diff --git a/afl/src/events/llmp.rs b/afl/src/events/llmp.rs index 184897e58b..b3a4297e5d 100644 --- a/afl/src/events/llmp.rs +++ b/afl/src/events/llmp.rs @@ -436,8 +436,8 @@ impl LlmpSender { /// Never call alloc_next without either sending or cancelling the last allocated message for this page! /// There can only ever be up to one message allocated per page at each given time. unsafe fn alloc_next_if_space(&mut self, buf_len: usize) -> Option<*mut LlmpMsg> { - let mut buf_len_padded = buf_len; - let mut complete_msg_size = llmp_align(size_of::() + buf_len_padded); + let buf_len_padded; + let mut complete_msg_size = llmp_align(size_of::() + buf_len); let map = self.out_maps.last().unwrap(); let page = map.page(); let last_msg = self.last_msg_sent; diff --git a/afl/src/events/mod.rs b/afl/src/events/mod.rs index 62c4f110ac..dda3629e9c 100644 --- a/afl/src/events/mod.rs +++ b/afl/src/events/mod.rs @@ -4,8 +4,8 @@ pub mod llmp; pub mod shmem_translated; use alloc::string::String; -use tuple_list::tuple_list_type; use core::{marker::PhantomData, time}; +use tuple_list::tuple_list_type; use serde::{Deserialize, Serialize}; @@ -414,8 +414,6 @@ where fn start_time(&mut self) -> time::Duration { self.start_time } - - } #[cfg(feature = "std")] @@ -524,19 +522,18 @@ where } } - #[cfg(feature = "std")] #[cfg(test)] mod tests { use std::io::stderr; - use crate::{events::Event, observers::ObserversTuple}; + use crate::events::EventManager; use crate::inputs::bytes::BytesInput; use crate::observers::StdMapObserver; use crate::serde_anymap::{Ptr, PtrMut}; use crate::tuples::{tuple_list, tuple_list_type, MatchNameAndType, Named}; - use crate::events::EventManager; + use crate::{events::Event, observers::ObserversTuple}; use super::LoggerEventManager; @@ -566,8 +563,7 @@ mod tests { client_config: _, } => { let o = map.deserialize(&observers_buf).unwrap(); - let test_observer = o.match_name_type::>("test") - .unwrap(); + let test_observer = o.match_name_type::>("test").unwrap(); assert_eq!("test", test_observer.name()); } _ => panic!("mistmatch".to_string()), diff --git a/afl/src/feedbacks/mod.rs b/afl/src/feedbacks/mod.rs index 8f0114938e..e2851420c5 100644 --- a/afl/src/feedbacks/mod.rs +++ b/afl/src/feedbacks/mod.rs @@ -235,18 +235,21 @@ where pub fn new(name: &'static str, map_size: usize) -> Self { Self { history_map: vec![T::default(); map_size], - name: name, phantom: PhantomData, + name, } } - /*pub fn new_with_observer(map_observer: &O) -> Self { + /// Create new MapFeedback for the observer type. + /// Name should match that of the observer. + pub fn new_with_observer(name: &'static str, map_observer: &O) -> Self { + debug_assert_eq!(name, map_observer.name()); Self { history_map: vec![T::default(); map_observer.map().len()], - name: map_observer.name(), phantom: PhantomData, + name, } - }*/ + } } impl MapFeedback diff --git a/afl/src/observers/mod.rs b/afl/src/observers/mod.rs index 908b6247c2..505d86e8c4 100644 --- a/afl/src/observers/mod.rs +++ b/afl/src/observers/mod.rs @@ -37,7 +37,7 @@ pub trait ObserversTuple: Ok(postcard::to_allocvec(&self)?) } - /// Deserilaize + /// Deserilaize fn deserialize(&self, serialized: &[u8]) -> Result { Ok(postcard::from_bytes(serialized)?) } @@ -51,7 +51,6 @@ impl ObserversTuple for () { Ok(()) } - //fn for_each(&self, f: fn(&dyn Observer)) { } //fn for_each_mut(&mut self, f: fn(&mut dyn Observer)) { } } @@ -187,8 +186,8 @@ where let initial = if map.len() > 0 { map[0] } else { T::default() }; Self { map: ArrayMut::Cptr((map.as_mut_ptr(), map.len())), - initial: initial, name: name.into(), + initial, } } @@ -198,8 +197,8 @@ where let initial = if len > 0 { *map_ptr } else { T::default() }; StdMapObserver { map: ArrayMut::Cptr((map_ptr, len)), - initial: initial, name: name.into(), + initial, } } } diff --git a/afl/src/stages/mutational.rs b/afl/src/stages/mutational.rs index fe0ee19d35..b102a69f63 100644 --- a/afl/src/stages/mutational.rs +++ b/afl/src/stages/mutational.rs @@ -71,7 +71,7 @@ where // in a late stage, NewTestcase should be triggere donly after the processing in the later stage // So by default we shoudl trigger it in corpus.add, so that the user can override it and remove // if needed by particular cases - if state.is_interesting(&input_mut, observers)? > 0 { + if fitness > 0 { // TODO decouple events manager and engine manager.fire(Event::new_testcase("test".into(), input_mut, observers)?)?; // let _ = corpus.add(testcase); diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index 70c020a273..2b54b8326f 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -21,8 +21,8 @@ use afl::mutators::scheduled::HavocBytesMutator; use afl::mutators::HasMaxSize; use afl::observers::StdMapObserver; use afl::stages::mutational::StdMutationalStage; -use afl::utils::StdRand; use afl::tuples::tuple_list; +use afl::utils::StdRand; const MAP_SIZE: usize = 65536; @@ -60,11 +60,11 @@ pub extern "C" fn afl_libfuzzer_main() { StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe { __lafl_max_edges_size as usize }); - let edges_feedback = MaxMapFeedback::>::new(&NAME_COV_MAP, MAP_SIZE); + let edges_feedback = MaxMapFeedback::new_with_observer(&NAME_COV_MAP, &edges_observer); - let executor = InMemoryExecutor::new(harness, tuple_list!(edges_observer)); + let executor = InMemoryExecutor::new("Libfuzzer", harness, tuple_list!(edges_observer)); let mut state = State::new(tuple_list!(edges_feedback)); - + let mut engine = Engine::new(executor); state