more llmp
This commit is contained in:
Dominik Maier
parent
62e2ee9f00
commit
4c320db9e5
@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize};
|
|||||||
//pub mod shmem_translated;
|
//pub mod shmem_translated;
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
use std::io::Write;
|
use std::{io::Write, time::Duration};
|
||||||
|
|
||||||
use crate::corpus::Corpus;
|
use crate::corpus::Corpus;
|
||||||
use crate::executors::Executor;
|
use crate::executors::Executor;
|
||||||
@ -24,6 +24,8 @@ use crate::utils::Rand;
|
|||||||
use crate::AflError;
|
use crate::AflError;
|
||||||
use crate::{engines::State, utils};
|
use crate::{engines::State, utils};
|
||||||
|
|
||||||
|
use self::llmp::LlmpMsg;
|
||||||
|
|
||||||
/// Indicate if an event worked or not
|
/// Indicate if an event worked or not
|
||||||
pub enum BrokerEventResult {
|
pub enum BrokerEventResult {
|
||||||
/// The broker haneled this. No need to pass it on.
|
/// The broker haneled this. No need to pass it on.
|
||||||
@ -476,6 +478,73 @@ where
|
|||||||
phantom: PhantomData<(C, E, OT, FT, I, R)>,
|
phantom: PhantomData<(C, E, OT, FT, I, R)>,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl<C, E, OT, FT, I, R, W> LlmpEventManager<C, E, OT, FT, I, R, W>
|
||||||
|
where
|
||||||
|
C: Corpus<I, R>,
|
||||||
|
E: Executor<I>,
|
||||||
|
OT: ObserversTuple,
|
||||||
|
FT: FeedbacksTuple<I>,
|
||||||
|
I: Input,
|
||||||
|
R: Rand,
|
||||||
|
W: Write,
|
||||||
|
{
|
||||||
|
/// Create llmp on a port
|
||||||
|
/// If the port is not yet bound, it will act as broker
|
||||||
|
/// Else, it will act as client.
|
||||||
|
pub fn new_on_port(port: u16, writer: W) -> Result<Self, AflError> {
|
||||||
|
let mgr = Self {
|
||||||
|
llmp: llmp::LlmpConnection::on_port(port)?,
|
||||||
|
start_time: utils::current_time(),
|
||||||
|
corpus_size: 0,
|
||||||
|
phantom: PhantomData,
|
||||||
|
client_stats: vec![],
|
||||||
|
writer,
|
||||||
|
};
|
||||||
|
Ok(mgr)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Returns if we are the broker
|
||||||
|
pub fn is_broker(&self) -> bool {
|
||||||
|
match self.llmp {
|
||||||
|
llmp::LlmpConnection::IsBroker {
|
||||||
|
broker: _,
|
||||||
|
listener_thread: _,
|
||||||
|
} => true,
|
||||||
|
_ => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Run forever in the broker
|
||||||
|
pub fn broker_loop(&mut self) -> Result<(), AflError> {
|
||||||
|
match &mut self.llmp {
|
||||||
|
llmp::LlmpConnection::IsBroker {
|
||||||
|
broker,
|
||||||
|
listener_thread: _,
|
||||||
|
} => {
|
||||||
|
// TODO: Clean up that api by.. a lot!
