From 2593bdf42f8236d80b8fdb7a9642292a89017f27 Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Wed, 15 Feb 2023 09:17:48 +0100 Subject: [PATCH] trace_abbs and dump path --- fuzzers/FRET/Cargo.toml | 1 + fuzzers/FRET/benchmark/Makefile | 4 ++-- fuzzers/FRET/src/fuzzer.rs | 18 ++++++++++++++++-- fuzzers/FRET/src/systemstate/helpers.rs | 1 + 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/fuzzers/FRET/Cargo.toml b/fuzzers/FRET/Cargo.toml index 8927e55c64..de1e903ac9 100644 --- a/fuzzers/FRET/Cargo.toml +++ b/fuzzers/FRET/Cargo.toml @@ -10,6 +10,7 @@ std = [] snapshot_restore = [] snapshot_fast = [ "snapshot_restore" ] singlecore = [] +trace_abbs = [] systemstate = [] systemgraph = [ "systemstate" ] systemtrace = [ "systemstate" ] diff --git a/fuzzers/FRET/benchmark/Makefile b/fuzzers/FRET/benchmark/Makefile index c3b915bf3a..6a479038e8 100644 --- a/fuzzers/FRET/benchmark/Makefile +++ b/fuzzers/FRET/benchmark/Makefile @@ -1,4 +1,4 @@ -TIME=5400 +TIME=7200 corpora/%/seed: mkdir -p $$(dirname $@) @@ -24,7 +24,7 @@ timedump/%$(FUZZ_RANDOM)$(SUFFIX): corpora/%/seed BREAKPOINT=$$(echo $$LINE | cut -d, -f5) \ SEED_RANDOM=1 \ TIME_DUMP=benchmark/$@ \ - CASE_DUMP=benchmark/$@.case; \ + CASE_DUMP=benchmark/$@; \ ../fuzzer.sh + + + + + $(TIME) + + + > $@_log #SEED_DIR=benchmark/corpora/$* diff --git a/fuzzers/FRET/src/fuzzer.rs b/fuzzers/FRET/src/fuzzer.rs index 3f594d48df..5a3f751420 100644 --- a/fuzzers/FRET/src/fuzzer.rs +++ b/fuzzers/FRET/src/fuzzer.rs @@ -28,7 +28,7 @@ use libafl::{ stages::StdMutationalStage, state::{HasCorpus, StdState, HasMetadata, HasNamedMetadata}, Error, - prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec}, Evaluator, + prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata}, Evaluator, }; use libafl_qemu::{ edges, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor, @@ -404,7 +404,11 @@ pub fn fuzz() { } } match worst_input { - Some(wi) => {fs::write(&td,wi).expect("Failed to write worst corpus element");}, + Some(wi) => { + let mut cd = String::from(&td); + cd.push_str(".case"); + fs::write(&cd,wi).expect("Failed to write worst corpus element"); + }, None => (), } #[cfg(feature = "systemgraph")] @@ -415,6 +419,16 @@ pub fn fuzz() { fs::write(&gd,ron::to_string(&md).expect("Failed to serialize graph")).expect("Failed to write graph"); } } + { + let mut gd = String::from(&td); + if let Some(md) = state.metadata_mut().get_mut::() { + let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); + uniq.sort(); + uniq.dedup(); + gd.push_str(&format!(".{}.toprated", uniq.len())); + fs::write(&gd,ron::to_string(&md.map).expect("Failed to serialize metadata")).expect("Failed to write graph"); + } + } } }, } diff --git a/fuzzers/FRET/src/systemstate/helpers.rs b/fuzzers/FRET/src/systemstate/helpers.rs index b8c9c78606..612aa0e297 100644 --- a/fuzzers/FRET/src/systemstate/helpers.rs +++ b/fuzzers/FRET/src/systemstate/helpers.rs @@ -69,6 +69,7 @@ where QT: QemuHelperTuple, { _hooks.instruction(self.kerneladdr, exec_syscall_hook::, false); + #[cfg(feature = "trace_abbs")] _hooks.jmps(Some(gen_jmp_is_syscall::), Some(trace_api_call::)); }