SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

WIP: type fixing

Browse Source
This commit is contained in:
Alwin Berger 2024-12-04 15:04:38 +01:00
parent 1430532b38
commit b12811e1ef
13 changed files with 119 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fuzzers/FRET/Cargo.toml
View File

@ -60,9 +60,9 @@ codegen-units = 1
debug = true debug = true
[dependencies] [dependencies]
libafl = { path = "../../libafl/", features = ["multipart_inputs"] } libafl = { path = "../../libafl/", features = ["multipart_inputs", "prelude"] }
libafl_bolts = { path = "../../libafl_bolts/" } libafl_bolts = { path = "../../libafl_bolts/" }
libafl_qemu = { path = "../../libafl_qemu/", features = ["arm", "systemmode"] } libafl_qemu = { path = "../../libafl_qemu/", features = ["arm", "systemmode"], default-features = false }
serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib
serde_json = { version = "1.0", default-features = false, features = ["alloc"] } serde_json = { version = "1.0", default-features = false, features = ["alloc"] }
hashbrown = { version = "0.14.0", features = ["serde"] } # A faster hashmap, nostd compatible hashbrown = { version = "0.14.0", features = ["serde"] } # A faster hashmap, nostd compatible

8
fuzzers/FRET/src/debug.rs
View File

@ -28,17 +28,17 @@ pub enum DebugFeedback {
static mut counter : usize = 10; static mut counter : usize = 10;
impl<S> Feedback<S> for DebugFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for DebugFeedback
where where
S: State, S: State,
{ {
#[inline] #[inline]
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
_observers: &OT, _observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -60,7 +60,7 @@ where
Ok((*self).into()) Ok((*self).into())
} }
fn append_metadata<EM, OT>( fn append_metadata(
&mut self, &mut self,
state: &mut S, state: &mut S,
_manager: &mut EM, _manager: &mut EM,

32
fuzzers/FRET/src/systemstate/feedbacks.rs
View File

@ -57,16 +57,16 @@ pub struct NovelSystemStateFeedback
// known_traces: HashMap<u64,(u64,usize)>, // known_traces: HashMap<u64,(u64,usize)>,
} }
impl<S> Feedback<S> for NovelSystemStateFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for NovelSystemStateFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor + HasNamedMetadata, S: State + UsesInput + MaybeHasClientPerfMonitor + HasNamedMetadata,
S::Input: Default, S::Input: Default,
{ {
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
state: &mut S, state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -126,7 +126,7 @@ where
/// Append to the testcase the generated metadata in case of a new corpus item /// Append to the testcase the generated metadata in case of a new corpus item
#[inline] #[inline]
fn append_metadata<EM, OT>(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, testcase: &mut Testcase<S::Input>) -> Result<(), Error> { fn append_metadata(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, testcase: &mut Testcase<<S as UsesInput>::Input>) -> Result<(), Error> {
let a = self.last_trace.take(); let a = self.last_trace.take();
match a { match a {
Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)), Some(s) => testcase.metadata_map_mut().insert(FreeRTOSSystemStateMetadata::new(s)),
@ -137,7 +137,7 @@ where
/// Discard the stored metadata in case that the testcase is not added to the corpus /// Discard the stored metadata in case that the testcase is not added to the corpus
#[inline] #[inline]
fn discard_metadata(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn discard_metadata(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
self.last_trace = None; self.last_trace = None;
Ok(()) Ok(())
} }
@ -170,15 +170,15 @@ pub struct DumpSystraceFeedback
last_trace: Option<Vec<ExecInterval>>, last_trace: Option<Vec<ExecInterval>>,
} }
impl<S> Feedback<S> for DumpSystraceFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for DumpSystraceFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor, S: State + UsesInput + MaybeHasClientPerfMonitor,
{ {
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -225,7 +225,7 @@ where
} }
/// Append to the testcase the generated metadata in case of a new corpus item /// Append to the testcase the generated metadata in case of a new corpus item
#[inline] #[inline]
fn append_metadata<EM, OT>(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, _testcase: &mut Testcase<S::Input>) -> Result<(), Error> { fn append_metadata(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, _testcase: &mut Testcase<<S as UsesInput>::Input>) -> Result<(), Error> {
if !self.dump_metadata {return Ok(());} if !self.dump_metadata {return Ok(());}
// let a = self.last_trace.take(); // let a = self.last_trace.take();
// match a { // match a {
@ -237,7 +237,7 @@ where
/// Discard the stored metadata in case that the testcase is not added to the corpus /// Discard the stored metadata in case that the testcase is not added to the corpus
#[inline] #[inline]
fn discard_metadata(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn discard_metadata(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
self.last_trace = None; self.last_trace = None;
Ok(()) Ok(())
} }
@ -277,20 +277,20 @@ pub struct SystraceErrorFeedback
max_reports: Option<usize>, max_reports: Option<usize>,
} }
impl<S> Feedback<S> for SystraceErrorFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for SystraceErrorFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor, S: State + UsesInput + MaybeHasClientPerfMonitor,
EM: EventFirer<State = S>,
{ {
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
where where
EM: EventFirer<State = S>,
OT: ObserversTuple<S> OT: ObserversTuple<S>
{ {
#[cfg(feature = "trace_stg")] #[cfg(feature = "trace_stg")]
@ -313,13 +313,13 @@ where
} }
/// Append to the testcase the generated metadata in case of a new corpus item /// Append to the testcase the generated metadata in case of a new corpus item
#[inline] #[inline]
fn append_metadata<EM, OT>(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, _testcase: &mut Testcase<S::Input>) -> Result<(), Error> { fn append_metadata(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, _testcase: &mut I) -> Result<(), Error> {
Ok(()) Ok(())
} }
/// Discard the stored metadata in case that the testcase is not added to the corpus /// Discard the stored metadata in case that the testcase is not added to the corpus
#[inline] #[inline]
fn discard_metadata(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn discard_metadata(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
Ok(()) Ok(())
} }
} }

