From 67165640c5f396f5906bd79bb5db676a36e0ed47 Mon Sep 17 00:00:00 2001 From: Alwin Berger Date: Sun, 24 Apr 2022 20:47:30 +0200 Subject: [PATCH] fuzz until first solution --- fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs | 2 +- libafl/src/fuzzer/mod.rs | 24 ++++++++++++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs b/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs index 76af11c4b4..dafa03fc46 100644 --- a/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs +++ b/fuzzers/wcet_qemu_sys/src/bin/fuzzer.rs @@ -507,7 +507,7 @@ fn fuzz( } fuzzer - .fuzz_loop(&mut stages, &mut executor, &mut state, &mut mgr) + .fuzz_for_solution(&mut stages, &mut executor, &mut state, &mut mgr) .expect("Error in the fuzzing loop"); // Never reached diff --git a/libafl/src/fuzzer/mod.rs b/libafl/src/fuzzer/mod.rs index cc049bd84c..b89459645a 100644 --- a/libafl/src/fuzzer/mod.rs +++ b/libafl/src/fuzzer/mod.rs @@ -150,7 +150,7 @@ pub trait Fuzzer where I: Input, EM: ProgressReporter, - S: HasExecutions + HasClientPerfMonitor, + S: HasExecutions + HasClientPerfMonitor + HasSolutions, { /// Fuzz for a single iteration /// Returns the index of the last fuzzed corpus item @@ -182,6 +182,26 @@ where } } + /// Fuzz until the first solution. + fn fuzz_for_solution( + &mut self, + stages: &mut ST, + executor: &mut E, + state: &mut S, + manager: &mut EM, + ) -> Result { + let mut last = current_time(); + let monitor_timeout = STATS_TIMEOUT_DEFAULT; + let mut done = false; + let mut tiem = 0; + while !done { + self.fuzz_one(stages, executor, state, manager)?; + last = manager.maybe_report_progress(state, last, monitor_timeout)?; + done = state.solutions().count() > 1; + } + return Ok(0); + } + /// Fuzz for n iterations /// Returns the index of the last fuzzed corpus item /// @@ -513,7 +533,7 @@ where EM: EventManager, F: Feedback, I: Input, - S: HasClientPerfMonitor + HasExecutions, + S: HasClientPerfMonitor + HasExecutions + HasSolutions, OF: Feedback, ST: StagesTuple, {