SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

aa (#1913)

Browse Source
This commit is contained in:
Dongjia "toka" Zhang 2024-03-06 19:05:32 +01:00 committed by GitHub
parent 3b3e2f6efa
commit 969aa12c7e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 30 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
libafl/src/executors/inprocess/inner.rs
View File

@ -156,120 +156,6 @@ where
} }
} }
impl<OT, S> GenericInProcessExecutorInner<(), OT, S>
where
OT: ObserversTuple<S>,
S: HasExecutions + HasSolutions + HasCorpus + State,
{
/// Create a new in mem executor with the default timeout (5 sec)
pub fn new<E, EM, OF, Z>(
observers: OT,
fuzzer: &mut Z,
state: &mut S,
event_mgr: &mut EM,
) -> Result<Self, Error>
where
E: Executor<EM, Z, State = S> + HasObservers + HasInProcessHooks,
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
{
Self::with_timeout_generic::<E, EM, OF, Z>(
tuple_list!(),
observers,
fuzzer,
state,
event_mgr,
Duration::from_millis(5000),
)
}
/// Create a new in mem executor with the default timeout and use batch mode (5 sec)
/// Do not use batched mode timeouts with cmplog cores. It is not supported
#[cfg(all(feature = "std", target_os = "linux"))]
pub fn batched_timeouts<E, EM, OF, Z>(
observers: OT,
fuzzer: &mut Z,
state: &mut S,
event_mgr: &mut EM,
exec_tmout: Duration,
) -> Result<Self, Error>
where
E: Executor<EM, Z, State = S> + HasObservers + HasInProcessHooks,
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
{
let mut me = Self::with_timeout_generic::<E, EM, OF, Z>(
tuple_list!(),
observers,
fuzzer,
state,
event_mgr,
exec_tmout,
)?;
me.hooks_mut().0.timer_mut().batch_mode = true;
Ok(me)
}
/// Create a new in mem executor.
/// Caution: crash and restart in one of them will lead to odd behavior if multiple are used,
/// depending on different corpus or state.
/// * `user_hooks` - the hooks run before and after the harness's execution
/// * `harness_fn` - the harness, executing the function
/// * `observers` - the observers observing the target during execution
/// This may return an error on unix, if signal handler setup fails
pub fn with_timeout<E, EM, OF, Z>(
observers: OT,
_fuzzer: &mut Z,
state: &mut S,
_event_mgr: &mut EM,
timeout: Duration,
) -> Result<Self, Error>
where
E: Executor<EM, Z, State = S> + HasObservers + HasInProcessHooks,
EM: EventFirer<State = S> + EventRestarter,
OF: Feedback<S>,
S: State,
Z: HasObjective<Objective = OF, State = S>,
{
let default = InProcessHooks::new::<E, EM, OF, Z>(timeout)?;
let mut hooks = tuple_list!(default).merge(tuple_list!());
hooks.init_all::<Self, S>(state);
#[cfg(windows)]
// Some initialization necessary for windows.
unsafe {
/*
See https://github.com/AFLplusplus/LibAFL/pull/403
This one reserves certain amount of memory for the stack.
If stack overflow happens during fuzzing on windows, the program is transferred to our exception handler for windows.
However, if we run out of the stack memory again in this exception handler, we'll crash with STATUS_ACCESS_VIOLATION.
We need this API call because with the llmp_compression
feature enabled, the exception handler uses a lot of stack memory (in the compression lib code) on release build.
As far as I have observed, the compression uses around 0x10000 bytes, but for safety let's just reserve 0x20000 bytes for our exception handlers.
This number 0x20000 could vary depending on the compilers optimization for future compression library changes.
*/
let mut stack_reserved = 0x20000;
SetThreadStackGuarantee(&mut stack_reserved)?;
}
#[cfg(all(feature = "std", windows))]
{
// set timeout for the handler
*hooks.0.millis_sec_mut() = timeout.as_millis() as i64;
}
Ok(Self {
observers,
hooks,
phantom: PhantomData,
})
}
}
impl<HT, OT, S> GenericInProcessExecutorInner<HT, OT, S> impl<HT, OT, S> GenericInProcessExecutorInner<HT, OT, S>
where where
HT: ExecutorHooksTuple, HT: ExecutorHooksTuple,

