diff --git a/fuzzers/FRET/src/clock.rs b/fuzzers/FRET/src/clock.rs index c5ce7110e2..6a0598e34b 100644 --- a/fuzzers/FRET/src/clock.rs +++ b/fuzzers/FRET/src/clock.rs @@ -138,7 +138,7 @@ where unsafe { self.end_tick = emu::icount_get_raw() }; // println!("clock post {}", self.end_tick); // println!("Number of Ticks: {} <- {} {}",self.end_tick - self.start_tick, self.end_tick, self.start_tick); - let metadata =_state.metadata_mut(); + let metadata =_state.metadata_map_mut(); let hist = metadata.get_mut::(); let timestamp = SystemTime::now().duration_since(unsafe {FUZZ_START_TIMESTAMP}).unwrap().as_millis(); match hist { @@ -226,9 +226,10 @@ where /// Append to the testcase the generated metadata in case of a new corpus item #[inline] - fn append_metadata( + fn append_metadata( &mut self, _state: &mut S, + observers: &OT, testcase: &mut Testcase, ) -> Result<(), Error> { *testcase.exec_time_mut() = self.exec_time; @@ -296,7 +297,7 @@ where let observer = _observers.match_name::("clock") .expect("QemuClockObserver not found"); let clock_state = state - .named_metadata_mut() + .named_metadata_map_mut() .get_mut::(&self.name) .unwrap(); if observer.last_runtime() > clock_state.max_icount_seen { @@ -309,7 +310,7 @@ where /// Append to the testcase the generated metadata in case of a new corpus item #[inline] - fn append_metadata(&mut self, _state: &mut S, testcase: &mut Testcase) -> Result<(), Error> { + fn append_metadata(&mut self, _state: &mut S, observers: &OT, testcase: &mut Testcase) -> Result<(), Error> { // testcase.metadata_mut().insert(QemuIcountMetadata{runtime: self.last_runtime}); Ok(()) } diff --git a/fuzzers/FRET/src/fuzzer.rs b/fuzzers/FRET/src/fuzzer.rs index 04ebd07eeb..4e3bf53474 100644 --- a/fuzzers/FRET/src/fuzzer.rs +++ b/fuzzers/FRET/src/fuzzer.rs @@ -1,7 +1,7 @@ //! A fuzzer using qemu in systemmode for binary-only coverage of kernels //! use core::time::Duration; -use std::{env, path::PathBuf, process::{self, abort}, io::{Read, Write}, fs::{self, OpenOptions}, cmp::{min, max}, mem::transmute_copy, collections::btree_map::Range}; +use std::{env, path::PathBuf, process::{self, abort}, io::{Read, Write}, fs::{self, OpenOptions}, cmp::{min, max}, mem::transmute_copy, collections::btree_map::Range, ptr::addr_of_mut}; use libafl::{ bolts::{ @@ -26,10 +26,10 @@ use libafl::{ schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler}, state::{HasCorpus, StdState, HasMetadata, HasNamedMetadata}, Error, - prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata, havoc_mutations, StdScheduledMutator, HitcountsMapObserver}, Evaluator, stages::StdMutationalStage, + prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata, havoc_mutations, StdScheduledMutator, HitcountsMapObserver, CorpusId}, Evaluator, stages::StdMutationalStage, }; use libafl_qemu::{ - edges, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor, + edges::{self, edges_map_mut_slice, MAX_EDGES_NUM}, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor, QemuHooks, Regs, QemuInstrumentationFilter, GuestAddr, emu::libafl_qemu_set_native_breakpoint, emu::libafl_qemu_remove_native_breakpoint, }; @@ -174,7 +174,7 @@ pub fn fuzz() { // Initialize QEMU let args: Vec = env::args().collect(); let env: Vec<(String, String)> = env::vars().collect(); - let emu = Emulator::new(&args, &env); + let emu = Emulator::new(&args, &env).expect("Emulator creation failed"); if let Some(main_addr) = main_addr { unsafe { @@ -242,9 +242,11 @@ pub fn fuzz() { }; // Create an observation channel using the coverage map - let edges = unsafe { &mut edges::EDGES_MAP }; - let edges_counter = unsafe { &mut edges::MAX_EDGES_NUM }; - let edges_observer = VariableMapObserver::new("edges", edges, edges_counter); + let edges_observer = unsafe { VariableMapObserver::from_mut_slice( + "edges", + edges_map_mut_slice(), + addr_of_mut!