SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

conflict

Browse Source
This commit is contained in:
Andrea Fioraldi 2021-02-11 14:49:17 +01:00
commit 583508c4d9
21 changed files with 53 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
afl/examples/llmp_test/main.rs
View File

@ -6,7 +6,10 @@ extern crate alloc;
use core::{convert::TryInto, time::Duration};
use std::{thread, time};
use afl::{llmp, shmem::AflShmem, AflError};
use afl::{
bolts::{llmp, shmem::AflShmem},
AflError,
};
const TAG_SIMPLE_U32_V1: u32 = 0x51300321;
const TAG_MATH_RESULT_V1: u32 = 0x77474331;

4
afl/src/llmp.rs → afl/src/bolts/llmp.rs
View File

@ -1,5 +1,5 @@
/*!
A PoC for low level message passing
A library for low level message passing
To send new messages, the clients place a new message at the end of their
client_out_map. If the ringbuf is filled up, they start place a
@ -1609,7 +1609,7 @@ mod tests {
Tag,
};
#[cfg(feature = "std")]
use crate::shmem::AflShmem;
use crate::bolts::shmem::AflShmem;
#[cfg(feature = "std")]
#[test]

0
afl/src/metamap.rs → afl/src/bolts/metamap.rs
View File

7
afl/src/bolts/mod.rs Normal file
View File

@ -0,0 +1,7 @@
//! Bolts are no conceptual fuzzing elements, but they keep libafl-based fuzzers together.
pub mod llmp;
pub mod metamap;
pub mod serde_anymap;
pub mod shmem;
pub mod tuples;

8
afl/src/serde_anymap.rs → afl/src/bolts/serde_anymap.rs
View File

@ -78,7 +78,7 @@ macro_rules! create_serde_registry_for_trait {
use hashbrown::hash_map::{Keys, Values, ValuesMut};
use hashbrown::HashMap;
use $crate::serde_anymap::{
use $crate::bolts::serde_anymap::{
pack_type_id, unpack_type_id, DeserializeCallback, DeserializeCallbackSeed,
};
use $crate::AflError;
@ -470,10 +470,10 @@ macro_rules! create_serde_registry_for_trait {
{
use serde::ser::SerializeSeq;
let id = $crate::serde_anymap::unpack_type_id(self.type_id());
let id = $crate::bolts::serde_anymap::unpack_type_id(self.type_id());
let mut seq = se.serialize_seq(Some(2))?;
seq.serialize_element(&id)?;
seq.serialize_element(&$crate::serde_anymap::Wrap(self))?;
seq.serialize_element(&$crate::bolts::serde_anymap::Wrap(self))?;
seq.end()
}
}
@ -489,7 +489,7 @@ macro_rules! create_serde_registry_for_trait {
};
}
create_serde_registry_for_trait!(serdeany_serde, crate::serde_anymap::SerdeAny);
create_serde_registry_for_trait!(serdeany_serde, crate::bolts::serde_anymap::SerdeAny);
pub use serdeany_serde::*;
#[derive(Clone, Debug)]

0
afl/src/shmem.rs → afl/src/bolts/shmem.rs
View File

0
afl/src/tuples.rs → afl/src/bolts/tuples.rs
View File

2
afl/src/corpus/testcase.rs
View File

@ -6,8 +6,8 @@ use core::{convert::Into, default::Default, option::Option};
use serde::{Deserialize, Serialize};
use crate::{
bolts::serde_anymap::{SerdeAny, SerdeAnyMap},
inputs::Input,
serde_anymap::{SerdeAny, SerdeAnyMap},
AflError,
};

