Update LibAFL concolic (#1634)
* concolic upd * more * working * clippy * rev * fix * remove cur_input * rev * gitignore
This commit is contained in:
Dongjia "toka" Zhang
GitHub
parent
c9403cbd00
commit
02cd260af0
6
.gitignore
vendored
6
.gitignore
vendored
@ -22,6 +22,7 @@ vendor
|
|||||||
|
|
||||||
.cur_input
|
.cur_input
|
||||||
.cur_input_*
|
.cur_input_*
|
||||||
|
cur_input
|
||||||
.venv
|
.venv
|
||||||
|
|
||||||
crashes
|
crashes
|
||||||
@ -60,3 +61,8 @@ libafl_nyx/QEMU-Nyx
|
|||||||
libafl_nyx/packer
|
libafl_nyx/packer
|
||||||
|
|
||||||
.z3-trace
|
.z3-trace
|
||||||
|
|
||||||
|
# No gdb history
|
||||||
|
.gdb_history
|
||||||
|
# No llvm IR
|
||||||
|
*.ll
|
||||||
|
|||||||
@ -51,6 +51,9 @@ clear = true
|
|||||||
script='''
|
script='''
|
||||||
cd fuzzer
|
cd fuzzer
|
||||||
cargo clean
|
cargo clean
|
||||||
cd ../runtime
|
cd ..
|
||||||
|
cd ./runtime
|
||||||
|
cargo clean
|
||||||
|
cd ..
|
||||||
cargo clean
|
cargo clean
|
||||||
'''
|
'''
|
||||||
@ -60,13 +60,14 @@ struct Opt {
|
|||||||
concolic: bool,
|
concolic: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
use std::fs;
|
||||||
pub fn main() {
|
pub fn main() {
|
||||||
// Registry the metadata types used in this fuzzer
|
// Registry the metadata types used in this fuzzer
|
||||||
// Needed only on no_std
|
// Needed only on no_std
|
||||||
// unsafe { RegistryBuilder::register::<Tokens>(); }
|
// unsafe { RegistryBuilder::register::<Tokens>(); }
|
||||||
|
|
||||||
let opt = Opt::parse();
|
let opt = Opt::parse();
|
||||||
|
let _ = fs::remove_file("cur_input");
|
||||||
println!(
|
println!(
|
||||||
"Workdir: {:?}",
|
"Workdir: {:?}",
|
||||||
env::current_dir().unwrap().to_string_lossy().to_string()
|
env::current_dir().unwrap().to_string_lossy().to_string()
|
||||||
|
|||||||
@ -252,7 +252,9 @@ pub enum SymExpr {
|
|||||||
a: SymExprRef,
|
a: SymExprRef,
|
||||||
b: SymExprRef,
|
b: SymExprRef,
|
||||||
},
|
},
|
||||||
|
FloatNeg {
|
||||||
|
op: SymExprRef,
|
||||||
|
},
|
||||||
FloatAbs {
|
FloatAbs {
|
||||||
op: SymExprRef,
|
op: SymExprRef,
|
||||||
},
|
},
|
||||||
@ -277,6 +279,11 @@ pub enum SymExpr {
|
|||||||
b: SymExprRef,
|
b: SymExprRef,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
Ite {
|
||||||
|
cond: SymExprRef,
|
||||||
|
a: SymExprRef,
|
||||||
|
b: SymExprRef,
|
||||||
|
},
|
||||||
Sext {
|
Sext {
|
||||||
op: SymExprRef,
|
op: SymExprRef,
|
||||||
bits: u8,
|
bits: u8,
|
||||||
|
|||||||
@ -110,6 +110,7 @@ impl<R: Read> MessageFileReader<R> {
|
|||||||
|
|
||||||
/// This transforms the given message from it's serialized form into its in-memory form, making relative references
|
/// This transforms the given message from it's serialized form into its in-memory form, making relative references
|
||||||
/// absolute and counting the `SymExprRef`s.
|
/// absolute and counting the `SymExprRef`s.
