) -> Option<usize> {
@@ -454,7 +456,8 @@ pub fn get_buf_dict_tokens(ident: &str) -> Vec<&'static [u8]> {
         let default_dict = crate::config::output_file_path("misc/dict");
         let path = if let Ok(path) = std::env::var("HOPPER_DICT") {
             crate::log!(info, "load dict path: {}", path);
-            std::fs::copy(&path, default_dict).unwrap();
+            std::fs::copy(&path, default_dict)
+                .expect("fail to open dict file! please check the file is exist or not");
             PathBuf::from(path)
         } else {
             default_dict
@@ -608,7 +611,7 @@ fn test_parse_dict() {
     let ret = BUF_DICTS.get_or_init(|| parse_dictionary(buf.as_bytes()));
     if ret.is_empty() {
         return;
-    } 
+    }
     let list = get_buf_dict_tokens("abc");
     assert_eq!(list.len(), 2);
     let list = get_buf_dict_tokens("test");

hopper-harness/build.rs

@@ -150,6 +150,8 @@ fn link_libraries() {
         }
         println!("cargo:rustc-link-search=native={dir}");
     }
+    #[cfg(target_os = "linux")]
+    println!("cargo:rustc-link-arg=-Wl,--allow-shlib-undefined");
 }
 
 fn main() {