28
afl/src/events/mod.rs
View File

@ -3,8 +3,7 @@
pub mod stats;
pub use stats::*;
use crate::llmp::LlmpSender;
use crate::{llmp::LlmpReceiver, utils::deserialize_state_mgr};
use crate::bolts::llmp::LlmpSender;
use alloc::{
string::{String, ToString},
vec::Vec,
@ -12,19 +11,24 @@ use alloc::{
use core::{fmt, marker::PhantomData, time::Duration};
use serde::{Deserialize, Serialize};
#[cfg(feature = "std")]
use crate::{bolts::llmp::LlmpReceiver, utils::deserialize_state_mgr};
#[cfg(feature = "std")]
use std::{env, process::Command};
#[cfg(feature = "std")]
#[cfg(unix)]
use crate::shmem::AflShmem;
use crate::bolts::shmem::AflShmem;
use crate::{
bolts::{
llmp::{self, LlmpClient, LlmpClientDescription, Tag},
shmem::ShMem,
},
corpus::Corpus,
feedbacks::FeedbacksTuple,
inputs::Input,
llmp::{self, LlmpClient, LlmpClientDescription, Tag},
observers::ObserversTuple,
shmem::ShMem,
state::State,
utils::{serialize_state_mgr, Rand},
AflError,
@ -802,10 +806,10 @@ where
}
/// The llmp connection from the actual fuzzer to the process supervising it
const ENV_FUZZER_SENDER: &str = &"_AFL_ENV_FUZZER_SENDER";
const ENV_FUZZER_RECEIVER: &str = &"_AFL_ENV_FUZZER_RECEIVER";
const _ENV_FUZZER_SENDER: &str = &"_AFL_ENV_FUZZER_SENDER";
const _ENV_FUZZER_RECEIVER: &str = &"_AFL_ENV_FUZZER_RECEIVER";
/// The llmp (2 way) connection from a fuzzer to the broker (broadcasting all other fuzzer messages)
const ENV_FUZZER_BROKER_CLIENT_INITIAL: &str = &"_AFL_ENV_FUZZER_BROKER_CLIENT";
const _ENV_FUZZER_BROKER_CLIENT_INITIAL: &str = &"_AFL_ENV_FUZZER_BROKER_CLIENT";
impl<I, SH, ST> LlmpRestartingEventManager<I, SH, ST>
where
@ -979,8 +983,8 @@ where
// We are the fuzzing instance, first, connect to our own restore map.
// A sender and a receiver for single communication
let mut receiver = LlmpReceiver::<SH>::on_existing_from_env(ENV_FUZZER_RECEIVER)?;
let sender = LlmpSender::<SH>::on_existing_from_env(ENV_FUZZER_SENDER)?;
let mut receiver = LlmpReceiver::<SH>::on_existing_from_env(_ENV_FUZZER_RECEIVER)?;
let sender = LlmpSender::<SH>::on_existing_from_env(_ENV_FUZZER_SENDER)?;
// If we're restarting, deserialize the old state.
let (state, mut mgr) = match receiver.recv_buf()? {
@ -988,7 +992,7 @@ where
println!("First run. Let's set it all up");
// Mgr to send and receive msgs from/to all other fuzzer instances
let client_mgr = LlmpEventManager::<I, SH, ST>::existing_client_from_env(
ENV_FUZZER_BROKER_CLIENT_INITIAL,
_ENV_FUZZER_BROKER_CLIENT_INITIAL,
)?;
(None, LlmpRestartingEventManager::new(client_mgr, sender))
@ -1016,11 +1020,11 @@ where
#[cfg(test)]
mod tests {
use crate::bolts::tuples::{tuple_list, MatchNameAndType, Named};
use crate::events::Event;
use crate::inputs::bytes::BytesInput;
use crate::observers::ObserversTuple;
use crate::observers::StdMapObserver;
use crate::tuples::{tuple_list, MatchNameAndType, Named};
static mut MAP: [u32; 4] = [0; 4];

4
afl/src/executors/inprocess.rs
View File

@ -7,6 +7,7 @@ use core::marker::PhantomData;
use os_signals::set_oncrash_ptrs;
use crate::{
bolts::tuples::Named,
corpus::Corpus,
events::EventManager,
executors::{Executor, ExitKind, HasObservers},
@ -14,7 +15,6 @@ use crate::{
inputs::{HasTargetBytes, Input},
observers::ObserversTuple,
state::State,
tuples::Named,
utils::Rand,
AflError,
};
@ -397,9 +397,9 @@ mod tests {
use core::marker::PhantomData;
use crate::{
bolts::tuples::tuple_list,
executors::{Executor, ExitKind, InProcessExecutor},
inputs::Input,
tuples::tuple_list,
};
fn test_harness_fn_nop<E: Executor<I>, I: Input>(_executor: &E, _buf: &[u8]) -> ExitKind {

2
afl/src/executors/mod.rs
View File

@ -8,13 +8,13 @@ pub mod runtime;
use core::marker::PhantomData;
use crate::{
bolts::tuples::{MatchNameAndType, MatchType, Named, TupleList},
corpus::Corpus,
events::EventManager,
feedbacks::FeedbacksTuple,
inputs::{HasTargetBytes, Input},
observers::ObserversTuple,
state::State,
tuples::{MatchNameAndType, MatchType, Named, TupleList},
utils::Rand,
AflError,
};

2
afl/src/feedbacks/mod.rs
View File

@ -10,10 +10,10 @@ use num::Integer;
use serde::{Deserialize, Serialize};
use crate::{
bolts::tuples::{Named, TupleList},
corpus::Testcase,
inputs::Input,
observers::{MapObserver, Observer, ObserversTuple},
tuples::{Named, TupleList},
AflError,
};

