update to 0.11.1
This commit is contained in:
parent
92da68af6f
commit
6dafc4f9d6
@ -33,6 +33,7 @@ debug = true
|
|||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
libafl = { path = "../../libafl/" }
|
libafl = { path = "../../libafl/" }
|
||||||
|
libafl_bolts = { path = "../../libafl_bolts/" }
|
||||||
libafl_qemu = { path = "../../libafl_qemu/", features = ["arm", "systemmode"] }
|
libafl_qemu = { path = "../../libafl_qemu/", features = ["arm", "systemmode"] }
|
||||||
serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib
|
serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib
|
||||||
hashbrown = { version = "0.12", features = ["serde", "ahash-compile-time-rng"] } # A faster hashmap, nostd compatible
|
hashbrown = { version = "0.12", features = ["serde", "ahash-compile-time-rng"] } # A faster hashmap, nostd compatible
|
||||||
|
|||||||
@ -1,21 +1,22 @@
|
|||||||
use hashbrown::{hash_map::Entry, HashMap};
|
use hashbrown::{hash_map::Entry, HashMap};
|
||||||
|
use libafl_bolts::{
|
||||||
|
current_nanos,
|
||||||
|
rands::StdRand,
|
||||||
|
tuples::{tuple_list,MatchName},
|
||||||
|
impl_serdeany,
|
||||||
|
Named,
|
||||||
|
};
|
||||||
use libafl::{
|
use libafl::{
|
||||||
bolts::{
|
|
||||||
current_nanos,
|
|
||||||
rands::StdRand,
|
|
||||||
tuples::{tuple_list},
|
|
||||||
},
|
|
||||||
executors::{ExitKind},
|
executors::{ExitKind},
|
||||||
fuzzer::{StdFuzzer},
|
fuzzer::{StdFuzzer},
|
||||||
inputs::{BytesInput, HasTargetBytes},
|
inputs::{BytesInput, HasTargetBytes},
|
||||||
observers::{Observer,VariableMapObserver},
|
observers::{Observer,VariableMapObserver},
|
||||||
state::{StdState, HasNamedMetadata},
|
state::{StdState, HasNamedMetadata},
|
||||||
Error,
|
Error,
|
||||||
observers::ObserversTuple, prelude::UsesInput, impl_serdeany,
|
observers::ObserversTuple, prelude::UsesInput,
|
||||||
};
|
};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use std::{cell::UnsafeCell, cmp::max, env, fs::OpenOptions, io::Write, time::Instant};
|
use std::{cell::UnsafeCell, cmp::max, env, fs::OpenOptions, io::Write, time::Instant};
|
||||||
use libafl::bolts::tuples::Named;
|
|
||||||
|
|
||||||
use libafl_qemu::{
|
use libafl_qemu::{
|
||||||
emu,
|
emu,
|
||||||
@ -33,7 +34,6 @@ use libafl::corpus::testcase::Testcase;
|
|||||||
use core::{fmt::Debug, time::Duration};
|
use core::{fmt::Debug, time::Duration};
|
||||||
// use libafl::feedbacks::FeedbackState;
|
// use libafl::feedbacks::FeedbackState;
|
||||||
// use libafl::state::HasFeedbackStates;
|
// use libafl::state::HasFeedbackStates;
|
||||||
use libafl::bolts::tuples::MatchName;
|
|
||||||
use std::time::{SystemTime, UNIX_EPOCH};
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
|
|
||||||
pub static mut FUZZ_START_TIMESTAMP : SystemTime = UNIX_EPOCH;
|
pub static mut FUZZ_START_TIMESTAMP : SystemTime = UNIX_EPOCH;
|
||||||
|
|||||||
@ -3,18 +3,19 @@
|
|||||||
use core::time::Duration;
|
use core::time::Duration;
|
||||||
use std::{env, path::PathBuf, process::{self, abort}, io::{Read, Write}, fs::{self, OpenOptions}, cmp::{min, max}, mem::transmute_copy, collections::btree_map::Range, ptr::addr_of_mut};
|
use std::{env, path::PathBuf, process::{self, abort}, io::{Read, Write}, fs::{self, OpenOptions}, cmp::{min, max}, mem::transmute_copy, collections::btree_map::Range, ptr::addr_of_mut};
