系统环境:Ubuntu22.04 + LLVM-10 + Clang-10

git下载源码进入目录,编译:

make -C InvsCov/dump LLVM_CONFIG=llvm-config-10
make -C InvsCov/instrument LLVM_CONFIG=llvm-config-10
make -C AFLplusplus
make -C AFLplusplus/llvm_mode LLVM_CONFIG=llvm-config-10
  • 1.
  • 2.
  • 3.
  • 4.

安装jdk8:sudo apt-get install openjdk-8-jdk

缺啥装啥,比如报rsync找不到文件:sudo apt-get install rsync

配置环境变量:

export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
  • 1.
  • 2.
  • 3.

编译Daikon

cd daikon
make compile
make daikon.jar
cp daikon.jar ../
  • 1.
  • 2.
  • 3.
  • 4.

使用方法参考官方文档: https://github.com/eurecom-s3/invscov

  • set the env var INVSCOV_OUTPUT_PATH to an existing empty folder
mkdir output_path
export INVSCOV_OUTPUT_PATH=`pwd`/output_path/
  • 1.
  • 2.
  • compile the PUT with dump-cc[c++]
cd target_program_src/
./configure
make CC=/home/lee/invscov/InvsCov/dump-cc CXX=/home/lee/invscov/InvsCov/dump-c++
cp ./program ./program_dump # assuming that 'program' is the result of the compilation
  • 1.
  • 2.
  • 3.
  • 4.
  • run reconstruct-dump
/home/lee/invscov/InvsCov/reconstruct-dump
  • 1.
  • run learn-invariants with the dumper binary produced in the second step
/home/lee/invscov/InvsCov/learn-invariants /home/lee/initial_corpus ./program_dump @@
  • 1.
  • run generate-constraints
/home/lee/invscov/InvsCov/generate-constraints
  • 1.
  • compile with instrument-cc[c++]
make clean
make CC=/home/lee/invscov/InvsCov/instrument-cc CXX=/home/lee/invscov/InvsCov/instrument-c++
cp ./program ./program_fuzz
  • 1.
  • 2.
  • 3.

Using the NO_CONSTRS=1 env var the instrument-cc compiler wrapper will simply compile the PUT with the classic AFL++ edge coverage instrumentation. Other env variables are available, refer to the  source code.

  • fuzz this last binary with afl-fuzz
/home/lee/invscov/AFLplusplus/afl-fuzz -i /home/lee/initial_corpus -o output -d -- ./program_fuzz @@
  • 1.

参考:

 https://blog.csdn.net/qq_38239282/article/details/121911389

 https://blog.csdn.net/qq_38239282/article/details/121251580