Some AFL UI example fuzzer cleanup (#1529)

* Some afl ui cleanup * more info * Fix CI (#1549) * Change profiles for the fuzzbench fuzzers. * just foreground * Revert "just foreground" This reverts commit abd4fbec40fd1a7f3bcca1190ce11816fc868c53. * fix Makefile.toml * Tmate debug * fix? * fix? * Can't fix this * remove reset --------- Co-authored-by: Dongjia "toka" Zhang <tokazerkje@outlook.com>
2023-09-24 14:54:14 +02:00 · 2023-09-24 14:54:14 +02:00 · aa7993de10
commit aa7993de10
parent c103444396
12 changed files with 23 additions and 24 deletions
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/.gitignore
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/.gitignore
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/Cargo.toml
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/Cargo.toml
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/Makefile.toml
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/Makefile.toml
@ -159,16 +159,9 @@ windows_alias = "unsupported"
 script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
-(timeout 11s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true) &
+(timeout --foreground 11s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true) &
 sleep 0.2
-timeout 10s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
+timeout --foreground 10s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
 cd ./corpus
 if [ $(ls -al |grep "^-"|wc -l) -gt 4 ]; then
    echo "Fuzzer is working"
 else
    echo "Fuzzer does not generate any testcases or any crashes"
    exit 1
 fi
 '''
 dependencies = [ "fuzzer" ]
@ -176,9 +169,9 @@ dependencies = [ "fuzzer" ]
 script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
-(timeout 11s ./${FUZZER_NAME} >fuzz_stdout.log 2>/dev/null || true) &
+(timeout --foreground 11s ./${FUZZER_NAME} >fuzz_stdout.log 2>/dev/null || true) &
 sleep 0.2
-timeout 10s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
+timeout --foreground 10s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
 '''
 dependencies = [ "fuzzer" ]
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/README.md
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/README.md
@ -1,15 +1,8 @@
-# Libfuzzer for libpng
+# Libfuzzer for libpng, with AFL-style UI
 This folder contains an example fuzzer for libpng, using LLMP for fast multi-process fuzzing and crash detection.
-In contrast to other fuzzer examples, this setup uses `fuzz_loop_for`, to occasionally respawn the fuzzer executor.
+In contrast to other fuzzer examples, it keeps track of AFL style metrics and display them in the terminal.
 While this costs performance, it can be useful for targets with memory leaks or other instabilities.
 If your target is really instable, however, consider exchanging the `InProcessExecutor` for a `ForkserverExecutor` instead.
 It also uses the `introspection` feature, printing fuzzer stats during execution.
 To show off crash detection, we added a `ud2` instruction to the harness, edit harness.cc if you want a non-crashing example.
 It has been tested on Linux.
 ## Build
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty.png
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty.png
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty_alpha.png
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty_alpha.png
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty_gamma.png
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty_gamma.png
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty_icc.png
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/corpus/not_kitty_icc.png
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/harness.cc
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/harness.cc
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/src/bin/libafl_cc.rs
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/src/bin/libafl_cc.rs
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/src/bin/libafl_cxx.rs
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/src/bin/libafl_cxx.rs
--- a/fuzzers/libfuzzer_libpng_AFLStyle_UI/src/lib.rs
+++ b/fuzzers/libfuzzer_libpng_AFLStyle_UI/src/lib.rs
@ -52,6 +52,7 @@ pub extern "C" fn libafl_main() {
    );
    fuzz(
        &[PathBuf::from("./corpus")],
        PathBuf::from("./out"),
        PathBuf::from("./crashes"),
        1337,
    )
@ -60,7 +61,12 @@ pub extern "C" fn libafl_main() {
 /// The actual fuzzer
 #[cfg(not(test))]
-fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Result<(), Error> {
+fn fuzz(
    initial_input_dirs: &[PathBuf],
    corpus_dir: PathBuf,
    objective_dir: PathBuf,
    broker_port: u16,
 ) -> Result<(), Error> {
    // 'While the stats are state, they are usually used in the broker - which is likely never restarted
    // let monitor = MultiMonitor::new(|s| println!("{s}"));
@ -120,7 +126,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
            // RNG
            StdRand::with_seed(current_nanos()),
            // Corpus that will be evolved, we keep it in memory for performance
-            InMemoryOnDiskCorpus::new(&corpus_dirs.get(0).unwrap()).unwrap(),
+            InMemoryOnDiskCorpus::new(corpus_dir).unwrap(),
            // Corpus in which we store solutions (crashes in this example),
            // on disk so the user can get them after stopping the fuzzer
            OnDiskCorpus::new(objective_dir).unwrap(),
@ -205,8 +211,15 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
    // In case the corpus is empty (on first run), reset
    if state.must_load_initial_inputs() {
        state
-            .load_initial_inputs(&mut fuzzer, &mut executor, &mut restarting_mgr, corpus_dirs)
+            .load_initial_inputs(
-            .unwrap_or_else(|_| panic!("Failed to load initial corpus at {:?}", &corpus_dirs));
+                &mut fuzzer,
                &mut executor,
                &mut restarting_mgr,
                initial_input_dirs,
            )
            .unwrap_or_else(|_| {
                panic!("Failed to load initial corpus at {:?}", &initial_input_dirs)
            });
        println!("We imported {} inputs from disk.", state.corpus().count());
    }