|
||||||
|
|
||||||
|
use libafl_bolts::{
|
||||||
|
core_affinity::Cores,
|
||||||
|
current_nanos,
|
||||||
|
rands::StdRand,
|
||||||
|
shmem::{ShMemProvider, StdShMemProvider},
|
||||||
|
tuples::tuple_list,
|
||||||
|
AsSlice,
|
||||||
|
AsMutSlice
|
||||||
|
};
|
||||||
use libafl::{
|
use libafl::{
|
||||||
bolts::{
|
|
||||||
core_affinity::Cores,
|
|
||||||
current_nanos,
|
|
||||||
launcher::Launcher,
|
|
||||||
rands::StdRand,
|
|
||||||
shmem::{ShMemProvider, StdShMemProvider},
|
|
||||||
tuples::tuple_list,
|
|
||||||
AsSlice,
|
|
||||||
},
|
|
||||||
corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
|
corpus::{Corpus, InMemoryCorpus, OnDiskCorpus},
|
||||||
events::EventConfig,
|
events::EventConfig,
|
||||||
|
events::launcher::Launcher,
|
||||||
executors::{ExitKind, TimeoutExecutor},
|
executors::{ExitKind, TimeoutExecutor},
|
||||||
feedback_or,
|
feedback_or,
|
||||||
feedback_or_fast,
|
feedback_or_fast,
|
||||||
@ -26,7 +27,7 @@ use libafl::{
|
|||||||
schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
|
schedulers::{IndexesLenTimeMinimizerScheduler, QueueScheduler},
|
||||||
state::{HasCorpus, StdState, HasMetadata, HasNamedMetadata},
|
state::{HasCorpus, StdState, HasMetadata, HasNamedMetadata},
|
||||||
Error,
|
Error,
|
||||||
prelude::{SimpleMonitor, SimpleEventManager, AsMutSlice, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata, havoc_mutations, StdScheduledMutator, HitcountsMapObserver, CorpusId}, Evaluator, stages::StdMutationalStage,
|
prelude::{SimpleMonitor, SimpleEventManager, RandBytesGenerator, Generator, SimpleRestartingEventManager, HasBytesVec, minimizer::TopRatedsMetadata, havoc_mutations, StdScheduledMutator, HitcountsMapObserver, CorpusId}, Evaluator, stages::StdMutationalStage,
|
||||||
};
|
};
|
||||||
use libafl_qemu::{
|
use libafl_qemu::{
|
||||||
edges::{self, edges_map_mut_slice, MAX_EDGES_NUM}, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor,
|
edges::{self, edges_map_mut_slice, MAX_EDGES_NUM}, edges::QemuEdgeCoverageHelper, elf::EasyElf, emu::Emulator, GuestPhysAddr, QemuExecutor,
|
||||||
|
|||||||
@ -4,15 +4,18 @@
|
|||||||
use core::marker::PhantomData;
|
use core::marker::PhantomData;
|
||||||
use std::cmp::{max, min};
|
use std::cmp::{max, min};
|
||||||
|
|
||||||
|
use libafl_bolts::rands::{
|
||||||
|
StdRand, RandomSeed,
|
||||||
|
Rand
|
||||||
|
};
|
||||||
use libafl::{
|
use libafl::{
|
||||||
bolts::rands::Rand,
|
|
||||||
corpus::{Corpus, self},
|
corpus::{Corpus, self},
|
||||||
fuzzer::Evaluator,
|
fuzzer::Evaluator,
|
||||||
mark_feature_time,
|
mark_feature_time,
|
||||||
stages::{Stage},
|
stages::{Stage},
|
||||||
start_timer,
|
start_timer,
|
||||||
state::{HasClientPerfMonitor, HasCorpus, HasRand, UsesState, HasMetadata},
|
state::{HasClientPerfMonitor, HasCorpus, HasRand, UsesState, HasMetadata},
|
||||||
Error, prelude::{HasBytesVec, UsesInput, new_hash_feedback, StdRand, RandomSeed, MutationResult, Mutator, CorpusId},
|
Error, prelude::{HasBytesVec, UsesInput, new_hash_feedback, MutationResult, Mutator, CorpusId},
|
||||||
};
|
};
|
||||||
use crate::{systemstate::{FreeRTOSSystemStateMetadata, RefinedFreeRTOSSystemState}, fuzzer::DO_NUM_INTERRUPT, clock::IcHist};
|
use crate::{systemstate::{FreeRTOSSystemStateMetadata, RefinedFreeRTOSSystemState}, fuzzer::DO_NUM_INTERRUPT, clock::IcHist};