20
libafl/src/executors/inprocess/mod.rs
View File

@ -189,7 +189,7 @@ where
/// Create a new in mem executor with the default timeout and use batch mode(5 sec) /// Create a new in mem executor with the default timeout and use batch mode(5 sec)
#[cfg(all(feature = "std", target_os = "linux"))] #[cfg(all(feature = "std", target_os = "linux"))]
pub fn batched_timeouts<EM, OF, Z>( pub fn batched_timeout<EM, OF, Z>(
harness_fn: &'a mut H, harness_fn: &'a mut H,
observers: OT, observers: OT,
fuzzer: &mut Z, fuzzer: &mut Z,
@ -204,8 +204,13 @@ where
S: State, S: State,
Z: HasObjective<Objective = OF, State = S>, Z: HasObjective<Objective = OF, State = S>,
{ {
let inner = GenericInProcessExecutorInner::batched_timeouts::<Self, EM, OF, Z>( let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
observers, fuzzer, state, event_mgr, exec_tmout, tuple_list!(),
observers,
fuzzer,
state,
event_mgr,
exec_tmout,
)?; )?;
Ok(Self { Ok(Self {
@ -237,8 +242,13 @@ where
S: State, S: State,
Z: HasObjective<Objective = OF, State = S>, Z: HasObjective<Objective = OF, State = S>,
{ {
let inner = GenericInProcessExecutorInner::with_timeout::<Self, EM, OF, Z>( let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
observers, fuzzer, state, event_mgr, timeout, tuple_list!(),
observers,
fuzzer,
state,
event_mgr,
timeout,
)?; )?;
Ok(Self { Ok(Self {

20
libafl/src/executors/inprocess/stateful.rs
View File

@ -182,7 +182,7 @@ where
/// Create a new in mem executor with the default timeout and use batch mode(5 sec) /// Create a new in mem executor with the default timeout and use batch mode(5 sec)
#[cfg(all(feature = "std", target_os = "linux"))] #[cfg(all(feature = "std", target_os = "linux"))]
pub fn batched_timeouts<EM, OF, Z>( pub fn batched_timeout<EM, OF, Z>(
harness_fn: &'a mut H, harness_fn: &'a mut H,
exposed_executor_state: ES, exposed_executor_state: ES,
observers: OT, observers: OT,
@ -198,8 +198,13 @@ where
S: State, S: State,
Z: HasObjective<Objective = OF, State = S>, Z: HasObjective<Objective = OF, State = S>,
{ {
let inner = GenericInProcessExecutorInner::batched_timeouts::<Self, EM, OF, Z>( let inner = GenericInProcessExecutorInner::batched_timeout_generic::<Self, EM, OF, Z>(
observers, fuzzer, state, event_mgr, exec_tmout, tuple_list!(),
observers,
fuzzer,
state,
event_mgr,
exec_tmout,
)?; )?;
Ok(Self { Ok(Self {
@ -233,8 +238,13 @@ where
S: State, S: State,
Z: HasObjective<Objective = OF, State = S>, Z: HasObjective<Objective = OF, State = S>,
{ {
let inner = GenericInProcessExecutorInner::with_timeout::<Self, EM, OF, Z>( let inner = GenericInProcessExecutorInner::with_timeout_generic::<Self, EM, OF, Z>(
observers, fuzzer, state, event_mgr, timeout, tuple_list!(),
observers,
fuzzer,
state,
event_mgr,
timeout,
)?; )?;
Ok(Self { Ok(Self {