SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix cmplog (#600)

Browse Source
This commit is contained in:
Andrea Fioraldi 2022-04-08 14:35:32 +02:00 committed by GitHub
parent 0b94647219
commit bd23f7c916
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 56 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
libafl/src/observers/cmp.rs
View File

@ -103,7 +103,7 @@ pub trait CmpMap: Debug {
fn usable_executions_for(&self, idx: usize) -> usize; fn usable_executions_for(&self, idx: usize) -> usize;
/// Get the logged values for a cmp /// Get the logged values for a cmp
fn values_of(&self, idx: usize, execution: usize) -> CmpValues; fn values_of(&self, idx: usize, execution: usize) -> Option<CmpValues>;
/// Reset the state /// Reset the state
fn reset(&mut self) -> Result<(), Error>; fn reset(&mut self) -> Result<(), Error>;
@ -150,24 +150,25 @@ where
let mut last: Option<CmpValues> = None; let mut last: Option<CmpValues> = None;
for j in 0..execs { for j in 0..execs {
let val = self.cmp_map().values_of(i, j); if let Some(val) = self.cmp_map().values_of(i, j) {
if let Some(l) = last.and_then(|x| x.to_u64_tuple()) { if let Some(l) = last.and_then(|x| x.to_u64_tuple()) {
if let Some(v) = val.to_u64_tuple() { if let Some(v) = val.to_u64_tuple() {
if l.0.wrapping_add(1) == v.0 { if l.0.wrapping_add(1) == v.0 {
increasing_v0 += 1; increasing_v0 += 1;
} }
if l.1.wrapping_add(1) == v.1 { if l.1.wrapping_add(1) == v.1 {
increasing_v1 += 1; increasing_v1 += 1;
} }
if l.0.wrapping_sub(1) == v.0 { if l.0.wrapping_sub(1) == v.0 {
decreasing_v0 += 1; decreasing_v0 += 1;
} }
if l.1.wrapping_sub(1) == v.1 { if l.1.wrapping_sub(1) == v.1 {
decreasing_v1 += 1; decreasing_v1 += 1;
}
} }
} }
last = Some(val);
} }
last = Some(val);
} }
// We check for execs-2 because the logged execs may wrap and have something like // We check for execs-2 because the logged execs may wrap and have something like
// 8 9 10 3 4 5 6 7 // 8 9 10 3 4 5 6 7
@ -180,7 +181,9 @@ where
} }
} }
for j in 0..execs { for j in 0..execs {
meta.list.push(self.cmp_map().values_of(i, j)); if let Some(val) = self.cmp_map().values_of(i, j) {
meta.list.push(val);
}
} }
} }
} }

4
libafl_targets/src/cmplog.c
View File

@ -111,12 +111,12 @@ void __libafl_targets_cmplog_routines(uintptr_t k, uint8_t *ptr1, uint8_t *ptr2)
if (libafl_cmplog_map_ptr->headers[k].kind != CMPLOG_KIND_RTN) { if (libafl_cmplog_map_ptr->headers[k].kind != CMPLOG_KIND_RTN) {
libafl_cmplog_map_ptr->headers[k].kind = CMPLOG_KIND_RTN; libafl_cmplog_map_ptr->headers[k].kind = CMPLOG_KIND_RTN;
libafl_cmplog_map_ptr->headers[k].hits = 1; libafl_cmplog_map_ptr->headers[k].hits = 1;
libafl_cmplog_map_ptr->headers[k].shape = len - 1; libafl_cmplog_map_ptr->headers[k].shape = len;
hits = 0; hits = 0;
} else { } else {
hits = libafl_cmplog_map_ptr->headers[k].hits++; hits = libafl_cmplog_map_ptr->headers[k].hits++;
if (libafl_cmplog_map_ptr->headers[k].shape < len) if (libafl_cmplog_map_ptr->headers[k].shape < len)
libafl_cmplog_map_ptr->headers[k].shape = len - 1; libafl_cmplog_map_ptr->headers[k].shape = len;
} }
hits &= CMPLOG_MAP_RTN_H - 1; hits &= CMPLOG_MAP_RTN_H - 1;

25
libafl_targets/src/cmplog.rs
View File

@ -110,35 +110,36 @@ impl CmpMap for CmpLogMap {
} }
} }
fn values_of(&self, idx: usize, execution: usize) -> CmpValues { fn values_of(&self, idx: usize, execution: usize) -> Option<CmpValues> {
if self.headers[idx].kind == CMPLOG_KIND_INS { if self.headers[idx].kind == CMPLOG_KIND_INS {
unsafe { unsafe {
match self.headers[idx].shape { match self.headers[idx].shape {
1 => CmpValues::U8(( 1 => Some(CmpValues::U8((
self.vals.operands[idx][execution].0 as u8, self.vals.operands[idx][execution].0 as u8,
self.vals.operands[idx][execution].1 as u8, self.vals.operands[idx][execution].1 as u8,
)), ))),
2 => CmpValues::U16(( 2 => Some(CmpValues::U16((
self.vals.operands[idx][execution].0 as u16, self.vals.operands[idx][execution].0 as u16,
self.vals.operands[idx][execution].1 as u16, self.vals.operands[idx][execution].1 as u16,
)), ))),
4 => CmpValues::U32(( 4 => Some(CmpValues::U32((
self.vals.operands[idx][execution].0 as u32, self.vals.operands[idx][execution].0 as u32,
self.vals.operands[idx][execution].1 as u32, self.vals.operands[idx][execution].1 as u32,
)), ))),
8 => CmpValues::U64(( 8 => Some(CmpValues::U64((
self.vals.operands[idx][execution].0, self.vals.operands[idx][execution].0,
self.vals.operands[idx][execution].1, self.vals.operands[idx][execution].1,
)), ))),
other => panic!("Invalid CmpLog shape {}", other), // other => panic!("Invalid CmpLog shape {}", other),
_ => None,
} }
} }
} else { } else {
unsafe { unsafe {
CmpValues::Bytes(( Some(CmpValues::Bytes((
self.vals.routines[idx][execution].0.to_vec(), self.vals.routines[idx][execution].0.to_vec(),
self.vals.routines[idx][execution].1.to_vec(), self.vals.routines[idx][execution].1.to_vec(),
)) )))
} }
} }
} }

21
scripts/clean_all.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
cd "$SCRIPT_DIR/.."
# TODO: This should be rewritten in rust, a Makefile, or some platform-independent language
echo "Welcome to the happy clean script. :)"
echo "[*] Running clean for the main crates"
cargo clean
fuzzers=$(find ./fuzzers -maxdepth 1 -type d)
backtrace_fuzzers=$(find ./fuzzers/backtrace_baby_fuzzers -maxdepth 1 -type d)
for fuzzer in $(echo $fuzzers $backtrace_fuzzers);
do
pushd $fuzzer
echo "[*] Running clean for $fuzzer"
cargo clean
popd
done