SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add executions count at proper places (#1608)

Browse Source 
* executions count

* tinyinst qemu frida

* aaaa

---------

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
This commit is contained in:
Dongjia "toka" Zhang 2023-10-05 15:25:40 +02:00 committed by GitHub
parent cffbf069d2
commit 74783c2027
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 47 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libafl/src/corpus/minimizer.rs
View File

@ -142,7 +142,6 @@ where
.observers_mut()
.post_exec_all(state, &input, &kind)?;
*state.executions_mut() += 1;
let executions = *state.executions();
curr += 1;

5
libafl/src/executors/combined.rs
View File

@ -6,7 +6,7 @@ use core::fmt::Debug;
use crate::{
executors::{Executor, ExitKind, HasObservers},
observers::UsesObservers,
state::UsesState,
state::{HasExecutions, UsesState},
Error,
};
@ -45,6 +45,7 @@ where
A: Executor<EM, Z>,
B: Executor<EM, Z, State = A::State>,
EM: UsesState<State = A::State>,
EM::State: HasExecutions,
Z: UsesState<State = A::State>,
{
fn run_target(
@ -54,6 +55,8 @@ where
mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
let ret = self.primary.run_target(fuzzer, state, mgr, input);
self.primary.post_run_reset();
self.secondary.post_run_reset();

12
libafl/src/executors/command.rs
View File

@ -30,7 +30,7 @@ use crate::{inputs::Input, Error};
use crate::{
inputs::{HasTargetBytes, UsesInput},
observers::{ObserversTuple, UsesObservers},
state::UsesState,
state::{HasExecutions, UsesState},
std::borrow::ToOwned,
};
@ -313,7 +313,7 @@ where
impl<EM, OT, S, T, Z> Executor<EM, Z> for CommandExecutor<OT, S, T>
where
EM: UsesState<State = S>,
S: UsesInput,
S: UsesInput + HasExecutions,
S::Input: HasTargetBytes,
T: CommandConfigurator + Debug,
OT: Debug + MatchName + ObserversTuple<S>,
@ -322,7 +322,7 @@ where
fn run_target(
&mut self,
_fuzzer: &mut Z,
_state: &mut Self::State,
state: &mut Self::State,
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
@ -330,6 +330,8 @@ where
use wait_timeout::ChildExt;
*state.executions_mut() += 1;
let mut child = self.configurer.spawn_child(input)?;
let res = match child
@ -619,7 +621,7 @@ impl CommandExecutorBuilder {
#[cfg_attr(all(feature = "std", unix), doc = " ```")]
#[cfg_attr(not(all(feature = "std", unix)), doc = " ```ignore")]
/// use std::{io::Write, process::{Stdio, Command, Child}, time::Duration};
/// use libafl::{Error, inputs::{HasTargetBytes, Input, UsesInput}, executors::{Executor, command::CommandConfigurator}, state::UsesState};
/// use libafl::{Error, inputs::{HasTargetBytes, Input, UsesInput}, executors::{Executor, command::CommandConfigurator}, state::{UsesState, HasExecutions}};
/// use libafl_bolts::AsSlice;
/// #[derive(Debug)]
/// struct MyExecutor;
@ -650,7 +652,7 @@ impl CommandExecutorBuilder {
/// where
/// EM: UsesState,
/// Z: UsesState<State = EM::State>,
/// EM::State: UsesInput,
/// EM::State: UsesInput + HasExecutions,
/// EM::Input: HasTargetBytes
/// {
/// MyExecutor.into_executor(())

12
libafl/src/executors/forkserver.rs
View File

@ -39,7 +39,7 @@ use crate::{
inputs::{HasTargetBytes, Input, UsesInput},
mutators::Tokens,
observers::{MapObserver, Observer, ObserversTuple, UsesObservers},
state::UsesState,
state::{HasExecutions, UsesState},
Error,
};
@ -524,6 +524,7 @@ impl<E, EM, Z> Executor<EM, Z> for TimeoutForkserverExecutor<E>
where
E: Executor<EM, Z> + HasForkserver + HasObservers + Debug,
E::Input: HasTargetBytes,
E::State: HasExecutions,
EM: UsesState<State = E::State>,
Z: UsesState<State = E::State>,
{
@ -531,10 +532,12 @@ where
fn run_target(
&mut self,
_fuzzer: &mut Z,
_state: &mut Self::State,
state: &mut Self::State,
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
let mut exit_kind = ExitKind::Ok;
let last_run_timed_out = self.executor.forkserver().last_run_timed_out_raw();
@ -1210,7 +1213,7 @@ impl<EM, OT, S, SP, Z> Executor<EM, Z> for ForkserverExecutor<OT, S, SP>
where
OT: ObserversTuple<S>,
SP: ShMemProvider,
S: UsesInput,
S: UsesInput + HasExecutions,
S::Input: HasTargetBytes,
EM: UsesState<State = S>,
Z: UsesState<State = S>,
@ -1219,10 +1222,11 @@ where
fn run_target(
&mut self,
_fuzzer: &mut Z,
_state: &mut Self::State,
state: &mut Self::State,
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
let mut exit_kind = ExitKind::Ok;
// Write to testcase