|
||||||
|
#[allow(clippy::too_many_lines)]
|
||||||
fn transform_message(&mut self, message: &mut SymExpr) -> SymExprRef {
|
fn transform_message(&mut self, message: &mut SymExpr) -> SymExprRef {
|
||||||
let ret = self.current_id;
|
let ret = self.current_id;
|
||||||
match message {
|
match message {
|
||||||
@ -125,6 +126,7 @@ impl<R: Read> MessageFileReader<R> {
|
|||||||
}
|
}
|
||||||
SymExpr::Neg { op }
|
SymExpr::Neg { op }
|
||||||
| SymExpr::FloatAbs { op }
|
| SymExpr::FloatAbs { op }
|
||||||
|
| SymExpr::FloatNeg { op }
|
||||||
| SymExpr::Not { op }
|
| SymExpr::Not { op }
|
||||||
| SymExpr::Sext { op, .. }
|
| SymExpr::Sext { op, .. }
|
||||||
| SymExpr::Zext { op, .. }
|
| SymExpr::Zext { op, .. }
|
||||||
@ -204,6 +206,12 @@ impl<R: Read> MessageFileReader<R> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
SymExpr::Call { .. } | SymExpr::Return { .. } | SymExpr::BasicBlock { .. } => {}
|
SymExpr::Call { .. } | SymExpr::Return { .. } | SymExpr::BasicBlock { .. } => {}
|
||||||
|
SymExpr::Ite { cond, a, b } => {
|
||||||
|
*cond = self.make_absolute(*cond);
|
||||||
|
*a = self.make_absolute(*a);
|
||||||
|
*b = self.make_absolute(*b);
|
||||||
|
self.current_id += 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
SymExprRef::new(ret).unwrap()
|
SymExprRef::new(ret).unwrap()
|
||||||
}
|
}
|
||||||
@ -291,6 +299,7 @@ impl<W: Write + Seek> MessageFileWriter<W> {
|
|||||||
}
|
}
|
||||||
SymExpr::Neg { op }
|
SymExpr::Neg { op }
|
||||||
| SymExpr::FloatAbs { op }
|
| SymExpr::FloatAbs { op }
|
||||||
|
| SymExpr::FloatNeg { op }
|
||||||
| SymExpr::Not { op }
|
| SymExpr::Not { op }
|
||||||
| SymExpr::Sext { op, .. }
|
| SymExpr::Sext { op, .. }
|
||||||
| SymExpr::Zext { op, .. }
|
| SymExpr::Zext { op, .. }
|
||||||
@ -370,6 +379,11 @@ impl<W: Write + Seek> MessageFileWriter<W> {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
SymExpr::Call { .. } | SymExpr::Return { .. } | SymExpr::BasicBlock { .. } => {}
|
SymExpr::Call { .. } | SymExpr::Return { .. } | SymExpr::BasicBlock { .. } => {}
|
||||||
|
SymExpr::Ite { cond, a, b } => {
|
||||||
|
*cond = self.make_relative(*cond);
|
||||||
|
*a = self.make_relative(*a);
|
||||||
|
*b = self.make_relative(*b);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
self.serialization_options
|
self.serialization_options
|
||||||
.serialize_into(&mut self.writer, &message)?;
|
.serialize_into(&mut self.writer, &message)?;
|
||||||
|
|||||||
@ -5,7 +5,7 @@
|
|||||||
/// The URL of the `LibAFL` `SymCC` fork.
|
/// The URL of the `LibAFL` `SymCC` fork.
|
||||||
pub const SYMCC_REPO_URL: &str = "https://github.com/AFLplusplus/symcc.git";
|
pub const SYMCC_REPO_URL: &str = "https://github.com/AFLplusplus/symcc.git";
|
||||||
/// The commit of the `LibAFL` `SymCC` fork.
|
/// The commit of the `LibAFL` `SymCC` fork.
|
||||||
pub const SYMCC_REPO_COMMIT: &str = "2a3229da6101596af220f20fef5085e59537abcb";
|
pub const SYMCC_REPO_COMMIT: &str = "6909c3f2b98c6e14a25bee0fc6eb29c598250e35";
|
||||||
|
|
||||||
#[cfg(feature = "clone")]
|
#[cfg(feature = "clone")]
|
||||||
mod clone {
|
mod clone {
|
||||||
|
|||||||
@ -240,4 +240,7 @@ impl Filter for NoFloat {
|
|||||||
fn build_fp_rem(&mut self, _a: RSymExpr, _b: RSymExpr) -> bool {
|
fn build_fp_rem(&mut self, _a: RSymExpr, _b: RSymExpr) -> bool {
|
||||||
false
|
false
|
||||||
}
|
}
|
||||||
|
fn build_fp_neg(&mut self, _a: RSymExpr) -> bool {
|
||||||
|
false
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -127,6 +127,7 @@ impl Runtime for TracingRuntime {
|
|||||||
binary_expression_builder!(build_fp_rem, FloatRem);
|
binary_expression_builder!(build_fp_rem, FloatRem);
|
||||||
|
|
||||||
unary_expression_builder!(build_fp_abs, FloatAbs);
|
unary_expression_builder!(build_fp_abs, FloatAbs);
|
||||||
|
unary_expression_builder!(build_fp_neg, FloatNeg);
|
||||||
|
|
||||||
unary_expression_builder!(build_not, Not);
|
unary_expression_builder!(build_not, Not);
|
||||||
binary_expression_builder!(build_equal, Equal);
|
binary_expression_builder!(build_equal, Equal);
|
||||||
@ -135,6 +136,7 @@ impl Runtime for TracingRuntime {
|
|||||||
binary_expression_builder!(build_bool_or, BoolOr);
|
binary_expression_builder!(build_bool_or, BoolOr);
|
||||||
binary_expression_builder!(build_bool_xor, BoolXor);
|
binary_expression_builder!(build_bool_xor, BoolXor);
|
||||||
|
|
||||||
|
expression_builder!(build_ite(cond: RSymExpr, a: RSymExpr, b: RSymExpr) => Ite);
|
||||||
expression_builder!(build_sext(op: RSymExpr, bits: u8) => Sext);
|
expression_builder!(build_sext(op: RSymExpr, bits: u8) => Sext);
|
||||||
expression_builder!(build_zext(op: RSymExpr, bits: u8) => Zext);
|
expression_builder!(build_zext(op: RSymExpr, bits: u8) => Zext);
|
||||||
expression_builder!(build_trunc(op: RSymExpr, bits: u8) => Trunc);
|
expression_builder!(build_trunc(op: RSymExpr, bits: u8) => Trunc);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user