|
||||||
|
|
||||||
|
|||||||
@ -1,19 +1,19 @@
|
|||||||
use libafl::SerdeAny;
|
use libafl::SerdeAny;
|
||||||
use libafl::bolts::ownedref::OwnedSlice;
|
use libafl_bolts::ownedref::OwnedSlice;
|
||||||
use libafl::inputs::BytesInput;
|
use libafl::inputs::BytesInput;
|
||||||
use libafl::prelude::UsesInput;
|
use libafl::prelude::UsesInput;
|
||||||
use libafl::state::HasNamedMetadata;
|
use libafl::state::HasNamedMetadata;
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
use crate::clock::QemuClockObserver;
|
use crate::clock::QemuClockObserver;
|
||||||
use libafl::corpus::Testcase;
|
use libafl::corpus::Testcase;
|
||||||
use libafl::bolts::tuples::MatchName;
|
use libafl_bolts::tuples::MatchName;
|
||||||
use std::collections::hash_map::DefaultHasher;
|
use std::collections::hash_map::DefaultHasher;
|
||||||
use std::hash::Hasher;
|
use std::hash::Hasher;
|
||||||
use std::hash::Hash;
|
use std::hash::Hash;
|
||||||
use libafl::events::EventFirer;
|
use libafl::events::EventFirer;
|
||||||
use libafl::state::HasClientPerfMonitor;
|
use libafl::state::HasClientPerfMonitor;
|
||||||
use libafl::feedbacks::Feedback;
|
use libafl::feedbacks::Feedback;
|
||||||
use libafl::bolts::tuples::Named;
|
use libafl_bolts::Named;
|
||||||
use libafl::Error;
|
use libafl::Error;
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
use libafl::{executors::ExitKind, inputs::Input, observers::ObserversTuple, state::HasMetadata};
|
use libafl::{executors::ExitKind, inputs::Input, observers::ObserversTuple, state::HasMetadata};
|
||||||
|
|||||||
@ -2,8 +2,8 @@
|
|||||||
use libafl::SerdeAny;
|
use libafl::SerdeAny;
|
||||||
/// Feedbacks organizing SystemStates as a graph
|
/// Feedbacks organizing SystemStates as a graph
|
||||||
use libafl::inputs::HasBytesVec;
|
use libafl::inputs::HasBytesVec;
|
||||||
use libafl::bolts::rands::RandomSeed;
|
use libafl_bolts::rands::RandomSeed;
|
||||||
use libafl::bolts::rands::StdRand;
|
use libafl_bolts::rands::StdRand;
|
||||||
use libafl::mutators::Mutator;
|
use libafl::mutators::Mutator;
|
||||||
use libafl::mutators::MutationResult;
|
use libafl::mutators::MutationResult;
|
||||||
use libafl::prelude::HasTargetBytes;
|
use libafl::prelude::HasTargetBytes;
|
||||||
@ -16,21 +16,21 @@ use libafl::state::HasSolutions;
|
|||||||
use libafl::state::HasRand;
|
use libafl::state::HasRand;
|
||||||
use crate::worst::MaxExecsLenFavFactor;
|
use crate::worst::MaxExecsLenFavFactor;
|
||||||
use libafl::schedulers::MinimizerScheduler;
|
use libafl::schedulers::MinimizerScheduler;
|
||||||
use libafl::bolts::HasRefCnt;
|
use libafl_bolts::HasRefCnt;
|
||||||
use libafl::bolts::AsSlice;
|
use libafl_bolts::AsSlice;
|
||||||
use libafl::bolts::ownedref::OwnedSlice;
|
use libafl_bolts::ownedref::OwnedSlice;
|
||||||
use libafl::inputs::BytesInput;
|
use libafl::inputs::BytesInput;
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
use crate::clock::QemuClockObserver;
|
use crate::clock::QemuClockObserver;
|
||||||
use libafl::corpus::Testcase;
|
use libafl::corpus::Testcase;
|
||||||
use libafl::bolts::tuples::MatchName;
|
use libafl_bolts::tuples::MatchName;
|
||||||
use std::collections::hash_map::DefaultHasher;
|
use std::collections::hash_map::DefaultHasher;
|
||||||
use std::hash::Hasher;
|
use std::hash::Hasher;
|
