From 30f8fd44efbeb2990615eecd0ff682c1862e6a53 Mon Sep 17 00:00:00 2001 From: Dongjia Zhang Date: Sun, 5 Dec 2021 00:17:38 +0900 Subject: [PATCH] Better forkserver example (#399) * better example * fmt --- fuzzers/forkserver_simple/Cargo.toml | 1 + fuzzers/forkserver_simple/README.md | 16 +++++++---- fuzzers/forkserver_simple/src/main.rs | 39 ++++++++++++++++++++++++--- 3 files changed, 48 insertions(+), 8 deletions(-) diff --git a/fuzzers/forkserver_simple/Cargo.toml b/fuzzers/forkserver_simple/Cargo.toml index 200f258b4f..929769791d 100644 --- a/fuzzers/forkserver_simple/Cargo.toml +++ b/fuzzers/forkserver_simple/Cargo.toml @@ -17,3 +17,4 @@ opt-level = 3 [dependencies] libafl = { path = "../../libafl/" } +clap = { version = "3.0.0-beta.2", features = ["default"] } \ No newline at end of file diff --git a/fuzzers/forkserver_simple/README.md b/fuzzers/forkserver_simple/README.md index e016c8ded4..aeb558e600 100644 --- a/fuzzers/forkserver_simple/README.md +++ b/fuzzers/forkserver_simple/README.md @@ -1,7 +1,13 @@ # Simple Forkserver Fuzzer -This is a simple fuzzer to test the ForkserverExecutor. -You can test it with the following procedures. -1. `cargo build --release` -2. `cp ./target/release/forkserver_simple .` -3. `taskset -c 1 ./forkserver_simple` \ No newline at end of file +This is a simple example fuzzer to fuzz a executable instrumented by afl-cc. +## Usage +You can build this example by `cargo build --release`. +This downloads AFLplusplus/AFLplusplus and compiles the example harness program in src/program.c with afl-cc + +## Run +After you build it you can run +`cp ./target/release/forkserver_simple .` to copy the fuzzer into this directory, +and you can run +`taskset -c 1 ./forkserver_simple ./target/release/program ./corpus/ -t 1000` to run the fuzzer. +`taskset` binds this process to a specific core to improve the throughput. \ No newline at end of file diff --git a/fuzzers/forkserver_simple/src/main.rs b/fuzzers/forkserver_simple/src/main.rs index b6b35241a9..a28c10202d 100644 --- a/fuzzers/forkserver_simple/src/main.rs +++ b/fuzzers/forkserver_simple/src/main.rs @@ -24,9 +24,36 @@ use libafl::{ }; use std::path::PathBuf; +use clap::{App, Arg}; + #[allow(clippy::similar_names)] pub fn main() { - let corpus_dirs = vec![PathBuf::from("./corpus")]; + let res = App::new("forkserver_simple") + .about("Example Forkserver fuzer") + .arg( + Arg::new("executable") + .about("The instrumented binary we want to fuzz") + .required(true) + .index(1) + .takes_value(true), + ) + .arg( + Arg::new("in") + .about("The directory to read initial inputs from ('seeds')") + .required(true) + .index(2) + .takes_value(true), + ) + .arg( + Arg::new("timeout") + .about("Timeout for each individual execution, in milliseconds") + .short('t') + .long("timeout") + .default_value("1200"), + ) + .get_matches(); + + let corpus_dirs = vec![PathBuf::from(res.value_of("in").unwrap().to_string())]; const MAP_SIZE: usize = 65536; @@ -99,13 +126,19 @@ pub fn main() { // Create the executor for the forkserver let mut executor = TimeoutForkserverExecutor::new( ForkserverExecutor::new( - "./target/release/program".to_string(), + res.value_of("executable").unwrap().to_string(), &[], true, tuple_list!(edges_observer, time_observer), ) .unwrap(), - Duration::from_millis(5000), + Duration::from_millis( + res.value_of("timeout") + .unwrap() + .to_string() + .parse() + .expect("Could not parse timeout in milliseconds"), + ), ) .expect("Failed to create the executor.");