18
fuzzers/FRET/src/systemstate/helpers.rs
View File

@ -160,7 +160,7 @@ impl<S> QemuHelper<S> for QemuSystemStateHelper
where where
S: UsesInput, S: UsesInput,
{ {
fn first_exec<QT>(&self, _hooks: &QemuHooks<QT, S>) fn first_exec<QT>(&self, _hooks: &QemuHooks)
where where
QT: QemuHelperTuple<S>, QT: QemuHelperTuple<S>,
{ {
@ -179,14 +179,14 @@ where
} }
// TODO: refactor duplicate code // TODO: refactor duplicate code
fn pre_exec(&mut self, _emulator: libafl_qemu::Qemu, _input: &S::Input) { fn pre_exec(&mut self, _emulator: libafl_qemu::Qemu, _input: &I) {
unsafe { unsafe {
CURRENT_SYSTEMSTATE_VEC.clear(); CURRENT_SYSTEMSTATE_VEC.clear();
JOBS_DONE.clear(); JOBS_DONE.clear();
} }
} }
fn post_exec<OT>(&mut self, emulator: libafl_qemu::Qemu, _input: &S::Input, _observers: &mut OT, _exit_kind: &mut ExitKind) { fn post_exec<OT>(&mut self, emulator: libafl_qemu::Qemu, _input: &I, _observers: &mut OT, _exit_kind: &mut ExitKind) {
trigger_collection(&emulator,(0, 0), CaptureEvent::End, self); trigger_collection(&emulator,(0, 0), CaptureEvent::End, self);
unsafe { unsafe {
let c = emulator.cpu_from_index(0); let c = emulator.cpu_from_index(0);
@ -341,7 +341,7 @@ fn trigger_collection(emulator: &libafl_qemu::Qemu, edge: (GuestAddr, GuestAddr)
pub static mut JOBS_DONE : Vec<(u64, String)> = vec![]; pub static mut JOBS_DONE : Vec<(u64, String)> = vec![];
pub fn job_done_hook<QT, S>( pub fn job_done_hook<QT, S>(
hooks: &mut QemuHooks<QT, S>, hooks: &mut QemuHooks,
_state: Option<&mut S>, _state: Option<&mut S>,
_pc: GuestAddr, _pc: GuestAddr,
) )
@ -364,7 +364,7 @@ where
//============================= Trace interrupt service routines //============================= Trace interrupt service routines
pub fn exec_isr_hook<QT, S>( pub fn exec_isr_hook<QT, S>(
hooks: &mut QemuHooks<QT, S>, hooks: &mut QemuHooks,
_state: Option<&mut S>, _state: Option<&mut S>,
pc: GuestAddr, pc: GuestAddr,
) )
@ -382,7 +382,7 @@ where
//============================= Trace syscalls and returns //============================= Trace syscalls and returns
pub fn gen_jmp_is_syscall<QT, S>( pub fn gen_jmp_is_syscall<QT, S>(
hooks: &mut QemuHooks<QT, S>, hooks: &mut QemuHooks,
_state: Option<&mut S>, _state: Option<&mut S>,
src: GuestAddr, src: GuestAddr,
dest: GuestAddr, dest: GuestAddr,
@ -415,7 +415,7 @@ where
} }
pub fn trace_jmp<QT, S>( pub fn trace_jmp<QT, S>(
hooks: &mut QemuHooks<QT, S>, hooks: &mut QemuHooks,
_state: Option<&mut S>, _state: Option<&mut S>,
src: GuestAddr, mut dest: GuestAddr, id: u64 src: GuestAddr, mut dest: GuestAddr, id: u64
) )
@ -454,7 +454,7 @@ where
//============================= Read Hooks //============================= Read Hooks
#[allow(unused)] #[allow(unused)]
pub fn gen_read_is_input<QT, S>( pub fn gen_read_is_input<QT, S>(
hooks: &mut QemuHooks<QT, S>, hooks: &mut QemuHooks,
_state: Option<&mut S>, _state: Option<&mut S>,
pc: GuestAddr, pc: GuestAddr,
_addr: *mut TCGTemp, _addr: *mut TCGTemp,
@ -478,7 +478,7 @@ static mut MEM_READ : Option<Vec<(GuestAddr, u8)>> = None;
#[allow(unused)] #[allow(unused)]
pub fn trace_reads<QT, S>( pub fn trace_reads<QT, S>(
hooks: &mut QemuHooks<QT, S>, hooks: &mut QemuHooks,
_state: Option<&mut S>, _state: Option<&mut S>,
_id: u64, _id: u64,
addr: GuestAddr, addr: GuestAddr,

