From 24e01d89b52dbcd22f76ee46f6b81b9b6e4d9ab6 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Wed, 9 Dec 2020 12:32:14 +0100 Subject: [PATCH] NewTestcase2 -> NewTestcase --- afl/src/corpus/mod.rs | 9 ++++++--- afl/src/engines/mod.rs | 14 ++++++++------ afl/src/events/mod.rs | 28 ++++++++-------------------- afl/src/observers/mod.rs | 27 ++------------------------- afl/src/stages/mutational.rs | 2 +- 5 files changed, 25 insertions(+), 55 deletions(-) diff --git a/afl/src/corpus/mod.rs b/afl/src/corpus/mod.rs index e260379b4a..a2885d6579 100644 --- a/afl/src/corpus/mod.rs +++ b/afl/src/corpus/mod.rs @@ -3,8 +3,8 @@ pub use testcase::{Testcase, TestcaseMetadata}; use alloc::borrow::ToOwned; use alloc::vec::Vec; -use core::marker::PhantomData; use core::cell::RefCell; +use core::marker::PhantomData; use core::ptr; #[cfg(feature = "std")] @@ -61,7 +61,11 @@ where /// Removes an entry from the corpus, returning it if it was present. fn remove(&mut self, entry: &Testcase) -> Option> { - match self.entries().iter().position(|x| ptr::eq(x.as_ptr(), entry)) { + match self + .entries() + .iter() + .position(|x| ptr::eq(x.as_ptr(), entry)) + { Some(i) => Some(self.entries_mut().remove(i).into_inner()), None => None, } @@ -99,7 +103,6 @@ where } Ok(()) }*/ - // TODO: IntoIter /// Gets the next entry fn next(&mut self, rand: &mut R) -> Result<(&RefCell>, usize), AflError>; diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 5d2eae6b92..387f7456d5 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -102,11 +102,7 @@ where // TODO move some of these, like evaluate_input, to FuzzingEngine /// Runs the input and triggers observers and feedback - pub fn evaluate_input( - &mut self, - input: &I, - executor: &mut E, - ) -> Result + pub fn evaluate_input(&mut self, input: &I, executor: &mut E) -> Result where E: Executor, { @@ -404,7 +400,13 @@ mod tests { for i in 0..1000 { fuzzer - .fuzz_one(&mut rand, &mut state, &mut corpus, &mut engine, &mut events_manager) + .fuzz_one( + &mut rand, + &mut state, + &mut corpus, + &mut engine, + &mut events_manager, + ) .expect(&format!("Error in iter {}", i)); } } diff --git a/afl/src/events/mod.rs b/afl/src/events/mod.rs index f9c3af8eb5..d810aa19e9 100644 --- a/afl/src/events/mod.rs +++ b/afl/src/events/mod.rs @@ -17,7 +17,7 @@ use serde::{Deserialize, Serialize}; #[cfg(feature = "std")] use std::io::Write; -use crate::corpus::{Corpus, Testcase}; +use crate::corpus::Corpus; use crate::engines::State; use crate::executors::Executor; use crate::inputs::Input; @@ -81,11 +81,6 @@ where phantom: PhantomData<(C, E, I, R)>, }, NewTestcase { - sender_id: u64, - testcase: Testcase, - phantom: PhantomData<(C, E, I, R)>, - }, - NewTestcase2 { sender_id: u64, input: Ptr<'a, I>, observers: PtrMut<'a, crate::observers::observer_serde::NamedSerdeAnyMap>, @@ -132,15 +127,10 @@ where phantom: _, } => "Initial", Event::NewTestcase { - sender_id: _, - testcase: _, - phantom: _, - } => "New Testcase", - Event::NewTestcase2 { sender_id: _, input: _, observers: _, - } => "New Testcase 2", + } => "New Testcase", Event::UpdateStats { sender_id: _, new_execs: _, @@ -167,6 +157,7 @@ where } } + // TODO the broker has a state? do we need to pass state and corpus? fn handle_in_broker( &self, /*broker: &dyn EventManager,*/ _state: &mut State, @@ -178,11 +169,6 @@ where phantom: _, } => Ok(BrokerEventResult::Handled), Event::NewTestcase { - sender_id: _, - testcase: _, - phantom: _, - } => Ok(BrokerEventResult::Forward), - Event::NewTestcase2 { sender_id: _, input: _, observers: _, @@ -235,10 +221,12 @@ where match self { Event::NewTestcase { sender_id: _, - testcase, - phantom: _, + input: _, + observers: _, } => { - corpus.add(testcase); + // here u should match sender_id, if equal to the current one do not re-execute + // we need to pass engine to process() too, TODO + println!("PLACEHOLDER: received NewTestcase"); Ok(()) } _ => Err(AflError::Unknown( diff --git a/afl/src/observers/mod.rs b/afl/src/observers/mod.rs index 69a21f08e1..4422b3d27f 100644 --- a/afl/src/observers/mod.rs +++ b/afl/src/observers/mod.rs @@ -8,6 +8,8 @@ use serde::{Deserialize, Serialize}; use crate::serde_anymap::{SerdeAny, SliceMut}; use crate::AflError; +// TODO register each observer in the Registry in new() + /// Observers observe different information about the target. /// They can then be used by various sorts of feedback. pub trait Observer: SerdeAny + 'static { @@ -26,31 +28,6 @@ pub trait Observer: SerdeAny + 'static { crate::create_serde_registry_for_trait!(observer_serde, crate::observers::Observer); -#[derive(Serialize, Deserialize)] -pub struct NopObserver {} -impl Observer for NopObserver { - fn name(&self) -> &'static str { - "aa" - } - - fn reset(&mut self) -> Result<(), AflError> { - Ok(()) - } -} -impl SerdeAny for NopObserver { - fn as_any(&self) -> &dyn Any { - self - } - fn as_any_mut(&mut self) -> &mut dyn Any { - self - } -} -impl NopObserver { - pub fn new() -> Self { - Self {} - } -} - /// A MapObserver observes the static map, as oftentimes used for afl-like coverage information pub trait MapObserver where diff --git a/afl/src/stages/mutational.rs b/afl/src/stages/mutational.rs index 820c04e542..44922f8e04 100644 --- a/afl/src/stages/mutational.rs +++ b/afl/src/stages/mutational.rs @@ -65,7 +65,7 @@ where if let Some(mut testcase) = testcase_maybe { // TODO decouple events manager and engine manager.fire( - Event::NewTestcase2 { + Event::NewTestcase { sender_id: 0, input: Ptr::Ref(testcase.load_input()?), observers: PtrMut::Ref(engine.executor_mut().observers_mut()),