Send stability in calibration stage & FridaInstrumentationHelper retunrs Result<Self, Error> (#1056)
* fix * fix * clippy
This commit is contained in:
Dongjia "toka" Zhang
GitHub
parent
b7a0b823c6
commit
4d78878c02
@ -102,10 +102,10 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
|
||||
|
||||
#[cfg(unix)]
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan));
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan))?;
|
||||
#[cfg(windows)]
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage));
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?;
|
||||
|
||||
// Create an observation channel using the coverage map
|
||||
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
|
||||
@ -221,7 +221,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
|
||||
let cmplog = CmpLogRuntime::new();
|
||||
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog));
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog))?;
|
||||
|
||||
// Create an observation channel using the coverage map
|
||||
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
|
||||
@ -351,7 +351,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
|
||||
let coverage = CoverageRuntime::new();
|
||||
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage));
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?;
|
||||
|
||||
// Create an observation channel using the coverage map
|
||||
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
|
||||
|
||||
@ -99,10 +99,10 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
|
||||
|
||||
#[cfg(unix)]
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan));
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan))?;
|
||||
#[cfg(windows)]
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, &options, tuple_list!(coverage));
|
||||
FridaInstrumentationHelper::new(&gum, &options, tuple_list!(coverage))?;
|
||||
|
||||
// Create an observation channel using the coverage map
|
||||
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
|
||||
@ -219,7 +219,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
|
||||
let cmplog = CmpLogRuntime::new();
|
||||
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog));
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog))?;
|
||||
|
||||
// Create an observation channel using the coverage map
|
||||
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
|
||||
@ -349,7 +349,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
|
||||
let coverage = CoverageRuntime::new();
|
||||
|
||||
let mut frida_helper =
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage));
|
||||
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?;
|
||||
|
||||
// Create an observation channel using the coverage map
|
||||
let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr(
|
||||
|
||||
@ -3,11 +3,7 @@
|
||||
pub mod simple;
|
||||
pub use simple::*;
|
||||
pub mod llmp;
|
||||
use alloc::{
|
||||
boxed::Box,
|
||||
string::{String, ToString},
|
||||
vec::Vec,
|
||||
};
|
||||
use alloc::{boxed::Box, string::String, vec::Vec};
|
||||
#[cfg(all(unix, feature = "std"))]
|
||||
use core::ffi::c_void;
|
||||
use core::{
|
||||
@ -33,7 +29,6 @@ use crate::{
|
||||
inputs::Input,
|
||||
monitors::UserStats,
|
||||
observers::ObserversTuple,
|
||||
stages::calibrate::UnstableEntriesMetadata,
|
||||
state::{HasClientPerfMonitor, HasExecutions, HasMetadata},
|
||||
Error,
|
||||
};
|
||||
@ -462,23 +457,6 @@ where
|
||||
},
|
||||
)?;
|
||||
|
||||
// Send the stability event to the broker
|
||||
if let Some(meta) = state.metadata().get::<UnstableEntriesMetadata>() {
|
||||
let unstable_entries = meta.unstable_entries().len();
|
||||
let map_len = meta.map_len();
|
||||
self.fire(
|
||||
state,
|
||||
Event::UpdateUserStats {
|
||||
name: "stability".to_string(),
|
||||
value: UserStats::Ratio(
|
||||
(map_len - unstable_entries) as u64,
|
||||
map_len as u64,
|
||||
),
|
||||
phantom: PhantomData,
|
||||
},
|
||||
)?;
|
||||
}
|
||||
|
||||
// If performance monitor are requested, fire the `UpdatePerfMonitor` event
|
||||
#[cfg(feature = "introspection")]
|
||||
{
|
||||
|
||||
@ -186,7 +186,7 @@ where
|
||||
OF: Feedback<S>,
|
||||
Z: HasObjective<Objective = OF, State = S>,
|
||||
{
|
||||
let handlers = InProcessHandlers::new::<Self, EM, OF, Z, H>()?;
|
||||
let handlers = InProcessHandlers::new::<Self, EM, OF, Z>()?;
|
||||
#[cfg(windows)]
|
||||
// Some initialization necessary for windows.
|
||||
unsafe {
|
||||
@ -337,14 +337,13 @@ impl InProcessHandlers {
|
||||
}
|
||||
|
||||
/// Create new [`InProcessHandlers`].