10
fuzzers/FRET/src/systemstate/mutational.rs
View File

@ -9,7 +9,7 @@ use libafl_bolts::{rands::{
random_seed, Rand, StdRand random_seed, Rand, StdRand
}, Named}; }, Named};
use libafl::{ use libafl::{
common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, events::{Event, EventFirer, EventProcessor, LogSeverity}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, prelude::{new_hash_feedback, AggregatorOps, CorpusId, MutationResult, Mutator, UserStats, UserStatsValue, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error common::{HasMetadata, HasNamedMetadata}, corpus::{self, Corpus}, events::{Event, EventFirer, EventProcessor, LogSeverity}, fuzzer::Evaluator, inputs::{HasMutatorBytes, HasTargetBytes, Input, MultipartInput}, mark_feature_time, {new_hash_feedback, AggregatorOps, CorpusId, MutationResult, Mutator, UserStats, UserStatsValue, UsesInput}, stages::Stage, start_timer, state::{HasCorpus, HasRand, MaybeHasClientPerfMonitor, UsesState}, Error
}; };
use libafl::prelude::State; use libafl::prelude::State;
use petgraph::{graph::NodeIndex, graph::{self, DiGraph}}; use petgraph::{graph::NodeIndex, graph::{self, DiGraph}};
@ -430,11 +430,11 @@ where
Ok(()) Ok(())
} }
fn restart_progress_should_run(&mut self, state: &mut Self::State) -> Result<bool, Error> { fn should_restart(&mut self, state: &mut Self::State) -> Result<bool, Error> {
Ok(true) Ok(true)
} }
fn clear_restart_progress(&mut self, state: &mut Self::State) -> Result<(), Error> { fn clear_progress(&mut self, state: &mut Self::State) -> Result<(), Error> {
Ok(()) Ok(())
} }
} }
@ -579,11 +579,11 @@ where
Ok(()) Ok(())
} }
fn restart_progress_should_run(&mut self, state: &mut Self::State) -> Result<bool, Error> { fn should_restart(&mut self, state: &mut Self::State) -> Result<bool, Error> {
Ok(true) Ok(true)
} }
fn clear_restart_progress(&mut self, state: &mut Self::State) -> Result<(), Error> { fn clear_progress(&mut self, state: &mut Self::State) -> Result<(), Error> {
Ok(()) Ok(())
} }
} }

