Fix libafl_unicorn CI (#2991)

* fix: clippy * fix: allow specifying thumb mode or not * fix: timeout for testcase
2025-02-17 10:45:07 +01:00 · 2025-02-17 10:45:07 +01:00 · 9a2a42ccca
commit 9a2a42ccca
parent 53004f93d6
5 changed files with 62 additions and 54 deletions
--- a/fuzzers/full_system/unicorn/Justfile
+++ b/fuzzers/full_system/unicorn/Justfile
@ -27,7 +27,7 @@ test_single arch="arm":
  #!/bin/bash
  echo "Testing {{arch}}"

-  RUST_LOG="debug" timeout 10s {{FUZZER}} {{arch}} 2>&1 | tee fuzz_stdout.log || true
+  RUST_LOG="debug" timeout 30s {{FUZZER}} {{arch}} 2>&1 | tee fuzz_stdout.log || true
  if grep -qa "objectives: 1" fuzz_stdout.log; then
    echo "Fuzzer is working"
  else
--- a/fuzzers/full_system/unicorn/src/main.rs
+++ b/fuzzers/full_system/unicorn/src/main.rs
@ -26,14 +26,17 @@ use libafl_bolts::{
 };
 use libafl_targets::EDGES_MAP_DEFAULT_SIZE;
 pub use libafl_targets::EDGES_MAP_PTR;
+#[cfg(feature = "code_hook")]
+use libafl_unicorn::helper::get_stack_pointer;
 use libafl_unicorn::{
    emu::{debug_print, memory_dump},
-    helper::get_stack_pointer,
    hooks::set_coverage_hook,
 };
+#[cfg(feature = "mem_hook")]
+use unicorn_engine::{unicorn_const::MemType, HookType};
 use unicorn_engine::{
-    unicorn_const::{Arch, MemType, SECOND_SCALE},
-    HookType, Mode, Permission, RegisterARM, RegisterARM64, RegisterX86, Unicorn,
+    unicorn_const::{Arch, SECOND_SCALE},
+    Mode, Permission, RegisterARM, RegisterARM64, RegisterX86, Unicorn,
 };

 pub const CODE_ADDRESS: u64 = 0x9000;
@ -223,7 +226,7 @@ fn fuzzer(should_emulate: bool, arch: Arch) {
                log::error!("Error: {:?}", err);

                memory_dump(&emu, 2);
-                debug_print(&emu);
+                debug_print(&emu, true);
            }
        }

@ -323,6 +326,7 @@ fn unicorn_map_and_load_code(emu: &mut Unicorn<()>, address: u64, size: usize, p
    buffer.len() as u64
 }

+#[cfg(feature = "code_hook")]
 fn add_code_hook(emu: &mut Unicorn<()>) {
    emu.add_code_hook(0x0, !0x0_u64, |emu, pc, _| {
        let sp = get_stack_pointer(emu);
@ -330,6 +334,8 @@ fn add_code_hook(emu: &mut Unicorn<()>) {
    })
    .unwrap();
 }
+
+#[cfg(feature = "mem_hook")]
 fn mem_callback(
    emu: &mut unicorn_engine::Unicorn<()>,
    mem: MemType,
--- a/libafl/src/events/launcher.rs
+++ b/libafl/src/events/launcher.rs
@ -461,7 +461,7 @@ where
                                if self.stdout_file.is_some() || self.stderr_file.is_some() {
                                    stdout = Stdio::inherit();
                                    stderr = Stdio::inherit();
-                                };
+                                }
                            }

                            std::thread::sleep(Duration::from_millis(
--- a/libafl_unicorn/src/emu.rs
+++ b/libafl_unicorn/src/emu.rs
@ -33,7 +33,9 @@ pub fn memory_dump(emu: &Unicorn<()>, len: u64) {
    }
 }

-pub fn debug_print(emu: &Unicorn<()>) {
+// Display some register values and disassemble the instructions around the program counter
+// address. The thumb_mode parameter is only taken into account when the architecture used is ARM.
+pub fn debug_print(emu: &Unicorn<()>, thumb_mode: bool) {
    log::debug!("Status when crash happened:");

    let pc = emu.pc_read().unwrap();
@ -68,16 +70,15 @@ pub fn debug_print(emu: &Unicorn<()>) {

    // Provide disassembly at instant of crash
    let regions = emu.mem_regions().expect("Could not get memory regions");
-    for i in 0..regions.len() {
-        if regions[i].perms.contains(Permission::EXEC) {
-            if pc >= regions[i].begin && pc <= regions[i].end {
+    for region in regions {
+        if region.perms.contains(Permission::EXEC) && pc >= region.begin && pc <= region.end {
            let mut begin = pc - 32;
            let mut end = pc + 32;
-                if begin < regions[i].begin {
-                    begin = regions[i].begin;
+            if begin < region.begin {
+                begin = region.begin;
            }
-                if end > regions[i].end {
-                    end = regions[i].end;
+            if end > region.end {
+                end = region.end;
            }

            let bytes = emu
@ -86,7 +87,10 @@ pub fn debug_print(emu: &Unicorn<()>) {
            let cs = match emu.get_arch() {
                Arch::ARM => Capstone::new()
                    .arm()
-                        .mode(arch::arm::ArchMode::Thumb)
+                    .mode(match thumb_mode {
+                        true => arch::arm::ArchMode::Thumb,
+                        false => arch::arm::ArchMode::Arm,
+                    })
                    .detail(true)
                    .build()
                    .expect("Failed to create Capstone object"),
@ -118,5 +122,4 @@ pub fn debug_print(emu: &Unicorn<()>) {
            }
        }
    }
-    }
 }
--- a/libafl_unicorn/src/helper.rs
+++ b/libafl_unicorn/src/helper.rs
@ -1,11 +1,10 @@
 use unicorn_engine::{unicorn_const::Arch, RegisterARM, RegisterARM64, RegisterX86};

 pub fn get_stack_pointer(emu: &unicorn_engine::Unicorn<()>) -> u64 {
-    let sp = match emu.get_arch() {
+    match emu.get_arch() {
        Arch::ARM => emu.reg_read(RegisterARM::SP).unwrap(),
        Arch::ARM64 => emu.reg_read(RegisterARM64::SP).unwrap(),
        Arch::X86 => emu.reg_read(RegisterX86::ESP).unwrap(),
        _ => 0,
-    };
-    sp
+    }
 }