|
||||
pub fn new<E, EM, OF, Z, H>() -> Result<Self, Error>
|
||||
pub fn new<E, EM, OF, Z>() -> Result<Self, Error>
|
||||
where
|
||||
E: Executor<EM, Z> + HasObservers,
|
||||
EM: EventFirer<State = E::State> + EventRestarter<State = E::State>,
|
||||
OF: Feedback<E::State>,
|
||||
E::State: HasSolutions + HasClientPerfMonitor,
|
||||
Z: HasObjective<Objective = OF, State = E::State>,
|
||||
H: FnMut(&<E::State as UsesInput>::Input) -> ExitKind + ?Sized,
|
||||
{
|
||||
#[cfg(unix)]
|
||||
unsafe {
|
||||
|
||||
@ -13,7 +13,7 @@ use serde::{Deserialize, Serialize};
|
||||
use crate::{
|
||||
bolts::{current_time, tuples::Named, AsIter},
|
||||
corpus::{Corpus, CorpusId, SchedulerTestcaseMetaData},
|
||||
events::{EventFirer, LogSeverity},
|
||||
events::{Event, EventFirer, LogSeverity},
|
||||
executors::{Executor, ExitKind, HasObservers},
|
||||
feedbacks::{
|
||||
map::{IsNovel, MapFeedback, MapFeedbackMetadata, Reducer},
|
||||
@ -21,6 +21,7 @@ use crate::{
|
||||
},
|
||||
fuzzer::Evaluator,
|
||||
inputs::UsesInput,
|
||||
monitors::UserStats,
|
||||
observers::{MapObserver, ObserversTuple},
|
||||
schedulers::powersched::SchedulerMetadata,
|
||||
stages::Stage,
|
||||
@ -285,6 +286,20 @@ where
|
||||
data.set_handicap(handicap);
|
||||
}
|
||||
|
||||
// Send the stability event to the broker
|
||||
if let Some(meta) = state.metadata().get::<UnstableEntriesMetadata>() {
|
||||
let unstable_entries = meta.unstable_entries().len();
|
||||
let map_len = meta.map_len();
|
||||
mgr.fire(
|
||||
state,
|
||||
Event::UpdateUserStats {
|
||||
name: "stability".to_string(),
|
||||
value: UserStats::Ratio((map_len - unstable_entries) as u64, map_len as u64),
|
||||
phantom: PhantomData,
|
||||
},
|
||||
)?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
@ -165,8 +165,7 @@ where
|
||||
{
|
||||
/// Constructor function to create a new [`FridaInstrumentationHelper`], given a `module_name`.
|
||||
#[allow(clippy::too_many_lines)]
|
||||
#[must_use]
|
||||
pub fn new(gum: &'a Gum, options: &'a FuzzerOptions, runtimes: RT) -> Self {
|
||||
pub fn new(gum: &'a Gum, options: &'a FuzzerOptions, runtimes: RT) -> Result<Self, Error> {
|
||||
// workaround frida's frida-gum-allocate-near bug:
|
||||
#[cfg(unix)]
|
||||
unsafe {
|
||||
@ -179,7 +178,8 @@ where
|
||||
-1,
|
||||
0,
|
||||
)
|
||||
.expect("Failed to map dummy regions for frida workaround");
|
||||
.map_err(|_| Error::unknown("Failed to map dummy regions for frida workaround"))?;
|
||||
|
||||
mmap(
|
||||
None,
|
||||
std::num::NonZeroUsize::new_unchecked(4 * 1024 * 1024),
|
||||
@ -188,14 +188,14 @@ where
|
||||
-1,
|
||||
0,
|
||||
)
|
||||
.expect("Failed to map dummy regions for frida workaround");
|
||||
.map_err(|_| Error::unknown("Failed to map dummy regions for frida workaround"))?;
|
||||
}
|
||||
}
|
||||
|
||||
let mut modules_to_instrument = vec![options
|
||||
.harness
|
||||
.as_ref()
|
||||
.unwrap()
|
||||
.ok_or_else(|| Error::unknown("No modueles to instrument"))?
|
||||
.to_string_lossy()
|
||||
.to_string()];
|
||||
modules_to_instrument.append(&mut options.libs_to_instrument.clone());
|
||||
@ -209,14 +209,14 @@ where
|
||||
.mode(arch::arm64::ArchMode::Arm)
|
||||
.detail(true)
|
||||
.build()
|
||||
.expect("Failed to create Capstone object"),
|
||||
.map_err(|_| Error::unknown("Failed to create Capstone object"))?,
|
||||
#[cfg(all(target_arch = "x86_64", unix))]
|
||||
capstone: Capstone::new()
|
||||
.x86()
|
||||
.mode(arch::x86::ArchMode::Mode64)
|
||||
.detail(true)
|
||||
.build()
|
||||
.expect("Failed to create Capstone object"),
|
||||
.map_err(|_| Error::unknown("Failed to create Capstone object"))?,
|
||||
ranges: RangeMap::new(),
|
||||
module_map: ModuleMap::new_from_names(gum, &modules_to_instrument),
|
||||
options,
|
||||
@ -235,7 +235,8 @@ where
|
||||
}
|
||||
if !options.dont_instrument.is_empty() {
|
||||
for (module_name, offset) in options.dont_instrument.clone() {
|
||||
let module_details = ModuleDetails::with_name(module_name).unwrap();
|
||||
let module_details = ModuleDetails::with_name(module_name.clone())
|
||||
.ok_or_else(|| Error::unknown("Module {module_name} not found"))?;
|
||||
let lib_start = module_details.range().base_address().0 as usize;
|
||||
// println!("removing address: {:#x}", lib_start + offset);
|
||||
helper
|
||||
@ -365,7 +366,7 @@ where
|
||||
|
||||
helper.transformer = Some(transformer);
|
||||
|
||||
helper
|
||||
Ok(helper)
|
||||
}
|
||||
|
||||
/// Return the runtime
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user