6
fuzzers/FRET/src/systemstate/observers.rs
View File

@ -49,19 +49,19 @@ pub struct QemuSystemStateObserver<I>
name: Cow<'static, str>, name: Cow<'static, str>,
} }
impl<S> Observer<S> for QemuSystemStateObserver<S::Input> impl<I, S> Observer<<S as UsesInput>::Input, S> for QemuSystemStateObserver<<S as UsesInput>::Input>
where where
S: UsesInput + HasMetadata, S: UsesInput + HasMetadata,
S::Input: Default S::Input: Default
{ {
#[inline] #[inline]
fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn pre_exec(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
unsafe {CURRENT_SYSTEMSTATE_VEC.clear(); } unsafe {CURRENT_SYSTEMSTATE_VEC.clear(); }
Ok(()) Ok(())
} }
#[inline] #[inline]
fn post_exec(&mut self, _state: &mut S, _input: &S::Input, _exit_kind: &ExitKind) -> Result<(), Error> { fn post_exec(&mut self, _state: &mut S, _input: &I, _exit_kind: &ExitKind) -> Result<(), Error> {
// unsafe {self.last_run = invalidate_ineffective_isr(refine_system_states(&mut CURRENT_SYSTEMSTATE_VEC));} // unsafe {self.last_run = invalidate_ineffective_isr(refine_system_states(&mut CURRENT_SYSTEMSTATE_VEC));}
unsafe { unsafe {
let temp = refine_system_states(CURRENT_SYSTEMSTATE_VEC.split_off(0)); let temp = refine_system_states(CURRENT_SYSTEMSTATE_VEC.split_off(0));

6
fuzzers/FRET/src/systemstate/report.rs
View File

@ -7,7 +7,7 @@ use libafl_bolts::current_time;
use itertools::Itertools; use itertools::Itertools;
use libafl::{ use libafl::{
corpus::{Corpus, HasCurrentCorpusId}, events::EventFirer, prelude::{minimizer::TopRatedsMetadata, RemovableScheduler}, schedulers::minimizer::IsFavoredMetadata, stages::Stage, state::{HasCorpus, HasImported, UsesState}, Error, HasMetadata, HasScheduler corpus::{Corpus, HasCurrentCorpusId}, events::EventFirer, schedulers::minimizer::TopRatedsMetadata, RemovableScheduler, schedulers::minimizer::IsFavoredMetadata, stages::Stage, state::{HasCorpus, HasImported, UsesState}, Error, HasMetadata, HasScheduler
}; };
use libafl::{ use libafl::{
events::Event, events::Event,
@ -149,13 +149,13 @@ where
} }
#[inline] #[inline]
fn restart_progress_should_run(&mut self, _state: &mut <Self as UsesState>::State) -> Result<bool, Error> { fn should_restart(&mut self, _state: &mut <Self as UsesState>::State) -> Result<bool, Error> {
// Not running the target so we wont't crash/timeout and, hence, don't need to restore anything // Not running the target so we wont't crash/timeout and, hence, don't need to restore anything
Ok(true) Ok(true)
} }
#[inline] #[inline]
fn clear_restart_progress(&mut self, _state: &mut <Self as UsesState>::State) -> Result<(), Error> { fn clear_progress(&mut self, _state: &mut <Self as UsesState>::State) -> Result<(), Error> {
// Not running the target so we wont't crash/timeout and, hence, don't need to restore anything // Not running the target so we wont't crash/timeout and, hence, don't need to restore anything
Ok(()) Ok(())
} }

