remove some unecessary stuff
This commit is contained in:
parent
1edc70c6f1
commit
2ead941419
@ -1,3 +1,4 @@
|
|||||||
|
#![allow(non_camel_case_types,non_snake_case,non_upper_case_globals,deref_nullptr)]
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
// Manual Types
|
// Manual Types
|
||||||
use libafl_qemu::Emulator;
|
use libafl_qemu::Emulator;
|
||||||
|
|||||||
@ -1,11 +1,7 @@
|
|||||||
//! A singlethreaded QEMU fuzzer that can auto-restart.
|
//! A singlethreaded QEMU fuzzer that can auto-restart.
|
||||||
|
|
||||||
use libafl_qemu::QemuClockObserver;
|
use libafl_qemu::QemuClockObserver;
|
||||||
use libafl::feedbacks::Feedback;
|
|
||||||
use crate::worst::HitImprovingFeedback;
|
|
||||||
use crate::worst::HitFeedback;
|
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
use libafl::stats::SimpleStats;
|
|
||||||
use libafl::events::SimpleEventManager;
|
use libafl::events::SimpleEventManager;
|
||||||
use clap::{App, Arg};
|
use clap::{App, Arg};
|
||||||
use core::{cell::RefCell, time::Duration};
|
use core::{cell::RefCell, time::Duration};
|
||||||
@ -26,16 +22,14 @@ use libafl::{
|
|||||||
current_nanos, current_time,
|
current_nanos, current_time,
|
||||||
os::dup2,
|
os::dup2,
|
||||||
rands::StdRand,
|
rands::StdRand,
|
||||||
shmem::{ShMemProvider, StdShMemProvider},
|
|
||||||
tuples::{tuple_list, Merge},
|
tuples::{tuple_list, Merge},
|
||||||
},
|
},
|
||||||
corpus::{
|
corpus::{
|
||||||
Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler,
|
Corpus, IndexesLenTimeMinimizerCorpusScheduler, OnDiskCorpus, PowerQueueCorpusScheduler,
|
||||||
},
|
},
|
||||||
events::SimpleRestartingEventManager,
|
|
||||||
executors::{ExitKind, ShadowExecutor, TimeoutExecutor},
|
executors::{ExitKind, ShadowExecutor, TimeoutExecutor},
|
||||||
feedback_or,
|
feedback_or,
|
||||||
feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback},
|
feedbacks::{MapFeedbackState, MaxMapFeedback},
|
||||||
fuzzer::{Fuzzer, StdFuzzer},
|
fuzzer::{Fuzzer, StdFuzzer},
|
||||||
inputs::{BytesInput, HasTargetBytes},
|
inputs::{BytesInput, HasTargetBytes},
|
||||||
monitors::SimpleMonitor,
|
monitors::SimpleMonitor,
|
||||||
@ -62,12 +56,9 @@ use libafl_qemu::{
|
|||||||
emu::Emulator,
|
emu::Emulator,
|
||||||
filter_qemu_args,
|
filter_qemu_args,
|
||||||
snapshot_sys::QemuSysSnapshotHelper,
|
snapshot_sys::QemuSysSnapshotHelper,
|
||||||
MmapPerms,
|
|
||||||
QemuExecutor,
|
QemuExecutor,
|
||||||
Regs,
|
|
||||||
};
|
};
|
||||||
use crate::worst::HitcountsMapObserver;
|
use crate::worst::{HitFeedback,HitcountsMapObserver,HitImprovingFeedback};
|
||||||
use crate::worst::MapHitIncreaseFeedback;
|
|
||||||
|
|
||||||
|
|
||||||
/// The fuzzer main
|
/// The fuzzer main
|
||||||
@ -211,7 +202,7 @@ fn fuzz(
|
|||||||
env::remove_var("LD_LIBRARY_PATH");
|
env::remove_var("LD_LIBRARY_PATH");
|
||||||
|
|
||||||
//=========== Initialize the Emulator
|
//=========== Initialize the Emulator
|
||||||
let mut args: Vec<String> = vec![
|
let args: Vec<String> = vec![
|
||||||
"qemu-system-arm",
|
"qemu-system-arm",
|
||||||
"-machine","mps2-an385",
|
"-machine","mps2-an385",
|
||||||
"-monitor", "null",
|
"-monitor", "null",
|
||||||
@ -280,7 +271,7 @@ fn fuzz(
|
|||||||
writeln!(log.borrow_mut(), "{:?} {}", current_time(), s).unwrap();
|
writeln!(log.borrow_mut(), "{:?} {}", current_time(), s).unwrap();
|
||||||
});
|
});
|
||||||
|
|
||||||
let mut shmem_provider = StdShMemProvider::new()?;
|
// let mut shmem_provider = StdShMemProvider::new()?;
|
||||||
|
|
||||||
//====== Create the most simple status display and managers.
|
//====== Create the most simple status display and managers.