10
afl/src/lib.rs
View File

@ -9,21 +9,17 @@ extern crate alloc;
#[macro_use]
extern crate static_assertions;
pub mod bolts;
pub mod corpus;
pub mod events;
pub mod executors;
pub mod feedbacks;
pub mod generators;
pub mod inputs;
pub mod llmp;
pub mod metamap;
pub mod mutators;
pub mod observers;
pub mod serde_anymap;
pub mod shmem;
pub mod stages;
pub mod state;
pub mod tuples;
pub mod utils;
use alloc::string::String;
@ -244,13 +240,13 @@ impl From<ParseIntError> for AflError {
mod tests {
use crate::{
bolts::tuples::tuple_list,
corpus::{Corpus, InMemoryCorpus, Testcase},
executors::{Executor, ExitKind, InProcessExecutor},
inputs::{BytesInput, Input},
mutators::{mutation_bitflip, ComposedByMutations, StdScheduledMutator},
stages::StdMutationalStage,
state::{HasCorpus, State},
tuples::tuple_list,
utils::StdRand,
Fuzzer, StdFuzzer,
};
@ -298,7 +294,7 @@ mod tests {
}
let state_serialized = postcard::to_allocvec(&state).unwrap();
let state_deserialized: State<InMemoryCorpus<BytesInput, _>, BytesInput, StdRand, ()> =
let state_deserialized: State<InMemoryCorpus<BytesInput, _>, (), BytesInput, StdRand> =
postcard::from_bytes(state_serialized.as_slice()).unwrap();
assert_eq!(state.executions(), state_deserialized.executions());

2
afl/src/mutators/mutations.rs
View File

@ -883,7 +883,7 @@ token2="B"
16000 as usize
}
fn set_max_size(&mut self, max_size: usize) {
fn set_max_size(&mut self, _max_size: usize) {
todo!("Not needed");
}
}

2
afl/src/mutators/scheduled.rs
View File

@ -353,7 +353,7 @@ mod tests {
InMemoryCorpus<BytesInput, XKCDRand>,
_,
_,
State<_, _, _, ()>,
State<_, (), _, _>,
>::new();
mutation_splice(&mut mutator, &mut rand, &mut state, &mut input).unwrap();

2
afl/src/mutators/token_mutations.rs
View File

@ -2,9 +2,9 @@
//! They may be inserted as part of mutations during fuzzing.
use crate::{
bolts::serde_anymap::SerdeAny,
inputs::{HasBytesVec, Input},
mutators::*,
serde_anymap::SerdeAny,
utils::Rand,
AflError,
};

8
afl/src/observers/mod.rs
View File

@ -8,8 +8,10 @@ use core::time::Duration;
use serde::{Deserialize, Serialize};
use crate::{
serde_anymap::{ArrayMut, Cptr},
tuples::{MatchNameAndType, MatchType, Named, TupleList},
bolts::{
serde_anymap::{ArrayMut, Cptr},
tuples::{MatchNameAndType, MatchType, Named, TupleList},
},
utils::current_time,
AflError,
};
@ -386,8 +388,8 @@ where
mod tests {
use crate::{
bolts::tuples::{tuple_list, tuple_list_type, Named},
observers::{StdMapObserver, TimeObserver},
tuples::{tuple_list, tuple_list_type, Named},
};
static mut MAP: [u32; 4] = [0; 4];

2
afl/src/stages/mod.rs
View File

@ -2,6 +2,7 @@ pub mod mutational;
pub use mutational::StdMutationalStage;
use crate::{
bolts::tuples::TupleList,
corpus::Corpus,
events::EventManager,
executors::{Executor, HasObservers},
@ -9,7 +10,6 @@ use crate::{
inputs::Input,
observers::ObserversTuple,
state::State,
tuples::TupleList,
utils::Rand,
AflError,
};

2
afl/src/state/mod.rs
View File

@ -9,6 +9,7 @@ use std::{
};
use crate::{
bolts::serde_anymap::{SerdeAny, SerdeAnyMap},
corpus::{Corpus, Testcase},
events::{Event, EventManager, LogSeverity},
executors::{Executor, HasObservers},
@ -16,7 +17,6 @@ use crate::{
generators::Generator,
inputs::Input,
observers::ObserversTuple,
serde_anymap::{SerdeAny, SerdeAnyMap},
utils::{current_milliseconds, Rand},
AflError,
};

2
afl/src/utils.rs
View File

@ -10,11 +10,11 @@ use xxhash_rust::xxh3::xxh3_64_with_seed;
use std::time::{SystemTime, UNIX_EPOCH};
use crate::{
bolts::shmem::ShMem,
corpus::Corpus,
events::{LlmpEventManager, Stats},
feedbacks::FeedbacksTuple,
inputs::Input,
shmem::ShMem,
state::State,
AflError,
};

2
fuzzers/libfuzzer_libpng/src/mod.rs
View File

@ -9,6 +9,7 @@ use clap::{App, Arg};
use std::{env, path::PathBuf};
use afl::{
bolts::tuples::tuple_list,
corpus::{Corpus, InMemoryCorpus},
events::setup_restarting_mgr,
events::{SimpleStats},
@ -19,7 +20,6 @@ use afl::{
observers::StdMapObserver,
stages::mutational::StdMutationalStage,
state::{HasCorpus, State},
tuples::tuple_list,
utils::StdRand,
AflError, Fuzzer, StdFuzzer,
};