28
fuzzers/FRET/src/systemstate/schedulers.rs
View File

@ -45,9 +45,9 @@ where
type State = CS::State; type State = CS::State;
} }
impl<CS> Scheduler for LongestTraceScheduler<CS> impl<CS> Scheduler<CS::State, CS::Input> for LongestTraceScheduler<CS>
where where
CS: Scheduler, CS: UsesState + Scheduler<CS::State, CS::Input>,
CS::State: HasCorpus + HasMetadata + HasRand, CS::State: HasCorpus + HasMetadata + HasRand,
{ {
/// Add an entry to the corpus and return its index /// Add an entry to the corpus and return its index
@ -105,11 +105,19 @@ where
} }
Ok(idx) Ok(idx)
} }
fn set_current_scheduled(
&mut self,
state: &mut <<CS as UsesState>::State as UsesInput>::Input,
next_id: Option<libafl::corpus::CorpusId>,
) -> Result<(), Error> {
self.base.set_current_scheduled(state, next_id)
}
} }
impl<CS> LongestTraceScheduler<CS> impl<CS> LongestTraceScheduler<CS>
where where
CS: Scheduler, CS: UsesState + Scheduler<CS::State, CS::Input>,
CS::State: HasCorpus + HasMetadata + HasRand, CS::State: HasCorpus + HasMetadata + HasRand,
{ {
pub fn get_update_trace_length(&self, state: &mut CS::State, par: usize) -> u64 { pub fn get_update_trace_length(&self, state: &mut CS::State, par: usize) -> u64 {
@ -162,13 +170,13 @@ where
type State = S; type State = S;
} }
impl<S> Scheduler for GenerationScheduler<S> impl<I, S> Scheduler<I, S> for GenerationScheduler<S>
where where
S: State + HasCorpus + HasMetadata, S: State + HasCorpus + HasMetadata,
{ {
/// get first element in current gen, /// get first element in current gen,
/// if current_gen is empty, swap lists, sort by FavFactor, take top k and return first /// if current_gen is empty, swap lists, sort by FavFactor, take top k and return first
fn next(&mut self, state: &mut Self::State) -> Result<CorpusId, Error> { fn next(&mut self, state: &mut S) -> Result<CorpusId, Error> {
let mut to_remove : Vec<(usize, f64)> = vec![]; let mut to_remove : Vec<(usize, f64)> = vec![];
let mut _to_return : usize = 0; let mut _to_return : usize = 0;
let corpus_len = state.corpus().count(); let corpus_len = state.corpus().count();
@ -220,7 +228,7 @@ where
/// Add the new input to the next generation /// Add the new input to the next generation
fn on_add( fn on_add(
&mut self, &mut self,
state: &mut Self::State, state: &mut S,
idx: CorpusId idx: CorpusId
) -> Result<(), Error> { ) -> Result<(), Error> {
// println!("On Add {idx}"); // println!("On Add {idx}");
@ -233,6 +241,14 @@ where
} }
Ok(()) Ok(())
} }
fn set_current_scheduled(
&mut self,
state: &mut S,
next_id: Option<libafl::corpus::CorpusId>,
) -> Result<(), Error> {
self.base.set_current_scheduled(state, next_id)
}
// fn on_replace( // fn on_replace(
// &self, // &self,
// _state: &mut Self::State, // _state: &mut Self::State,

22
fuzzers/FRET/src/systemstate/stg.rs
View File

@ -48,6 +48,8 @@ use std::ops::DerefMut;
use std::rc::Rc; use std::rc::Rc;
use petgraph::visit::EdgeRef; use petgraph::visit::EdgeRef;
use libafl::prelude::StateInitializer;
//============================= Data Structures //============================= Data Structures
#[derive(Serialize, Deserialize, Clone, Debug, Default, Hash)] #[derive(Serialize, Deserialize, Clone, Debug, Default, Hash)]
pub struct STGNode pub struct STGNode
@ -522,26 +524,28 @@ impl StgFeedback {
} }
} }
impl<S> Feedback<S> for StgFeedback impl<S> StateInitializer<S> for StgFeedback {}
impl<EM, I, OT, S> Feedback<EM, I, OT, S> for StgFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor + HasNamedMetadata, S: State + UsesInput + MaybeHasClientPerfMonitor + HasNamedMetadata,
S::Input: Default, S::Input: Default,
EM: EventFirer<State = S>,
OT: ObserversTuple<S>,
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
state: &mut S, state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
where where
EM: EventFirer<State = S>, <S as UsesInput>::Input: Default,
OT: ObserversTuple<S>,
S::Input: Default,
{ {
let observer = observers.match_name::<QemuSystemStateObserver<S::Input>>("systemstate") let observer = observers.match_name::<QemuSystemStateObserver<<S as UsesInput>::Input>>("systemstate")
.expect("QemuSystemStateObserver not found"); .expect("QemuSystemStateObserver not found");
let clock_observer = observers.match_name::<QemuClockObserver>("clocktime") let clock_observer = observers.match_name::<QemuClockObserver>("clocktime")
.expect("QemuClockObserver not found"); .expect("QemuClockObserver not found");
@ -700,7 +704,7 @@ where
/// Append to the testcase the generated metadata in case of a new corpus item /// Append to the testcase the generated metadata in case of a new corpus item
#[inline] #[inline]
fn append_metadata<EM, OT>(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, testcase: &mut Testcase<S::Input>) -> Result<(), Error> { fn append_metadata(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, testcase: &mut Testcase<I>) -> Result<(), Error> {
let meta = STGNodeMetadata::new(self.last_node_trace.take().unwrap_or_default(), self.last_edge_trace.take().unwrap_or_default(), self.last_abb_trace.take().unwrap_or_default(), self.last_abbs_hash.take().unwrap_or_default(), self.last_aggregate_hash.take().unwrap_or_default(), self.last_top_abb_hashes.take().unwrap_or_default(), self.last_intervals.take().unwrap_or_default(), self.last_job_trace.take().unwrap_or_default()); let meta = STGNodeMetadata::new(self.last_node_trace.take().unwrap_or_default(), self.last_edge_trace.take().unwrap_or_default(), self.last_abb_trace.take().unwrap_or_default(), self.last_abbs_hash.take().unwrap_or_default(), self.last_aggregate_hash.take().unwrap_or_default(), self.last_top_abb_hashes.take().unwrap_or_default(), self.last_intervals.take().unwrap_or_default(), self.last_job_trace.take().unwrap_or_default());
testcase.metadata_map_mut().insert(meta); testcase.metadata_map_mut().insert(meta);
Ok(()) Ok(())
@ -708,7 +712,7 @@ where
/// Discard the stored metadata in case that the testcase is not added to the corpus /// Discard the stored metadata in case that the testcase is not added to the corpus
#[inline] #[inline]
fn discard_metadata(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn discard_metadata(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
Ok(()) Ok(())
} }
} }

