Skip to content

Latest commit

 

History

History
141 lines (102 loc) · 6.08 KB

README.en.md

File metadata and controls

141 lines (102 loc) · 6.08 KB

Table of Contents

1. About

Futag is an automated instrument to generate fuzz targets for software libraries. Unlike the standalone program, software library may not contain an entry point so that generating fuzz target for it remains a challenge. FUTAG uses LLVM clang and clang tools as front end to analyze and generate the fuzzing targets. Futag uses static analysis to find:

  • Entities dependencies (data types, functions, structures, etc.) in the source code of target library.
  • Library usage contexts. The information then is used for generating fuzz targets.

This project is based on llvm-project with Clang statistic analysis, LLVM lto and is distributed under "GPL v3 license"

Currently Futag supports:

  • automatically compiling libraries with Makefile, cmake and configure;
  • automatically generating fuzzing-targets for functions of libraries in C/C++ languages. Additionally, Futag provides the ability to test compiled targets.

2. Installation

2.1. Using a docker container

You can try to build Futag with pre-built Docker files for Ubuntu OS.

2.2. Using a prepackaged package

Download the latest futag-llvm.2.0.1.tar.xz and unzip

2.3. Building and installing from source

2.3.1. Dependencies

This instruction allows you to build a copy of the project and run it on a Unix-like system.

Futag is based on llvm-project. For compiling the project, these packages must be installed on your system:

Please check prerequirement on official website of LLVM for more detail.

You also need to create a symbolic link "python" to "python3" if such a link does not exist on your system. On an Ubuntu system, this can be done by installing the python-is-python3 package.

2.3.1. Building and installing

  • Clone the project:
  ~$ git clone https://github.com/ispras/Futag
  • Prepare the "custom-llvm" directory by running the script:
  ~/Futag/custom-llvm$ ./prepare.sh

This script creates the Futag/build directory and copies the Futag/custom-llvm/build.sh script into it.

Run the copied script in "Futag/build":

  ~/Futag/build$ ./build.sh
  • As a result, the tool will be installed in the Futag/futag-llvm directory.

3. Usage

  • Analyze the library:
# package futag must be already installed
from futag.preprocessor import *

testing_lib = Builder(
    "futag-llvm/", # path to the futag-llvm
    "path/to/library/source/code" # library root
)
testing_lib.auto_build()
testing_lib.analyze()
  • Generate and compile fuzz-drivers
# package futag must be already installed
from futag.generator import *

g = Generator(
    "futag-llvm/", # path to the futag-llvm
    "path/to/library/source/code" # library root
    # target_type = LIBFUZZER, # or AFLPLUSPLUS
)
g.gen_targets(
  anonymous=False # Option for generating fuzzing-wrapper of private functions
)
g.compile_targets(
  8, # Compile fuzz drivers with 8 processes
  # keep_failed=True, # keep uncompiled targets
  # extra_include="-DHAVE_CONFIG_H", # extra included paths
  # extra_dynamiclink="-lz", # extra system linked libraries
  # flags="-ferror-limit=1", # flags for compiling, default to ""
)

By default, successfully compiled fuzz-drivers for target functions are located in the futag-fuzz-drivers directory, where each target function is in its own subdirectory, the name of which matches the name of the target function. If several fuzz-drivers have been generated for a function, corresponding directories are created in the subdirectory of the target function, where a serial number is added to the name of the target function.

Documentation Futag Python-package follows by this link

Details of working with Futag can be read here

The example script can be viewed here

Testing repository has been created to test Futag for libraries (json-c, php, FreeImage, etc.), you can try with Docker container.

4. Authors

5. References

Видео

6. Found bugs