SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/domenukk/libAFLrs into main

Browse Source
This commit is contained in:
Dominik Maier 2020-12-11 10:22:09 +01:00
commit 6e81c259f7
4 changed files with 89 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
afl/src/engines/mod.rs
View File

@ -206,19 +206,21 @@ where
E: Executor<I>,
EM: EventManager<C, E, I, R>,
{
let mut added = 0;
for _ in 0..num {
let input = generator.generate(rand)?;
let fitness = self.evaluate_input(&input, engine.executor_mut())?;
self.add_if_interesting(corpus, input, fitness)?;
if !self.add_if_interesting(corpus, input, fitness)?.is_none() {
added += 1;
}
manager.fire(
Event::LoadInitial {
sender_id: 0,
phantom: PhantomData,
},
self,
corpus,
}
)?;
}
manager.fire(Event::log(0, format!("Loaded {} over {} initial testcases", added, num)))?;
manager.process(self, corpus)?;
Ok(())
}
@ -316,11 +318,7 @@ where
let cur = current_milliseconds();
if cur - last > 60 * 100 {
last = cur;
manager.fire(
Event::update_stats(state.executions(), state.executions_over_seconds()),
state,
corpus,
)?; // TODO self.new_execs});
manager.fire(Event::update_stats(state.executions(), state.executions_over_seconds()))?;
}
}
}