(MAX_EDGES_NUM) + )}; #[cfg(feature = "observer_hitcounts")] let edges_observer = HitcountsMapObserver::new(edges_observer); @@ -393,7 +395,7 @@ pub fn fuzz() { .create(true) .append(true) .open(td).expect("Could not open timedump"); - if let Some(ichist) = state.metadata_mut().get_mut::() { + if let Ok(ichist) = state.metadata_mut::() { for i in ichist.0.drain(..) { writeln!(file, "{},{}", i.0, i.1).expect("Write to dump failed"); } @@ -473,7 +475,7 @@ pub fn fuzz() { .create(true) .append(true) .open(td).expect("Could not open timedump"); - if let Some(ichist) = state.metadata_mut().get_mut::() { + if let Some(ichist) = state.metadata_map_mut().get_mut::() { for i in ichist.0.drain(..) { writeln!(file, "{},{}", i.0, i.1).expect("Write to dump failed"); } @@ -485,7 +487,7 @@ pub fn fuzz() { let mut worst = Duration::new(0,0); let mut worst_input = None; for i in 0..corpus.count() { - let tc = corpus.get(i).expect("Could not get element from corpus").borrow(); + let tc = corpus.get(i.into()).expect("Could not get element from corpus").borrow(); if worst < tc.exec_time().expect("Testcase missing duration") { worst_input = Some(tc.input().as_ref().unwrap().bytes().to_owned()); worst = tc.exec_time().expect("Testcase missing duration"); @@ -510,8 +512,8 @@ pub fn fuzz() { } { let mut gd = String::from(&td); - if let Some(md) = state.metadata_mut().get_mut::() { - let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); + if let Some(md) = state.metadata_map_mut().get_mut::() { + let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); uniq.sort(); uniq.dedup(); gd.push_str(&format!(".{}.toprated{}", uniq.len(), marker)); @@ -523,13 +525,13 @@ pub fn fuzz() { dumper(format!(".iter_{}",t)); } println!("Start running until saturation"); - let mut last = state.metadata().get::().unwrap().1; + let mut last = state.metadata_map().get::().unwrap().1; while SystemTime::now().duration_since(unsafe {FUZZ_START_TIMESTAMP}).unwrap().as_millis() < last.1 + Duration::from_secs(10800).as_millis() { starttime=starttime.checked_add(Duration::from_secs(30)).unwrap(); fuzzer .fuzz_loop_until(&mut stages, &mut executor, &mut state, &mut mgr, starttime) .unwrap(); - let after = state.metadata().get::().unwrap().1; + let after = state.metadata_map().get::().unwrap().1; if after.0 > last.0 { last=after; } @@ -539,7 +541,7 @@ pub fn fuzz() { let mut worst = Duration::new(0,0); let mut worst_input = None; for i in 0..corpus.count() { - let tc = corpus.get(i).expect("Could not get element from corpus").borrow(); + let tc = corpus.get(i.into()).expect("Could not get element from corpus").borrow(); if worst < tc.exec_time().expect("Testcase missing duration") { worst_input = Some(tc.input().as_ref().unwrap().bytes().to_owned()); worst = tc.exec_time().expect("Testcase missing duration"); @@ -563,8 +565,8 @@ pub fn fuzz() { } { let mut gd = String::from(&td); - if let Some(md) = state.metadata_mut().get_mut::() { - let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); + if let Some(md) = state.metadata_map_mut().get_mut::() { + let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); uniq.sort(); uniq.dedup(); gd.push_str(&format!