28
fuzzers/FRET/src/time/clock.rs
View File

@ -125,11 +125,11 @@ impl QemuClockObserver {
} }
} }
impl<S> Observer<S> for QemuClockObserver impl<I, S> Observer<I, S> for QemuClockObserver
where where
S: UsesInput + HasMetadata, S: UsesInput + HasMetadata,
{ {
fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn pre_exec(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
// Only remember the pre-run ticks if presistent mode ist used // Only remember the pre-run ticks if presistent mode ist used
#[cfg(not(feature = "snapshot_restore"))] #[cfg(not(feature = "snapshot_restore"))]
unsafe { unsafe {
@ -142,7 +142,7 @@ where
Ok(()) Ok(())
} }
fn post_exec(&mut self, _state: &mut S, _input: &S::Input, _exit_kind: &ExitKind) -> Result<(), Error> { fn post_exec(&mut self, _state: &mut S, _input: &I, _exit_kind: &ExitKind) -> Result<(), Error> {
unsafe { self.end_tick = libafl_qemu::sys::icount_get_raw() }; unsafe { self.end_tick = libafl_qemu::sys::icount_get_raw() };
if let Some(td) = &self.dump_path { if let Some(td) = &self.dump_path {
// println!("clock post {}", self.end_tick); // println!("clock post {}", self.end_tick);
@ -216,17 +216,17 @@ pub struct ClockTimeFeedback {
name: Cow<'static, str>, name: Cow<'static, str>,
} }
impl<S> Feedback<S> for ClockTimeFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for ClockTimeFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor + HasMetadata, S: State + UsesInput + MaybeHasClientPerfMonitor + HasMetadata,
<S as UsesInput>::Input: Default <S as UsesInput>::Input: Default
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -250,12 +250,12 @@ where
/// Append to the testcase the generated metadata in case of a new corpus item /// Append to the testcase the generated metadata in case of a new corpus item
#[inline] #[inline]
fn append_metadata<EM, OT>( fn append_metadata(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_observers: &OT, _observers: &OT,
testcase: &mut Testcase<S::Input>, testcase: &mut Testcase<<S as UsesInput>::Input>,
) -> Result<(), Error> { ) -> Result<(), Error> {
*testcase.exec_time_mut() = self.exec_time; *testcase.exec_time_mut() = self.exec_time;
self.exec_time = None; self.exec_time = None;
@ -264,7 +264,7 @@ where
/// Discard the stored metadata in case that the testcase is not added to the corpus /// Discard the stored metadata in case that the testcase is not added to the corpus
#[inline] #[inline]
fn discard_metadata(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn discard_metadata(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
self.exec_time = None; self.exec_time = None;
Ok(()) Ok(())
} }
@ -305,15 +305,15 @@ pub struct QemuClockIncreaseFeedback {
name: Cow<'static, str>, name: Cow<'static, str>,
} }
impl<S> Feedback<S> for QemuClockIncreaseFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for QemuClockIncreaseFeedback
where where
S: State + UsesInput + HasNamedMetadata + MaybeHasClientPerfMonitor + Debug, S: State + UsesInput + HasNamedMetadata + MaybeHasClientPerfMonitor + Debug,
{ {
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
state: &mut S, state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
_observers: &OT, _observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -337,14 +337,14 @@ where
/// Append to the testcase the generated metadata in case of a new corpus item /// Append to the testcase the generated metadata in case of a new corpus item
#[inline] #[inline]
fn append_metadata<EM, OT>(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, _testcase: &mut Testcase<S::Input>) -> Result<(), Error> { fn append_metadata(&mut self, _state: &mut S, _manager: &mut EM, _observers: &OT, _testcase: &mut Testcase<<S as UsesInput>::Input>) -> Result<(), Error> {
// testcase.metadata_mut().insert(QemuIcountMetadata{runtime: self.last_runtime}); // testcase.metadata_mut().insert(QemuIcountMetadata{runtime: self.last_runtime});
Ok(()) Ok(())
} }
/// Discard the stored metadata in case that the testcase is not added to the corpus /// Discard the stored metadata in case that the testcase is not added to the corpus
#[inline] #[inline]
fn discard_metadata(&mut self, _state: &mut S, _input: &S::Input) -> Result<(), Error> { fn discard_metadata(&mut self, _state: &mut S, _input: &I) -> Result<(), Error> {
Ok(()) Ok(())
} }

