SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

builds

Browse Source
This commit is contained in:
Dominik Maier 2020-12-10 20:12:33 +01:00
parent 2265d91169
commit 89c4fc184c
3 changed files with 45 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
afl/src/engines/mod.rs
View File

@ -176,7 +176,7 @@ where
} }
} }
pub fn generate_initial_inputs<G, C, E, FE, EM>( pub fn generate_initial_inputs<G, C, E, EM>(
&mut self, &mut self,
rand: &mut R, rand: &mut R,
corpus: &mut C, corpus: &mut C,

12
afl/src/feedbacks/mod.rs
View File

@ -2,11 +2,11 @@ use alloc::vec::Vec;
use core::marker::PhantomData; use core::marker::PhantomData;
use num::Integer; use num::Integer;
use crate::corpus::Testcase;
use crate::inputs::Input; use crate::inputs::Input;
use crate::observers::observer_serde::NamedSerdeAnyMap; use crate::observers::observer_serde::NamedSerdeAnyMap;
use crate::observers::MapObserver; use crate::observers::MapObserver;
use crate::AflError; use crate::AflError;
use crate::{corpus::Testcase, observers::Observer};
pub type MaxMapFeedback<T, O> = MapFeedback<T, MaxReducer<T>, O>; pub type MaxMapFeedback<T, O> = MapFeedback<T, MaxReducer<T>, O>;
pub type MinMapFeedback<T, O> = MapFeedback<T, MinReducer<T>, O>; pub type MinMapFeedback<T, O> = MapFeedback<T, MinReducer<T>, O>;
@ -139,7 +139,7 @@ impl<T, R, O> MapFeedback<T, R, O>
where where
T: Integer + Default + Copy + 'static, T: Integer + Default + Copy + 'static,
R: Reducer<T>, R: Reducer<T>,
O: MapObserver<T>, O: MapObserver<T> + Observer,
{ {
/// Create new MapFeedback /// Create new MapFeedback
pub fn new(name: &'static str, map_size: usize) -> Self { pub fn new(name: &'static str, map_size: usize) -> Self {
@ -149,6 +149,14 @@ where
phantom: PhantomData, phantom: PhantomData,
} }
} }
pub fn new_with_observer(map_observer: &O) -> Self {
Self {
history_map: vec![T::default(); map_observer.map().len()],
name: map_observer.name().into(),
phantom: PhantomData,
}
}
} }
impl<T, R, O> MapFeedback<T, R, O> impl<T, R, O> MapFeedback<T, R, O>

44
fuzzers/libfuzzer/src/lib.rs
View File

@ -10,7 +10,10 @@ use core::cell::RefCell;
use std::io::stderr; use std::io::stderr;
use afl::corpus::InMemoryCorpus; use afl::corpus::InMemoryCorpus;
use afl::engines::{generate_initial_inputs, Engine, State, StdEngine, StdState}; use afl::engines::Engine;
use afl::engines::Fuzzer;
use afl::engines::State;
use afl::engines::StdFuzzer;
use afl::events::LoggerEventManager; use afl::events::LoggerEventManager;
use afl::executors::inmemory::InMemoryExecutor; use afl::executors::inmemory::InMemoryExecutor;
use afl::executors::{Executor, ExitKind}; use afl::executors::{Executor, ExitKind};
@ -40,6 +43,8 @@ fn harness<I>(_executor: &dyn Executor<I>, buf: &[u8]) -> ExitKind {
ExitKind::Ok ExitKind::Ok
} }
const NAME_COV_MAP: &str = "cov_map";
#[no_mangle] #[no_mangle]
pub extern "C" fn afl_libfuzzer_main() { pub extern "C" fn afl_libfuzzer_main() {
let mut rand = StdRand::new(0); let mut rand = StdRand::new(0);
@ -51,34 +56,39 @@ pub extern "C" fn afl_libfuzzer_main() {
#[cfg(feature = "std")] #[cfg(feature = "std")]
let mut events = LoggerEventManager::new(stderr()); let mut events = LoggerEventManager::new(stderr());
let edges_observer = Rc::new(RefCell::new(StdMapObserver::new_from_ptr( let edges_observer =
unsafe { __lafl_edges_map }, StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
unsafe { __lafl_max_edges_size as usize }, __lafl_max_edges_size as usize
))); });
let edges_feedback = MaxMapFeedback::new(edges_observer.clone(), MAP_SIZE); let edges_feedback = MaxMapFeedback::new_with_observer(&edges_observer);
let executor = InMemoryExecutor::new(harness); let mut executor = InMemoryExecutor::new(harness);
let mut state = StdState::new(executor); let mut state = State::new();
state.add_observer(edges_observer); executor.add_observer(Box::new(edges_observer));
state.add_feedback(Box::new(edges_feedback)); state.add_feedback(Box::new(edges_feedback));
generate_initial_inputs( let mut engine = Engine::new(executor);
let mutator = HavocBytesMutator::new_default();
let stage = StdMutationalStage::new(mutator);
state
.generate_initial_inputs(
&mut rand, &mut rand,
&mut state,
&mut corpus, &mut corpus,
&mut generator, &mut generator,
&mut engine,
&mut events, &mut events,
4, 4,
) )
.expect("Failed to load initial inputs"); .expect("Failed to load initial inputs");
let mut engine = StdEngine::new(); let mut fuzzer = StdFuzzer::new();
let mutator = HavocBytesMutator::new_default();
let stage = StdMutationalStage::new(mutator);
engine.add_stage(Box::new(stage));
engine fuzzer.add_stage(Box::new(stage));
.fuzz_loop(&mut rand, &mut state, &mut corpus, &mut events)
fuzzer
.fuzz_loop(&mut rand, &mut state, &mut corpus, &mut engine, &mut events)
.expect("Fuzzer fatal error"); .expect("Fuzzer fatal error");
#[cfg(feature = "std")] #[cfg(feature = "std")]
println!("OK"); println!("OK");