(".{}.toprated", uniq.len())); @@ -582,7 +584,7 @@ pub fn fuzz() { .create(true) .append(true) .open(td).expect("Could not open timedump"); - if let Some(ichist) = state.metadata_mut().get_mut::() { + if let Ok(ichist) = state.metadata_mut::() { for i in ichist.0.drain(..) { writeln!(file, "{},{}", i.0, i.1).expect("Write to dump failed"); } @@ -594,7 +596,7 @@ pub fn fuzz() { let mut worst = Duration::new(0,0); let mut worst_input = None; for i in 0..corpus.count() { - let tc = corpus.get(i).expect("Could not get element from corpus").borrow(); + let tc = corpus.get(i.into()).expect("Could not get element from corpus").borrow(); if worst < tc.exec_time().expect("Testcase missing duration") { worst_input = Some(tc.input().as_ref().unwrap().bytes().to_owned()); worst = tc.exec_time().expect("Testcase missing duration"); @@ -618,8 +620,8 @@ pub fn fuzz() { } { let mut gd = String::from(&td); - if let Some(md) = state.metadata_mut().get_mut::() { - let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); + if let Ok(md) = state.metadata_mut::() { + let mut uniq: Vec = md.map.values().map(|x| x.clone()).collect(); uniq.sort(); uniq.dedup(); gd.push_str(&format!(".{}.toprated", uniq.len())); @@ -639,7 +641,7 @@ pub fn fuzz() { // Initialize QEMU let args: Vec = env::args().collect(); let env: Vec<(String, String)> = env::vars().collect(); - let emu = Emulator::new(&args, &env); + let emu = Emulator::new(&args, &env).expect("Emu creation failed"); if let Some(main_addr) = main_addr { unsafe { libafl_qemu_set_native_breakpoint(main_addr); }// BREAKPOINT diff --git a/fuzzers/FRET/src/mutational.rs b/fuzzers/FRET/src/mutational.rs index 5262147620..c6eacc9822 100644 --- a/fuzzers/FRET/src/mutational.rs +++ b/fuzzers/FRET/src/mutational.rs @@ -12,7 +12,7 @@ use libafl::{ stages::{Stage}, start_timer, state::{HasClientPerfMonitor, HasCorpus, HasRand, UsesState, HasMetadata}, - Error, prelude::{HasBytesVec, UsesInput, new_hash_feedback, StdRand, RandomSeed, MutationResult, Mutator}, + Error, prelude::{HasBytesVec, UsesInput, new_hash_feedback, StdRand, RandomSeed, MutationResult, Mutator, CorpusId}, }; use crate::{systemstate::{FreeRTOSSystemStateMetadata, RefinedFreeRTOSSystemState}, fuzzer::DO_NUM_INTERRUPT, clock::IcHist}; @@ -53,7 +53,7 @@ where executor: &mut E, state: &mut Self::State, manager: &mut EM, - corpus_idx: usize, + corpus_idx: CorpusId, ) -> Result<(), Error> { let mut _input = state .corpus() @@ -103,7 +103,7 @@ where // let mut suffix : Vec = vec![]; #[cfg(feature = "feed_systemtrace")] { - let tmp = _input.metadata().get::(); + let tmp = _input.metadata_map().get::(); if tmp.is_some() { let trace = tmp.expect("FreeRTOSSystemStateMetadata not found"); diff --git a/fuzzers/FRET/src/qemustate.rs b/fuzzers/FRET/src/qemustate.rs index a5c1816e8f..2da9b57fea 100644 --- a/fuzzers/FRET/src/qemustate.rs +++ b/fuzzers/FRET/src/qemustate.rs @@ -56,7 +56,7 @@ where { } - fn post_exec(&mut self, emulator: &Emulator, _input: &S::Input) { + fn post_exec(&mut self, emulator: &Emulator, _input: &S::Input, _observers: &mut OT, _exit_kind: &mut ExitKind) { // unsafe { println!