|
||||||
|
/*
|
||||||
|
broker.add_message_hook(|client_id: u32, msg: *mut LlmpMsg| {
|
||||||
|
unsafe {
|
||||||
|
if (*msg).tag == _LLMP_TAG_EVENT_TO_BOTH {
|
||||||
|
let event = postcard::from_bytes((*msg).as_slice_unsafe())?;
|
||||||
|
match self.handle_in_broker(event)? {
|
||||||
|
BrokerEventResult::Forward => llmp::LlmpMsgHookResult::ForwardToClients,
|
||||||
|
BrokerEventResult::Handled => llmp::LlmpMsgHookResult::Handled,
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
llmp::LlmpMsgHookResult::ForwardToClients
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});*/
|
||||||
|
broker.loop_forever(Some(Duration::from_millis(5)))
|
||||||
|
},
|
||||||
|
_ => Err(AflError::IllegalState(
|
||||||
|
"Called broker loop in the client".into(),
|
||||||
|
)),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
impl<C, E, OT, FT, I, R, W> EventManager<C, E, OT, FT, I, R>
|
impl<C, E, OT, FT, I, R, W> EventManager<C, E, OT, FT, I, R>
|
||||||
for LlmpEventManager<C, E, OT, FT, I, R, W>
|
for LlmpEventManager<C, E, OT, FT, I, R, W>
|
||||||
|
|||||||
@ -10,7 +10,7 @@ use afl::engines::Engine;
|
|||||||
use afl::engines::Fuzzer;
|
use afl::engines::Fuzzer;
|
||||||
use afl::engines::State;
|
use afl::engines::State;
|
||||||
use afl::engines::StdFuzzer;
|
use afl::engines::StdFuzzer;
|
||||||
use afl::events::LoggerEventManager;
|
use afl::events::LlmpEventManager;
|
||||||
use afl::executors::inmemory::InMemoryExecutor;
|
use afl::executors::inmemory::InMemoryExecutor;
|
||||||
use afl::executors::{Executor, ExitKind};
|
use afl::executors::{Executor, ExitKind};
|
||||||
use afl::feedbacks::MaxMapFeedback;
|
use afl::feedbacks::MaxMapFeedback;
|
||||||
@ -22,8 +22,6 @@ use afl::stages::mutational::StdMutationalStage;
|
|||||||
use afl::tuples::tuple_list;
|
use afl::tuples::tuple_list;
|
||||||
use afl::utils::StdRand;
|
use afl::utils::StdRand;
|
||||||
|
|
||||||
const MAP_SIZE: usize = 65536;
|
|
||||||
|
|
||||||
#[no_mangle]
|
#[no_mangle]
|
||||||
extern "C" {
|
extern "C" {
|
||||||
/// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
/// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
|
||||||
@ -52,7 +50,13 @@ pub extern "C" fn afl_libfuzzer_main() {
|
|||||||
|
|
||||||
// TODO: No_std event manager
|
// TODO: No_std event manager
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
let mut events = LoggerEventManager::new(stderr());
|
//let mut events = LoggerEventManager::new(stderr());
|
||||||
|
let mut mgr = LlmpEventManager::new_on_port(1337, stderr()).unwrap();
|
||||||
|
if mgr.is_broker() {
|
||||||
|
println!("Doing broker things.");
|
||||||
|
mgr.broker_loop().unwrap();
|
||||||
|
}
|
||||||
|
println!("We're a client, let's fuzz :)");
|
||||||
|
|
||||||
let edges_observer =
|
let edges_observer =
|
||||||
StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
|
StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
|
||||||
@ -71,7 +75,7 @@ pub extern "C" fn afl_libfuzzer_main() {
|
|||||||
&mut corpus,
|
&mut corpus,
|
||||||
&mut generator,
|
&mut generator,
|
||||||
&mut engine,
|
&mut engine,
|
||||||
&mut events,
|
&mut mgr,
|
||||||
4,
|
4,
|
||||||
)
|
)
|
||||||
.expect("Failed to load initial inputs");
|
.expect("Failed to load initial inputs");
|
||||||
@ -83,7 +87,7 @@ pub extern "C" fn afl_libfuzzer_main() {
|
|||||||
let mut fuzzer = StdFuzzer::new(tuple_list!(stage));
|
let mut fuzzer = StdFuzzer::new(tuple_list!(stage));
|
||||||
|
|
||||||
fuzzer
|
fuzzer
|
||||||
.fuzz_loop(&mut rand, &mut state, &mut corpus, &mut engine, &mut events)
|
.fuzz_loop(&mut rand, &mut state, &mut corpus, &mut engine, &mut mgr)
|
||||||
.expect("Fuzzer fatal error");
|
.expect("Fuzzer fatal error");
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
println!("OK");
|
println!("OK");
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user