diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 2f75445217..632156c397 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -176,7 +176,7 @@ where } } - pub fn generate_initial_inputs( + pub fn generate_initial_inputs( &mut self, rand: &mut R, corpus: &mut C, diff --git a/afl/src/feedbacks/mod.rs b/afl/src/feedbacks/mod.rs index 7d6e2e4758..a0e5d9f9d1 100644 --- a/afl/src/feedbacks/mod.rs +++ b/afl/src/feedbacks/mod.rs @@ -2,11 +2,11 @@ use alloc::vec::Vec; use core::marker::PhantomData; use num::Integer; -use crate::corpus::Testcase; use crate::inputs::Input; use crate::observers::observer_serde::NamedSerdeAnyMap; use crate::observers::MapObserver; use crate::AflError; +use crate::{corpus::Testcase, observers::Observer}; pub type MaxMapFeedback = MapFeedback, O>; pub type MinMapFeedback = MapFeedback, O>; @@ -139,7 +139,7 @@ impl MapFeedback where T: Integer + Default + Copy + 'static, R: Reducer, - O: MapObserver, + O: MapObserver + Observer, { /// Create new MapFeedback pub fn new(name: &'static str, map_size: usize) -> Self { @@ -149,6 +149,14 @@ where phantom: PhantomData, } } + + pub fn new_with_observer(map_observer: &O) -> Self { + Self { + history_map: vec![T::default(); map_observer.map().len()], + name: map_observer.name().into(), + phantom: PhantomData, + } + } } impl MapFeedback diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index 389c88b2f5..0b373e4ca9 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -10,7 +10,10 @@ use core::cell::RefCell; use std::io::stderr; use afl::corpus::InMemoryCorpus; -use afl::engines::{generate_initial_inputs, Engine, State, StdEngine, StdState}; +use afl::engines::Engine; +use afl::engines::Fuzzer; +use afl::engines::State; +use afl::engines::StdFuzzer; use afl::events::LoggerEventManager; use afl::executors::inmemory::InMemoryExecutor; use afl::executors::{Executor, ExitKind}; @@ -40,6 +43,8 @@ fn harness(_executor: &dyn Executor, buf: &[u8]) -> ExitKind { ExitKind::Ok } +const NAME_COV_MAP: &str = "cov_map"; + #[no_mangle] pub extern "C" fn afl_libfuzzer_main() { let mut rand = StdRand::new(0); @@ -51,34 +56,39 @@ pub extern "C" fn afl_libfuzzer_main() { #[cfg(feature = "std")] let mut events = LoggerEventManager::new(stderr()); - let edges_observer = Rc::new(RefCell::new(StdMapObserver::new_from_ptr( - unsafe { __lafl_edges_map }, - unsafe { __lafl_max_edges_size as usize }, - ))); - let edges_feedback = MaxMapFeedback::new(edges_observer.clone(), MAP_SIZE); + let edges_observer = + StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe { + __lafl_max_edges_size as usize + }); + let edges_feedback = MaxMapFeedback::new_with_observer(&edges_observer); - let executor = InMemoryExecutor::new(harness); - let mut state = StdState::new(executor); - state.add_observer(edges_observer); + let mut executor = InMemoryExecutor::new(harness); + let mut state = State::new(); + executor.add_observer(Box::new(edges_observer)); state.add_feedback(Box::new(edges_feedback)); - generate_initial_inputs( - &mut rand, - &mut state, - &mut corpus, - &mut generator, - &mut events, - 4, - ) - .expect("Failed to load initial inputs"); - - let mut engine = StdEngine::new(); + let mut engine = Engine::new(executor); let mutator = HavocBytesMutator::new_default(); - let stage = StdMutationalStage::new(mutator); - engine.add_stage(Box::new(stage)); - engine - .fuzz_loop(&mut rand, &mut state, &mut corpus, &mut events) + let stage = StdMutationalStage::new(mutator); + + state + .generate_initial_inputs( + &mut rand, + &mut corpus, + &mut generator, + &mut engine, + &mut events, + 4, + ) + .expect("Failed to load initial inputs"); + + let mut fuzzer = StdFuzzer::new(); + + fuzzer.add_stage(Box::new(stage)); + + fuzzer + .fuzz_loop(&mut rand, &mut state, &mut corpus, &mut engine, &mut events) .expect("Fuzzer fatal error"); #[cfg(feature = "std")] println!("OK");