("snapshot post {}",emu::icount_get_raw()) }; } diff --git a/fuzzers/FRET/src/systemstate/feedbacks.rs b/fuzzers/FRET/src/systemstate/feedbacks.rs index 0ba77c68fe..cb9bf9da94 100644 --- a/fuzzers/FRET/src/systemstate/feedbacks.rs +++ b/fuzzers/FRET/src/systemstate/feedbacks.rs @@ -81,13 +81,13 @@ where let clock_observer = observers.match_name::("clocktime") //TODO not fixed .expect("QemuClockObserver not found"); let feedbackstate = match state - .named_metadata_mut() + .named_metadata_map_mut() .get_mut::("systemstate") { Some(s) => s, None => { let n=SystemStateFeedbackState::default(); - state.named_metadata_mut().insert(n, "systemstate"); - state.named_metadata_mut().get_mut::("systemstate").unwrap() + state.named_metadata_map_mut().insert(n, "systemstate"); + state.named_metadata_map_mut().get_mut::("systemstate").unwrap() } }; // let feedbackstate = state @@ -123,10 +123,10 @@ where /// Append to the testcase the generated metadata in case of a new corpus item #[inline] - fn append_metadata(&mut self, _state: &mut S, testcase: &mut Testcase) -> Result<(), Error> { + fn append_metadata(&mut self, _state: &mut S, observers: &OT, testcase: &mut Testcase) -> Result<(), Error> { let a = self.last_trace.take(); match a { - Some(s) => testcase.metadata_mut().insert(FreeRTOSSystemStateMetadata::new(s)), + Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)), None => (), } Ok(()) @@ -257,11 +257,11 @@ where } /// Append to the testcase the generated metadata in case of a new corpus item #[inline] - fn append_metadata(&mut self, _state: &mut S, testcase: &mut Testcase) -> Result<(), Error> { + fn append_metadata(&mut self, _state: &mut S, observers: &OT, testcase: &mut Testcase) -> Result<(), Error> { if !self.dump_metadata {return Ok(());} let a = self.last_trace.take(); match a { - Some(s) => testcase.metadata_mut().insert(FreeRTOSSystemStateMetadata::new(s)), + Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)), None => (), } Ok(()) diff --git a/fuzzers/FRET/src/systemstate/graph.rs b/fuzzers/FRET/src/systemstate/graph.rs index 7db7094249..d34eb3f5ee 100644 --- a/fuzzers/FRET/src/systemstate/graph.rs +++ b/fuzzers/FRET/src/systemstate/graph.rs @@ -281,13 +281,13 @@ where let observer = observers.match_name::("systemstate") .expect("QemuSystemStateObserver not found"); let feedbackstate = match state - .named_metadata_mut() + .named_metadata_map_mut() .get_mut::("SysMap") { Some(s) => s, None => { let n=SysGraphFeedbackState::default(); - state.named_metadata_mut().insert(n, "SysMap"); - state.named_metadata_mut().get_mut::("SysMap").unwrap() + state.named_metadata_map_mut().insert(n, "SysMap"); + state.named_metadata_map_mut().get_mut::("SysMap").unwrap() } }; let ret = feedbackstate.update(&observer.last_run, &observer.last_input); @@ -297,10 +297,10 @@ where /// Append to the testcase the generated metadata in case of a new corpus item #[inline] - fn append_metadata(&mut self, _state: &mut S, testcase: &mut Testcase) -> Result<(), Error> { + fn append_metadata(&mut self, _state: &mut S, observers: &OT, testcase: &mut Testcase) -> Result<(), Error> { let a = self.last_trace.take(); match a { - Some(s) => testcase.metadata_mut().insert(SysGraphMetadata::new(s)), + Some(s) => testcase.metadata_map_mut().insert(SysGraphMetadata::new(s)), None => (), } Ok(()) diff --git a/fuzzers/FRET/src/systemstate/helpers.rs b/fuzzers/FRET/src/systemstate/helpers.rs index a64f11c074..b67fde61db 100644 --- a/fuzzers/FRET/src/systemstate/helpers.rs +++ b/fuzzers/FRET/src/systemstate/helpers.rs @@ -1,6 +1,7 @@ use std::cell::UnsafeCell; use std::io::Write; use std::ops::Range; +use libafl::prelude::ExitKind; use libafl::prelude::UsesInput; use libafl_qemu::Emulator; use libafl_qemu::GuestAddr; @@ -82,7 +83,7 @@ where } } - fn post_exec(&mut self, emulator: &Emulator, _input: &S::Input) { + fn post_exec(&mut self, emulator: &Emulator, _input: &S::Input, _observers: &mut OT, _exit_kind: &mut ExitKind) { trigger_collection(emulator, self) } } diff --git a/fuzzers/FRET/src/systemstate/schedulers.rs b/fuzzers/FRET/src/systemstate/schedulers.rs index e79515d41a..10c9b3452c 100644 --- a/fuzzers/FRET/src/systemstate/schedulers.rs +++ b/fuzzers/FRET/src/systemstate/schedulers.rs @@ -12,7 +12,7 @@ use libafl::{ inputs::UsesInput, schedulers::{Scheduler, TestcaseScore, minimizer::DEFAULT_SKIP_NON_FAVORED_PROB }, state::{HasCorpus, HasMetadata, HasRand, UsesState, State}, - Error, SerdeAny, prelude::HasLen, + Error, SerdeAny, prelude::{HasLen, CorpusId}, }; @@ -55,51 +55,51 @@ where CS::State: HasCorpus + HasMetadata + HasRand, { /// Add an entry to the corpus and return its index - fn on_add(&self, state: &mut CS::State, idx: usize) -> Result<(), Error> { + fn on_add(&mut self, state: &mut CS::State, idx: CorpusId) -> Result<(), Error> { let l = state.corpus() .get(idx)? .borrow() - .metadata() + .metadata_map() .get::().map_or(0, |x| x.trace_length); self.get_update_trace_length(state,l); self.base.on_add(state, idx) } /// Replaces the testcase at the given idx - fn on_replace( - &self, - state: &mut CS::State, - idx: usize, - testcase: &Testcase<::Input>, - ) -> Result<(), Error> { - let l = state.corpus() - .get(idx)? - .borrow() - .metadata() - .get::().map_or(0, |x| x.trace_length); - self.get_update_trace_length(state, l); - self.base.on_replace(state, idx, testcase) - } + // fn on_replace( + // &mut self, + // state: &mut CS::State, + // idx: CorpusId, + // testcase: &Testcase<::Input>, + // ) -> Result<(), Error> { + // let l = state.corpus() + // .get(idx)? + // .borrow() + // .metadata() + // .get::().map_or(0, |x| x.trace_length); + // self.get_update_trace_length(state, l); + // self.base.on_replace(state, idx, testcase) + // } /// Removes an entry from the corpus, returning M if M was present. - fn on_remove( - &self, - state: &mut CS::State, - idx: usize, - testcase: &Option::Input>>, - ) -> Result<(), Error> { - self.base.on_remove(state, idx, testcase)?; - Ok(()) - } + // fn on_remove( + // &self, + // state: &mut CS::State, + // idx: usize, + // testcase: &Option::Input>>, + // ) -> Result<(), Error> { + // self.base.on_remove(state, idx, testcase)?; + // Ok(()) + // } /// Gets the next entry - fn next(&self, state: &mut CS::State) -> Result { + fn next(&mut self, state: &mut CS::State) -> Result { let mut idx = self.base.next(state)?; while { let l = state.corpus() .get(idx)? .borrow() - .metadata() + .metadata_map() .get::().map_or(0, |x| x.trace_length); let m = self.get_update_trace_length(state,l); state.rand_mut().below(m) > l as u64 @@ -118,7 +118,7 @@ where { pub fn get_update_trace_length(&self, state: &mut CS::State, par: usize) -> u64 { // Create a new top rated meta if not existing - if let Some(td) = state.metadata_mut().get_mut::() { + if let Some(td) = state.metadata_map_mut().get_mut::() { let m = max(td.max_trace_length, par); td.max_trace_length = m; m as u64 @@ -172,18 +172,18 @@ where { /// get first element in current gen, /// if current_gen is empty, swap lists, sort by FavFactor, take top k and return first - fn next(&self, state: &mut Self::State) -> Result { + fn next(&mut self, state: &mut Self::State) -> Result { let mut to_remove : Vec<(usize, f64)> = vec![]; let mut to_return : usize = 0; let c = state.corpus().count(); - let gm = state.metadata_mut().get_mut::().expect("Corpus Scheduler empty"); + let gm = state.metadata_map_mut().get_mut::().expect("Corpus Scheduler empty"); // println!("index: {} curr: {:?} next: {:?} gen: {} corp: {}", gm.current_cursor, gm.current_gen.len(), gm.next_gen.len(), gm.gen, // c); match gm.current_gen.get(gm.current_cursor) { Some(c) => { gm.current_cursor+=1; // println!("normal next: {}", (*c).0); - return Ok((*c).0) + return Ok((*c).0.into()) }, None => { swap(&mut to_remove, &mut gm.current_gen); @@ -207,53 +207,53 @@ where to_remove.sort_by(|x,y| x.0.cmp(&(*y).0)); to_remove.reverse(); for i in to_remove { - state.corpus_mut().remove(i.0).unwrap(); + state.corpus_mut().remove(i.0.into()).unwrap(); } // println!("switch next: {to_return}"); - return Ok(to_return); + return Ok(to_return.into()); } /// Add the new input to the next generation fn on_add( - &self, + &mut self, state: &mut Self::State, - idx: usize + idx: CorpusId ) -> Result<(), Error> { // println!("On Add {idx}"); let mut tc = state.corpus_mut().get(idx).unwrap().borrow_mut().clone(); - let ff = MaxTimeFavFactor::compute(&mut tc, state).unwrap(); - if let Some(gm) = state.metadata_mut().get_mut::() { - gm.next_gen.push((idx,ff)); + let ff = MaxTimeFavFactor::compute(state, &mut tc).unwrap(); + if let Some(gm) = state.metadata_map_mut().get_mut::() { + gm.next_gen.push((idx.into(),ff)); } else { - state.add_metadata(GeneticMetadata::new(vec![], vec![(idx,ff)])); + state.add_metadata(GeneticMetadata::new(vec![], vec![(idx.into(),ff)])); } Ok(()) } - fn on_replace( - &self, - _state: &mut Self::State, - _idx: usize, - _prev: &Testcase<::Input> - ) -> Result<(), Error> { - // println!("On Replace {_idx}"); - Ok(()) - } + // fn on_replace( + // &self, + // _state: &mut Self::State, + // _idx: usize, + // _prev: &Testcase<::Input> + // ) -> Result<(), Error> { + // // println!("On Replace {_idx}"); + // Ok(()) + // } - fn on_remove( - &self, - state: &mut Self::State, - idx: usize, - _testcase: &Option::Input>> - ) -> Result<(), Error> { - // println!("On Remove {idx}"); - if let Some(gm) = state.metadata_mut().get_mut::() { - gm.next_gen = gm.next_gen.drain(..).into_iter().filter(|x| (*x).0 != idx).collect::>(); - gm.current_gen = gm.current_gen.drain(..).into_iter().filter(|x| (*x).0 != idx).collect::>(); - } else { - state.add_metadata(GeneticMetadata::new(vec![], vec![])); - } - Ok(()) - } + // fn on_remove( + // &self, + // state: &mut Self::State, + // idx: usize, + // _testcase: &Option::Input>> + // ) -> Result<(), Error> { + // // println!