96
afl/src/events/mod.rs
View File

@ -60,6 +60,7 @@ where
sender_id: u64,
input: Ptr<'a, I>,
observers: PtrMut<'a, crate::observers::observer_serde::NamedSerdeAnyMap>,
corpus_count: usize
},
UpdateStats {
sender_id: u64,
@ -108,6 +109,7 @@ where
sender_id: _,
input: _,
observers: _,
corpus_count: _
} => "New Testcase",
Event::UpdateStats {
sender_id: _,
@ -167,9 +169,7 @@ where
/// Fire an Event
fn fire<'a>(
&mut self,
event: Event<'a, I>,
state: &mut State<I, R>,
corpus: &mut C,
event: Event<'a, I>
) -> Result<(), AflError>;
/// Lookup for incoming events and process them.
@ -184,10 +184,8 @@ where
// TODO the broker has a state? do we need to pass state and corpus?
fn handle_in_broker(
&self,
&mut self,
event: &Event<I>,
/*broker: &dyn EventManager<C, E, I, R>,*/ _state: &mut State<I, R>,
_corpus: &mut C,
) -> Result<BrokerEventResult, AflError> {
match event {
Event::LoadInitial {
@ -198,6 +196,7 @@ where
sender_id: _,
input: _,
observers: _,
corpus_count: _
} => Ok(BrokerEventResult::Forward),
Event::UpdateStats {
sender_id: _,
@ -241,16 +240,17 @@ where
}
fn handle_in_client(
&self,
&mut self,
event: Event<I>,
/*client: &dyn EventManager<C, E, I, R>,*/ _state: &mut State<I, R>,
corpus: &mut C,
_state: &mut State<I, R>,
_corpus: &mut C,
) -> Result<(), AflError> {
match event {
Event::NewTestcase {
sender_id: _,
input: _,
observers: _,
corpus_count: _
} => {
// here u should match sender_id, if equal to the current one do not re-execute
// we need to pass engine to process() too, TODO
@ -285,6 +285,12 @@ where
{
writer: W,
count: usize,
// stats (maybe we need a separated struct?)
executions: usize,
execs_over_sec: u64,
corpus_count: usize,
phantom: PhantomData<(C, E, I, R)>,
}
@ -301,10 +307,8 @@ where
fn fire<'a>(
&mut self,
event: Event<'a, I>,
state: &mut State<I, R>,
corpus: &mut C,
) -> Result<(), AflError> {
match self.handle_in_broker(&event, state, corpus)? {
match self.handle_in_broker(&event)? {
BrokerEventResult::Forward => (), //self.handle_in_client(event, state, corpus)?,
// Ignore broker-only events
BrokerEventResult::Handled => (),
@ -317,6 +321,59 @@ where
self.count = 0;
Ok(c)
}
fn handle_in_broker(
&mut self,
event: &Event<I>,
) -> Result<BrokerEventResult, AflError> {
match event {
Event::NewTestcase {
sender_id: _,
input: _,
observers: _,
corpus_count
} => {
self.corpus_count = *corpus_count;
writeln!(self.writer, "[NEW] corpus: {} execs: {} execs/s: {}", self.corpus_count, self.executions, self.execs_over_sec);
Ok(BrokerEventResult::Handled)
},
Event::UpdateStats {
sender_id: _,
executions,
execs_over_sec,
phantom: _,
} => {
self.executions = *executions;
self.execs_over_sec = *execs_over_sec;
writeln!(self.writer, "[UPDATE] corpus: {} execs: {} execs/s: {}", self.corpus_count, self.executions, self.execs_over_sec);
Ok(BrokerEventResult::Handled)
}
Event::Crash {
sender_id: _,
input: _,
phantom: _,
} => {
panic!("LoggerEventManager cannot handle Event::Crash");
},
Event::Timeout {
sender_id: _,
input: _,
phantom: _,
} => {
panic!("LoggerEventManager cannot handle Event::Timeout");
}
Event::Log {
sender_id,
severity_level,
message,
phantom: _,
} => {
writeln!(self.writer, "[LOG {}]: {}", severity_level, message);
Ok(BrokerEventResult::Handled)
}
_ => Ok(BrokerEventResult::Handled),
}
}
}
#[cfg(feature = "std")]
@ -333,6 +390,9 @@ where
Self {
writer: writer,
count: 0,
executions: 0,
execs_over_sec: 0,
corpus_count: 0,
phantom: PhantomData,
}
}
@ -388,8 +448,6 @@ where
fn fire<'a>(
&mut self,
event: Event<'a, I>,
state: &mut State<I, R>,
corpus: &mut C,
) -> Result<(), AflError> {
let serialized = postcard::to_allocvec(&event)?;
self.llmp_broker
@ -433,10 +491,8 @@ where
}
fn handle_in_broker(
&self,
&mut self,
event: &Event<I>,
/*broker: &dyn EventManager<C, E, I, R>,*/ _state: &mut State<I, R>,
_corpus: &mut C,
) -> Result<BrokerEventResult, AflError> {
match event {
Event::LoadInitial {
@ -447,6 +503,7 @@ where
sender_id: _,
input: _,
observers: _,
corpus_count: _
} => Ok(BrokerEventResult::Forward),
Event::UpdateStats {
sender_id: _,
@ -490,7 +547,7 @@ where
}
fn handle_in_client(
&self,
&mut self,
event: Event<I>,
/*client: &dyn EventManager<C, E, I, R>,*/ _state: &mut State<I, R>,
corpus: &mut C,
@ -500,6 +557,7 @@ where
sender_id: _,
input: _,
observers: _,
corpus_count: _
} => {
// here u should match sender_id, if equal to the current one do not re-execute
// we need to pass engine to process() too, TODO
@ -541,6 +599,7 @@ mod tests {
sender_id: 0,
input: Ptr::Ref(&i),
observers: PtrMut::Ref(&mut map),
corpus_count: 1
};
let j = serde_json::to_string(&e).unwrap();
@ -551,6 +610,7 @@ mod tests {
sender_id: _,
input: _,
observers: obs,
corpus_count: _
} => {
let o = obs
.as_ref()

4
afl/src/mutators/scheduled.rs
View File

@ -221,7 +221,7 @@ where
scheduled.add_mutation(mutation_wordinteresting);
scheduled.add_mutation(mutation_dwordinteresting);
scheduled.add_mutation(mutation_bytesdelete);
/*scheduled.add_mutation(mutation_bytesdelete);
scheduled.add_mutation(mutation_bytesdelete);
scheduled.add_mutation(mutation_bytesdelete);
scheduled.add_mutation(mutation_bytesdelete);
@ -231,7 +231,7 @@ where
scheduled.add_mutation(mutation_bytesset);
scheduled.add_mutation(mutation_bytesrandset);
scheduled.add_mutation(mutation_bytescopy);
scheduled.add_mutation(mutation_bytesswap);
scheduled.add_mutation(mutation_bytesswap);*/
// TODO dictionary and custom dictionary (redqueen etc.)
/*scheduled.add_mutation(mutation_bitflip);

5
afl/src/stages/mutational.rs
View File

@ -73,9 +73,8 @@ where
sender_id: 0,
input: Ptr::Ref(testcase.load_input()?),
observers: PtrMut::Ref(engine.executor_mut().observers_mut()),
},
state,
corpus,
corpus_count: corpus.count() +1
}
)?;
let _ = corpus.add(testcase);
}