set up configurations
This commit is contained in:
parent
2e20a22dc6
commit
6a042da5c1
@ -5,7 +5,7 @@ authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenuk
|
||||
edition = "2021"
|
||||
|
||||
[features]
|
||||
default = ["std", "snapshot_restore", "singlecore", "feed_longest", "feed_afl", "restarting"]
|
||||
default = ["std", "snapshot_restore", "singlecore", "restarting", "feed_systemtrace", "fuzz_int" ]
|
||||
std = []
|
||||
snapshot_restore = []
|
||||
snapshot_fast = [ "snapshot_restore" ]
|
||||
@ -19,6 +19,10 @@ feed_longest = [ ]
|
||||
feed_afl = [ ]
|
||||
feed_genetic = [ ]
|
||||
fuzz_int = [ ]
|
||||
gensize_1 = [ ]
|
||||
gensize_10 = [ ]
|
||||
gensize_100 = [ ]
|
||||
observer_hitcounts = []
|
||||
|
||||
[profile.release]
|
||||
lto = true
|
||||
|
||||
@ -20,17 +20,17 @@ rule build_feedlongest:
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_longest"
|
||||
|
||||
rule build_feedaflnolongest:
|
||||
rule build_afl_longest:
|
||||
output:
|
||||
directory("bins/target_feedaflnolongest")
|
||||
directory("bins/target_afl_longest")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_afl"
|
||||
"cargo build --target-dir {output} {def_flags},feed_afl,feed_longest"
|
||||
|
||||
rule build_afl:
|
||||
output:
|
||||
directory("bins/target_afl")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_afl,feed_longest"
|
||||
"cargo build --target-dir {output} {def_flags},feed_afl,observer_hitcounts"
|
||||
|
||||
rule build_state:
|
||||
output:
|
||||
@ -62,11 +62,17 @@ rule build_state_int:
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_systemtrace,fuzz_int"
|
||||
|
||||
rule build_afl_longest_int:
|
||||
output:
|
||||
directory("bins/target_afl_longest_int")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_afl,feed_longest,fuzz_int"
|
||||
|
||||
rule build_afl_int:
|
||||
output:
|
||||
directory("bins/target_afl_int")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_afl,feed_longest,fuzz_int"
|
||||
"cargo build --target-dir {output} {def_flags},feed_afl,fuzz_int,observer_hitcounts"
|
||||
|
||||
rule build_feedlongest_int:
|
||||
output:
|
||||
@ -74,24 +80,48 @@ rule build_feedlongest_int:
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_longest,fuzz_int"
|
||||
|
||||
rule build_feedgeneration:
|
||||
rule build_feedgeneration1:
|
||||
output:
|
||||
directory("bins/target_feedgeneration")
|
||||
directory("bins/target_feedgeneration1")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic"
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic,gensize_1"
|
||||
|
||||
rule build_feedgeneration_int:
|
||||
rule build_feedgeneration1_int:
|
||||
output:
|
||||
directory("bins/target_feedgeneration_int")
|
||||
directory("bins/target_feedgeneration1_int")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic,fuzz_int"
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic,fuzz_int,gensize_1"
|
||||
|
||||
rule build_feedgeneration10:
|
||||
output:
|
||||
directory("bins/target_feedgeneration10")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic,gensize_10"
|
||||
|
||||
rule build_feedgeneration10_int:
|
||||
output:
|
||||
directory("bins/target_feedgeneration10_int")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic,fuzz_int,gensize_10"
|
||||
|
||||
rule build_feedgeneration100:
|
||||
output:
|
||||
directory("bins/target_feedgeneration100")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic,gensize_100"
|
||||
|
||||
rule build_feedgeneration100_int:
|
||||
output:
|
||||
directory("bins/target_feedgeneration100_int")
|
||||
shell:
|
||||
"cargo build --target-dir {output} {def_flags},feed_genetic,fuzz_int,gensize_100"
|
||||
|
||||
rule run_bench:
|
||||
input:
|
||||
"build/{target}.elf",
|
||||
"bins/target_{fuzzer}"
|
||||
output:
|
||||
multiext("timedump/{fuzzer}/{target}.{num}", "", ".log", ".case")
|
||||
multiext("timedump/{fuzzer}/{target}.{num}", "", ".log") # , ".case"
|
||||
run:
|
||||
with open('target_symbols.csv') as csvfile:
|
||||
reader = csv.DictReader(csvfile)
|
||||
@ -112,9 +142,9 @@ rule run_bench:
|
||||
export BREAKPOINT={bkp}
|
||||
export SEED_RANDOM={wildcards.num}
|
||||
export TIME_DUMP=$(pwd)/{output[0]}
|
||||
export CASE_DUMP=$(pwd)/{output[2]}
|
||||
export CASE_DUMP=$(pwd)/{output[0]}.case
|
||||
export TRACE_DUMP=$(pwd)/{output[0]}.trace
|
||||
export FUZZ_ITERS=180
|
||||
export FUZZ_ITERS=21600
|
||||
export FUZZER=$(pwd)/{input[1]}/debug/fret
|
||||
set +e
|
||||
../fuzzer.sh > {output[1]} 2>&1
|
||||
@ -192,17 +222,29 @@ rule all_bins:
|
||||
"bins/target_state",
