more llmp
This commit is contained in:
Dominik Maier
parent
62e2ee9f00
commit
4c320db9e5
@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize};
|
||||
//pub mod shmem_translated;
|
||||
|
||||
#[cfg(feature = "std")]
|
||||
use std::io::Write;
|
||||
use std::{io::Write, time::Duration};
|
||||
|
||||
use crate::corpus::Corpus;
|
||||
use crate::executors::Executor;
|
||||
@ -24,6 +24,8 @@ use crate::utils::Rand;
|
||||
use crate::AflError;
|
||||
use crate::{engines::State, utils};
|
||||
|
||||
use self::llmp::LlmpMsg;
|
||||
|
||||
/// Indicate if an event worked or not
|
||||
pub enum BrokerEventResult {
|
||||
/// The broker haneled this. No need to pass it on.
|
||||
@ -476,6 +478,73 @@ where
|
||||
phantom: PhantomData<(C, E, OT, FT, I, R)>,
|
||||
}
|
||||
|
||||
impl<C, E, OT, FT, I, R, W> LlmpEventManager<C, E, OT, FT, I, R, W>
|
||||
where
|
||||
C: Corpus<I, R>,
|
||||
E: Executor<I>,
|
||||
OT: ObserversTuple,
|
||||
FT: FeedbacksTuple<I>,
|
||||
I: Input,
|
||||
R: Rand,
|
||||
W: Write,
|
||||
{
|
||||
/// Create llmp on a port
|
||||
/// If the port is not yet bound, it will act as broker
|
||||
/// Else, it will act as client.
|
||||
pub fn new_on_port(port: u16, writer: W) -> Result<Self, AflError> {
|
||||
let mgr = Self {
|
||||
llmp: llmp::LlmpConnection::on_port(port)?,
|
||||
start_time: utils::current_time(),
|
||||
corpus_size: 0,
|
||||
phantom: PhantomData,
|
||||
client_stats: vec![],
|
||||
writer,
|
||||
};
|
||||
Ok(mgr)
|
||||
}
|
||||
|
||||
/// Returns if we are the broker
|
||||
pub fn is_broker(&self) -> bool {
|
||||
match self.llmp {
|
||||
llmp::LlmpConnection::IsBroker {
|
||||
broker: _,
|
||||
listener_thread: _,
|
||||
} => true,
|
||||
_ => false,
|
||||
}
|
||||
}
|
||||
|
||||
/// Run forever in the broker
|
||||
pub fn broker_loop(&mut self) -> Result<(), AflError> {
|
||||
match &mut self.llmp {
|
||||
llmp::LlmpConnection::IsBroker {
|
||||
broker,
|
||||
listener_thread: _,
|
||||
} => {
|
||||
// TODO: Clean up that api by.. a lot!
|
||||
/*
|
||||
broker.add_message_hook(|client_id: u32, msg: *mut LlmpMsg| {
|
||||
unsafe {
|
||||
if (*msg).tag == _LLMP_TAG_EVENT_TO_BOTH {
|
||||
let event = postcard::from_bytes((*msg).as_slice_unsafe())?;
|
||||
match self.handle_in_broker(event)? {
|
||||
BrokerEventResult::Forward => llmp::LlmpMsgHookResult::ForwardToClients,
|
||||
BrokerEventResult::Handled => llmp::LlmpMsgHookResult::Handled,
|
||||
}
|
||||
} else {
|
||||
llmp::LlmpMsgHookResult::ForwardToClients
|
||||
}
|
||||
}
|
||||
});*/
|
||||
broker.loop_forever(Some(Duration::from_millis(5)))
|
||||
},
|
||||
_ => Err(AflError::IllegalState(
|
||||
"Called broker loop in the client".into(),
|
||||
)),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(feature = "std")]
|
||||
impl<C, E, OT, FT, I, R, W> EventManager<C, E, OT, FT, I, R>
|
||||
for LlmpEventManager<C, E, OT, FT, I, R, W>
|
||||
|
||||
@ -10,7 +10,7 @@ use afl::engines::Engine;
|
||||
use afl::engines::Fuzzer;
|
||||
use afl::engines::State;
|
||||
use afl::engines::StdFuzzer;
|
||||
use afl::events::LoggerEventManager;
|
||||
use afl::events::LlmpEventManager;
|
||||
use afl::executors::inmemory::InMemoryExecutor;
|
||||
use afl::executors::{Executor, ExitKind};
|
||||
use afl::feedbacks::MaxMapFeedback;
|
||||
@ -22,8 +22,6 @@ use afl::stages::mutational::StdMutationalStage;
|
||||
use afl::tuples::tuple_list;
|
||||
use afl::utils::StdRand;
|
||||
|
||||
const MAP_SIZE: usize = 65536;
|
||||
|
||||
#[no_mangle]
|
||||
extern "C" {
|
||||
/// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||
@ -52,7 +50,13 @@ pub extern "C" fn afl_libfuzzer_main() {
|
||||
|
||||
// TODO: No_std event manager
|
||||
#[cfg(feature = "std")]
|
||||
let mut events = LoggerEventManager::new(stderr());
|
||||
//let mut events = LoggerEventManager::new(stderr());
|
||||
let mut mgr = LlmpEventManager::new_on_port(1337, stderr()).unwrap();
|
||||
if mgr.is_broker() {
|
||||
println!("Doing broker things.");
|
||||
mgr.broker_loop().unwrap();
|
||||
}
|
||||
println!("We're a client, let's fuzz :)");
|
||||
|
||||
let edges_observer =
|
||||
StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
|
||||
@ -71,7 +75,7 @@ pub extern "C" fn afl_libfuzzer_main() {
|
||||
&mut corpus,
|
||||
&mut generator,
|
||||
&mut engine,
|
||||
&mut events,
|
||||
&mut mgr,
|
||||
4,
|
||||
)
|
||||
.expect("Failed to load initial inputs");
|
||||
@ -83,7 +87,7 @@ pub extern "C" fn afl_libfuzzer_main() {
|
||||
let mut fuzzer = StdFuzzer::new(tuple_list!(stage));
|
||||
|
||||
fuzzer
|
||||
.fuzz_loop(&mut rand, &mut state, &mut corpus, &mut engine, &mut events)
|
||||
.fuzz_loop(&mut rand, &mut state, &mut corpus, &mut engine, &mut mgr)
|
||||
.expect("Fuzzer fatal error");
|
||||
#[cfg(feature = "std")]
|
||||
println!("OK");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user