8
fuzzers/FRET/src/time/qemustate.rs
View File

@ -45,23 +45,23 @@ where
{ {
const HOOKS_DO_SIDE_EFFECTS: bool = true; const HOOKS_DO_SIDE_EFFECTS: bool = true;
fn init_hooks<QT>(&self, _hooks: &QemuHooks<QT, S>) fn init_hooks<QT>(&self, _hooks: &QemuHooks)
where where
QT: QemuHelperTuple<S>, QT: QemuHelperTuple<S>,
{ {
} }
fn first_exec<QT>(&self, _hooks: &QemuHooks<QT, S>) fn first_exec<QT>(&self, _hooks: &QemuHooks)
where where
QT: QemuHelperTuple<S>, QT: QemuHelperTuple<S>,
{ {
} }
fn post_exec<OT>(&mut self, _emulator: libafl_qemu::Qemu, _input: &S::Input, _observers: &mut OT, _exit_kind: &mut ExitKind) { fn post_exec<OT>(&mut self, _emulator: libafl_qemu::Qemu, _input: &I, _observers: &mut OT, _exit_kind: &mut ExitKind) {
// unsafe { println!("snapshot post {}",emu::icount_get_raw()) }; // unsafe { println!("snapshot post {}",emu::icount_get_raw()) };
} }
fn pre_exec(&mut self, emulator: libafl_qemu::Qemu, _input: &S::Input) { fn pre_exec(&mut self, emulator: libafl_qemu::Qemu, _input: &I) {
// only restore in pre-exec, to preserve the post-execution state for inspection // only restore in pre-exec, to preserve the post-execution state for inspection
#[cfg(feature = "snapshot_restore")] #[cfg(feature = "snapshot_restore")]
{ {