12
libafl/src/executors/inprocess.rs
View File

@ -52,7 +52,7 @@ use crate::{
fuzzer::HasObjective,
inputs::UsesInput,
observers::{ObserversTuple, UsesObservers},
state::{HasClientPerfMonitor, HasCorpus, HasSolutions, UsesState},
state::{HasClientPerfMonitor, HasCorpus, HasExecutions, HasSolutions, UsesState},
Error,
};
@ -126,7 +126,7 @@ where
HB: BorrowMut<H>,
EM: UsesState<State = S>,
OT: ObserversTuple<S>,
S: UsesInput,
S: UsesInput + HasExecutions,
Z: UsesState<State = S>,
{
fn run_target(
@ -136,6 +136,7 @@ where
mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
self.handlers
.pre_run_target(self, fuzzer, state, mgr, input);
@ -1646,7 +1647,7 @@ where
EM: UsesState<State = S>,
H: FnMut(&S::Input) -> ExitKind + ?Sized,
OT: ObserversTuple<S>,
S: UsesInput,
S: UsesInput + HasExecutions,
SP: ShMemProvider,
Z: UsesState<State = S>,
{
@ -1659,6 +1660,7 @@ where
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
unsafe {
self.shmem_provider.pre_fork()?;
match fork() {
@ -1714,7 +1716,7 @@ where
EM: UsesState<State = S>,
H: FnMut(&S::Input) -> ExitKind + ?Sized,
OT: ObserversTuple<S>,
S: UsesInput,
S: UsesInput + HasExecutions,
SP: ShMemProvider,
Z: UsesState<State = S>,
{
@ -1727,6 +1729,8 @@ where
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
unsafe {
self.shmem_provider.pre_fork()?;
match fork() {

8
libafl/src/executors/mod.rs
View File

@ -41,7 +41,7 @@ use serde::{Deserialize, Serialize};
use crate::{
inputs::{HasTargetBytes, UsesInput},
observers::{ObserversTuple, UsesObservers},
state::UsesState,
state::{HasExecutions, UsesState},
Error,
};
@ -166,17 +166,19 @@ where
impl<EM, S, Z> Executor<EM, Z> for NopExecutor<S>
where
EM: UsesState<State = S>,
S: UsesInput + Debug,
S: UsesInput + Debug + HasExecutions,
S::Input: HasTargetBytes,
Z: UsesState<State = S>,
{
fn run_target(
&mut self,
_fuzzer: &mut Z,
_state: &mut Self::State,
state: &mut Self::State,
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
if input.target_bytes().as_slice().is_empty() {
Err(Error::empty("Input Empty"))
} else {

4
libafl/src/fuzzer/mod.rs
View File

@ -679,8 +679,6 @@ where
executor.observers_mut().pre_exec_all(state, input)?;
mark_feature_time!(state, PerfFeature::PreExecObservers);
*state.executions_mut() += 1;
start_timer!(state);
let exit_kind = executor.run_target(self, state, event_mgr, input)?;
mark_feature_time!(state, PerfFeature::TargetExecution);
@ -732,8 +730,6 @@ where
executor.observers_mut().pre_exec_all(state, input)?;
mark_feature_time!(state, PerfFeature::PreExecObservers);
*state.executions_mut() += 1;
start_timer!(state);
let exit_kind = executor.run_target(self, state, event_mgr, input)?;
mark_feature_time!(state, PerfFeature::TargetExecution);

2
libafl/src/stages/tmin.rs
View File

@ -115,7 +115,6 @@ where
// TODO replace if process_execution adds a return value for solution index
let solution_count = state.solutions().count();
let corpus_count = state.corpus().count();
*state.executions_mut() += 1;
let (_, corpus_idx) = fuzzer.process_execution(
state,
manager,
@ -158,7 +157,6 @@ where
if base_hash != new_hash {
let exit_kind = fuzzer.execute_input(state, executor, manager, &base)?;
let observers = executor.observers();
*state.executions_mut() += 1;
// assumption: this input should not be marked interesting because it was not
// marked as interesting above; similarly, it should not trigger objectives
fuzzer

