From 26ec498de9dc6a926f73499302b9b20057dcab9b Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 8 Feb 2021 18:57:24 +0100 Subject: [PATCH] compiles --- afl/src/events/mod.rs | 17 ++++++--- afl/src/mutators/mutations.rs | 68 ++++++++++++++++++++++++++++++++++- afl/src/stages/mutational.rs | 15 ++++---- 3 files changed, 89 insertions(+), 11 deletions(-) diff --git a/afl/src/events/mod.rs b/afl/src/events/mod.rs index c2c04036fa..fcd5a909cf 100644 --- a/afl/src/events/mod.rs +++ b/afl/src/events/mod.rs @@ -760,6 +760,7 @@ where Self { llmp_mgr, sender } } + /* pub fn temp( stats: ST, broker_port: u16, @@ -840,6 +841,7 @@ where //Ok(mgr) todo!("Remove this fn"); } + */ } /// A restarting state is a combination of restarter and runner, that can be used on systems without `fork`. @@ -891,21 +893,26 @@ where let mut receiver = LlmpReceiver::::on_existing_from_env(ENV_FUZZER_RECEIVER)?; let mut sender = LlmpSender::::on_existing_from_env(ENV_FUZZER_SENDER)?; + todo!("all the things"); + /* + // If we're restarting, deserialize the old state. let (mut mgr, mut state) = match receiver.recv_buf()? { None => { println!("First run. Let's set it all up"); // Mgr to send and receive msgs from/to all other fuzzer instances - let client_mgr = + /*let client_mgr = LlmpEventManager::existing_client_from_env(ENV_FUZZER_BROKER_CLIENT_INITIAL)?; - (LlmpRestartingEventManager::new(client_mgr, sender), None) + (LlmpRestartingEventManager::new(client_mgr, sender), None)*/ + todo!("Do"); } // Restoring from a previous run, deserialize state and corpus. Some((_sender, _tag, msg)) => { println!("Subsequent run. Let's load all data from shmem (received {} bytes from previous instance)", msg.len()); let (mgr, state) = deserialize_state_mgr(&msg)?; - (LlmpRestartingEventManager::new(mgr), Some(state)) + todo!("Finish"); + //(LlmpRestartingEventManager::new(mgr, sender), Some(state)) } }; // We reset the sender, the next sender and receiver (after crash) will reuse the page from the initial message. @@ -916,7 +923,9 @@ where sender.send_buf(_LLMP_TAG_NO_RESTART, []); */ - (mgr, state) + //Ok(state) + todo!("More") + */ } #[cfg(test)] diff --git a/afl/src/mutators/mutations.rs b/afl/src/mutators/mutations.rs index 37a5728322..a98f7711c1 100644 --- a/afl/src/mutators/mutations.rs +++ b/afl/src/mutators/mutations.rs @@ -1,7 +1,9 @@ use crate::{ - inputs::{HasBytesVec, Input}, + corpus::InMemoryCorpus, + inputs::{BytesInput, HasBytesVec, Input}, mutators::Corpus, mutators::*, + state::State, utils::Rand, AflError, }; @@ -890,6 +892,14 @@ mod tests { #[cfg(feature = "std")] use crate::mutators::read_tokens_file; + use super::{ + mutation_bitflip, mutation_bytedec, mutation_byteflip, mutation_byteinc, + mutation_byteinteresting, mutation_byteneg, mutation_byterand, mutation_bytesdelete, + mutation_dwordadd, mutation_dwordinteresting, mutation_qwordadd, mutation_wordadd, + mutation_wordinteresting, + }; + use crate::{inputs::BytesInput, state::State, utils::StdRand}; + #[cfg(feature = "std")] #[test] fn test_read_tokens() { @@ -909,4 +919,60 @@ token2="B" assert_eq!(res, 2); let _ = fs::remove_file("test.tkns"); } + + #[test] + fn test_mutators() { + let inputs = &[ + BytesInput::new(vec![0x13, 0x37]), + BytesInput::new(vec![0xFF; 2048]), + BytesInput::new(vec![0x0]), + BytesInput::new(vec![]), + ]; + + let rand = StdRand::new(1337); + let corpus: crate::corpus::InMemoryCorpus::new(); + corpus.add(BytesInput::new(vec![0x42; 0x1337])); + + let state = State::new(corpus); + + let mut mutations = vec![]; + + mutations.append(mutation_bitflip); + mutations.append(mutation_byteflip); + mutations.append(mutation_byteinc); + mutations.append(mutation_bytedec); + mutations.append(mutation_byteneg); + mutations.append(mutation_byterand); + + mutations.append(mutation_byteadd); + mutations.append(mutation_wordadd); + mutations.append(mutation_dwordadd); + mutations.append(mutation_qwordadd); + mutations.append(mutation_byteinteresting); + mutations.append(mutation_wordinteresting); + mutations.append(mutation_dwordinteresting); + + mutations.append(mutation_bytesdelete); + mutations.append(mutation_bytesdelete); + mutations.append(mutation_bytesdelete); + mutations.append(mutation_bytesdelete); + mutations.append(mutation_bytesexpand); + mutations.append(mutation_bytesinsert); + mutations.append(mutation_bytesrandinsert); + mutations.append(mutation_bytesset); + mutations.append(mutation_bytesrandset); + mutations.append(mutation_bytescopy); + mutations.append(mutation_bytesswap); + + for mutation in mutations { + for input in inputs.iter_mut() { + mutation(None, rand, state, input).unwrap(); + } + } + + /* TODO + scheduled.add_mutation(mutation_tokeninsert); + scheduled.add_mutation(mutation_tokenreplace); + */ + } } diff --git a/afl/src/stages/mutational.rs b/afl/src/stages/mutational.rs index 7f69231a11..3a6fc8793c 100644 --- a/afl/src/stages/mutational.rs +++ b/afl/src/stages/mutational.rs @@ -79,12 +79,15 @@ where let observers_buf = manager.serialize_observers(observers)?; // TODO decouple events manager and engine - manager.fire(Event::NewTestcase { - input: input_mut.clone(), - observers_buf, - corpus_size: state.corpus().count() + 1, - client_config: "TODO".into(), - })?; + manager.fire( + state, + Event::NewTestcase { + input: input_mut.clone(), + observers_buf, + corpus_size: state.corpus().count() + 1, + client_config: "TODO".into(), + }, + )?; state.add_if_interesting(input_mut, fitness)?; // let _ = corpus.add(testcase); } else {