||||||
use std::hash::Hash;
|
use std::hash::Hash;
|
||||||
use libafl::events::EventFirer;
|
use libafl::events::EventFirer;
|
||||||
use libafl::state::HasClientPerfMonitor;
|
use libafl::state::HasClientPerfMonitor;
|
||||||
use libafl::feedbacks::Feedback;
|
use libafl::feedbacks::Feedback;
|
||||||
use libafl::bolts::tuples::Named;
|
use libafl_bolts::Named;
|
||||||
use libafl::Error;
|
use libafl::Error;
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
use libafl::{executors::ExitKind, inputs::Input, observers::ObserversTuple, state::HasMetadata};
|
use libafl::{executors::ExitKind, inputs::Input, observers::ObserversTuple, state::HasMetadata};
|
||||||
@ -44,7 +44,7 @@ use petgraph::graph::NodeIndex;
|
|||||||
use petgraph::Direction;
|
use petgraph::Direction;
|
||||||
use std::cmp::Ordering;
|
use std::cmp::Ordering;
|
||||||
|
|
||||||
use libafl::bolts::rands::Rand;
|
use libafl_bolts::rands::Rand;
|
||||||
|
|
||||||
//============================= Data Structures
|
//============================= Data Structures
|
||||||
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Default)]
|
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Default)]
|
||||||
@ -148,7 +148,7 @@ impl HasRefCnt for SysGraphMetadata {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libafl::impl_serdeany!(SysGraphMetadata);
|
libafl_bolts::impl_serdeany!(SysGraphMetadata);
|
||||||
|
|
||||||
pub type GraphMaximizerCorpusScheduler<CS> =
|
pub type GraphMaximizerCorpusScheduler<CS> =
|
||||||
MinimizerScheduler<CS, MaxExecsLenFavFactor<<CS as UsesState>::State>,SysGraphMetadata>;
|
MinimizerScheduler<CS, MaxExecsLenFavFactor<<CS as UsesState>::State>,SysGraphMetadata>;
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
//! systemstate referes to the State of a FreeRTOS fuzzing target
|
//! systemstate referes to the State of a FreeRTOS fuzzing target
|
||||||
use std::collections::hash_map::DefaultHasher;
|
use std::collections::hash_map::DefaultHasher;
|
||||||
use libafl::bolts::HasRefCnt;
|
use libafl_bolts::HasRefCnt;
|
||||||
use libafl::bolts::AsSlice;
|
use libafl_bolts::AsSlice;
|
||||||
use std::hash::Hasher;
|
use std::hash::Hasher;
|
||||||
use std::hash::Hash;
|
use std::hash::Hash;
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
@ -164,4 +164,4 @@ impl HasRefCnt for FreeRTOSSystemStateMetadata {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libafl::impl_serdeany!(FreeRTOSSystemStateMetadata);
|
libafl_bolts::impl_serdeany!(FreeRTOSSystemStateMetadata);
|
||||||
|
|||||||
@ -1,8 +1,9 @@
|
|||||||
// use crate::systemstate::IRQ_INPUT_BYTES_NUMBER;
|
// use crate::systemstate::IRQ_INPUT_BYTES_NUMBER;
|
||||||
use libafl::prelude::{ExitKind, AsSlice};
|
use libafl::prelude::ExitKind;
|
||||||
use libafl::{inputs::HasTargetBytes, prelude::UsesInput};
|
use libafl::{inputs::HasTargetBytes, prelude::UsesInput};
|
||||||
use libafl::bolts::HasLen;
|
use libafl_bolts::HasLen;
|
||||||
use libafl::bolts::tuples::Named;
|
use libafl_bolts::Named;
|
||||||
|
use libafl_bolts::AsSlice;
|
||||||
use libafl::Error;
|
use libafl::Error;
|
||||||
use libafl::observers::Observer;
|
use libafl::observers::Observer;
|
||||||
use hashbrown::HashMap;
|
use hashbrown::HashMap;
|
||||||
|
|||||||
@ -6,13 +6,13 @@ use std::{cmp::{max, min}, mem::swap, borrow::BorrowMut};
|
