AFL++'s LLVM plugins are not built by default and check is faulty

[smoelius]

@vanhauser-thc wrote in #449:

AFL++'s LLVM plugins are not built by default.
And even if the user wants to build them the check is faulty:

$ cargo-afl afl config --plugins
AFL LLVM runtime was already built for Rust rustc-1.75.0-nightly-42b1224; run `cargo afl config --build --force` to rebuild it.
$ ls /home/marc/.local/share/afl.rs/rustc-1.75.0-nightly-42b1224/afl.rs-0.15.1/afl-llvm
libafl-llvm-rt.a  libafl-llvm-rt.o

The message says "runtime" which would be correct, because the runtime is there, but what we want are the --plugins which are not.

[jberryman]

I'm fairly new to both rust and AFL++ and a little lost about the work around here. For context I arrived here while investigating why my fuzzing campaign seemed to stall pretty early on.

I can see that we're taking this branch on my code:

afl.rs/cargo-afl/src/main.rs

Lines 272 to 280 in 08d63a6

	} else {
	rustflags.push_str(&format!(
	"-C passes={passes} \
	-C llvm-args=-sanitizer-coverage-level=3 \
	-C llvm-args=-sanitizer-coverage-trace-pc-guard \
	-C llvm-args=-sanitizer-coverage-prune-blocks=0 \
	-C llvm-args=-sanitizer-coverage-trace-compares
	",
	));

And I don't seem to have e.g. cmplog-instructions-pass.so anywhere in my home directory.

What do I need to do or change to get CMPLOG support? I am on:

rustc 1.73.0 (cc66ad468 2023-10-03)
binary: rustc
commit-hash: cc66ad468955717ab92600c770da8c1601a4ff33
commit-date: 2023-10-03
host: x86_64-unknown-linux-gnu
release: 1.73.0
LLVM version: 17.0.2

Thanks for all your work on this project!

[jberryman]

Oh and I ran cargo afl config --build --force but that seemed not to do anything

[vanhauser-thc]

It is ‘cargo afl config —plugins --force’

Also #451

[jberryman]

ah thanks!

so ...

$ rustup show
Default host: x86_64-unknown-linux-gnu
rustup home:  /home/me/.rustup

installed toolchains
--------------------

stable-x86_64-unknown-linux-gnu
nightly-x86_64-unknown-linux-gnu (default)

active toolchain
----------------

nightly-x86_64-unknown-linux-gnu (default)
rustc 1.78.0-nightly (8ace7ea1f 2024-02-07)

$ rustc --version --verbose
rustc 1.78.0-nightly (8ace7ea1f 2024-02-07)
binary: rustc
commit-hash: 8ace7ea1f7cbba7b4f031e66c54ca237a0d65de6
commit-date: 2024-02-07
host: x86_64-unknown-linux-gnu
release: 1.78.0-nightly
LLVM version: 17.0.6

then

$ cargo install cargo-afl --force
   ...
$ ls /home/me/.local/share/afl.rs/rustc-1.78.0-nightly-8ace7ea/afl.rs-0.15.3/afl-llvm
libafl-llvm-rt.a  libafl-llvm-rt.o
$ cargo afl config --plugins --force
thread 'main' panicked at /home/me/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-afl-0.15.3/src/config.rs:180:29:
could not run llvm-config-17 --version

The logic here seems to assume rust's llvm is in my path? That's not the case for me (I happen to have llvm-14 installed currently)

[jberryman]

I guess that's just on me to install and keep up to date; I don't see llvm-config in the stuff rustc ships

[vanhauser-thc]

You need to install the llvm-tools component with rustup and install llvm 17 (eg apt.llvm.org)

[jberryman]

installing llvm-17 on my system was sufficient, then after running cargo afl config --plugins --force it compiled with cmplog plugins etc. thanks for the help!