("On Remove {idx}"); + // if let Some(gm) = state.metadata_mut().get_mut::() { + // gm.next_gen = gm.next_gen.drain(..).into_iter().filter(|x| (*x).0 != idx).collect::>(); + // gm.current_gen = gm.current_gen.drain(..).into_iter().filter(|x| (*x).0 != idx).collect::>(); + // } else { + // state.add_metadata(GeneticMetadata::new(vec![], vec![])); + // } + // Ok(()) + // } } impl GenerationScheduler diff --git a/fuzzers/FRET/src/worst.rs b/fuzzers/FRET/src/worst.rs index df79289a90..1290722196 100644 --- a/fuzzers/FRET/src/worst.rs +++ b/fuzzers/FRET/src/worst.rs @@ -54,7 +54,7 @@ where S: HasCorpus + HasMetadata, S::Input: HasLen, { - fn compute(entry: &mut Testcase<::Input>, state: &S) -> Result { + fn compute(state: &S, entry: &mut Testcase<::Input>) -> Result { // TODO maybe enforce entry.exec_time().is_some() let et = entry.exec_time().expect("testcase.exec_time is needed for scheduler"); let tns : i64 = et.as_nanos().try_into().expect("failed to convert time"); @@ -84,9 +84,9 @@ where S: HasCorpus + HasMetadata, S::Input: HasLen, { - fn compute(entry: &mut Testcase, state: &S) -> Result { + fn compute( state: &S, entry: &mut Testcase) -> Result { let execs_per_hour = (3600.0/entry.exec_time().expect("testcase.exec_time is needed for scheduler").as_secs_f64()); - let execs_times_length_per_hour = execs_per_hour*entry.cached_len()? as f64; + let execs_times_length_per_hour = execs_per_hour*entry.cached_len().unwrap() as f64; Ok(execs_times_length_per_hour) } } @@ -301,9 +301,10 @@ where Ok(false) } } - fn append_metadata( + fn append_metadata( &mut self, _state: &mut S, + observers: &OT, testcase: &mut Testcase<::Input>, ) -> Result<(), Error> { #[cfg(feature = "feed_afl")] diff --git a/libafl/src/fuzzer/mod.rs b/libafl/src/fuzzer/mod.rs index ae77fe2283..edda06d0c3 100644 --- a/libafl/src/fuzzer/mod.rs +++ b/libafl/src/fuzzer/mod.rs @@ -246,21 +246,21 @@ where state: &mut EM::State, manager: &mut EM, time: Duration - ) -> Result { + ) -> Result { if time==Duration::ZERO { return Err(Error::illegal_argument( "Cannot fuzz for 0 duration!".to_string(), )); } - let mut ret = 0; + let mut ret = None; let mut last = current_time(); let monitor_timeout = STATS_TIMEOUT_DEFAULT; let starttime = std::time::Instant::now(); while std::time::Instant::now().duration_since(starttime) < time { - ret = self.fuzz_one(stages, executor, state, manager)?; + ret = Some(self.fuzz_one(stages, executor, state, manager)?); last = manager.maybe_report_progress(state, last, monitor_timeout)?; } @@ -269,7 +269,7 @@ where // But as the state may grow to a few megabytes, // for now we won' and the user has to do it (unless we find a way to do this on `Drop`). - Ok(ret) + Ok(ret.unwrap()) } /// Fuzz for n iterations. @@ -288,13 +288,13 @@ where state: &mut EM::State, manager: &mut EM, time: std::time::Instant - ) -> Result { - let mut ret = 0; + ) -> Result { + let mut ret = None; let mut last = current_time(); let monitor_timeout = STATS_TIMEOUT_DEFAULT; while std::time::Instant::now() < time { - ret = self.fuzz_one(stages, executor, state, manager)?; + ret = Some(self.fuzz_one(stages, executor, state, manager)?); last = manager.maybe_report_progress(state, last, monitor_timeout)?; } @@ -303,7 +303,7 @@ where // But as the state may grow to a few megabytes, // for now we won' and the user has to do it (unless we find a way to do this on `Drop`). - Ok(ret) + Ok(ret.unwrap()) } }