6
libafl/src/state/mod.rs
View File

@ -886,6 +886,7 @@ impl<I, C, R, SC> HasClientPerfMonitor for StdState<I, C, R, SC> {
#[derive(Debug, Serialize, Deserialize, Default)]
pub struct NopState<I> {
metadata: SerdeAnyMap,
execution: usize,
rand: StdRand,
phantom: PhantomData<I>,
}
@ -897,6 +898,7 @@ impl<I> NopState<I> {
pub fn new() -> Self {
NopState {
metadata: SerdeAnyMap::new(),
execution: 0,
rand: StdRand::default(),
phantom: PhantomData,
}
@ -914,11 +916,11 @@ where
#[cfg(test)]
impl<I> HasExecutions for NopState<I> {
fn executions(&self) -> &usize {
unimplemented!();
&self.execution
}
fn executions_mut(&mut self) -> &mut usize {
unimplemented!();
&mut self.execution
}
}

4
libafl_frida/src/executor.rs
View File

@ -14,7 +14,7 @@ use libafl::{
executors::{Executor, ExitKind, HasObservers, InProcessExecutor},
inputs::{HasTargetBytes, UsesInput},
observers::{ObserversTuple, UsesObservers},
state::UsesState,
state::{HasExecutions, UsesState},
Error,
};
@ -65,7 +65,7 @@ impl<'a, 'b, 'c, EM, H, OT, RT, S, Z> Executor<EM, Z>
where
EM: UsesState<State = S>,
H: FnMut(&S::Input) -> ExitKind,
S: UsesInput,
S: UsesInput + HasExecutions,
S::Input: HasTargetBytes,
OT: ObserversTuple<S>,
RT: FridaRuntimeTuple,

7
libafl_nyx/src/executor.rs
View File

@ -4,7 +4,7 @@ use libafl::{
executors::{Executor, ExitKind, HasObservers},
inputs::{HasTargetBytes, UsesInput},
observers::{ObserversTuple, UsesObservers},
state::{State, UsesState},
state::{HasExecutions, State, UsesState},
Error,
};
use libafl_bolts::AsSlice;
@ -48,17 +48,18 @@ where
impl<'a, EM, S, Z, OT> Executor<EM, Z> for NyxExecutor<'a, S, OT>
where
EM: UsesState<State = S>,
S: UsesInput,
S: UsesInput + HasExecutions,
S::Input: HasTargetBytes,
Z: UsesState<State = S>,
{
fn run_target(
&mut self,
_fuzzer: &mut Z,
_state: &mut Self::State,
state: &mut Self::State,
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
let input_owned = input.target_bytes();
let input = input_owned.as_slice();
self.helper.nyx_process.set_input(

2
libafl_qemu/src/executor.rs
View File

@ -162,7 +162,7 @@ impl<'a, EM, H, OT, QT, S, Z> Executor<EM, Z> for QemuExecutor<'a, H, OT, QT, S>
where
EM: UsesState<State = S>,
H: FnMut(&S::Input) -> ExitKind,
S: UsesInput,
S: UsesInput + HasExecutions,
OT: ObserversTuple<S>,
QT: QemuHelperTuple<S>,
Z: UsesState<State = S>,

7
libafl_tinyinst/src/executor.rs
View File

@ -5,7 +5,7 @@ use libafl::{
executors::{Executor, ExitKind, HasObservers},
inputs::{HasTargetBytes, UsesInput},
observers::{ObserversTuple, UsesObservers},
state::{State, UsesState},
state::{HasExecutions, State, UsesState},
Error,
};
use libafl_bolts::{
@ -43,7 +43,7 @@ where
impl<'a, EM, S, SP, OT, Z> Executor<EM, Z> for TinyInstExecutor<'a, S, SP, OT>
where
EM: UsesState<State = S>,
S: UsesInput,
S: UsesInput + HasExecutions,
S::Input: HasTargetBytes,
SP: ShMemProvider,
Z: UsesState<State = S>,
@ -52,10 +52,11 @@ where
fn run_target(
&mut self,
_fuzzer: &mut Z,
_state: &mut Self::State,
state: &mut Self::State,
_mgr: &mut EM,
input: &Self::Input,
) -> Result<ExitKind, Error> {
*state.executions_mut() += 1;
match &self.map {
Some(_) => {
// use shmem to pass testcase