SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add instrumentation call after breakpoint

Browse Source
This commit is contained in:
Alwin Berger 2022-05-26 16:11:30 +02:00
parent 86ca7863ca
commit 517b3d3da7
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs
View File

@ -78,7 +78,7 @@ use libafl_qemu::{
edges, edges,
edges::QemuEdgeCoverageHelper, edges::QemuEdgeCoverageHelper,
elf::EasyElf, elf::EasyElf,
emu::Emulator, filter_qemu_args, libafl_int_offset, emu::Emulator, filter_qemu_args, libafl_int_offset, libafl_exec_block_hook,
snapshot_sys::QemuSysSnapshotHelper, snapshot_sys::QemuSysSnapshotHelper,
QemuExecutor, QemuExecutor,
clock, clock,
@ -450,12 +450,14 @@ fn fuzz(
emu.write_mem(input_addr,buf); emu.write_mem(input_addr,buf);
emu.run(); emu.run();
// since the breakpoint interrupted the last task the last state needs to be recorded
libafl_exec_block_hook(check_breakpoint);
} }
ExitKind::Ok ExitKind::Ok
}; };
let system_state_filter = QemuInstrumentationFilter::AllowList(vec![svh..svh+1]); let system_state_filter = QemuInstrumentationFilter::AllowList(vec![svh..svh+1,check_breakpoint..check_breakpoint+1]);
let mut executor = QemuExecutor::new( let mut executor = QemuExecutor::new(
&mut harness, &mut harness,
&emu, &emu,

7
fuzzers/wcet_qemu_sys/src/bin/showmap.rs
View File

@ -40,7 +40,7 @@ use libafl::{
use libafl_qemu::{ use libafl_qemu::{
edges, edges,
edges::QemuEdgeCoverageHelper, edges::QemuEdgeCoverageHelper,
emu::Emulator, filter_qemu_args, libafl_int_offset, emu::Emulator, filter_qemu_args, libafl_int_offset, libafl_exec_block_hook,
elf::EasyElf, elf::EasyElf,
snapshot_sys::QemuSysSnapshotHelper, snapshot_sys::QemuSysSnapshotHelper,
clock::{QemuClockObserver}, clock::{QemuClockObserver},
@ -359,12 +359,15 @@ fn fuzz(
emu.write_mem(input_addr,buf); emu.write_mem(input_addr,buf);
emu.run(); emu.run();
// since the breakpoint interrupted the last task the last state needs to be recorded
libafl_exec_block_hook(check_breakpoint);
println!("Qemu Ticks: {}",emu.get_ticks());
} }
ExitKind::Ok ExitKind::Ok
}; };
//======= Set System-State watchpoints //======= Set System-State watchpoints
let system_state_filter = QemuInstrumentationFilter::AllowList(vec![svh..svh+1]); let system_state_filter = QemuInstrumentationFilter::AllowList(vec![svh..svh+1,check_breakpoint..check_breakpoint+1]);
//======= Construct the executor, including the Helpers. The edges_observer still contains the ref to EDGES_MAP //======= Construct the executor, including the Helpers. The edges_observer still contains the ref to EDGES_MAP
let mut executor = QemuExecutor::new( let mut executor = QemuExecutor::new(

2
libafl_qemu/src/emu.rs
View File

@ -234,7 +234,7 @@ extern "C" {
static mut libafl_exec_jmp_hook: unsafe extern "C" fn(u64, u64); static mut libafl_exec_jmp_hook: unsafe extern "C" fn(u64, u64);
#[cfg(feature = "systemmode")] #[cfg(feature = "systemmode")]
static mut libafl_gen_jmp_hook: unsafe extern "C" fn(u64, u64) -> u64; static mut libafl_gen_jmp_hook: unsafe extern "C" fn(u64, u64) -> u64;
static mut libafl_exec_block_hook: unsafe extern "C" fn(u64); pub static mut libafl_exec_block_hook: unsafe extern "C" fn(u64);
static mut libafl_gen_block_hook: unsafe extern "C" fn(u64) -> u64; static mut libafl_gen_block_hook: unsafe extern "C" fn(u64) -> u64;
static mut libafl_exec_read_hook1: unsafe extern "C" fn(u64, u64); static mut libafl_exec_read_hook1: unsafe extern "C" fn(u64, u64);