|||||||
|
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
use libafl_bolts::{rands::Rand, serdeany::SerdeAny, AsSlice, HasRefCnt, HasLen};
|
||||||
use libafl::{
|
use libafl::{
|
||||||
bolts::{rands::Rand, serdeany::SerdeAny, AsSlice, HasRefCnt},
|
|
||||||
corpus::{Corpus, Testcase},
|
corpus::{Corpus, Testcase},
|
||||||
inputs::UsesInput,
|
inputs::UsesInput,
|
||||||
schedulers::{Scheduler, TestcaseScore, minimizer::DEFAULT_SKIP_NON_FAVORED_PROB },
|
schedulers::{Scheduler, TestcaseScore, minimizer::DEFAULT_SKIP_NON_FAVORED_PROB },
|
||||||
state::{HasCorpus, HasMetadata, HasRand, UsesState, State},
|
state::{HasCorpus, HasMetadata, HasRand, UsesState, State},
|
||||||
Error, SerdeAny, prelude::{HasLen, CorpusId},
|
Error, SerdeAny, prelude::CorpusId,
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -4,7 +4,7 @@ use libafl::inputs::BytesInput;
|
|||||||
use libafl::inputs::HasTargetBytes;
|
use libafl::inputs::HasTargetBytes;
|
||||||
use libafl::feedbacks::MapIndexesMetadata;
|
use libafl::feedbacks::MapIndexesMetadata;
|
||||||
use libafl::corpus::Testcase;
|
use libafl::corpus::Testcase;
|
||||||
use libafl::prelude::{UsesInput, AsSlice};
|
use libafl::prelude::{UsesInput};
|
||||||
use core::marker::PhantomData;
|
use core::marker::PhantomData;
|
||||||
use libafl::schedulers::{MinimizerScheduler, TestcaseScore};
|
use libafl::schedulers::{MinimizerScheduler, TestcaseScore};
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
@ -22,11 +22,12 @@ use libafl::observers::MapObserver;
|
|||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use std::cmp;
|
use std::cmp;
|
||||||
|
|
||||||
|
use libafl_bolts::{
|
||||||
|
Named,
|
||||||
|
HasLen,
|
||||||
|
AsSlice,
|
||||||
|
};
|
||||||
use libafl::{
|
use libafl::{
|
||||||
bolts::{
|
|
||||||
tuples::Named,
|
|
||||||
HasLen,
|
|
||||||
},
|
|
||||||
observers::Observer,
|
observers::Observer,
|
||||||
Error,
|
Error,
|
||||||
};
|
};
|
||||||
|
|||||||
@ -261,7 +261,7 @@ where
|
|||||||
|
|
||||||
while std::time::Instant::now().duration_since(starttime) < time {
|
while std::time::Instant::now().duration_since(starttime) < time {
|
||||||
ret = Some(self.fuzz_one(stages, executor, state, manager)?);
|
ret = Some(self.fuzz_one(stages, executor, state, manager)?);
|
||||||
last = manager.maybe_report_progress(state, last, monitor_timeout)?;
|
manager.maybe_report_progress(state, monitor_timeout)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we would assume the fuzzer loop will always exit after this, we could do this here:
|
// If we would assume the fuzzer loop will always exit after this, we could do this here:
|
||||||
@ -295,7 +295,7 @@ where
|
|||||||
|
|
||||||
while std::time::Instant::now() < time {
|
while std::time::Instant::now() < time {
|
||||||
ret = Some(self.fuzz_one(stages, executor, state, manager)?);
|
ret = Some(self.fuzz_one(stages, executor, state, manager)?);
|
||||||
last = manager.maybe_report_progress(state, last, monitor_timeout)?;
|
manager.maybe_report_progress(state, monitor_timeout)?;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we would assume the fuzzer loop will always exit after this, we could do this here:
|
// If we would assume the fuzzer loop will always exit after this, we could do this here:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user