42
fuzzers/FRET/src/time/worst.rs
View File

@ -26,6 +26,8 @@ use std::time::Duration;
use std::time::Instant; use std::time::Instant;
use std::ops::Sub; use std::ops::Sub;
use libafl::corpus::Corpus;
use libafl_bolts::{ use libafl_bolts::{
AsSlice, ClientId, HasLen, Named AsSlice, ClientId, HasLen, Named
}; };
@ -77,7 +79,7 @@ pub type TimeStateMaximizerCorpusScheduler<CS, O> =
pub struct MaxExecsLenFavFactor<S> pub struct MaxExecsLenFavFactor<S>
where where
S: HasCorpus + HasMetadata, S: HasCorpus + HasMetadata,
S::Input: HasLen, <S::Corpus as Corpus>::Input: HasLen,
{ {
phantom: PhantomData<S>, phantom: PhantomData<S>,
} }
@ -85,9 +87,9 @@ where
impl<S> TestcaseScore<S> for MaxExecsLenFavFactor<S> impl<S> TestcaseScore<S> for MaxExecsLenFavFactor<S>
where where
S: HasCorpus + HasMetadata, S: HasCorpus + HasMetadata,
S::Input: HasLen, <<S as HasCorpus>::Corpus as libafl::corpus::Corpus>::Input: HasLen
{ {
fn compute( state: &S, entry: &mut Testcase<S::Input>) -> Result<f64, Error> { fn compute( state: &S, entry: &mut Testcase<<S::Corpus as Corpus>::Input>) -> Result<f64, Error> {
let execs_per_hour = (3600.0/entry.exec_time().expect("testcase.exec_time is needed for scheduler").as_secs_f64()); let execs_per_hour = (3600.0/entry.exec_time().expect("testcase.exec_time is needed for scheduler").as_secs_f64());
let execs_times_length_per_hour = execs_per_hour*entry.load_len(state.corpus()).unwrap() as f64; let execs_times_length_per_hour = execs_per_hour*entry.load_len(state.corpus()).unwrap() as f64;
Ok(execs_times_length_per_hour) Ok(execs_times_length_per_hour)
@ -102,17 +104,17 @@ pub struct SortedFeedback {
name: Cow<'static, str> name: Cow<'static, str>
} }
impl<S> Feedback<S> for SortedFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for SortedFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor, S: State + UsesInput + MaybeHasClientPerfMonitor,
S::Input: HasTargetBytes, S::Input: HasTargetBytes,
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
_observers: &OT, _observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -176,16 +178,16 @@ pub struct ExecTimeReachedFeedback
target_time: u64, target_time: u64,
} }
impl<S> Feedback<S> for ExecTimeReachedFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for ExecTimeReachedFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor, S: State + UsesInput + MaybeHasClientPerfMonitor,
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -226,16 +228,16 @@ pub struct ExecTimeCollectorFeedback
name: Cow<'static, str> name: Cow<'static, str>
} }
impl<S> Feedback<S> for ExecTimeCollectorFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for ExecTimeCollectorFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor, S: State + UsesInput + MaybeHasClientPerfMonitor,
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -298,16 +300,16 @@ pub struct ExecTimeIncFeedback
last_is_longest: bool last_is_longest: bool
} }
impl<S> Feedback<S> for ExecTimeIncFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for ExecTimeIncFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor, S: State + UsesInput + MaybeHasClientPerfMonitor,
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
observers: &OT, observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -326,7 +328,7 @@ where
Ok(false) Ok(false)
} }
} }
fn append_metadata<EM, OT>( fn append_metadata(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
@ -368,16 +370,16 @@ pub struct AlwaysTrueFeedback
name: Cow<'static, str> name: Cow<'static, str>
} }
impl<S> Feedback<S> for AlwaysTrueFeedback impl<EM, I, OT, S> Feedback<EM, I, OT, S> for AlwaysTrueFeedback
where where
S: State + UsesInput + MaybeHasClientPerfMonitor, S: State + UsesInput + MaybeHasClientPerfMonitor,
{ {
#[allow(clippy::wrong_self_convention)] #[allow(clippy::wrong_self_convention)]
fn is_interesting<EM, OT>( fn is_interesting(
&mut self, &mut self,
_state: &mut S, _state: &mut S,
_manager: &mut EM, _manager: &mut EM,
_input: &S::Input, _input: &I,
_observers: &OT, _observers: &OT,
_exit_kind: &ExitKind, _exit_kind: &ExitKind,
) -> Result<bool, Error> ) -> Result<bool, Error>
@ -413,7 +415,7 @@ where
//=========================== Probability Mass Scheduler //=========================== Probability Mass Scheduler
pub type TimeProbMassScheduler<S> = pub type TimeProbMassScheduler<S> =
ProbabilitySamplingScheduler<TimeProbFactor<S>, S>; ProbabilitySamplingScheduler<TimeProbFactor<S>>;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub struct TimeProbFactor<S> pub struct TimeProbFactor<S>

4
libafl/src/executors/hooks/inprocess_fork.rs
View File

@ -44,7 +44,7 @@ where
fn init<E: HasObservers>(&mut self, _state: &mut S) {} fn init<E: HasObservers>(&mut self, _state: &mut S) {}
/// Call before running a target. /// Call before running a target.
fn pre_exec(&mut self, _state: &mut S, _input: &S::Input) { fn pre_exec(&mut self, _state: &mut S, _input: &<S as UsesInput>::Input) {
unsafe { unsafe {
let data = &raw mut FORK_EXECUTOR_GLOBAL_DATA; let data = &raw mut FORK_EXECUTOR_GLOBAL_DATA;
(*data).crash_handler = self.crash_handler; (*data).crash_handler = self.crash_handler;
@ -53,7 +53,7 @@ where
} }
} }
fn post_exec(&mut self, _state: &mut S, _input: &S::Input) {} fn post_exec(&mut self, _state: &mut S, _input: &<S as UsesInput>::Input) {}
} }
impl<S> InChildProcessHooks<S> { impl<S> InChildProcessHooks<S> {