|
||||
"bins/target_graph"
|
||||
|
||||
rule all_periodic:
|
||||
rule all_main:
|
||||
input:
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random','afl','state'], target=['waters','watersv2'],num=range(0,10))
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random','afl_longest','state','feedgeneration10'], target=['waters','watersv2'],num=range(0,10))
|
||||
|
||||
rule all_compare_afl_longest:
|
||||
rule all_main_int:
|
||||
input:
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration','feedlongest'], target=['waters','watersv2'],num=range(0,10))
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random_int','afl_longest_int','state_int','feedgeneration10_int'], target=['waters_int','watersv2_int'],num=range(0,10))
|
||||
|
||||
rule all_micro:
|
||||
rule all_compare_feedgeneration:
|
||||
input:
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['random_int','afl_int','state_int','feedgeneration_int'], target=['waters_int','watersv2_int'],num=range(0,10))
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration1','feedgeneration10','feedgeneration100'], target=['waters','watersv2'],num=range(0,10))
|
||||
|
||||
rule all_compare_feedgeneration_int:
|
||||
input:
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['feedgeneration1_int','feedgeneration10_int','feedgeneration100_int'], target=['waters_int','watersv2_int'],num=range(0,10))
|
||||
|
||||
rule all_compare_afl:
|
||||
input:
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['afl','afl_longest','feedlongest'], target=['waters','watersv2'],num=range(0,10))
|
||||
|
||||
rule all_compare_afl_int:
|
||||
input:
|
||||
expand("timedump/{fuzzer}/{target}.{num}", fuzzer=['afl_int','afl_longest_int','feedlongest_int'], target=['waters_int','watersv2_int'],num=range(0,10))
|
||||
|
||||
rule all_images:
|
||||
input:
|
||||
|
||||
@ -26,7 +26,7 @@ use libafl::{
|
||||
schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
|
||||
state::{HasCorpus, StdState, HasMetadata, HasNamedMetadata},
|
||||
Error,
|
||||
prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata, havoc_mutations, StdScheduledMutator}, Evaluator, stages::StdMutationalStage,
|
||||
prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata, havoc_mutations, StdScheduledMutator, HitcountsMapObserver}, Evaluator, stages::StdMutationalStage,
|
||||
};
|
||||
use libafl_qemu::{
|
||||
edges, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor,
|
||||
@ -211,6 +211,7 @@ pub fn fuzz() {
|
||||
buf = &buf[libafl_num_interrupts*4..];
|
||||
len = buf.len();
|
||||
}
|
||||
// println!("Load: {:?}", libafl_interrupt_offsets[0..libafl_num_interrupts].to_vec());
|
||||
}
|
||||
if len > MAX_INPUT_SIZE {
|
||||
buf = &buf[0..MAX_INPUT_SIZE];
|
||||
@ -241,6 +242,8 @@ pub fn fuzz() {
|
||||
let edges = unsafe { &mut edges::EDGES_MAP };
|
||||
let edges_counter = unsafe { &mut edges::MAX_EDGES_NUM };
|
||||
let edges_observer = VariableMapObserver::new("edges", edges, edges_counter);
|
||||
#[cfg(feature = "observer_hitcounts")]
|
||||
let edges_observer = HitcountsMapObserver::new(edges_observer);
|
||||
|
||||
// Create an observation channel to keep track of the execution time
|
||||
let clock_time_observer = QemuClockObserver::new("clocktime");
|
||||
@ -279,6 +282,7 @@ pub fn fuzz() {
|
||||
#[cfg(feature = "feed_systemtrace")]
|
||||
let mut feedback = feedback_or!(
|
||||
feedback,
|
||||
// AlwaysTrueFeedback::new(),
|
||||
NovelSystemStateFeedback::default()
|
||||
);
|
||||
#[cfg(feature = "feed_systemgraph")]
|
||||
|
||||
@ -91,7 +91,7 @@ where
|
||||
}
|
||||
}
|
||||
|
||||
println!("Vor Mutator: {:?}", interrupt_offsets[0..num_interrupts].to_vec());
|
||||
// println!("Vor Mutator: {:?}", interrupt_offsets[0..num_interrupts].to_vec());
|
||||
// let num_i = min(target_bytes.len() / 4, DO_NUM_INTERRUPT);
|
||||
let mut suffix = target_bytes.split_off(4 * num_interrupts);
|
||||
let mut prefix : Vec<[u8; 4]> = vec![];
|
||||
@ -112,10 +112,10 @@ where
|
||||
let m = interrupt_offsets[0..num_interrupts].iter().any(|x| (curr.start_tick..curr.end_tick).contains(&(*x as u64)));
|
||||
if m {
|
||||
marks.push((curr, i, 1));
|
||||
println!("1: {}",curr.current_task.task_name);
|
||||
// println!("1: {}",curr.current_task.task_name);
|
||||
} else if last_m {
|
||||
marks.push((curr, i, 2));
|
||||
println!("2: {}",curr.current_task.task_name);
|
||||
// println!("2: {}",curr.current_task.task_name);
|
||||
} else {
|
||||
marks.push((curr, i, 0));
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user