|
||||||
let mut mgr = SimpleEventManager::new(monitor);
|
let mut mgr = SimpleEventManager::new(monitor);
|
||||||
|
|||||||
@ -5,11 +5,6 @@ pub mod showmap;
|
|||||||
pub mod worst;
|
pub mod worst;
|
||||||
pub mod freertos;
|
pub mod freertos;
|
||||||
pub mod system_trace;
|
pub mod system_trace;
|
||||||
use libafl_qemu::{
|
|
||||||
edges,
|
|
||||||
edges::QemuEdgeCoverageHelper,
|
|
||||||
emu, filter_qemu_args,
|
|
||||||
};
|
|
||||||
|
|
||||||
fn main() {
|
fn main() {
|
||||||
#[cfg(all(target_os = "linux", feature = "showmap"))]
|
#[cfg(all(target_os = "linux", feature = "showmap"))]
|
||||||
|
|||||||
@ -2,21 +2,9 @@
|
|||||||
|
|
||||||
use crate::worst::DumpMapFeedback;
|
use crate::worst::DumpMapFeedback;
|
||||||
use crate::worst::DummyFeedback;
|
use crate::worst::DummyFeedback;
|
||||||
use libafl::corpus::Corpus;
|
|
||||||
use libafl::state::HasCorpus;
|
|
||||||
use libafl::Fuzzer;
|
|
||||||
use libafl::mutators::BitFlipMutator;
|
|
||||||
use libafl::stages::StdMutationalStage;
|
|
||||||
use libafl_qemu::QemuInstrumentationFilter;
|
use libafl_qemu::QemuInstrumentationFilter;
|
||||||
use crate::system_trace::QemuSystemStateHelper;
|
use crate::system_trace::QemuSystemStateHelper;
|
||||||
use libafl::feedbacks::CrashFeedback;
|
|
||||||
use std::path::Path;
|
|
||||||
use libafl_qemu::QemuExecutor;
|
use libafl_qemu::QemuExecutor;
|
||||||
use libafl::bolts::tuples::Named;
|
|
||||||
use libafl::observers::ObserversTuple;
|
|
||||||
use libafl::events::EventFirer;
|
|
||||||
use libafl::state::HasClientPerfMonitor;
|
|
||||||
use libafl::feedbacks::Feedback;
|
|
||||||
use libafl::Evaluator;
|
use libafl::Evaluator;
|
||||||
use libafl::inputs::Input;
|
use libafl::inputs::Input;
|
||||||
use libafl::corpus::InMemoryCorpus;
|
use libafl::corpus::InMemoryCorpus;
|
||||||
@ -50,10 +38,8 @@ use libafl_qemu::{
|
|||||||
emu::Emulator, filter_qemu_args,
|
emu::Emulator, filter_qemu_args,
|
||||||
snapshot_sys::QemuSysSnapshotHelper,
|
snapshot_sys::QemuSysSnapshotHelper,
|
||||||
elf::EasyElf,
|
elf::EasyElf,
|
||||||
clock,
|
clock::{QemuClockObserver},
|
||||||
clock::{QemuClockObserver,QemuClockIncreaseFeedback},
|
|
||||||
};
|
};
|
||||||
use crate::freertos;
|
|
||||||
|
|
||||||
|
|
||||||
/// The fuzzer main
|
/// The fuzzer main
|
||||||
@ -62,8 +48,6 @@ pub fn main() {
|
|||||||
// Needed only on no_std
|
// Needed only on no_std
|
||||||
//RegistryBuilder::register::<Tokens>();
|
//RegistryBuilder::register::<Tokens>();
|
||||||
|
|
||||||
let args: Vec<String> = env::args().collect();
|
|
||||||
|
|
||||||
let res = match App::new("wcet_qemu_fuzzer")
|
let res = match App::new("wcet_qemu_fuzzer")
|
||||||
.version("0.4.0")
|
.version("0.4.0")
|
||||||
.author("Alwin Berger")
|
.author("Alwin Berger")
|
||||||
@ -303,13 +287,6 @@ fn fuzz(
|
|||||||
emu.write_mem(input_addr,buf);
|
emu.write_mem(input_addr,buf);
|
||||||
|
|
||||||
emu.run();
|
emu.run();
|
||||||
//====== experiment inspecting the current tcb
|
|
||||||
// let curr_tcb_addr : freertos::void_ptr = freertos::emu_lookup::lookup(&emu, curr_tcb_pointer.try_into().unwrap());
|
|
||||||
// println!("Current TCB addr: {:x}",curr_tcb_addr);
|
|
||||||
// let current_tcb : freertos::TCB_t = freertos::emu_lookup::lookup(&emu,curr_tcb_addr);
|
|
||||||
// println!("Current TCB: {:?}",current_tcb);
|
|
||||||
// let ready_queue : freertos::List_t = freertos::emu_lookup::lookup(&emu,task_queue_addr.try_into().unwrap());
|
|
||||||
// println!("Ready Queue: {:?}",ready_queue);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ExitKind::Ok
|
ExitKind::Ok
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user